@JonathanLee Not only smb needs to be accessed, but also a proxmox server, for example

Yes. Unless it has a serial console which is generally preferred since you can copy/paste the output etc.

@LaUs3r the static route is shown in the 3rd screenshot

@Gertjan and others:
It was very helpful to understand that pfsense has a lockout which I had not seen before. What complicated issues further was that every now and again the connection between my browser and the pfsense firewall would go down momentarily. I traced that to an Ethernet NIC - after testing it with other machines. I would just watch the ping between 2 workstations connected directly by ethernet with no intervening switches or routers and every 2-20 minutes, the ping would not be returned for maybe 20 seconds. I am sure that this did not help. Exactly what effect it would have, I'm not sure - maybe receiving a spurious version of my pw etc. But I admit that I don't really know. So perhaps this was a combination of being locked out, problems with the NIC and general incompetence on my part ;)

As far as I can tell, there are no remaining login problems. So thanks to all who responded.

Cron job @reboot the mount commands

@viragomann @SteveITS
Thank you gentlemen!
It works now. viragoman put me in right direction.
No need to open any ports on clients windows FW or anything else, just correct NAT rule.
I have 2 clients in secure dep., one with 3389 and second with 3390 RDP port (have to change default RDP in windows).
Then clone standard NAT rule and just change redirect target and RDP port.
Here is my config, that works.pfSense_NAT.png

@stephenw10 said in 25.03-BETA on hyper-v 100% CPU-usage:

If you boot a test pfSense VM in Hyper-V does it also show that?

You mean the 25.03-BETA problem? Even if I would set one up, I "lost" all my registrations for another Plus. But even if I could do it, it wouldn't be in much use. Really the only thing I can do is a small test run on my main pfSense but I will need to revert back after some hours.

I am already thinking to move my pfSense-VM into the nested Proxmox host I have running in Hyper-V. So much fun with all the switching/bridging. And I would need another activation for sure. In the end, I am just an (ab)user 😉

@elvisimprsntr

Ok, thanks for the details.
Your "NVG599" seems to be to a DHCP-relay, so it re transmits to the real DHCP server, somewhere in the ISP network.
Anyway, the DHCP WAN seems fine and not a cause of your issue.

Many thanks I’ll dig it out
May take a while tho

@stephenw10 said in Pfsense 2.6 : Google Map picks last known location:

in some database somewhere

multiple dbs I am sure.. There are a few public ones you can use as an example

https://wigle.net/

It is an interesting problem sure - but its not pfsesnse manipulating your location info ;) I wish it was that simple - then I could easy use my pc for making bets vs having to do it on my phone ;)

@Alessiottero said in Uknown VLAN Traffic with Suricata IPS Inline Mode:

I guess SID mgmt is better for applying global filters or exclusions, like for silencing stream rules that are not useful except for troubleshooting, and suppression lists for excluding/including specific hosts or subnets in the inspections, correct?

That is correct. The two serve different functions. SID MGMT is for rules management on a global scale (or actually per configured interface). Suppress Lists allow the suppression of individual SIDs for chosen IP addresses or networks. You can also suppress a given SID for all hosts, but that feature is also easily done by simply listing that SID in a "disable SID list" in the SID MGMT tab. But you can't filter SID MGMT selections by IP address or subnet like you can do with Suppress Lists.

General Motors makes Chevrolets.
And Cadillacs.
EOF

When you connect out from the interface address directly there is no outbound NAT required. You should be able to ping out from it.

However you are seeing some traffic from it so perhaps you're not selecting the source correctly?

The gateway monitoring would be the same, is that showing as up for WG?

@stephenw10

thanks for your support.

I install it from scratch and import the config and it is working fine know.
I don't know what was wrong.

my advice to everyone is that to make daily or weekly backup at least if you don't change the config a lot to save your life .

Looks like those states are created outbound. I assume bxe0 is an internal NIC? The 'route-to' tag there implies policy routing in a firewall rule for that.

Only inbound states on a WAN will get tagged reply-to.

