Glad it worked out

I still find the recovery tools built into pfsense saving my butt from time to time as well  :D

The lesson I've learned (the hard way) is to make backups - often.

Google results where it shows up in dmesg with no related problem.

Not sure what you are suggesting here. My problem is not with blocking it, but with logging it, since it kinda makes my log useless when it is filled with stuff I don't care about. I suppose I could put a specific rule in to block it without logging; but one wonders why the traffic is being generated in the first place, after a minor release. Why do we need to change our rule sets after a minor release?

Maybe that's just normal, and I incorrectly assumed otherwise.

Thanks for the feedback.  As recommended the SQUID package seems to have been refreshing the cached items maxing out all the bandwidth.  After reviewing the custom options some recommended tweaks have resolved it as documented.  https://doc.pfsense.org/index.php/Squid_Package_Tuning#Performance_Tweaks

Thank you for the info.
Yes, I have made a new topic https://forum.pfsense.org/index.php?topic=76541.0

Intel NICs?  Been screwing with your /boot/loader.conf.local settings?  If so, put them back to normal.

I guess this forum doesn't allow edits after some undefined period of time, or not that I can find - brilliant, absolutely brilliant.  ::)

I made a few changes to the adblock update script, got rid of the ugly sort/uniq operators, lots of local logging junk (now logs via syslog to /tmp/resolver.log properly) and no longer requires the assistance of a php script to restart dnsmasq.

#!/usr/local/bin/bash REDIR_TO='10.254.254.254' ADBLOCK_URL='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=dnsmasq&showintro=0&mimetype=plaintext' CONF_DNSMASQ='/usr/local/etc/dnsmasq.conf' CONF_DNSMASQ_DIR='/usr/local/etc/dnsmasq.d' CONF_ADBLOCK='/usr/local/etc/dnsmasq.d/adblock.conf' CONF_ADBLOCK_TEMP='/tmp/adblock.conf' CONF_ADBLOCK_BACKUP='/tmp/adblock.conf.orig' LOCAL_DEBUG=false daemonlog () {   logger -p daemon.info -i -t dnsmasq $1   $LOCAL_DEBUG && echo $1 } restart_dnsmasq () {   echo '' | php -q } if [ ! -d $CONF_DNSMASQ_DIR ]; then   daemonlog "Initializing ad blocking configuration, mounting filesystem read-write"   /etc/rc.conf_mount_rw   mkdir -p $CONF_DNSMASQ_DIR   if [ ! -r $CONF_DNSMASQ ]; then     daemonlog "Creating dnsmasq configuration"     echo "conf-dir=$CONF_DNSMASQ_DIR" > $CONF_DNSMASQ   else     daemonlog "dnsmasq configuration exists, adding configuration directory"     echo "conf-dir=$CONF_DNSMASQ_DIR" >> $CONF_DNSMASQ   fi   daemonlog "Initializing ad blocking repository, mounting filesystem read-only"   touch $CONF_ADBLOCK   /etc/rc.conf_mount_ro fi daemonlog "Fetching ad blocking list from $ADBLOCK_URL" /usr/bin/fetch -qo - $ADBLOCK_URL | /usr/bin/sed "s/127\.0\.0\.1/$REDIR_TO/" > $CONF_ADBLOCK_TEMP daemonlog "Analyzing for changes" if ! /usr/bin/cmp -s "$CONF_ADBLOCK_TEMP" "$CONF_ADBLOCK"; then   daemonlog "Changes detected, mounting filesystem read-write"   /etc/rc.conf_mount_rw   daemonlog "Updating $CONF_ADBLOCK with latest entries"   cp $CONF_ADBLOCK $CONF_ADBLOCK_BACKUP   cp $CONF_ADBLOCK_TEMP $CONF_ADBLOCK   daemonlog "Restarting dnsmasq"   restart_dnsmasq   if ! pgrep -q dnsmasq; then     daemonlog "dnsmasq failed to restart, reverting to previous ad blocking configuration"     cp $CONF_ADBLOCK_BACKUP $CONF_ADBLOCK     restart_dnsmasq   fi   daemonlog "Update completed. Re-mounting filesystem read-only"   /etc/rc.conf_mount_ro else   daemonlog "No ad blocking updates required" fi

You're right, rolling back did nothing. I've had to throw my asus router at it, because I cant be down. I hate that, because pfsense is a much better firewall with amazing traffic shaping capability and much more. Any commercial router is a joke compared to pfsense. I upgraded from 2.1.2. Yes, I also dont understand why anything would change since it was on manual outbound nat.

