Re: [pfSense] Diagnosing DNS Resolver SERVFAIL issues

Is the pfSense set to forward DNS requests? Maybe the ISP on the VPN side is blocking DNS requests that leave their network to a third-party DNS server? I have seen that before, over the years. -- Steve Yates ITS, Inc. -Original Message- From: List <list-b

[pfSense] Custom pass entries for Suricata for all rules, for inline mode

257.0+=4=en=clnk=us=firefox-b-1 ) Thanks, Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Syntax error in rules.debug for lagg0 (WAN) after upgrade to 2.4.3_1

interface on WAN and that had the same symptom with the interface in the message. -- Steve Yates ITS, Inc. -Original Message----- From: Steve Yates Sent: Wednesday, May 23, 2018 10:34 PM To: 'pfSense Support and Discussion Mailing List' <list@lists.pfsense.org> Subject: Syntax erro

Re: [pfSense] Syntax error in rules.debug for lagg0 (WAN) after upgrade to 2.4.3_1

is related to this...? -- Steve Yates ITS, Inc. -Original Message----- From: Steve Yates Sent: Wednesday, May 23, 2018 10:34 PM To: 'pfSense Support and Discussion Mailing List' <list@lists.pfsense.org> Subject: Syntax error in rules.debug for lagg0 (WAN) after upgrade to 2.4.3_1 After

[pfSense] Syntax error in rules.debug for lagg0 (WAN) after upgrade to 2.4.3_1

IP, .150 the CARP shared IP. Given the first two are there, I'm not sure what the third is supposed to be? Re-applying the firewall rules does not clear it, though does appear to trigger it (presumably due to the rules reload). Suggestions? Steve Yates ITS, Inc.

Re: [pfSense] Upgrades to 2.4.3.x failing after updating metadata

FWIW I upgraded our SG-4860 pair and saw the same behavior, fails after the metadata update. I waited 5 minutes and it did not restart and saw no indication in system log it was going to, or upgrading. -- Steve Yates ITS, Inc. -Original Message- From: Steve Yates Sent

Re: [pfSense] Bandwidth Mismatch between pfSense and Data Center Provider...

an allow rule for each server and/or service and see what is tracked? -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of Chuck Mariotti Sent: Wednesday, May 23, 2018 12:57 PM To: list@lists.pfsense.org Subject: [pfSense] Ban

Re: [pfSense] How could I block messages trying to pass as from my net?

ule allows connections only from the spam filter server IP ranges... -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of Alberto José García Fumero Sent: Friday, May 18, 2018 11:52 AM To: list@lists.pfsense.org Subject: Re: [pfSense] H

Re: [pfSense] How could I block messages trying to pass as from my net?

I think your rule should work. Are you sure there is not another rule above that one in the list of rules, that allows the inbound connection? In other words the block rule has to be above the rule allowing traffic on port 25 to your mail server. -- Steve Yates ITS, Inc

Re: [pfSense] Upgrades to 2.4.3.x failing after updating metadata

... -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of WebDawg Sent: Wednesday, May 16, 2018 9:50 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] Upgrades to 2.4.3.x failing after updating

Re: [pfSense] Upgrades to 2.4.3.x failing after updating metadata

rade run and reports a failure when the upgrade is actually running successfully in the background." -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of John Kline Sent: Tuesday, May 15, 2018 10:29 PM To: pfSense Support and D

[pfSense] Upgrades to 2.4.3.x failing after updating metadata

talls. Is anyone else seeing this? -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Firewall rules on OpenVPN interface

yet. -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of Antonio Sent: Sunday, May 6, 2018 4:34 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] Firewall rules on OpenVPN inter

Re: [pfSense] DNS configurazione under VPN

ry against the root servers. Then it would use your OpenDNS servers, and where those servers are is up to OpenDNS. I assume they're big enough to have them worldwide...? -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of Antonio Sent:

Re: [pfSense] DNS over TLS config for pfSense 2.2.6

Wild guess, but did you try it in 2.4.x? -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of Bryan D. Sent: Wednesday, April 4, 2018 8:01 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [

Re: [pfSense] Nat between vlans

Wouldn't it be easier to just create a firewall rule to allow the Guest VLAN to the printer IP:port? It would be the same thing...they can only access that IP:port? -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of Yilmaz B

