@mcury I see. Thanks.

You have two gateways.
Try to check states and firewall logs on them,
Check exactly on which interface the traffic appears.

@insmod Try to use computer. Connect to first switch and change swtich port to vlan 200. Next configure pppoe on your computer. Install wireshark and watch packets.

you have mishmash with vlan

correct configuration
modem0 vlan 100 access mode
modem1 vlan 200 access mode

igb0 switch port connect hybrid or general mode non tagged 100, tagged 200
interface on pfsense igb0 non tagged (for 100 vlan), igb0 tagged 200 (for vlan 200)
or
igb0 switch port connect trunk mode tagged 100,200
interface on pfsense igb0 tagged 100, igb0 tagged 200

@johnpoz I agree port forwarding use a weird port number for it, but set it so only approved WAN IP address that can access and get to it too if they are known already. Don't just leave it open to any and all WAN. What about a VPN in ?

@jake-mia said in How to setup static ips on OPT1:

extra rule needed on WAN with source * going to OPT

the only rules need on wan would be rules to allow what you want.. if you don't want to allow any unsolicited inbound traffic to this network, then you wouldn't need or want any rules on your wan for that netblock.

@netblues said in Setting up fibre internet connection does not work:

Since everything looks ok, and assuming there are no errors in copying credentials, try vlan 7 on the pppoe interface, as a last resort.

This was the solution. Unfortunately, this was not evident from the FritzBox config file. Now it works.

Thank you all for your suggestions!

@cubits we did, too many threads, sorry. It’s an uncommon situation to be sure.

@michmoor , thanks for the response. We don't have any VPN between the firewall and the downstream device between which the BGP is flapping. The firewall is directly connected to the downstream switch.

@johnpoz said in An HTTP_REFERER was detected other than what is defined in System | Disabled in System > Advanced > Admin Access.:

did you not see my image

No, sorry, my eyes, and my tempo.

Thanks!

OK, just realised I didn't set policy routing. I assumed that if the balanced gateway group was set and internal networks where using default gateway then it would load balance.

@ivanjrx
OMG! Oh You guys!
I just answered my silly question, in the last comment
on the pFsense its only running on the IPv4 But Windows is using both IPv4 + IPv6 ,
I'm sure it was coming in as IPV6 and therefore it was getting blocked, I just allowed both protocols in the Rules and I can now Hit that app. duh! 😅

The only explanation i have on how I was hitting the traffic for 10.10.10.2 before is cause is a DNS server, other than I can live with that mystery...

Modedators can now Mark this as Solved

Sorry, update Zabbix active agent is also using the wrong address to send from and uses the 1st IP address in the interface list too as do NTP lookups.

Should also confirm using manual NAT but outbound from 127.0.0.1 is set to use WAN address

d4bc5d94-c121-481a-aa70-2f2bceac5e17-image.png

@keyser Excellent! Thank you for that routing info, works now. I changed a line though, as I think you have a typo...

On Router B:
Create a Gateway Called “Router A” with address 10.0.2.1
Create a static route for 10.0.0.0/24 using “Router B” as gateway
Create a static route for 10.0.0.0/24 using "Router A" as gateway

@rcoleman-netgate there's a mini pcie and m.2, netgate says the Sim is connected to the m.2. sierra has the EM series which is m.2, not sure if they support them.

@kiokoman thanks.
I started using PIMD because of the reasons mentioned in https://blog.pelleys.com/dlna-pfsense-and-igmp-proxy-nope-use-pimd.
I'll see if I can replace it with IGMP Proxy now that I'm on 23.05.

However, the Zyxel NR2101 seems to be part of the trouble : it was dying slowly and currently does not work at all, so I'm getting a replacement for that first.

Hans

@chitchat Time Period is the sampling interval:

"Time Period

The amount of time, in milliseconds, over which ping results are averaged. The default is 60000 (60 seconds, one minute). A longer Time Period will take more time for latency or loss to trigger an alarm, but it is less prone to be affected by erratic behavior in ping results.

The Time Period must be greater than twice the sum of the Probe Interval and Loss Interval, otherwise there may not be at least one completed probe."

I don't see a "Loss Latency" setting?

Play with "Packet Loss thresholds"...I seem to recall it behaving a bit like I wouldn't expect...maybe the lower threshold triggers or something. It's been a few years since I dealt with a problematic ISP.