Need more info. Open ports from where to where?

Works now. I applied the MOBILE GW to the DNS servers in System / General and checked the Disable DNS Forwarder tickbox. All working now. Thank you for your help.

This is a common request and fairly straight forward to implement. 1- Buy managed switch and create 3 VLANs one for the private network (wireless) , and one for IoT device and one as managment VLAN. And each one will have separate subnet. There are two questions here: Will it be a Layer 2 or Layer 3 switch? If it's a L3 switch, do you want to lean towards performance or security? Because each option will change the design. Personally, I always lean towards performance, but my concerns and priorities may be different than yours. 3- Deploy open VPN with PKI and allow redirect traffic only, No access to my internal network. This is easy to do. It's as simple as a checkbox on the OpenVPN config and a firewall rule. 4- Implement AV , snort and web-filter on Pfsense as I use AV and web-filter now on my Asus router. You can install Snort or Suricata for IDS/IPS, but the only AV and web-filtering options on PFsense require you to install the Squid package. Personally, instead of trying to leverage PFsense packages that may give you semi-effective, UTM-like features, I'd recommend actually implementing a UTM product. For example, I have Untangle running in bridge mode inside of a VM which sits between PFsense and my core switch providing AV, web filtering, application control, reporting, etc.

Good to hear - yeah this is why its a good idea to use non common networks for tunnel and your local networks.. For example 192.168.0 and 192.168.1 are very common! Good tunnel networks are in the 17.16/12 rfc1918 space... Like say 172.29.14/24 or something ;) Many hot spots that you might be at where you want to go home so using common networks locally.. Can cause you problems from your remote location when your wanting to vpn home... So good to use odd networks at home too.. I use 192.168.9/24 for my normal lan, have yet to run into an issue with that.. But yeah you never know what network you might be on ;) Also why good to not use large networks.. When you see someone using 192.168/16 or 10/8 they prob going to have issues trying to vpn out or in ;)

On 2.4.4 here and Twitch works fine.

Thank you! That solved my problem.

Mmm, interesting. Two states are created in the firewall, one on WAN and one on LAN. It could be the WAN state still giving a problem since the NAT happens before the ACL there so both have the same destination. However the NAT is included in the state so I expect it to still be unique. Clearly something is still conflicting. Not really anything else we can do there. Steve

...and https://docs.netgate.com/pfsense/en/latest/book/index.html -Rico

Great. Now you can access your switches.

many thanks for checking /helping and fixing it, to all. Really appreciated!

Port 1010 which they are using now is commonly used by malware as discussed above. It's probably that triggering whatever is adding it to the blacklist. They can forward from any port so just choose some higher unknown port. If his Router is open to the internet he has bigger problems! But it might be because you are coming from a known subnet he has opened rules for. Steve

lol no. I don't give a damn about voracle. It's a theoretical attack that will not affect me at all.

Solved..... I spent 2 weeks to find this issue, posted here... then I cleared my cache and it did the trick.

@alphar3c0n Hey arpresolve: can't allocate llinfo for %d.%d.%d.%d The route for the referenced host points to a device upon which ARP is required, but ARP was unable to allocate a routing table entry in which to store the host's MAC address. This usually points to a misconfigured routing table. It can also occur if the kernel cannot allocate memory.

@johnpoz That was like a year ago. @Web2Print Yeah you can increse that further to, say, 1M. However that error is not due to table size or memory exhaustion. It's because the table defined by pfBlocker has not been populated. That would normally be updated automatically but you should force an update in pfBlocker to be sure. Steve

@alveszer said in How to DNS registration: IPv6 reverse dynamic dns registration IS available but also not working. How are you testing that? If with a browser, you will not likely get reverse DNS, due to privacy addresses. Privacy addresses are used for outgoing connections. They are based on a random number and change daily. There's no way you're going to track that.

Thanks for the suggest.

The diff is against the current config version so you can see exactly what changed. That's the only config record there is though. If you need something more you can open a feature request: https://redmine.pfsense.org Steve

Thanks, this seems to be a good assistance. :-) Will try to adapt this to my issue in the next couple of days. As i said, im not into web/Http/html and so one. Maybe, i will ask for help one more time .

Something something beowolf cluster of those! I assume he means his desktop PC is using cloudflare DNS. Steve