pFsense gotchas

home | blog | Teh Internet | guest blog |rants | placeholder | political | projects | Gwen and Liam | Citadel patched | Tools | Scouts


- Careful Chrome users, this search box might be "Not secure"



Q: Did your new firewall rule not work?
A: You should try flushing the state tables.


Q: Do you have static routes programmed and occasionally get blocked traffic on the same interface?
A: You should try setting System -> Advanced ->

Static route filtering	 Bypass firewall rules for traffic on the same interface 
This option only applies if you have defined one or more static routes. If it is enabled, traffic that enters
and leaves through the same interface will not be checked by the firewall. This may be desirable in some situations
where multiple subnets are connected to the same interface. 


Q: Loose your login by auth key?
A: If you did it by putting the key in via scp session, it might disappear on reboot.
It looks like you have to use the web interface and paste it in. Ugh.
If you get cr / lf messes from cut and paste, try this:

cat authorized_keys | xclip

And then try the middle chord paste (assuming you still use X11 and xclipboard)


You might need to clear yourself from the stupid sshlockout table as well (assuming you did not shoot your own foot) as
it seems not to be possible to whitelist your own ip yet....


Q: Did your pfSense server crash with kernel: [zone: mbuf_cluster] kern.ipc.nmbclusters limit reached
A: You need to verify your nmbclusters (rrd graphs) maximum and up it.
Good docs here: https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards
In case that goes away, here is the quick run down:

System -> Advanced -> System Tunable
kern.ipc.nmbclusters (add if not in the list, or edit)

For systems with multiple GB ram and x64 kernel, they said (as of 9/2016) set it to 1000000

Save and apply.

To do it via the config files at boot:
Diagnostics -> Edit File -> /boot/loader.conf.local
kern.ipc.nmbclusters="1000000"
And reboot.



[æ]