Just in case anyone else ends up in the same place as me..............

I managed to solve the issue and found there was no access to the internet on the PRINTERS VLAN, despite having the firewall rules allowing it!

Eventually I stumbled upon the Firewall NAT Outbound rules, which was populated with 2 rules per VLAN (had been done automatically, presumably when setting up the VLANs).

These rules did not exist for the PRINTERS VLAN. Added these rules manually and all sprung into life!

43fb5a5f-11d8-437e-b9a7-dabcee21984d-image.png

What I cannot understand is why these had not been created in the first place!! The outbound NAT mode was showing 'manual outbound NAT rule generation'.

492154ac-6783-4375-9f47-bc2b5809d6c9-image.png

Thought this would have been set to Auto??

Never mind, all working now but at least I've picked up some extra knowledge. Thanks to everyone for helping me sort this out, it is greatly appreciated.

Steve

@michmoor
Yes, I have a WAN gateway (ISP). For Internet B, I would need another gateway using the LAN interface. The WAN gateway would be Tier 1, the LAN gateway would be Tier 2. Right?

@viragomann Thanks. I think I have it running. I typed in "ntpq -pn" on my Linux Minecraft server (On Guest LAN) and it spewed out all of the NTP servers I have configured on my pfSense box (All clients/LAN's use 192.168.1.1 as NTP server). However, I did not use any firewall rules to allow this to happen. Is it just happenstance that it works, or am I supposed to add a firewall rule?

@sef1414 said in Pfsense stopped detecting packet loss, failover not working:

@mcury Yeah, nothing different there.

This is a new issue that I didn't see before.
If you can, share more details.

@Dobby_ said in iphone vs android usb tethered wan failover instructions? (2.7.2-RELEASE FreeBSD 14.0-CURRENT):

Windows is used by companies to be sure the client and server
systems will be 100 % compatible and working together.

Apple is used @home, by creative working companies it starts at
programming, image and photo work, video editing, sound and
also DTP or web content work. All devices sync fine and you will
be even up to date on all devices.

I didn't realize we were having a Windows vs Apple vs *nix debate.

@atevet
What you are doing sounds good. Yes you should be cautious creating networking around packages which are planned to be deprecated.

The package pfBlockerNG > DNSBL > DNSBL Category has two lists - shallalist (Wrong, shallalist is no longer online) and UT1 which give quite extensive choices to block content without having to do a lot of investigation.
Also: pfBlocker in Python mode has an imho oddly named Python Group Policy section to exclude IPs from DNSBL - allowing the adult devices to go around the above lists.

I removed the external monitoring address, so that the gateway comes up again. I created the monitoring address as a gateway on that interface too, just for pinging, it still doesn't come up on its own. Maybe I have to many gateways for pfSense?

Screenshot 2024-05-31 202447.png

PS: Maybe upstream gateway is not the right term, but I will not change the heading because it will make pictures disappear.

@sminded said in Using WAN port to access a LAN:

I want to access two separate LAN:s from a single point, so the idea was to use a netgate router with pfsense, configure two WAN ports, and connect the LAN:s to the WAN ports, and my laptop to the LAN port.
But I'm not able to access the LAN:s from my laptop, what am I missing?
Do I need to setup a static route on my laptop as well?

You need to explain this in better detail.
From the sound of it, the two LANs are in the same building and you're connecting them each to a WAN port on the same pfSense (with 2 WAN ports configured), then connecting your laptop to the LAN port of that same pfSense.
Is that what you're doing??

If so, just use 2 LAN ports instead.

@TravisH
The rule is not applied, however. So either it doesn't match or more probably another rule has precedence. Possibly a rule on the interface tab.

If you want give priority to floating rule over interface rules you have to check the Quick option.

@darkcorner
So my first solution of setting up a separate LAN segment at each office just for this device would be viable.

So finally, the device moves to the remote sites, but it is accessed from an app at the central office; do I finally have it right?

@pfsense-dc ,

Is the Round robin method built into the rule? Because I couldn’t find documentation related to it.

Thanks

@ErniePantuso Did you just post the same thing 3 times?

Maybe you should start over.
Say you have a 24 port switch, but you're only using 5 ports.
Then you need to add a new network which needs another 5 ports.
Do you go buy a new switch?
No, you use vlans. Vlans make one physical switch into 2 or more logical switches. A vlan creates a new broadcast domain so they are completely separate networks.
So you can take that 24 port switch and make it 2 - 6 port switches to handle both of the networks in the example. And still have 12 ports to spare.
Make Sense?

@ErniePantuso Can the switch do vlans? If so, just create a clan on the switch with just those 2 ports using it.