Re: [pfSense] Failed to Configure OpenVPN to Work With LAN Clients.

t; (https://portal.pfsense.org/docs/book/, you get access if you bought from Netgate as I recall) and didn't have any issues setting up OpenVPN on IPv4. -- Steve Yates ITS, Inc. -Original Message- From: List <list-boun...@lists.pfsense.org> On Behalf Of Fadhili Ngalawa Sent:

Re: [pfSense] Port forwards don't work on one machine

-- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Marco Sent: Monday, February 12, 2018 3:10 PM To: list@lists.pfsense.org Subject: Re: [pfSense] Port forwards don't work on one machine On Mon, 12 Feb 2018 20:45:55 +0000 Steve

Re: [pfSense] Port forwards don't work on one machine

Just to double check the config, so the pfSense router is set as the DMZ of the ISP router? Have you tried deleting the rule and re-adding? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Marco Sent: Sunday, February 11, 2018

Re: [pfSense] Bug found: Remote Logging Options and IPv6

There is a bug tracker at https://redmine.pfsense.org/projects/pfsense -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Christoph Haas Sent: Tuesday, February 6, 2018 8:11 AM To: pfSense Support and Discussion Mailing List <l

Re: [pfSense] Error in NAT --> Port Forward --> Edit

This came up on this list in October with 2.4 and 2.4.1, but with Outbound NAT rules. I don't have a saved email with a posted solution...? If you export/save your config file does it have odd characters in it? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun

Re: [pfSense] 'Kernel memory leaking' Intel processor design flaw forces Linux, Windows redesign • The Register - patch to pfsense?

I'm not a developer but I would think it's dependent on FreeBSD releasing the update, plus testing by pfSense/Netgate. However, I would think there's not much concern with PCs running pfSense, since raw code would not normally be running on the pfSense box...? -- Steve Yates ITS, Inc

Re: [pfSense] Slow/impossible updates to 2.4?

Check to see if your DNS is running properly. If it isn't the DNS timeouts will take forever. I had that happen once after an update. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of David C. Jenner Sent: Tuesday, December 26

Re: [pfSense] SSH Bruteforce

I think you're looking for the Suricata or Snort packages for detecting malicious traffic at pfSense. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Sent: Wednesday, December 20, 2017 4:53 AM To: pfSense Support

Re: [pfSense] pfsense crashing

I had been following that one since we had been using limiters and had the "pfsync_undefer_state" issue, though thankfully no crashes. Post #44 on that page has a workaround. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.p

Re: [pfSense] DHCPv6 working but no gateway

Apparently pfSense 2.4.2 fixed a bug with RA not working on the SG-3100 router model: https://forum.pfsense.org/index.php?topic=139953.0 -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent: Friday, December 8

Re: [pfSense] pfsense ha issues

ess. DHCP gives default route to 192.168.1.1 which is the carp vip. I got only continuos packet loss to internet not to .1 (vip) or .7 addresses and carp status is stable. (ie. primary firewall is master on all carp addresses) Eero 2017-12-12 21:55 GMT+02:00 Steve Yates <st...@teamits.com>:

Re: [pfSense] pfsense ha issues

s? The .7 address? Or just out to the Internet? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Tuesday, December 12, 2017 1:03 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> S

[pfSense] DHCPv6 working but no gateway

quot;...am I missing something that needs configuring? I did try putting in a subnet, even though the RA page says that's not necessary. Thanks, Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support t

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

on the other took its 2 seconds to time out after every request. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Pete Boyd Sent: Monday, December 4, 2017 2:29 PM To: list@lists.pfsense.org Subject: Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440

Re: [pfSense] 2.3.5 to 2.4.2 on SG-2440 failed accessing repository

/index.php?topic=125873.msg695386#msg695386 -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Pete Boyd Sent: Monday, December 4, 2017 1:19 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [p

Re: [pfSense] single pfsense to ha conversion

c firewall states (em0 to igb0 won't sync). -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Saturday, December 2, 2017 11:04 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> S

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

, where it installed fine. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Friday, December 1, 2017 2:08 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [p

