@michmoor
Yes, I have a WAN gateway (ISP). For Internet B, I would need another gateway using the LAN interface. The WAN gateway would be Tier 1, the LAN gateway would be Tier 2. Right?

@viragomann Thanks. I think I have it running. I typed in "ntpq -pn" on my Linux Minecraft server (On Guest LAN) and it spewed out all of the NTP servers I have configured on my pfSense box (All clients/LAN's use 192.168.1.1 as NTP server). However, I did not use any firewall rules to allow this to happen. Is it just happenstance that it works, or am I supposed to add a firewall rule?

@sef1414 said in Pfsense stopped detecting packet loss, failover not working:

@mcury Yeah, nothing different there.

This is a new issue that I didn't see before.
If you can, share more details.

@Dobby_ said in iphone vs android usb tethered wan failover instructions? (2.7.2-RELEASE FreeBSD 14.0-CURRENT):

Windows is used by companies to be sure the client and server
systems will be 100 % compatible and working together.

Apple is used @home, by creative working companies it starts at
programming, image and photo work, video editing, sound and
also DTP or web content work. All devices sync fine and you will
be even up to date on all devices.

I didn't realize we were having a Windows vs Apple vs *nix debate.

@atevet
What you are doing sounds good. Yes you should be cautious creating networking around packages which are planned to be deprecated.

The package pfBlockerNG > DNSBL > DNSBL Category has two lists - shallalist (Wrong, shallalist is no longer online) and UT1 which give quite extensive choices to block content without having to do a lot of investigation.
Also: pfBlocker in Python mode has an imho oddly named Python Group Policy section to exclude IPs from DNSBL - allowing the adult devices to go around the above lists.

I removed the external monitoring address, so that the gateway comes up again. I created the monitoring address as a gateway on that interface too, just for pinging, it still doesn't come up on its own. Maybe I have to many gateways for pfSense?

Screenshot 2024-05-31 202447.png

PS: Maybe upstream gateway is not the right term, but I will not change the heading because it will make pictures disappear.

@sminded said in Using WAN port to access a LAN:

I want to access two separate LAN:s from a single point, so the idea was to use a netgate router with pfsense, configure two WAN ports, and connect the LAN:s to the WAN ports, and my laptop to the LAN port.
But I'm not able to access the LAN:s from my laptop, what am I missing?
Do I need to setup a static route on my laptop as well?

You need to explain this in better detail.
From the sound of it, the two LANs are in the same building and you're connecting them each to a WAN port on the same pfSense (with 2 WAN ports configured), then connecting your laptop to the LAN port of that same pfSense.
Is that what you're doing??

If so, just use 2 LAN ports instead.

@TravisH
The rule is not applied, however. So either it doesn't match or more probably another rule has precedence. Possibly a rule on the interface tab.

If you want give priority to floating rule over interface rules you have to check the Quick option.

@darkcorner
So my first solution of setting up a separate LAN segment at each office just for this device would be viable.

So finally, the device moves to the remote sites, but it is accessed from an app at the central office; do I finally have it right?

@pfsense-dc ,

Is the Round robin method built into the rule? Because I couldn’t find documentation related to it.

Thanks

@ErniePantuso Did you just post the same thing 3 times?

Maybe you should start over.
Say you have a 24 port switch, but you're only using 5 ports.
Then you need to add a new network which needs another 5 ports.
Do you go buy a new switch?
No, you use vlans. Vlans make one physical switch into 2 or more logical switches. A vlan creates a new broadcast domain so they are completely separate networks.
So you can take that 24 port switch and make it 2 - 6 port switches to handle both of the networks in the example. And still have 12 ports to spare.
Make Sense?

@ErniePantuso Can the switch do vlans? If so, just create a clan on the switch with just those 2 ports using it.

@Melim
pfSense does not support any virtualization within its software (VRF or MultiSys)
That said, what are you trying to achieve here?

Do you Internet links need to be placed in a VRF? That VRF shared with multiple other VRFs?
Can the endpoints use pfSense as the gateway?

You havent really outlined what the goal here is and why a VRF is required.
Where does VXLAN fit in this? A firewall typically wouldnt be involved in routing vxlan packets across the datacenter.
So depending on the technology, VRF and VXLAN go together. Where does a firewall fit in with Internet access i have no idea