However, the added capability seems to also add some complexity for sip in particular. I find with anything else in relation to pfsense, it just works.

I really want to offer pfsense to my customers in combination with freepbx. I have not yet been able to get the system working without intermittent inbound / outbound call problems. I should say that yes, Ive got it working, but test the number hours later and am met with dead air.

I dont have pfsense in front of me to currently look at , but manual outbound nat was for 5060 set as a static port (copied and edited per the auto generated rules for outbound nat). Is it required to port forward to the internal server as well? Firewall rules were (from any) to pass 5060, 1024, 4569 (fax) 10000-20000 RTP to 192.168.1.160. I note that RTP with pfsense starts at 5004 when choosing the drop down.

I appreciate your thoughts and help

Shane

Yes, the question here is: where did 192.168.0.1 come from?
Since it's not your LAN subnet and not an IP your ISP would be handing out, do you have other internal interfaces? VPN perhaps?
One possibility is that your WAN is a cable connection and that you have a cable modem that hands out private IPs when it can't see the ISP. If that is the case you can prevent it happening by selecting IP addresses to refuse int he dhcp setup.

Steve

Thank you for helping me find a solution to the issues i was having.

From the article posted, i can see a solution , but as the gateway keeps changing , How can i create a script that will apply this fix automatically.

i was thinking i could create a script and called it up at <afterfilterchangeshellcmd>Thank you and i appreciate your support.

Wato</afterfilterchangeshellcmd>

@extide:

The problem you are now having is because you are Double NAT'd. Essentially it's because you're using 2 routers/firewalls. You should get rid of the other one.

I'm only using 1.  If my previous hardware didnt die, I would have continue using Untangle.  But because I have to reinstall from scratch, I'm thought I just gonna try pfsense

I would suggest that DD-WRT is simply not catching the interruption in service. The connection comes back up in ~1min so there's a good chance you simply don't notice.

You could try disabling apinger for the WAN which will probably put you on par with DD-WRT but, as Chris said, it looks like your cable service is going down.

Go to System: Routing: Gateways:
Edit the wan gateway, check 'disable gateway monitoring'.

Steve

Hi drj

Works like a charm with admin account.

Thanks.

https://doc.pfsense.org/index.php/Why_are_some_passwords_stored_in_plaintext_in_config.xml

@Hollander:

That is an extreme list  :o

It is. I have no idea what most of those mean. Look at my values compare them to your or to other posts on the forum. If something looks different or some value with the word 'error' in title is >0 Google it.  :)

Steve

@mamun:

When I checked the LAN interface I noticed that it had defaulted to auto negotiate however my interconnecting switch was configured as 100MB FD, I check the speed/duplex settings on the switch port and found that the nic was connecting as 10MB HD, hence the speed issue. Once I manually set the interface on the NIC within pfSense from auto to 100MB FD, the speed went back to expected levels again.

The standards always say that at the ends of a cable ports's speed/duplexity have to be configured the same way. Either both ports auto, either both ports manual to the same value.
One end auto and the other end manual is non-standard, and it only works if NIC manufacturers/drivers have implemented it - that really differs from asic chip type. Never do that. If it works, you're just being lucky…

all the traffic has to share a single Gigabit connection between the pfSense box and the switch.

For that reason plus the ease/simplicity of configuration, I believe it's best to configure the VLAN's on the Network Appliance and just add the required number of NIC ports to the Cisco Managed Switch, taking care to tell the switch ports what VLAN owns them.

pfSense will always use the system default gateway for connections generated from within the box itself. I assume your ISP is handing you a gateway IP via DHCP also in the 10.x.x.x subnet?
Do you have a gateway address for your public IPs? I assume you must otherwise your retrun traffic would have no route.
Seems odd that they don't give you a route to the internet via the 10.x.x.x network.  :-\

Steve