Happy reading.

https://www.dslreports.com/forum/r29903721-AT-T-Residential-Gateway-Bypass-True-bridge-mode

Turns out the router in front of the PFSense box wasn't clearing down sessions.  This is why I couldn't see loads of sessions in PFSense.  The router had a non released version of firmware on it (Draytek) to try to stabilise the VDSL BT Infinity line, but seems this caused issues with sessions.  Putting the current firmware on it has sorted the problem.

Do you have the appropriate default firewall rule (allow LAN Net to Any?)

Very simple setup over here. No VLANS configured on the firewall and it looks like it is a default PFSense install with some changes to get Internet connectivity and VPN access. I always make a backup of the config before doing anything, learnt that lesson the hard way before :). Thank you for your advice :).

FOUND IT!

For future reference, u-verse 5268AC has a firewall at IP level under LAN IP Address Allocation. Disabled it and pf took over.


I didn't even notice we could attach images…. There you go :)

NAT is used, but I made sure anything going between the two would pass, or at least there is nothing blocking the way...

EDIT: It resolved itself. I do not know if the version of pfsense I was using was not recent enough or if I made a typo somewhere but after the last re-installation with a new cd of pfsense it worked.

XoquCtW.jpg
XoquCtW.jpg_thumb

No

@dotdash:

I think there is something incompatible with the motherboard. I'd try loading another OS on it (Linux live bootstick?) and see if it recognizes the card. The chipset in general shouldn't be a problem with FreeBSD, is it possible the unit has a bad mini-pcie slot?

Indeed. This unit has a mini-pci slot that only accepts WWLAN 3G/4G cards and not WiFi cards. I got this info from motherboard supplier.

Thanks for the help!! :)

kind regards

Great info, ty! I will be internet only. Interested in the 50/50 plan. Don't need tons of throughout but the competing cable provider isn't very attractive so looking into fiber.

Awesome, thank you for helping solve this!

I'm sure you've checked but is your outbound connection saturated by some bandwidth hog?

Thanks for the info, but I did find a way. I added "interface ignore wildcard" to ntpd.conf and Hallelulia it works! That only leaves php-fpm. Any ideas on that one?

Dang, I was afraid that was going to be the next step…

Thanks!

172.16.15.38 lies in rfc1918 address space it wouldn't be routable on the internet.

Click on the spanner under gateways and display both, guessing you have a "Rogue" monitor IP thats got in there somewhere, delete it if it shows.

Also check System -> Routing -> Gateways -> Edit

Thinking about it, maybe someone has configured 172.16.15.38 on the OpenReach VDSL modem and pfSense has piclked up on it, you can get stats off some of them.

Websocket runs over standard HTTP/S connection, so your only option is DPI systems.
Snort and, probably, Squid (denying Upgrade request).

Use of protocols that are designed for the same local network, be it broadcast or multicast.. Are meant for devices on the same L2 network.. If you have a TV that wants to find your sonos speakers for an example via such a protocol.. Simple solution put them on the same network! Done..

Jimp point here is that what protocols your devices use on some local network has zero to do with pfsense..  If they want to talk UPnP or or SSDP or DLNA between each other you have zero to do on pfsense for that to happen..  If you have some sort of broadcast or multicast protocol you can try out avhai which helps with mdns, etc.  Or you can play with igmp proxy for your multicast stuff.  Which is most likely done better on your switch setup..

To be honest devices that require such nonsense as having to be on the same L2 to work, I wouldn't use those - vote with your dollars..  Nice that they want to make these things easy for the idiot user to just plug and discover via some broadcast/multicast protocol.  Great.. But allowing me to put in an IP or a FQDN of the device it wants to talk to should also be a option..

tbh, that was a stupid fast integration, thanks alot for a great product and awesome response!

Well I would not go looking for other issus until that is solved. As you say IN errors on WAN would affect download more than up.

So that is a 10G copper NIC connecting to a 1G device? I assueme (but suggest anyway  ;)) you have tried swapping out the cable?

Can you not use a 1G NIC directly for WAN?

Perhaps I've misunderstood your setup.

Steve