@hescominsoon Glad it's working better now. SMB will definitely be slower but should be far more usable.

I'm referring to the recommends patches list in the System Patches package. I can't see anything there that should make any difference to dnsmasq but it's worth trying.

@Gblenn
Thank you
That’s great advice
Merry (or Happy) Christmas or Happy Holidays

@stephenw10 thanks for the information

Mmm, I'd be amazed if your ISP was using anything other than 1500.

@stephenw10 I reported it as (possible) spam (category 'other) yesterday.

@jrey I've finally managed to roll back to 24.3 after 2 days of messing around and re-install pfb 3.2.0_10 from scratch. Now all is dandy again with much more lists active than under 24.11.

@georgelza said in strange, can access device if dhcp allocated, but not when reserved:

if I allow device join SSID and get a address itself then i can reach it, apply to both.
if I dhcp reserve a ip based on MAC then i can't access device...

Just to be clear in both situations the device pulls an address.subnet/gateway via DHCP. The only difference is whether that is a static mapping in the DHCP server?

Or are you actually setting it statically on the device when you reserve the IP?

It failed the same way? Could not reboot after restoring the config?

@johnpoz Got it. Many thanks.

@johnpoz super!
you helped my a lot.I will have a look to pfblocker and I check the alias again.

Thanks for help!
Stefan

@johnpoz disregard i see your workflow above in a previous comment.

Mmm, I tried added min and max lifetime options to the conf and it made absolutely no difference I could see! 🙄

@Jozy good luck with that mess.. I asked if you had messed with your outbound nat, I didn't say set it to manual..

Auto is the default - all of this would work with clicky, clicky with pfsense out of the box - the only reason it wouldn't is you messed with the defaults, etc..

Or you not even using pfsense as the gateway.. Which it seems your not.. ugggh..

How many tunnels/gateways do you have?

Yup I would reinstall clean to be sure at this point.

@Gertjan thank you, already apply the patch hopefully if will be solve,

@JonathanLee said in issues with dumpdev in /etc/defaults/rc.conf:

sysctl debug.kdb.panic=1

b9160abf-7a3b-47d4-a8c5-0ace4dae0fe1-image.png

Custom solution

add the cron copy the rc.dumpon to rc.dumpon.old
add the new info

and it works

Das liest sich für mich nicht schlüssig.

Dass pfB irgendwelche Counter mit 0 anzeigt, wenn die durch reset o.ä. geflusht werden, ist ja kein Fehler. Dass irgendwelche Tunnel aufgebaut werden können zeigt ja, dass offensichtlich Internet funktioniert. Dass die DS intern per DNS erreichbar ist (wo ist der DNS Eintrag angelegt? auf der Sense?) würde ja zeigen, je nachdem, dass der DNS der Sense auch geht. Warum soll also pfB Schuld sein?

Das klingt alles sehr verworren und eher danach, als hätte das Abschalten von pfB schlicht den DNS neu gestartet und dann läuft alles wieder und wenn mans danach wieder anschaltet (wobei das Gleiche nochmal passiert) gehts auch wieder.

Da wäre eher interessant, was wie wann warum genau nicht mehr geht. Und wenn man den DNSBL in Verdacht hat, dann ggf. auch erstmal nur den abzuschalten, statt alles.

zudem: nach einem Telekom Ausfall "funktioniert nichts mehr" ist wenig aussagekräftig. Nichts (siehe oben) heißt auch nichts. Wenn man aber irgendwelche VPNs und Co hat, dann geht da einiges mehr als nichts ;)

Daher ist strukturiertes Debugging gefragt. Man tastet sich sinnvoll von innen nach außen durch und prüft dabei, was genau nicht geht. Z.B. mit einer recht sicheren IP/Adresse von der man weiß dass die safe ist und nicht geblockt sein sollte. Dann packt man sich die und fängt von innen nach außen an:

Ping auf mein Gateway
ping <gateway-ip> DNS von meinem Gateway (also der Firewallname bspw. anfragen)
nslookup <firewall-name> oder host, dig, etc. abhängig vom OS Ping auf eine andere IP der Firewall (wenn mehrere Interfaces Ping auf eine safe externe IP DNS eines internen Geräts (NAS) auflösen DNS einer safen externen Adresse auflösen Traceroute / mtr / winmtr auf eine safe externe Adresse/IP (je nachdem ob DNS geht) und das ggf. laufen lassen (mtr/winmtr) um zu sehen, ob man trotzdem noch IP Drops hat

und so tastet man sich Schritt für Schritt durch, was genau nicht geht, denn "(alles) geht nicht" ist keine Fehlerbeschreibung :)

Cheers

@mvhcr its not a bad little switch for price and size.. But after playing with it couple years back I think I couldn't find a use in my network. So just threw it on the shelf and figured hey never know when a poe powered capable with vlan support switch might come in handy ;)

Then awhile back I noticed in my sg300-10 logs an interface bouncing on reg basis, it was only for a couple of seconds.. And I wasn't really noticing any issues with viewing my camera feeds directly, etc.

But then dawned on me - hey that nvr is prob doing something trying to get poe working because it really expects a poe camera to be on the port.. So I put the little mini between with it being powered by the nvr and all the resets on the interface went away on my sg300 and now sending 1000s of pings never lost one, before I was loosing a couple of pings every minute or 2, etc.

But yeah unifi has changed some things over the last couple of years on how you do a "trunk" port.. Not really a fan of how they do switching.. Which was another reason I really didn't feel a need to incorporate that flex mini into my network.

And you can't really do just specific vlans - its all or nothing. I believe on some of their higher end switches you can customize what vlans are allowed over the trunk - see that custom in my above pic - which is greyed out on the mini.

I might try and leave the mini in my controller - but have to figure out how to get it to get an IP from the vlan my controller is on vs the nvr dhcp server.. Curious if I set it to static if that will survive a power cycle - then I could remove the usb power and just leave it poe powered ;)