Re: [pfSense] Using LAGG interfaces with CARP to allow future router replacements

the interface names, and it gets set up all at once upon restore. -- Steve Yates ITS, Inc. From: Adam Thompson [mailto:athom...@athompso.net] Sent: Wednesday, November 29, 2017 3:03 PM To: Steve Yates <st...@teamits.com> Subject: RE: [pfSense] Using LAGG interfaces with CARP to allow future

Re: [pfSense] pfSense can get to Internet but LAN cannot

1) we're not using NAT 2) ...which means this is the answer because the router on the WAN side doesn't know to route that subnet back to the pfSense. D'oh! Adding a manual NAT rule lets it work. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun

Re: [pfSense] pfSense can get to Internet but LAN cannot

A couple clarifications...the ping from LAN to the WAN gateway is timing out, not saying "unreachable" or something like that. I can ping the router's WAN IP (and CARP WAN IP) from the LAN, as allowed by firewall rule. -- Steve Yates ITS, Inc. -Original Message-

[pfSense] pfSense can get to Internet but LAN cannot

and disconnected the second router (and changed the PC gateway accordingly). Changing the PC to an IP on the WAN side and plugging it into the gateway router works fine to get past the gateway. -- Steve Yates ITS, Inc. ___ pfSense mailing

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

It would help if someone updated the pfSense doc page to clarify that, then, since I asked that question on this list in July and got a different answer than yours. https://doc.pfsense.org/index.php/Upgrade_Guide#Packages -- Steve Yates ITS, Inc. -Original Message- From: List

Re: [pfSense] pfsense 2.3 -> 2.4 upgrade?

Does it work if you uninstall haproxy first? I know pfSense recommends uninstalling packages for "major" version upgrades but (per my past thread here ) I would think point versions are minor upgrades. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto

Re: [pfSense] pfSense 2.4.2 release

They emailed partners, since we got an email yesterday afternoon. It just came out since I upgraded a router to 2.4.1 overnight Monday night. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Ryan Coleman Sent: Wednesday

Re: [pfSense] pfSense 2.4 consistently crashes daily

Any chance it had a 32 bit install and you manually upgraded to 64? I believe pfSense recommends a wipe and reinstall in that case. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Liwei Sent: Wednesday, November 22, 2017 8:08

Re: [pfSense] pfsense ipv6 not working

Ah yes, System/Advanced/Networking, Allow IPv6. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Sent: Tuesday, November 21, 2017 12:42 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> S

Re: [pfSense] pfsense ipv6 not working

Starting at the top level, do you have a firewall rule allowing ICMP for IPv6? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Monday, November 20, 2017 1:01 PM To: pfSense Support and Discussion Mailing

Re: [pfSense] Packetloss

I don't have a specific answer but if you know the setting you can try the System > Advanced, System Tunables page. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Sent: Thursday, November 16, 2017 6:36 AM To: pfSe

Re: [pfSense] FreeNAS Jail Connection

Try turning on logging of the default block rules to see if it is in fact being blocked. Alternatively, if you add firewall rules allowing all traffic to/from the NAS does it work? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org

Re: [pfSense] CARP Demotion Not Working

and a WAN, and both IPv4 and IPv6, on two virtualized routers). -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Andrew Kester Sent: Friday, November 3, 2017 10:49 AM To: list@lists.pfsense.org Subject: Re: [pfSense] CARP Demotion N

Re: [pfSense] malformed packets

I saw your question but didn't see an answer... Have you considered Suricata or Snort to see if they can detect and block off the traffic? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of mad.scientist.at.la...@tutanota.com

Re: [pfSense] CARP Interface doese not sync

uricata or any other packages? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Sent: Monday, October 30, 2017 7:33 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] CARP In

Re: [pfSense] openvpn restarts when running on secondary node and sync updates comes from primary

We also get that message logged at the daily rule update for Suricata. I think it just happens when pfSense senses certain types of updates... :-/ -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eugenio Modesti Sent: Thursday

Re: [pfSense] HTTP/HTTPS filtering with Pfsense+Squid+Squidguard for cell phones

Lurking on by...if you ever want traffic stats by IP address, without a proxy, check out the BandwidthD package. https://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf

Re: [pfSense] pfSense virtualisation

. Also perhaps specific to Virtuozzo was that I had to use some special startup parameters to get pfSense to install and boot. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Lars Wuerfel Sent: Wednesday, October 11, 2017 8:38 AM

