Then the ISP router must be configured to forward traffic to the Sonicwall. It might be forwarding all traffic (a DMZ style setup) or just forwarding the required ports for the SSLVPN. You need to setup similar forwards to pfSense. But, yes, a better setup would be to eliminate the ISP router entirely. That may not be possible though.

@SteveITS said in host in alias used by firewallrule refuses to work: @a1aba ...you're welcome...? ¯\_(ツ)_/¯ thanks for the help of course! vereybody who helped thanks for the effort

No, patches survive a reboot. They may not survive an update but, yes, this would be in 25.03 anyway so you shouldn't need to do anything.

https://redmine.pfsense.org/issues/15544 That seems to cover what you're asking. You can add comments there.

@Fandangos said in DLNA discovery doesn't work: I am not using the wan port. I'm using the first lan port. Ok perhaps I found pictures from a different model router than the one you have. The one I found had one orange and four blue ports. But that's good, you need to be connected to one of the LAN ports. And even though some routers these days have an "AP Mode", all you really need is to turn off DHCP to make it function as an AP. So I guess, problem solved right?

@stephenw10 Thanks for the replies and insights. So far it's been over 24 hours with no issues. I'll report back after a longer period of time if issue re-occurs with details.

If they are statically assigned and in the same subnet then you should just be able to use virtual IPs. How did you test it? Adding a bridge is only required if you need multiple MAC addresses. Usually you would not. You can only add one though. Your screenshot implies you either already have WAN in a bridge or you tried to add it to more than one.

@patient0 yeah I would assume that a static mapping would override any deny, same goes if there is an existing lease already I would think.

@stephenw10 Well I got through the login page to the checkout page by moving to another desktop..... but it wants me to agree to the terms and conditions - and I finally realized I had to click on the whole Legalize paragraph to agree and finish the transaction. I guess I better order some hard drives. Again thank you for your expertise and answers.

@stephenw10 said in Is 24.03 -> 25.03 upgrade path supported?: It's tested internally. We may enable it for RC. That'd be great!

When you connect out from the interface address directly there is no outbound NAT required. You should be able to ping out from it. However you are seeing some traffic from it so perhaps you're not selecting the source correctly? The gateway monitoring would be the same, is that showing as up for WG?

@stephenw10 @Darkk umm... [image: 1740152559799-screenshot-2025-02-21-at-10.42.22-am.png] there are two tmpfs - one for tmp, one for var [image: 1740153254477-screenshot-2025-02-21-at-10.53.10-am.png] /var is on a tmpfs. (that 89M shown here is mostly log files, and yes they rotate) I can force that number to near zero just by removing log files. or just watch it over time goes between about 87 and 92 as log files build out compress and rotate -- Not all of var is on the tmpfs either) /tmp is on a tmpfs (the smaller one in my case) to which tmp do you refer and 8GB does seem excessive

@am-steen said in Block All WEB SITES Except https://web.whatsapp.com: note: I do not know how to open logs Goto Status > System Logs pfBlocker, a nice short cut is hiding in plain site : [image: 1740149407750-3e1fbf6c-1210-41a4-bb06-fb168dc5a8b3-image.png] Or Firewall > pfBlockerNG > Log Browser and pick your file in de second pull down box. For the no-mouse solution : console or SSH, menu option 8 and then cd /var/log

Looks like those states are created outbound. I assume bxe0 is an internal NIC? The 'route-to' tag there implies policy routing in a firewall rule for that. Only inbound states on a WAN will get tagged reply-to.

My hardware wasn't actually shutting down by holding the button. I pulled the plug and restarted and then it booted to a screen with a yellow "SHELL>" prompt. So I downloaded the 2.7.2 installer and put it on a stick and reinstalled from scratch. Then logged in and uploaded my latest backup. After a restart it got stuck on this screen twice. I then pulled the plug again expecting to have to start from scratch, but when it powered on the 3rd time I had my config back. So I'm up and running again with the latest version installed. Let that be a lesson to everyone. DO BACKUPS. It saved me hours of time, plus I'm sure I've forgotten all the tricks I learned while setting up the first time. [image: 1740070076257-img_2399-resized.jpeg]

@madbrain said in Automate full config backups from a pfSense to a Synology NAS on the same network: The command I posted yesterday did not work. It produced 0 byte files. Turns out logging in to pfSense+ 24.11 via ssh presents the user with a menu. One needs to select option 8 before executing any command. Is there any cleaner way than forcing the input of 8 + LF before the command ? Aha .... Let "AI" the thing ... What about these 4 keywords ? : pfsense ssh backup config Use the very first Alternate Remote Backup Techniques | pfSense ... solution proposed. Over there, 3 solutions. the last one, Basic SSH backup will interest you. edit : ok ... stupid me, this link was already given above. But take note : no "menu" issues for me. Still, this doesn't work for me, as I'm using this : [image: 1740037138597-43f98ab9-41ef-4a0d-bd40-e98da3c073eb-image.png] so no root (admin) password is asked, but a key passphrase is needed. After placing my pfsense private key in some '.ssh' directory (name : pfsense.key) I could use Christian@DiskStation2:~/.ssh$ ssh -i /var/services/homes/Christian/.ssh/pfsense.key root@192.168.1.1 cat /cf/conf/config.xml > backup.xml Enter passphrase for key '/var/services/homes/Christian/.ssh/pfsense.key': ############ Now I have the config file "backup.xml" on my NAS : Christian@DiskStation2:~/.ssh$ ll backup.xml -rw------- 1 Christian users 639484 Feb 20 08:41 backup.xml Look at this if you want to automate it 100 % (somewhat not secure)

A bridge interface is tricky because there is no sent/received really. Every packet crosses it. Unless the interface is assigned in which case pfSense can send/receive from it and will use the generate bridge MAC.

@Phonix66 said in User called “internet”: I suspect the ntopng package, I didn't login for a while and tried now to login with the "internet" user, but couldn't, nighter with my Administrator account. The ntopng package does not create such a user. What made you suspect it? [Edit: You can ignore this -- I just saw that you subsequently determined that it wasn't ntopng]

@stephenw10 That worked @stephenw10. I rebooted the computer and all is well. Thanks for the assistance.

@stephenw10 said in Connecting to server on a seperate LAN from camera connected to NVR wifi LAN: Is your NVR device there routing that traffic or NATing it? If it's routing (a much better setup) then you need to have a static route and gateway in pfSense so it knows how to reach the 22.1.1.X subnet. If it's NATing then you would need to setup some port forwards in the NVR and send traffic to that. Are you really using 22.1.1.X there? That's a public subnet which may conflict with something you might want to access externally someday. Though it appears to belong to the DoD so.... Steve A static route did the trick. Thanl you.