@pmadem said in Hardware recommendations: Do you have any recommendations ? I'm correcting myself now and exist an Intel NUC with dual NICs, but it’s just yet to come: https://liliputing.com/2020/09/intel-tiger-canyon-details-leaked-intel-nuc-with-tiger-lake-chips.html Plus, with the new Intel PHY (2,5 GbE), we’re looking forward to it... https://ark.intel.com/content/www/us/en/ark/products/184676/intel-ethernet-controller-i225-v.html

sorry - been away for work. I am trying to get the SG1100 to work as a transparent firewall....but for whatever reason as soon as i configure it as per the instructions on the netgate forums - it stops working. So - i guess the real question is - can the SG1100 ACTUALLY be used as a transparent WAN-LAN firewall without NAT- i.e Cable Router - Wan SG1100 - firewall bits n pieces (No NAT) - Lan out - internal router (NAT) WITHOUT NAT - as i would prefer my internal router to do NAT - i dont have any issues with it working now - so id prefer not to change as i have everything working fine.....i literally just wanna throw the SG1100 in front so i can use PFBLOCKER, etc to try and get rid of some of the everyday crap bombarding our devices, and so i have a VPN endpoint for work. As my cable router is ISP Dynamic IP - how is the SG1100 able to get the upstream router when its dynamic in that circumstance. I think this is where the problem is - because we dont get assigned static upstream IP's....the SG1100 has no idea where to send it - because there is no way for me to get the upstream router details. Any help would be great.

Other than using that distro that will not be named here.. Your blocking on SA, ie syn,ack - this screams out of state traffic and asymmetrical traffic flow. First question I would ask is what IPs are you using internal on your network? 81.x and 136.x are not rfc1918 space.. You shouldn't be using public space you do not own, even if internally.. But blocking of SA means that the firewall did not see the SYN (S) to create the state. This is normally because of some asymmetrical routing problem. How did 81 talk to 136 on port 9999? If not through your stateful firewall so it could create a state, then yes the return traffic sent to your firewall - ie the SA, would be blocked because it doesn't match a state.

That is almost certainly the wrong console type selected. That output you're seeing is sent to all consoles but after 'trying to mount root' only the primary console is used for most messages. The NIC link messages are still sent to both. Make sure you did not install using a serial console as primary. It should still boot fully from there though with em0 as WAN and em1 as LAN. You may still be able to connect to the webgui on LAN. Steve

Looks like DNS is working but none of your other traffic is getting out. I doubt that's a problem specific to pkg, but something in your connectivity from the firewall in general. Run through the list at https://docs.netgate.com/pfsense/en/latest/troubleshooting/connectivity.html and find out what specifically is failing.

finally fix my netgate sg1100. the problem was that I needed a special iso for my firewall. the isos that are on the pfsense page cannot be installed on a netgate firewall. since these are for amd64 (intel and amd cpus). the isos that are on the pfsense page are 800 mb approx. the iso that netgate sent me for my sg1100 are 1.5gb. its all ok for now. have a good life. Regards.

Turns out the Seagate 500GB HD failed ! Lucky I guess to find it now, it has 42650 hours on time and dated 2011. I tried to format to NTFS but failed - oh well good exercise I guess.

@stephenw10 Thank you very much you were right I made the change and it's up. Mark

I updated my package this morning and did not run into any problems. Thanks for the work providing this update.

@ta2oo said in Missing LAN Interface: I had only applied to the interfaces to the client VMs. I'm so glad you successfully configured the interfaces. Yesterday unfortunately I could not look into the forum we had a little Citrix problem. btw: Reading this way, I thought you had an interface pass-through issue... When we talk about hypervisor, we almost always make mistakes here this point....

pfSense 2.4.5-p1 is not running FreeBSD 11.3-RELEASE, it's running FreeBSD 11.3-STABLE@r357046, which is closer to 11.4 than 11.3. The main advantage to moving to 11.4 is for security patches from upstream, which we can always apply manually if needed. We employ several FreeBSD developers, so such changes are not typically problematic. If something comes along which needs addressed, we'll address it.

@Hunta If this is what you have between your phone outlet and pfsense WAN then you need to get an ADSL modem in between and hope you haven't fried your ethernet port.

@mahuara said in PfSense 2.4.5-p1 memstick installation BUG: I am attempting to install pfsense 2.4.5(memstick) on an old msi gaming laptop. Everytime I remove the usb after installation it says that no is media present.. any advise?? That means you didn't install pfSense ... next time try the second installer.

Nevermind, fixed with "System Tunables"

@gwaitsi said in help to recover config.xml: @JeGr there is no longer docs for filer. links just take you to current netgate package list, which does not include filer. There may be no current docs to filer, but the package exists, as I have installed it on stable and dev versions without problems. But just add your complete filepath (File), a description, the default permission (0644 should be fine), and the content of the file. I'd set the execute mode to "do not run" to be on the safe side but it shouldn't do anything if you don't enter a script/command above it. If a file is configured that way in Filer it gets created and reinstated after a config.xml restore just fine.

Update: I heard back from Netgate, and they suggested I restart the PHP engine from the console and then restart the webConfigurator process. I'd restarted the webConfigurator but never the PHP-FRM, so that seems to have been the issue. Now it's running on 2.4.4 with the restored backup and webCfg working.

So knock on wood I have not had any issues, well one on a old 2440 that had lost power.. But normally all the pfsense I have are on good ups, and normally stable power anyway. But I have planned on my own 4860 to move to zfs when 2.5 comes out and take the time to upgrade to that.. Just going bring it up on zfs then.

@gklimeck said in PFsense & Unifi USG working togeather: Ubiquity is making things proprietary and I I am sure anytime now we will see a subscription model soon. That I don't see. Nope, there are too many thing GPL etc. that can't be just made closed source etc. But UDMs were a real bummer for me after checking it out. Sure, controller, switch, AP AND USG in one box sound too good to be true anyways but seeing a gateway/firewalling device dumbed down to such levels was really crude. My brother is running one and first thing I did was letting him shop for a Raspi4, throwing Pi-Hole and OVPN on it and have DHCP/DNS running over the Raspi as the Controller UI and USG is THAT bad for simple DNS/DHCP things that are "normal" coming from pfSense.