[pfSense] Every so often I am seeing "[zone: pf frag entries] PF frag entries limit reached" on my monitor attached to my pfsense box.

2017-10-02 Thread Hillie Sample 
Every so often I am seeing "[zone: pf frag entries] PF frag entries 
limit reached" on my monitor attached to my pfsense box.


I increased System > Advanced, Firewall & NAT tab, "Firewall Maximum 
Fragment Entries" to 8192 from the default value of 5000 (Thanks Jim 
Pingle for the tip).


I rebooted and unfortunately I am still having the message appear every 
so often.


Should I increase the limit even higher?

Memory, CPU ans swap use is all very low.

2.3.4-RELEASE-p1 (amd64)
built on Fri Jul 14 14:52:43 CDT 2017
FreeBSD 10.3-RELEASE-p19

Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz
Current: 3300 MHz, Max: 3301 MHz
4 CPUs: 1 package(s) x 4 core(s)

4GB Ram

I am using openvpn.

Any advice/suggestions appreciated.

Thanks,

Hillie

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] Open ports between subnets

2017-10-02 Thread Steve Yates 
Do you have the option to block private networks on both interfaces turned off?

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Antonio
Sent: Saturday, September 30, 2017 7:05 PM
To: list@lists.pfsense.org
Subject: [pfSense] Open ports between subnets

Hi,

I have a media app called EMBY on my android phone that is installed on
androide 7.1 mobile connected via pfsense wifi network (192.168.3.x). It
should try to connect to my server on the wired LAN at 192.168.2.X but
doesn't appear to do so  for some reason. I inspected firewall logs and
it says that packets from 192.168.3.7: (phone) to 192.168.3.1 are
blocked.  Its almost as if the packets couldn't get past the WIFI
gateway into the 192.168.2.X subnet even though I have a rule set up in
the wifi that:

a) allows a PASS for IPV4* packtes with source "LAN net" to destination
* -> "Default allow LAN to any rule"

b) allow IPV4 from 192.168.3.X any port to 192.168.2.2 any port

There must be something that I am missing but can't get my head around it.

Note that DHCP server on pfsense is assigning 192.168.3.7 to phone as
default via MAC address identification so its not a DHCP problem

Any clues on what I could be missing? why are the packets getting
blocked at 192.168.3.x? in the logs, there appear to be a lot of
requests from random ports on the mobile device to port 53.

Note that I have another device on the wifi network (a little Adafruit
ESP device logging  temperature) that is not having these problems and
is getting to the server no problem.

I hope you guys can help me work out what is wrong.

Thanks

Antonio

-- 

Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold