Wow! Really thanks!

My pfSense is fine now.

https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html

-Rico

@johnpoz Understood. But I am very new to pfSense, so as you would understand in the early stages of troubleshooting an issue, it would not be clear where the root cause of the problem would lie. It was the very first time I was configuring vlans in pfSense so I thought I had them wrong or was forgetting something.

Also too, I decided to just give a summary of how I resolved the issue for the benefit of any future person who run into a similar issue as I did.

Anyhow, thanks for your assistance. I appreciate it.

Not sure what shenanigans they could be up too.. Could be something to do with a ipv6 to ipv4 gateway, they could be running you through some sort of tcp proxy, etc.

But tell you for sure testing such stuff over cell can be misleading info..

Could be a form of optimization.. where their handing you back a syn,ack before any sort of connection is actually made, etc. etc..

@stephenw10 Thanks Steve!

I've been reading more and more and I really want to grow PFSense. Maybe use it as a backup for the Fortinet Firewalls in the corporate environment I work on.

Bump

@blank said in Multipurpose server, is this enough?:

d-1521

Probably. There are a lot of variables in there though. Suricata has a lot of tuning options.

Steve

Thanks Steve, I tried @TheNarc link and that seems to work (locked myself out the WAN at first 🙄 ) I'll also turn on skip rules as you mention.

Thank Gertjan again.

vlans:
Remove member 8 from vlan 4091.
create a vlan 10 and assign members 8,9t,10t.

Ports:
change port 8's Port VID as 10.

Interface
Assign vlan 10 on lagg0.
assign interface OPT1 as VLAN 10 on logg0.

firewall
Create a NAT outbound rule for WAN.
Create a NAT port forward rule for OPT1
Rule in WAN is automatically created.

Done.

We should prob edit the subject as well...

Maybe "Problems with connecting to purevpn - non pfsense related"

You didn't have to do that :) Everyone makes mitakes ;)

@blaytrail said in WAN Logs not displaying:

This is fun. :)

And there is more to come !

@JeGr said in Adding NAT rule via shell/console:

But that only works if the webUI is still responding ;)

Good point!

I can see why the guy you contacted suggested using a VPN though. If the only reason this port is open is to allow you to monitor or configure the HMI using a VPN to access it would be far safer. You wouldn't need to open any ports to it directly then.

Steve

I have no idea what he thinks he doing.. But it screams compete and utter freaking cluster to me..

I went above and beyond trying to help.. Just at a loss here..

Thread he linked to is pretty much a just all gibberish..

Not sure what some pings are suppose to show? Where did you ping 178.1 from? Those are some horrible lan response times for sure..

If you have the following interfaces:

igb0
igb0.200
igb0.201
igb0.202

The switch port connected to igb0 will need to be tagged on VLANs 200, 201, and 202 and untagged (the switch port's PVID) for whatever VLAN you want igb0 to be on.