Re: [pfSense] Every so often I am seeing "[zone: pf frag entries] PF frag entries limit reached" on my monitor attached to my pfsense box.

e VPN" from https://doc.pfsense.org/index.php/IPsec_Troubleshooting#Packet_Loss_with_Certain_Protocols. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Hillie Sample Sent: Monday, October 2, 2017 3:57 PM To: list@lists.p

Re: [pfSense] Open ports between subnets

Do you have the option to block private networks on both interfaces turned off? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Antonio Sent: Saturday, September 30, 2017 7:05 PM To: list@lists.pfsense.org Subject: [pfSense

Re: [pfSense] Multi-WAN and HA. Established connections through a not default gateway are broken when I disable CARP in the master unit.

So you have both dual WAN and CARP? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of dayer Sent: Wednesday, September 27, 2017 2:43 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subje

Re: [pfSense] Multi-WAN and HA. Established connections through a not default gateway are broken when I disable CARP in the master unit.

I'm not sure if I am following you correctly, but the WAN CARP IP has to be the same on both routers. So router1 has a WAN of a.a.a.a and CARP of a.a.a.b, and router2 has a WAN of a.a.a.c and CARP of a.a.a.b. Same thing with the LAN IPs. -- Steve Yates ITS, Inc. -Original

Re: [pfSense] IPv6?

is something like: because it's not a router, it can only assign a /128 address and mask, so no PC can talk to other PCs on the LAN. IPv6s would have to be entered on the PCs manually, or let them get IPv6 from pfSense...but then you're back to needing DNS to point to the Windows server. -- Steve

Re: [pfSense] bandwithd

package, I think) anymore. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Daniel Sent: Tuesday, August 22, 2017 5:15 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: [pfSense] bandwit

Re: [pfSense] Routing Vlan

On the interface(s) is "Block private networks" checked? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WolfSec-Support Sent: Thursday, August 17, 2017 3:31 AM To: pfSense Support and Discussion Mailing

Re: [pfSense] 2.3.2 upgrade only offers 2.3.3_1

lls now." I am wondering if the update check is not always picking up newer update info for some reason. To answer your question I know I've skipped revisions before. I am fairly certain I've skipped minor versions also. -- Steve Yates ITS, Inc. -Original Message- From: Li

Re: [pfSense] Update to 2.3.4(_1) fails (Not Found)

FWIW, I just updated two others from 2.3.3_1 to 2.3.4_1 without this issue. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent: Tuesday, July 25, 2017 5:35 PM To: pfSense Support and Discussion Mailing List <l

Re: [pfSense] Update to 2.3.4(_1) fails (Not Found)

to stable) and the update installs now. Log shows: [1/75] Fetching pfSense-rc-2.3.4_1.txz: . done Looks like it was maybe stuck looking for 2.3.4 and should have been looking for 2.3.4_1? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org

Re: [pfSense] Update to 2.3.4(_1) fails (Not Found)

have one I can do from 2.3.4 but not until out of hours. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Doug Lytle Sent: Tuesday, July 25, 2017 2:28 PM To: pfSense <list@lists.pfsense.org> Subject: Re: [pfSense]

Re: [pfSense] Update to 2.3.4(_1) fails (Not Found)

Hmm, has anyone been able to upgrade from 2.3.x or earlier to 2.3.4_1 since its release Thursday? Or perhaps everyone on this list was on 2.3.4 already... :) -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent

[pfSense] Update to 2.3.4(_1) fails (Not Found)

nse-rc-2.3.4.txz: Not Found >>> Locking package pfSense-kernel-pfSense... done. Failed -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Upgrading versions - uninstall packages?

