@Jake-Biker ah ok - yeah that makes sense.. Good luck, let us know how it turns out.. Yeah I get discovery to make life simple for stuff.. I mean you can not expect grandma to know the IP of some iot device she connects, that sort of thing.

But all companies should also account for segmented networks.. And the ability add devices not on the same segment - discovery doesn't always work in all environments

On my wish list is for companies to allow for turning off discovery as well - some of these applications are noisy as AF.. sending out broadcast or multicast every 10 seconds.. I don't need discovery, and if I did I don't need it running 24/7/365 when I have already discovered my device, etc.

edit:
Freaking plex sends out discovery every 10 seconds, not a thing I need or want. And there is no way to turn it off.. I finally blocked it at the switch port with an ACL ;)

And don't get me started with smart wifi light bulbs - noisy SOBs

HI!
I solved a problem using rules NAT, I delete my network from NAT and is work.

That would seem to suggest a problem with the monitoring daemon files themselves. You might try running a manual filesystem check on the disk to ensure the filesystem is OK.

Might also be worth doing a reinstall (wipe and reload) of 23.05 to ensure everything is in a good and consistent state. You can request the install image from TAC.

@Pascal-1
It doesn't matter if the router is running in bridge mode. If the WAN interface is set for automatic IP configuration (DHCP, PPPoE) the gateway is set automatically as well.

But you can add an additional in System > Routing > Gateways and then select it as default gateway.

Additional IPs have to be added in Firewall > virtual IPs. Use type "IP alias" or maybe "Proxy ARP". You will have to add each single IP there.
However, if the subnet is routed to your primary WAN IP, you don't need this if you only want to forward them behind pfSense. In this case you can just add port forwarding or NAT 1:1 rules using the public IPs as destination.

@riahc8
Any progress?

i am considering setting this up as well. The item for me is the 2100 device is switch and has no OPT ports. The only instructions I can find for making one of the ports a discrete port is to establish it as a VLAN. Which then seems to create a whole new set of issues for establishing is as a WAN failover.

I'm clearly missing something (likely something simple too), but have to agree that the documentation has too many paths (links that lead to information that may or may not apply) they often don't seem to tie together.

A nice step by step for a specific device (family) would be handy and save a lot of time.

@networknotwork
The route of packets from pfSense itself follows only the default gateway setting. It doesn't obey any policy routing rule you've added to an interface, even if you use its IP as source, since this rule is only applied to incoming packets on that interface.

So you would have to set the VPN gateway as default.
Since this is not available before the VPN is established, create a gateway failover group and add the VPN as tier 1 and WAN as tier 2. Then set this as default.

To avoid that the VPN is used by the other LAN as well, you'll have to policy route its incoming traffic to the WAN gateway then.

The question was asking if anyone else had problems switching out a device by cloning a mac address with Telus ISP.

Your answer as to why not just register doesn't address the question. However to indulge you...To be able to clone the mac and proceed without a phone call or device registration would be much more efficient use of time. Clone the mac...get internet. Simple and quick! Why should the customer have to register? The ISP has control of the modem. Their job is to deliver internet to it. What we do with it on the other side is our business.

When forced to phone the problem is the long hold times to end up with a level 1 tech who chews through more time having you do the basic troubleshooting (which is already done prior to calling) before they are allowed to escalate. The level 2 techs, which apparently is needed to get things working in this case, only work business hours. Not the best time for the customers to do a switch over.

What was scheduled for a friday evening switch over & a weekend for setting up rules & testing cannot be done because I can't clone a mac. That's the problem...telus is costing the customer downtime and my billable tech time because of their draconian inefficiencies.

@itob said in routing port 80 and 443 through an upstream proxy:

So my question was whether I can convert this into a kind of transparent proxy...

No, you didn't matter before that it should be transparent.
Configuring the clients won't be. But why is this a need at all?

but the "outdoor" proxy i can not configure.

There won't no settings be possible.

You can try it with redirecting the upstream traffic if you want to have a transparent proxy, but I'm not sure, if this would work.

@srgess Shouldn't be any different than a physical interface... except the switch.

Make sure you put the VLAN40 on your landing port TAGGED and on ports 9 and 10 TAGGED

Then assign your PPPoE to the VLAN.
My VLANs tab:
4c84f3c2-b641-40bb-9c10-402499709385-image.png

You'll see I have 201 tagged on 1, 9 and 10. My main internet is Lumen PPPoE. (I just never updated the label).

Thank you for the response.
I took your advise and upgraded to one router with multiple NICs.

@benzepoj
pfSense Version
2.5.2-RELEASE (amd64)
built on Fri Jul 02 15:33:00 EDT 2021
FreeBSD 12.2-STABLE

In anyone is still interested, here is how I got it to work with 3 pfsense setup.

I wanted to setup an environment where I have a datacenter and a remote lab.
All machines in the datacenter have the domain datacenter.home.arpa.
All machines in the lab have the domain lab1.home.arpa.
I wanted machines in the lab to be able to reach machines in the datacenter.

pfSense1:

Hostname: pfSense Domain: home.arpa WAN (dhcp) LAN: 192.168.0.1 Block private networks and loopback addresses: Unchecked Forward packets for datacenter subnet 192.168.2.0/24 to datacenter router - 192.168.0.2 Added gateway Name: datacentergw Interface: LAN Gateway: 192.168.0.2 Added static route Network: 192.168.2.0/24 gateway: datacentergw

pfSense2:

Hostname: pfSense Domain: datacenter.home.arpa WAN: 192.168.0.2 (static) LAN: 192.168.2.1 Block private networks and loopback addresses: Unchecked NAT Forward ICMP and TCP/UDP from source:192.168.0.0/16, destination: LAN net to LAN Address This automatically added necessary firewall rules as well

pfSense3:

Hostname: pfSense Domain: lab1.home.arpa WAN: 192.168.0.3 LAN: 192.168.3.1 Block private networks and loopback addresses: Unchecked DNS Add a domain override for datacenter.home.arpa and send its queries to datacenter DNS: 192.168.2.1 DHCP Set lab1.home.arpa;datacenter.home.arpa as DNS Search

@stewart Just wanted to report that this was the solution. Thanks @johnpoz!