Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Popular
    Log in to post
    • All Time
    • Day
    • Week
    • Month
    • All Topics
    • New Topics
    • Watched Topics
    • Unreplied Topics
    • All categories
    • C

      L3 switching with pfsense

      Watching Ignoring Scheduled Pinned Locked Moved L2/Switching/VLANs
      8
      0 Votes
      8 Posts
      244 Views
      C

      @johnpoz You just don't get the different in working on layer 3 and layer 2. It is why you have default gateways and default routes and they are different. ThAT SEEMS TO BE OVER YOUR HEAD. Your firewall to the world is going to be layer 3. You are lost in pfsense and you can't see the forest for the trees.
      Go away John please do not reply to my threads. I will try not to post any more here.

      And yes I ran a small team of network people a long time ago. I had over 4000 PCs and around 50 locations so get over it.

      You ran me off last time and I went back to Cisco over pfsense. Look back in the threads years ago.
      Plus pfsense was having routing issues or slowdowns on routing as I was doing layer 3 back then at home. Version 2.8 is fast now which is good. Having a connection of 10gig reduces your latency whether you run full 10gig or not. I have 1 gig of data on a 10gig connection. I think this is best you can do now for home. I have a Cisco 10gig layer 3 switch I plan to install soon. So I can push the extra data bandwidth.

    • W

      Teams Issues

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      8
      0 Votes
      8 Posts
      374 Views
      GertjanG

      @wc2l said in Teams Issues:

      teams.microsoft.com works just fine.
      Host "msg.teams.microsoft.com" could not be resolved.

      Same for me.

      edit : while waiting, read also C:\Program Files (x86)\Microsoft Teams Network Assessment Tool\Usage.docx - this is a Microsoft tool with a manual / notice .... ( 😊 )

    • G

      failed to fetch the repo data. Unable to perform update from 2.7.2 to 2.8.0 after restoring crashed 2.8.0 pfSense.

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      8
      0 Votes
      8 Posts
      231 Views
      G

      @Wolfgangthegreat
      ...and to @comet424

      I wasn't able to perform the 2.8.0 update this weekend, but when I got to the school this morning, it worked perfectly!

      I appreciate the support from both of you, and from Netgate.

      The backup/standby pfSense instance is back in place and ready in case I have a hardware failure, or a failure of the gray matter between my ears!

      My best to all of you.

    • T

      I have 3 WAN, 1 LAN, and 1 device VPN'ed into WAN1. Computers using WAN2 or WAN3 cannot see the VPN device

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN
      8
      0 Votes
      8 Posts
      120 Views
      V

      @ThePowerPig
      So add an additional rule to allow access to internal subnets (best to create an RFC 1918 alias for this purpose), but at least for the IPs you want to access from the device in question, and move this rule up above of the policy routing rule.

    • N

      [2.8.1.b] Multiple limiter issue

      Watching Ignoring Scheduled Pinned Locked Moved Development
      11
      0 Votes
      11 Posts
      539 Views
      stephenw10S

      Ah OK I see, the names threw me!

    • C

      if_pppoe problems with php-fpm causing loops. (resolved)

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      47
      0 Votes
      47 Posts
      1k Views
      A

      I had the same issue today after CityFibre went down. The PPPOE connection does not restart, luckily I can SSH in from the FTTC line and reboot it. Then it works fine. But if the ISP drops the connection, it's either access the GUI and click Connect or reboot.

    • N

      pfBlocker install memory issues and fake GeoIP blocks ?

      Watching Ignoring Scheduled Pinned Locked Moved pfBlockerNG
      6
      0 Votes
      6 Posts
      69 Views
      S

      @njaimo There's a note on https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-config.html

      Python Module Order:

      Controls the position of the Python module in the DNS resolution process. If DNSSEC is disabled, this option has no effect. Pre Validator: The script is run before DNSSEC validation. Post Validator: The script is run after DNSSEC validation.

      Since we normally forward (to Quad9) we disable DNSSEC.

    • P

      pfSense® CE 2.8.1 Beta Now Available!

      Watching Ignoring Scheduled Pinned Locked Moved Messages from the pfSense Team
      14
      6 Votes
      14 Posts
      742 Views
      R

      @reberhar Piece of cake.

      Really fast with no problems.

    • N

      PHP Fatal error: Allowed memory size of 536870912 bytes exhausted

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      6
      0 Votes
      6 Posts
      81 Views
      GertjanG

      @stephenw10
      Very true.
      kea2unbound requests unbound a copy of it's local 'DNS' cache so it can check what has to be removed before it adds new DNS (& PTR) info, if needed.
      When Python mode isn't used, this local unbound cache can get very big.

      edit :
      To see it :

      /usr/local/sbin/unbound-control -c /var/unbound/unbound.conf list_local_data | wc -l

      If pfBlockerng is used without Python mode (also !), this cache can be very big.
      Reading, writing and parsing huge data streams with PHP creates classic "don't do that" situation.

