Well as I say both ways should work if configured right. I've not played with Tomato specifically but I'm familiar with dd-wrt and openwrt and both would require VLANs internally for most devices.

If a phone works on that ssid it's probably fine.

@coxhaus okay got it all figured out (refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range.) this worked very well and I was able to use the Access Control on the netgear as well so that WIFI clients could not connect either.

I am now completely up and running, I have addressed my speed issue by just getting Intel (ET PRO 1000) dual Ethernet adapter and just disabled RealTek Nic's. I am now getting the speeds I am paying for and I can see that everything inbound is block, no new devices can connect very happy camper here,

28db92cd-b0c5-40a5-aba3-14a4ad01651e-image.png

You should not have 192.168.1.1 as a DNS server for pfSense, though it would not break anything.

The server set in System > General Setup though are not used by Unbound in pfSense unless you have set the DNS resolver to forwading mode. By default it resolves directly.

However since it looks like you're passing 1.1.1.1 to the client directly it should be able to resolve whatever pfSense is doing so I'd look for error on the client. Try on the client:

steve@steve-NUC9i9QNX:~$ dig +short @192.168.1.1 google.com 142.250.180.14

Steve

@milindhvijay So like I was say if you have a rule using a gateway, which you have. And you have it set to NOT create rules when gateway is down.. Before you had no rules that would allow access to the IP on your admin vlan.

exactly.jpg

So when your gateway goes down, per your settings that last rule there with the gateway set as "default_failover" would not be there.. So until you added that rule you have highlighted what rule if you remove that last one since you are telling it not to create rules when a gateway is down would of allowed you access to pfsense gui on any IP?

If that rule you created is to allow access to web gui, why would you say lan subnets. Why would you not just allow access to the admin interface address?

But yeah your rules from before you added completely explains why yes if your wan(s) were down you would not be able to access web gui or even ssh.. Because you had no rules that allowed it when your gateway(s) are down.

I brought this up in my first post..

Does it actually populate the table in Diag > Tables?

Does it work if you use https://raw.githubusercontent.com/SecOps-Institute/Akamai-ASN-and-IPs-List/master/akamai_ip_cidr_blocks.lst for thatlink instead?

@kal800 If it’s the pfSense ABC you can restore:
https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html#bare-metal-restoration

There is this if you can get it to see the file: https://docs.netgate.com/pfsense/en/latest/backup/restore-during-install.html

Always have a backup…

Thanks everyone for the help, It wasn't pfblocking, but rather a simple bad DNS provided by my ISP.
I didn't think of it because everything else was working perfectly fine.
However when I went to System -- > General Setup and removed my ISP DNS and replaced it with 127.0.0.1 and 8.8.8.8 it worked just fine.

Hi everyone.
I believe that the problem is linked to equipment (multifunction printers) connected to the electrical network which is causing problems for the switching power supplies of the mini PCs that I use for my installations.
In fact, when these devices are turned off at the weekend, the firewall never turns off.
Now I will put an uninterruptible power supply online that allows me to stabilize the output towards the pfsense.
I'll keep you up-to-date.

Thank you.

@MyastanPatrin said in Restore pfSense Plus 23.05.1 config on pfSense CE 2.7.0 Several Errors:

lack of internet connectivity

Was there connectivity before the restore? Why is there none after? IP conflict? Were WAN and LAN assigned correctly during the restore? (if the interfaces haven't changed they will be used as is...maybe were out of order from the original VM? Except you said you used the same VM...)

The pfB alias will be defined after you run an Update in pfBlocker.

Are you really using a bridge on a VM?

I would perhaps try to uninstall the packages, sort out the connection problem, and then reinstall. The package configurations will stay by default.

@jimp said in Modify .tcshrc:

https://redmine.pfsense.org/issues/14746

JUst found this :

I just pushed a commit that implements "local" versions of .profile, .shrc, and .tcshrc which are, respectively: .profile.local, .shrc.local, and .tcshrc.local in the user's home directory.

Great !! Cool !!
Now I can finally use 'll' as an alias for "ls -al" just by creating a small " .tcshrc.local" in the root folder.

Thanks !

@viragomann Thank you very much for the tip, I did what you told me and it worked

@ukhobo I too have a BT/EE ISP connection and would love to be able to place their hub used for VoIP behind my pfSense router.

Someone on the thinkbroadband forum managed to get around it using a custom Asus router firmware (probably similar to OpenWrt). If there was a way to run a cron job on pfSense that extracts the changing Host-Uniq, store it into a file or some kind of varible and then use this to dynamically update the Host-Uniq field within pfSense that'd be one way to go about it.

https://forums.thinkbroadband.com/fibre/4664092-bt-fttp-with-digital-voice-alternative-to-smart-hub-2.html?fpart=7#Post4670157

Did you ever find a solution to this?

I persoanlly will be carrying on using pfSense behind my BT router unless someone has a solution.

@yobyot said in Stuck on CE 2.7 with a php error causing available packages to be blank.:

I've never had the next release step on the current release

Your issue was as noted above. However addressing this comment, it's been a longstanding issue in pfSense. See https://redmine.pfsense.org/issues/10464 but especially note the last note:

"The update check process has changed recently (available in 23.09 and CE dev currently).

Now relevant repos are checked for updates without affecting the current repo itself. This avoids automatically updating (e.g. pkg) against a repo that doesn't have compatible packages (hence no more pkg dynamic library errors)."

The fix is targeted to 2.8.0 per the top of the page.

PS - hooray!

VirgnMedia terminology is often different from other ISP's around the world & can be confusing. Default mode = NAT router. "Modem Mode" = Bridged. DMZ is only available in router mode, hence why it works.

In Bridge mode, you can only have one device connected (and the hub disables its WiFi). Earlier VM Docsis CM's (Hubs 3 & 4) always used port-1, but some users say the 2.5Gig port can be used. although this is unconfirmed. First device will grab the bridge IP, so make sure there's only PfSense connected.

Everything else in your network needs to be on the PfSense LAN side.

BTW, count yourself lucky. VF-Ziggo users with same hardware don't have bridge mode available !!

Just remember (ask me how I know!) that unlike a VM snapshot once you default or otherwise break a BE you cannot roll it back. You can only switch to a different BE.
So if you want to have that point remain available be sure to create a new BE snap each time before you run tests etc.

Steve

The pfSense Quagga package was deprecated in 21.02/2.5. The last version that shipped in 2.4.5 was 1.2.4_7.

Why are you asking this here?

Steve

@SteveITS I was going to suggest something similar but as I have not tried to reverse engineer the configuration file I was unsure how hard that is.

To do it I would compare a reset to default configuration file with the existing configuration file.

Thanks everyone putty and Windows 11 fixed it with the correct usb driver

Screenshot 2023-11-29 143357.png

Got access to the boot environments now.

I can't get some packages to with with ARM for 23.09 I keep getting completely locked out and having to go back. That fixed it.

@stephenw10
I really don't know myself..
But i tried it by upgrading from 2.6 which works fine..
and clean install..
both fail.

I set it this way.. CMIIW..
2 WAN, each WAN's interface i set the default gateway to ISP1 & ISP2.
LAN interface, i set it to none, or L3 switch doing intervlan routing inside ( no queue mgmt at all at L3 switch )
Turned off NAT.
In Settings - Routing - I set the default gateway either ISP1 or ISP2, or automatic.
It just works everytime with 2.6.. i even reinstall the 2.6 as well for testing purpose.