@stephenw10

Now I'm really calmed down, thank you!

Well you could try replacing that capacitor but I'm not too hopeful.

@Erick2129 said in NO-IP E DNS DINAMICO:

*/5 * * * * root usr/bin/nice -n20 /etc/rc.dyndns.update

Opa, que bom que resolveu.
Esse agendamento cron vai atualizar a cada 5 minutos independente se o link caiu, oq significa que se tiver uma queda, pode demorar até 5 minutos para atualizar o IP.
Normalmente isso não seria necessário, me pergunto se tem um bug na implementação do no-ip ou se é algo específico aí no seu setup.

Okay, so after a very long night and few coffees this morning, its now fully working without an issue, I can unplug the WAN cable and reconnect it, it jumps back up straight away. Rebooting the modem, the same, it waits for the link - once its there it reconnects and remains connected.

I first did a straight forward Factory Defaults reset, that didn't work. Next, did a fresh pfSense CE install, and that also has not helped, the same behaviour was repeating itself. I also tried the "forbidden fruit" fork, that didn't work either - same behaviour.

I still had the option to install pfSense plus from the days when I had the home lab license, so I installed that and the issue disappeared.... Rock solid. I set everything back up, all the packages I use and it still is working as expected. I have scanned through the changelogs / tickets on Redmine but couldn't see anything specific relating to this issue so my only conclusion is that something must have changed within FreeBSD itself.

How the logs look now, I have highlighted the event that never showed up before.

Feb 11 01:36:20 php-fpm 540 /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp)
Feb 11 01:36:20 php-fpm 540 /rc.linkup: DEVD Ethernet attached event for wan
Feb 11 01:36:20 php-fpm 540 /rc.linkup: HOTPLUG: Configuring interface wan
Feb 11 01:36:20 check_reload_status 653 rc.newwanip starting ix0
Feb 11 01:36:20 php-fpm 540 /rc.linkup: Gateway, none 'available' for inet, use the first one configured. 'WAN_DHCP'
Feb 11 01:36:20 php-fpm 540 /rc.linkup: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Feb 11 01:36:20 check_reload_status 653 Restarting IPsec tunnels
Feb 11 01:36:21 php-fpm 20277 /rc.start_packages: Restarting/Starting all packages.
Feb 11 01:36:21 php-fpm 20277 /rc.newwanip: rc.newwanip: Info: starting on ix0.
Feb 11 01:36:21 php-fpm 20277 /rc.newwanip: rc.newwanip: on (IP address: xxx.xxx.xxx.xxx) (interface: WAN[wan]) (real interface: ix0).
Feb 11 01:36:22 php-fpm 63053 /rc.newwanip: Resyncing OpenVPN instances for interface LAN.
Feb 11 01:36:22 php-fpm 63053 /rc.newwanip: Creating rrd update script
Feb 11 01:36:23 php-fpm 20277 /rc.newwanip: Gateway, NONE AVAILABLE
Feb 11 01:36:23 php-fpm 20277 /rc.newwanip: Gateway, none 'available' for inet6, use the first one configured. 'WAN_DHCP6'
Feb 11 01:36:23 php-fpm 20277 /rc.newwanip: IP Address has changed, killing states on former IP Address 0.0.0.0.
Feb 11 01:36:24 php-fpm 63053 /rc.newwanip: Netgate pfSense Plus package system has detected an IP change or dynamic WAN reconnection - 192.168.2.1 -> 192.168.2.1 - Restarting packages.
Feb 11 01:36:24 check_reload_status 653 Starting packages
Feb 11 01:36:24 check_reload_status 653 Reloading filter
Feb 11 01:36:24 check_reload_status 653 Reloading filter
Feb 11 01:36:25 php-fpm 3134 /rc.start_packages: Restarting/Starting all packages.
Feb 11 01:36:25 check_reload_status 653 updating dyndns wan
Feb 11 01:36:25 check_reload_status 653 Reloading filter

I have also followed your suggestions and removed remote DNS servers, only using Resolver now.

Thank you for your help!