      Btw, @cmcdonald (kea2unbound author, right ?) : what about a warning message in the log system when kea2unbound detects that the option Python Module under "Services > DNS Resolver > General Settings" is disabled ?
      The unbound config is already loaded, so checking would be easy :

      Disabling this option by itself is probably not an issue, but if pfBlockerng is installed and it uses DNSBL feeds, then things will go downwards very fast. See here :

      Memory exhaustion in kea2unbound when pfBlockerNG DNSBL is enabled in "Unbound mode" instead of "Unbound python mode"

      Or, as proposed in the bug comments : remove the "Unbound or Python" option completely in pfBlockerng, making Python mode default.
      And what the heck, why not remove the

      73568b2a-ae4c-4d4c-965a-47218552a089-image.png

      option also ?! Activate it by default. Not sure why it needs an option to disable it.

    • A

      25.03 BETA - PPPoE WAN Reconnection

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions pppoe fttp
      8
      0 Votes
      8 Posts
      180 Views
      stephenw10S

      Yes, it's in the RC.

    • N

      Connections/states DROP when changing web configurator COLOR!!

      Watching Ignoring Scheduled Pinned Locked Moved Development
      6
      0 Votes
      6 Posts
      113 Views
      stephenw10S

      It restarts ntpd because that page has the external ntp server settings on it. But nothing there looks like it would affect the firewall... 🤔

    • R

      pfSense 2.8.0 full iso/img

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      70
      1 Votes
      70 Posts
      13k Views
      R

      @coxhaus I no longer care either because the source code does not seem compilable for the average use. I used to have fun with compiling many years ago as a former smoothwall user.

      While it may be preferable not to give the source away, the fact that pfsense if forked from an open source project (monowall) two decades ago may still require this. (I am not a legal expert on open source licensing.)

      To bring this back to the title of the topic, this is solely about the release of an iso of the full compiled v2.8.0 for direct installs, not asking for anything more.

    • B

      2.8.0 config.xml wont apply with /etc/rc.reload_all

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      6
      0 Votes
      6 Posts
      184 Views
      stephenw10S

      What gets logged when you run that in 2.8?

    • Z

      VPN Client Not Using pfSense DNS Server (10.60.0.252) After Connecting via OpenVPN

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions
      6
      0 Votes
      6 Posts
      90 Views
      stephenw10S

      Because 10.60.0.252 is the server end of the VPN tunnel at pfSense. The local DNS resolver (Unbound) listens and responds on that IP and that is where the override is set.

      Where as 8.8.8.8 is Google's DNS service that knows nothing about any local overrides you might have set. When clients use that DNS server is bypasses any local DNS overrides.

    • T

      Reboot gets stuck at "Installing Nvme Lens"

      Watching Ignoring Scheduled Pinned Locked Moved Official Netgate® Hardware
      13
      0 Votes
      13 Posts
      346 Views
      T

      @stephenw10 Thanks for letting me know there were backend issue, I think it would be helpful if Netgate posted an announcement when there are issues, maybe some details, and an ETA to restore service.

      It would save a little headache for some of us.

    • R

      Sudden appearance of SSDP through port 1900 from a public ip

      Watching Ignoring Scheduled Pinned Locked Moved Firewalling
      6
      0 Votes
      6 Posts
      114 Views
      johnpozJ

      @rasputinthegreatest well blocking and not log would just be any any udp to that ff0e::c address or port 1900 anything, etc. And don't have it log.

      As to the scanners - that is a pfblocker alias I have.. And put that in a floating rule.

      scandeny.jpg

    • Bob.DigB

      25.07.r.20250715.1733 New log-type?

      Watching Ignoring Scheduled Pinned Locked Moved Plus 25.07 Develoment Snapshots
      5
      0 Votes
      5 Posts
      104 Views
      stephenw10S

      Mmm, anything further down the ruleset can get changed at reload by changing rules higher up.

    • 7

      Squid on 2.8

      Watching Ignoring Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
      10
      0 Votes
      10 Posts
      524 Views
      GertjanG

      @jc1976 said in Squid on 2.8:

      upgrade an issue developed between suricata, pfblocker, and unbound. when i disable the two packages, all works fine

      Let's consider :
      If you leave the 'unbound' (the resolver) settings to "all default", the way you found them when you first installed pfSense.
      You remove / don't install the extra stuff = suricata and pfblocker.
      Then : no issues what so ever.
      Right ?

      This means your issue isn't "pfSense 2.8.0" or the upgrade. Its an 'ordinary' package settings issue - call the admin 😊

      Tell you boss that suricata can only filter non TLS traffic **, something that doesn't exist anymore. Check for yourself : who visits http (port 80) sites these day ? Who collects mail using port 110 ? Who sends mail using port 25 ?
      Imho : suricata, for what it's worth, can't do much these days, it can 'see' the data payload in the packets. Everything is TLS these days.

      ** It is possible to do TLS filtering, but that demands a 'proxy' setup, making you a real expert.

      pfBlockerng is blocking you, DNS or something else ? That's any easy one, and rather simple do debug.

    • K

      Can't access port-forwarded/natted services from another local network

      Watching Ignoring Scheduled Pinned Locked Moved NAT
      5
      0 Votes
      5 Posts
      33 Views
      K

      @johnpoz I see, thanks for explaining and the help!

    • M

      System daemon waagent on Alpine Linux with s6

      Watching Ignoring Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
      5
      0 Votes
      5 Posts
      114 Views
      M

      I have already solved the problem by using the Python library. You can delete my post. Thank you for your help)