It doesn't seem like it was intended.. anyhow probably better to continue on the other thread: https://forum.pfsense.org/index.php?topic=138876.msg759070#msg759070 if new information becomes available..

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense

https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

If that is not enough you will probably have to post what you have done. As in screen shots.

ok, got it figured out how to prevent the error:

you must use the –nosubshell parameter when starting mc

to get a clear view on my screen I also changed the configuration of the putty session to use characterset CP437 to show nice linedrawing instead of characters (Window - Translation - Remote character set)

I agree with you that lots of conventions change with ipv6.. Running multiple layer 3 on same layer 2 is not one of them ;)  The whole thing with dual stack is just really a necessary evil during the transition period between the 2 different IP protocols ipv4 and ipv6..

I wasn't even thinking of dual stack.  The sooner we move to IPv6 the better.  However, it wasn't that long ago many networks were dual stack IPX & IPv4.  When I was at IBM, the first time I worked there, I had IPv4, NetBIOS and SNA on a token ring network.  The 2nd time I worked there, it was all IPv4 on Ethernet.

@maverick_slo:

Wait, was pppoe connect with "." vlans been fixed in 2.4.2?

Yes.

@machinery
I just saw that you posted the log from the 11th connect attempt. Please see if you can find the first one and post it. It's not uncommon for ISPs to ignore consecutive login attempts after a few failures, your log looks just like that.

You can try to disconnect the pfSense box from the modem, check that PPPoE password and username are correct, wait an hour or so and then try again.

Another possibility:
If your ISP isn't validating connections based on the username/password combination but based on the port id in the DSLAM, and you made the first connection from the Linux computer, then it's possible that it (for a time) expects new connections to come from the same MAC address. Similiar to how cable works for many ISPs. In that case you can try to use the MAC from the Linux computer for the PPPoE connection on the pfSense.

Thanks, it worked, had to make 2 static routes bacause i can only select 0.0.0.0/1 in static routes so i made a anoter entry with 128.0.0.0/1 and updates began working.

When you say reboot the router you mean pfsense?  Or something in front of pfsense?  Your AP?

What is not working for internet access?  Dns.. Can you access pfsense?  What does pfsense show for its wan connection?  Did it loose its lease?  What do the logs in pfsense say?

You say modem, did you mean router?  What device is that - is that what your rebooting?

Need some more details of exactly what your rebooting and why without doing any sort of troubleshooting to what exactly is not working..

marjohn56, I whish I read your message before buying a Vigor 130… Apparently my problems are not over:

https://forum.pfsense.org/index.php?topic=139000.0  :'(

@KOM:

Squid is not geo-aware.  I don't use pfBlocker but it does have a geo database so you will have to figure out a solution using pfBlocker.

I dont need it to be.  I just want it to obey the LAN rules which it doesnt.  LAN rules simply are bypassed by anything going through squid.

Thanks for your reply.

I'll come up with a proper reply but right now I am really busy and don't have the time to get into all the things you bring up.

I'll come back to it in a few days.

Approximately one year after 2.4.0-RELEASE, so October 2018.

I see - I've never entered the wan IP unless it was a VM and I had no lan access so I did no know that.  I've learned something new.

Yeah the simple way to run multiple dhcp is just have them hand out different blocks..  But there are much better ways to do it where the dhcp servers exchange the leases so, etc.  Sure you could run pfsense via carp to do it.  But you can also set it up on other systems like MS latest server versions dhcp has added a lot of dhcp failover and redundancy features.

@motific:

your ISP probably updated the firmware on their kit and reset it back their defaults.  Some do that.

You know what is causing the situation, it’s up to you.  I’d ignore them, but others might disagree.

Thank you motific - Much appreciate the response.

Hi BlueKobold. Yes, I know that pfSense if FreeBSD based. In fact what I ask is the equivalent of nf_conntrack in pfSense (FreeBSD), where I can see  network flows in real time. I have never programmed packages for pfSense, this is something to look at later (for now it is essential to analyze network flows).

Ok , I'll try

FYI, the Foundry X448 I bought is actually full PREM version with L2, L3-Base & L3-Full.

So let the switch route between all the VLANs or the entire network to free up the load from the pfsense
box able to realize more for you, might be then also a way able to march on or am I wrong with that!?

New to this forum, but have been using pfsense for a while, but no expert..

It doesn´t matter at all, but that said, like mentioned before, snort and suricata are not set it up and forget it packets!
It´ll be more on the need to fine tune more and more and also get new rules for that will be a work for itself.

I'm just looking for best practice regarding hardening pfsense and snort, without using all my time on false positives.

We all do! But again it is not a plug and play packet, it can help much and bringing you to running wild too,
if there is a DMZ with opened ports and forwarded protocols it might be the best bet to positioning it there,
if you are not really sure how to use it, I suggest you to get a small amount of books about your favorite
IDS/IPS system such snort and suricata are. That will narrow down the entire time you spend on it.

We have a 2.3.5 release coming in the next couple days that has security and other fixes.