Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfTop not showing the ports in use...?

    Scheduled Pinned Locked Moved L2/Switching/VLANs
    3 Posts 2 Posters 450 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      slamdunkthefunk
      last edited by slamdunkthefunk

      Ok so I’m new to pfsense. I’m in the process of setting up multiple VLANs on my home network. I’m at the point where I have the multiple VLANs configured, and for testing purposes I have traffic flowing freely between them.

      All is good in terms of connectivity. Now I’m tweaking my traffic shaping by monitoring activity in pfTop to determine which ports etc. to use in the Floating rules. Here’s the issue:

      When initiating certain activities on the network (like VNC, RDP, Plex) I can only see the relevant ports (5900, 3389, 32400) In pfTop when the source and destination clients on the network are on different VLANS. When the clients are on the same VLAN, the above activities and port examples don’t show in pfTop at all. Instead its 443 connections to destination IPs not on my network.

      Here is the information on my setup:

      • Pfsense 2.4.5 installed on a 4 port Qotom machine bought off Amazon
      • igb0 is the WAN
      • igb2 and igb3 set up as a LAGG —> NETGEAR GS110TPP —> NETGEAR GS108T
      • VLANs 10 (Management), 20, 30, 40 created, each linked to the LAGG (see image)

      1F5B3DCA-AE56-4248-8309-1DD29646F9F6.jpeg 5C4FF407-1CC0-490E-853D-6FE9F2D33B7A.jpeg F37B5B7E-9980-4B6C-870E-161ED5D20825.jpeg

      Ive been pulling my hair out over this for days. Ive restored my pfsense box to factory defaults so many times.

      Does anyone have any ideas?? I’m running out of hair...

      1 Reply Last reply Reply Quote 0
      • S
        slamdunkthefunk
        last edited by

        E.g:

        • iPhone on 192.168.20.25 (VLAN20) initiates VNC connection to Macbook on 192.168.30.43 (VLAN30). PfTop results show ports 5900 - all good.
          Capture.JPG

        • Now same iPhone, but on 192.168.30.38 (VLAN30) initiates VNC connection to same Macbook on 192.168.30.43 (VLAN30). PfTop results dont show the 5900 ports anywhere.
          Capture2.JPG

        1 Reply Last reply Reply Quote 0
        • ipeetablesI
          ipeetables
          last edited by ipeetables

          first, was the vnc connection successful? pftop is sorted by bytes and you have a maximum number of states set to 100 with a lot of DNS traffic. have you tried to narrow down pftop results by adjusting your filter expression from "src net 192.168.30.38" to "src net 192.168.30.38 and dst port 5900"?

          edit: oh, you should be using src host 192.x.x.x instead of src net.

          src host host
True if the IPv4/v6 source field of the packet is host.

src net net
True if the IPv4/v6 source address of the packet has a network number of net.
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.