Yes if you set Unbound in forwarding mode you can just point it at the local DNS servers on the network.

@stephenw10 said in Yes, I know! Another OPT1 and OPT2 no internet connection!: what could possible cause dhcpd to listen on a different port like that. Yeah - what would be the point, if dhcpd can not bind to 67, it should just fail with an error could not bind, etc. Not like dhcpd could work if not listening on 67

@parry Well I don't know about 2.6 but it's in the package for 23.09 so I assume it would be in 2.7.x: [image: 1701742592652-30d95061-8bf3-4927-ac89-d7f3b3173a28-image.png] You might be looking at pfBlockerNG vs pfBlockerNG-devel? -devel was moved/copied into non-devel I think when 23.01 was released, so they are identical now.

@stephenw10 Oh my god. Well, this has made me realize that I had dhcpd in my service watchdog even though the DHCP service has switched to kea. I've removed that and logs are looking much more calm. Thank you!

@viragomann Thanks for the explanation! It puts my worries to bed!

@stephenw10 Thank you, sir.

While we are likely to include the patch from that EN in future builds it isn't relevant to Unbound. They only use those sanitizers for debug/test builds and not for normal/production builds.

Well as I say both ways should work if configured right. I've not played with Tomato specifically but I'm familiar with dd-wrt and openwrt and both would require VLANs internally for most devices. If a phone works on that ssid it's probably fine.

@coxhaus okay got it all figured out (refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range.) this worked very well and I was able to use the Access Control on the netgear as well so that WIFI clients could not connect either. I am now completely up and running, I have addressed my speed issue by just getting Intel (ET PRO 1000) dual Ethernet adapter and just disabled RealTek Nic's. I am now getting the speeds I am paying for and I can see that everything inbound is block, no new devices can connect very happy camper here, [image: 1701631771981-28db92cd-b0c5-40a5-aba3-14a4ad01651e-image.png]

You should not have 192.168.1.1 as a DNS server for pfSense, though it would not break anything. The server set in System > General Setup though are not used by Unbound in pfSense unless you have set the DNS resolver to forwading mode. By default it resolves directly. However since it looks like you're passing 1.1.1.1 to the client directly it should be able to resolve whatever pfSense is doing so I'd look for error on the client. Try on the client: steve@steve-NUC9i9QNX:~$ dig +short @192.168.1.1 google.com 142.250.180.14 Steve

@milindhvijay So like I was say if you have a rule using a gateway, which you have. And you have it set to NOT create rules when gateway is down.. Before you had no rules that would allow access to the IP on your admin vlan. [image: 1701611816636-exactly.jpg] So when your gateway goes down, per your settings that last rule there with the gateway set as "default_failover" would not be there.. So until you added that rule you have highlighted what rule if you remove that last one since you are telling it not to create rules when a gateway is down would of allowed you access to pfsense gui on any IP? If that rule you created is to allow access to web gui, why would you say lan subnets. Why would you not just allow access to the admin interface address? But yeah your rules from before you added completely explains why yes if your wan(s) were down you would not be able to access web gui or even ssh.. Because you had no rules that allowed it when your gateway(s) are down. I brought this up in my first post..

Does it actually populate the table in Diag > Tables? Does it work if you use https://raw.githubusercontent.com/SecOps-Institute/Akamai-ASN-and-IPs-List/master/akamai_ip_cidr_blocks.lst for thatlink instead?

@kal800 If it’s the pfSense ABC you can restore: https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html#bare-metal-restoration There is this if you can get it to see the file: https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html Always have a backup…

Thanks everyone for the help, It wasn't pfblocking, but rather a simple bad DNS provided by my ISP. I didn't think of it because everything else was working perfectly fine. However when I went to System -- > General Setup and removed my ISP DNS and replaced it with 127.0.0.1 and 8.8.8.8 it worked just fine.

Hi everyone. I believe that the problem is linked to equipment (multifunction printers) connected to the electrical network which is causing problems for the switching power supplies of the mini PCs that I use for my installations. In fact, when these devices are turned off at the weekend, the firewall never turns off. Now I will put an uninterruptible power supply online that allows me to stabilize the output towards the pfsense. I'll keep you up-to-date. Thank you.

@MyastanPatrin said in Restore pfSense Plus 23.05.1 config on pfSense CE 2.7.0 Several Errors: lack of internet connectivity Was there connectivity before the restore? Why is there none after? IP conflict? Were WAN and LAN assigned correctly during the restore? (if the interfaces haven't changed they will be used as is...maybe were out of order from the original VM? Except you said you used the same VM...) The pfB alias will be defined after you run an Update in pfBlocker. Are you really using a bridge on a VM? I would perhaps try to uninstall the packages, sort out the connection problem, and then reinstall. The package configurations will stay by default.

@jimp said in Modify .tcshrc: https://redmine.pfsense.org/issues/14746 JUst found this : I just pushed a commit that implements "local" versions of .profile, .shrc, and .tcshrc which are, respectively: .profile.local, .shrc.local, and .tcshrc.local in the user's home directory. Great !! Cool !! Now I can finally use 'll' as an alias for "ls -al" just by creating a small " .tcshrc.local" in the root folder. Thanks !

@viragomann Thank you very much for the tip, I did what you told me and it worked

@ukhobo I too have a BT/EE ISP connection and would love to be able to place their hub used for VoIP behind my pfSense router. Someone on the thinkbroadband forum managed to get around it using a custom Asus router firmware (probably similar to OpenWrt). If there was a way to run a cron job on pfSense that extracts the changing Host-Uniq, store it into a file or some kind of varible and then use this to dynamically update the Host-Uniq field within pfSense that'd be one way to go about it. https://forums.thinkbroadband.com/fibre/4664092-bt-fttp-with-digital-voice-alternative-to-smart-hub-2.html?fpart=7#Post4670157 Did you ever find a solution to this? I persoanlly will be carrying on using pfSense behind my BT router unless someone has a solution.