Ah, I see, thanks. I read right over that word I guess! -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of J. Hellenthal Sent: Thursday, July 20, 2017 6:26 PM To: pfSense Support and Discussion Mailing List <l

Re: [pfSense] Upgrading versions - uninstall packages?

lease. Packages will be reinstalled afterward, but are frequently a source of problems. To ensure a smooth upgrade, note the installed packages, remove them, perform the upgrade, and then reinstall whichever packages are necessary." -- Steve Yates ITS, Inc. -Original Message- From: List [m

[pfSense] Upgrading versions - uninstall packages?

l normally uninstall and reinstall either or both of those two packages during version upgrades? Thanks, Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] 2.3.4-RELEASE (amd64) - Kernel Panics

Are you running limiters in an HA configuration by chance? There's a known issue there. (https://forum.pfsense.org/index.php?topic=87541.new;topicseen#new) -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg Sent

Re: [pfSense] MBR restore

org> Subject: Re: [pfSense] MBR restore To pile on. The config is manually editable also. In fact sometimes you have to edit it when moving to new hardware because the interface names are not the same. It is by far the best way to move a pfsense install... On Fri, Jun 30, 2017 at 10:35 AM, Steve Yat

Re: [pfSense] MBR restore

If you can log into the old one, use Diagnostics/Backup & Restore to download the config. Restore it to the new one and it will prompt to remap the interfaces (WAN=em0, etc). Searching, it looks like the file on disk is /conf/config.xml? -- Steve Yates ITS, Inc. -Original Mes

Re: [pfSense] MBR restore

Agreed that is likely the easiest way. Installation is fast and config restore trivial. Even if the config wasn't exported (the original died) it might be faster to copy the file off the drive from wherever it lives? -- Steve Yates ITS, Inc. -Original Message- From: List

Re: [pfSense] bulk update of multiple aliases & rules

On the off chance they're coming from another pfSense, perhaps export the configs and copy/paste. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Lee Damon Sent: Thursday, June 29, 2017 4:17 PM To: list@lists.pfsense.org

Re: [pfSense] Network interruption on pfSense Firewall

index.php/Tuning_and_Troubleshooting_Network_Cards#TSO.2FLRO ( https://doc.pfsense.org/index.php/VirtIO_Driver_Support Xen/KVM networking will not work using default hypervisor settings!: https://forum.pfsense.org/index.php?topic=88467.0 ) -- Steve Yates ITS, Inc. ___ pfSense mailing l

Re: [pfSense] Restoring at remote location before deployment

would be to put the WAN gateway IP in your own pfSense and the new router would talk to it. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Mark Wiater Sent: Thursday, May 18, 2017 8:27 AM To: list@lists.pfsense.org Subject: Re

Re: [pfSense] How To install MySQL on Pfsense 2.4

Supposedly one can just install FreeBSD packages (https://doc.pfsense.org/index.php/Installing_FreeBSD_Packages ) along with manually installing any dependencies, but as the page says it "may break the firewall." -- Steve Yates ITS, Inc. -Original Message- From: List [m

Re: [pfSense] uncomplete update to 2.3.4, no route to host

They're missing the DNS record for pkg.pfsense.org. Per the SOA ad...@netgate.com is the contact; I've bcc'd this there. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Stefan Fuhrmann Sent: Thursday, May 11, 2017 11

[pfSense] Traffic shaping setup for one IP

lly, given there are max and min bandwidth rows right below that? In my case I'm fine with the rsync using up to 60% of the outgoing bandwidth as long as it's a lower priority (minimum 1%). Do I set Bandwidth to 60%? Or set Bandwidth to 1% and Max Bandwidth For Queue to m1=60%? Thanks, S

Re: [pfSense] Limiter on LAN side not applying to NATted connection

e 2.4. Bug #4326" -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of WebDawg Sent: Wednesday, April 19, 2017 2:33 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense] Lim

Re: [pfSense] Limiter on LAN side not applying to NATted connection

I suppose. From the states/traffic recorded next to each rule, It looks like the WAN firewall rule applies and the LAN firewall rule does not. Per the docs WAN side limiters will work (again?) in pfSense 2.4 but not 2.2-2.3. -- Steve Yates ITS, Inc. Steve, Is this an ingress vs

[pfSense] Limiter on LAN side not applying to NATted connection

. Diagnostics/States shows: LAN tcp x.x.x.x:46098 -> 10.1.2.12:22 (and shows traffic) Is the rule+limiter not being applied because the port is NATted to 22? Or because the NAT happens on the WAN side and the LAN rule isn't even used? Thanks, Steve Yates ITS,

Re: [pfSense] IPv6 (CARP and DHCPv6 failover)

Yes we don't have any DHCP in our CARP environment. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of hamid ashraf Sent: Thursday, March 23, 2017 6:01 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.

