I've never tried but I believe that is a uboot env you can set. Kind of surprised not to find more discussion of this on the FreeBSD mailing lists / forum, but there doesn't seem to be. Asking about this on the FreeBSD forum might be better though.

Steve

Yeah, the SYNC replication feature in Snort and Suricata is really designed to help admins who need to push the same IDS/IPS configuration to a number of identical boxes such as remote firewalls in branch offices, for example. It was not designed to replicate the parameters needed for an active-active cluster.

@patelsaheb said in Internet not working on pfsense system:

@Gertjan

have added like this DNSdns-entry.png

Yeah, I know. Welcome to the club (half - if not more, of all DNS problems start with 8.8.8.8 ...).
You sold all your 'private' DNS info to Google, and add to that : it broke DNS.
Go back to 'normal resolver settings (no forwarding) '(remove dot 8 and 4.2.2.2 - ), until you figure out how to set up things correctly.

Yay! I took the mahoosive leap and moved onto Chrome, Still Win 7 but let's say baby steps for now :)

Thanks all for you input.

https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html

Intro to Multi-WAN on pfSense

Multi WAN on pfSense 2.3

@patelsaheb said in firewall block rule not working:

So can you please share snap for same on wan interface.

No idea what you are trying to say here.

Post screenshots of your port-forwards and WAN rules and we can try to help you.

Also, it's generally best if you limited your posts to one issue per post, and please do not cross-post to several different forums with the same post or they will be deleted by mods.

SOA is in route 53. Multiple domains. DNS endpoints are in Azure. Pfsense deployed in AWS and on premise. I’m still piecing this together as previous IT person just left

thanks!! i'll try that ✌

For what possible reason does a someone post such a thing in their first post??

Ah - its spam.. who removed the link that was in the original post? I see it in the revision history..

@matt211 Well, you could do Hyper-V then...

I guess it could replace the password with the otp... But that would really be such a pain the ass... What happens when wifi drops or something and you need to reauth.

Removed linked to shit site...
"Last revised 28 January 2018."

Yeah that is current <rolleyes>

So many devices? there is a router, a switch and AP... Do you mean there are so many options to choose from - and you don't know which one of the unifi AP models to get?

Comes down to budget and your clients really.. The AC lite prob a good starter AP and will give great performance..

Pro is 3x3 mimo, while the lite is only 2x2... But what clients are you using, how many.. If your clients can not do 3x3 and don't have that many clients then you really wont see much difference between lite and pro model.

@monster169 SPAM

I spin up Ubuntu servers all the time, both static and dynamic, and they never have any problems talking. If it's working for you then great. I suspected it might be something totally weird, but you had it with three different boxes.

@sgtpepperaut said in NAT through OpenVPN? How to set up outbound NAT?:

Anyways unfortunately pfsense is only running on site A ...site B runs OpenWrt in the router/modem.

The point here is that pfSense has the the reply-to function, which directs response packets back to the gateway where the requests came from. This function would be helpful at site B.

Another way to get it work is by adding an outbound NAT rule on site A:
interface: <that one you have assigned to the site-to-site VPN or even OpenVPN>
Protocol: TCP (or what you need)
source: any
destination: 192.168.20.89, port: 80
Translation address: Interface address

However, with that rule in place there is no possibility to determine at the destination host the origin source IP of concerned connections.

If you don't want that masquerading rule to be applied to connections from site A, copy that rule, and enter the site A LAN at source and check "Do not NAT". Then put the new rule above the other one.

@netizen-uk said in Can Pfsense do this???:

Is this totally wrong?

As I'm not that deep into (private) BGP, it could be possible. But at the end AFAIK at least the upstream provider on your DC side has to allow you to speak BGP to him and almost no mainstream provider (or low-cost) do that, as you only have access to their IP space. If it would be your own IP space you get from RIPE etc. I'd guess it possible.

But nevertheless your initial idea is to have one of the IPs on the DC node routed to your SOHO node / network and that's an easy setup using OpenVPN for example, so I'd go down that route to try it out.