@frankz
For a quick start this Lawrence video may help: https://www.youtube.com/watch?v=gVOEdt-BHDY

It should cover all what you need for above aims.

For what it's worth. By setting my outbound rules up manually and having them use static ports, the issue seems to be resolved.

Why the old appliance did not need this, and the new one does, I do not know. But hey, it works now!

Might want to look at incorporating DoH blocklists into your Pi.

https://www.reddit.com/r/pihole/comments/lhkwta/doh_url_blocklist/?rdt=59763

@viragomann it was resolved by itself. there was an issue on the ISP-side where I get the IPs from.

@mathais hmm whatever I was looking at mentioned 2.7.1. I guess I posted on the wrong thread?

Well, if you’re testing from somewhere on the Internet, and not LAN, show us your WAN rules.

@bdk-brhl Perhaps more "gamers" over at the gaming section, but it may help if you could provide more information about your setup. Have you tried setting up UPnP for the PS5?
How is the Fritzbox set up? Double NAT or bridge mode, if that is possible?

@Mister_X-0 said in Pfsense isn't pass Internet:

I installed pfsense and ubuntu-desktop on virtual box. now I am using from Kali-linux. After i created host adapter in vm, and connact pfsense and ubuntu to it. but ubuntu internet connection isn't work , how can i salve this probam, i am gonna use ubuntu internet by pfsense!

Screenshot from 2024-02-24 13-22-39.png

@GoettaGrip Great that you managed to resolve it... And yes I would expect that you should be able to make things work now by using the Nest devices as dumb AP's using the LAN ports. VLAN on wifi may be nice to have but it's not a necessity.
One way of separating things over wifi could be to set one of the Nest devices to 2.4Ghz only and place that on a separate VLAN only for your IoT devices. Then the other two can run 5Ghz only, on a different VLAN. Using different passwords will safeguard against any users accidentally connecting to the wrong wone.

And as long as the switches are VLAN capable this would keep 2.4 and 5 Ghz separate from each other.

@viragomann Thanks, I adjusted the source address and mask to match my VoIP setup and now everything works!

TL,DR ;) but it looks like there are some suggestions. Netgate has a recipe page for this : https://docs.netgate.com/pfsense/en/latest/recipes/modem-access.html

I’ve never had to do anything for AT&T or Comcast modems, it “just works.”

@Brianrl-0 said in Need help troubleshooting NAT rules please:

Thanks for the info. Unfortunately, a VPN is not an option. Do the rules look good?

You have pfSense... how could a VPN NOT be an option?? It's built in. Use it.
As for the rules, no one can actually say if they're correct because you redacted the private IP's... Why? No need to obscure private IP's.
But all the redacted should be the IP of the server itself. If that's the case, then yes, they are correct.

@viragomann Thanks for the clarification.
b8c9a9a8-d92d-4680-a378-b476b940536a-image.png

@mathais Have you looked into using a solution like Tailscale to make this work? It should be able to traverse your VPN regardless of how NordVPN has it set up...

Setting up what Tailscale calls a "subnet router" in your network and changing your Plex settings to work with webview through this server... obviously you need to run tailscale clients on your devices that want to access your Plex server.
https://community.umbrel.com/t/how-to-run-plex-through-tailscale/14595

Thanks a lot for the help @JOHNPOZ, now I got it working :-)

@vada123 said in Need help - verifone credit card machine:

It fails immediately, which indicates to me that it is being blocked somehow.

Or : traffic never reaches pfSense.

@vada123 said in Need help - verifone credit card machine:

I have looked through the firewall logs and there are no entries for the ip of the PC or the verifone

Get back to the default state of the credit card reader : it's probably "DHCP".
Power down PC and credit card reader.
Now : look at the pfSense Status > System Logs > DHCP log page.
Start up your PC, credit card reader etc.
You should see lines like this :

7bdf357c-df4e-4055-b0ca-104f775fdbc9-image.png

where the MAC is the MAC of the device you've switched on.
"igc1" is the interface on which pfSense received the DHCP request. This is the interface on which a pfSense DHCP server should be running.
Remember : at this stage the device hasn't an IP yet.
These DHCP packages are not fire-walled (if you have a DHCP server set up - on LAN, by default, you have one).

So : again : traffic reaches pfSense ?

Thanks for all the replies!

I have FINALLY gotten one of my OpenWRT devices to work.
Now to replicate to other devices.
I am finding my problem is from tinkering with too many things at once.

I didn't change anything and today went to sanity check some things. Tried logging into the servers to see if pfsense had any logs relating to it and they both just work now?? Anyone know why?? I'm very confused :/