Re: [pfSense] IPv6 (CARP and DHCPv6 failover)

be related to whether DHCPv6 is running, as long as the PCs have addresses...? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Jochen Becker Sent: Wednesday, March 22, 2017 1:25 PM To: hamid ashraf <moonlight20082...@yahoo.

Re: [pfSense] Netgate Firmware

Note despite the thread subject, the affected models are: SG-2220 SG-2440 SG-4860 SG-8860 SG-4860-1U SG-8860-1U However, what is the symptom? We have a handful of these in service at various clients but have not noticed any issues that we're aware of. -- Steve Yates ITS, Inc

Re: [pfSense] Client doesn't work if there are multiple network interfaces

allowing traffic between interfaces. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Manh Nguyen Tien Sent: Saturday, March 11, 2017 4:19 AM To: list@lists.pfsense.org Subject: [pfSense] Client doesn't work if there are multiple network

Re: [pfSense] small problem with squid

If I'm following, you're using a public IP:port. Did you set up NAT Reflection? (System/Advanced/Firewall & NAT) -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Berg Sent: Monday, February 13, 2017 3:45 PM To:

Re: [pfSense] SG-1000 and VPN

oad speed anyway. -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] PFsense 2.3.2-P1 dies

he console would show a stream of errors that pointed to the drive, don't recall them now of course. -- Steve Yates ITS, Inc. -Original Message- I had an issue at one point with hard disks dropping out because of the idle time set on my Western Digital drives. You say you just upgra

Re: [pfSense] SG-1000 and VPN

That's what I'm trying to ask, if the SG-1000 would work for that. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of A Mohan Rao Sent: Tuesday, January 24, 2017 11:41 PM To: pfSense Support and Discussion Mailing List <l

[pfSense] SG-1000 and VPN

? Either as a remote site or as a SOHO router + VPN host? Just wondering how the ARM CPU would stack up. The specs say 200k active (non-VPN) connections... -- Steve Yates ITS, Inc. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo

Re: [pfSense] Aliases grouping

ay that we can type in an alias. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin Sent: Wednesday, December 7, 2016 1:56 PM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [

Re: [pfSense] pfsense + carp + ha

System/High Availability Sync page shows checkboxes for what to sync. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Wednesday, November 16, 2016 1:05 AM To: pfSense Support and Discussion Mailing List

Re: [pfSense] pfsense + carp + ha

it would need the same ports. One gotcha that caught me...under "System/High Availability Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a "Remote System Username" field. That field is ignored, and "admin" is always used. -- Steve

Re: [pfSense] rules cleanup and approval process

Not sure. Router restart? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin Sent: Friday, October 21, 2016 11:08 AM To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org> Subject: Re: [pfSense]

Re: [pfSense] rules cleanup and approval process

The Rules page logs traffic for the rule, in bytes, in the States column. You can also set allow rules to log traffic but that will be a lot of log entries. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin

Re: [pfSense] pfsync_undefer_state: unable to find deferred state

te syncing completely. I haven't gone that far but did check "No pfSync" on the firewall rule per the below, to no avail. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates Sent: Friday, July 8, 2016 4:30 PM

Re: [pfSense] Change WAN interface

Interfaces/(assign) page should have drop downs to pick the interface. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin Sent: Friday, October 14, 2016 1:16 PM To: pfSense Support and Discussion Mailing List <l

Re: [pfSense] pfsense in ha - sync interface rule disapear

The rules should sync at every rule change. (alias, etc.) If states are syncing those are in real time. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin Sent: Thursday, October 13, 2016 12:00 PM To: pfSense

Re: [pfSense] pfsense in ha - sync interface rule disapear

What version pfSense? We are on 2.3.2 without the latest patch (2.3.2_1), using CARP/sync, since whatever version was in spring 2015, and haven't had this issue. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Luc Paulin

Re: [pfSense] pfsense in ha - sync interface rule disapear

Are your rules disappearing on the slave, the master, or both? Brainstorming, do both have the same name for the pfsync interface? Meaning the slave isn't named PFSYNC-SLAVE or something like that? -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

ly, but if DNS isn't working that could be an issue. In other words if DNS is running then 127.0.0.1 will always be the first DNS server used. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Holger Bauer Sent: Friday, Oct

  1   2   >