Thanks

Dude I did check.. And your forcing the connection out your BL, capture 1.2 For only stuff that is in mis group.  You have not other rules that would allow outbound at all to your wan IP.

Hi. I have already checked the execution order of the 3 pfSense options to launch a command or script at startup. Is the next: 1- /usr/local/etc/rc.d/.sh 2- <earlyshell>3- <shellcmd>4- /usr/local/etc/rc.d/.sh</shellcmd></earlyshell> It seems that sh scripts in /usr/local/etc/rc.d/ run twice, first order and again, after shellcmd and earlyshellcmd I defined in config.xml <earlyshellcmd>echo "I am earlyshell" >> /order.tmp</earlyshellcmd> <shellcmd>echo "I am shellcmd" >> /order.tmp</shellcmd> I created a script with execute permissions in /usr/local/etc/rc.d/order.sh with #!/bin /sh echo "I am /usr/local/etc/rc.d/order.sh" >> /order.tmp; And the dump of /order.tmp cat /order.tmp I am /usr/local/etc/rc.d/order.sh I'm earlyshell I am shellcmd I am /usr/local/etc/rc.d/order.sh Regards

If that old router can run openwrt/dd-wrt you might be able to have it run multiple SSIDs over VLANs. Steve

No it's not getting responses to DHCPREQUESTs or DHCPDISCOVERs so it used what it had cached from the last time it got 192.168.0.28 from somewhere.

Well that makes me feel stupid. It looks like that got it to work by just not selecting a provider. Thank you!

@MicheMuche: For several reasons, those objects can not be wired => Wireless communication Do you power all devices by battery as well? There are countless protocols not bound to ethernet with only one or two wires needed for communications.

Until Vodafone gives you public IP all the configurations make no sense. Most likely you have private IP starting with 10. or 100.

@Derelict: It's in your packet capture. It's coming from somewhere. Check the MAC address tables in your switches, etc. Wireshark out on a mirror port on the physical network. Something. ;D  "Something" ok will do.

Look at your rules on WAN. What is passed there? It is perfectly normal for you to be able to bring up the web gui from the inside using the outside IP address unless you specifically block that. That behavior is governed by the rules on LAN. Being able to connect from the outside is governed by the rules on WAN.

well…... anonymity:  where I live the Government insists on keeping a record of everything done online so using the ISP DNS server will have every request logged  (not that the like NSA dont have a direct link to pretty much everything) And google is not much better. But some kinda separation is comforting as is an anonymous VPN  - So really anything that will make data collection harder an more costly has to be good! Actually not concerned over cashing - just thought DNSBL was an useful addition to blocking stuff- maybe Ive missed something? Thanks for your help!

I can help you with a few answers, but I can't answer all. The box you found is probably a good one. It and a similar one on Amazon appear to be very popular. I built a J1900 oriented router with 8GB ram and a 120GB ssd. It was over-provisioned but I wanted a device that could be used for something else if it ever stopped being a router. Ram and a SSD were cheap extras. The router has a lot of processing capacity. I have three OpenVPN servers built and active. One is specifically for safe remote browsing where I need my home IP address visible. Two have remote lan access. I keep the lan access servers off when I don't expect to need them. (use different ports and different internal network addresses to keep them from locking each other up.) They work great. pfSense allows you to create multiple users and certificates and give each a different password. These users can be linked to OpenVPN on an as needed basis. The download wizard makes makes it easy to download certs and config files for user devices. OpenVPN is pretty flexible about the network range you can connect to. I wired my lan port to a switch and the switch goes to a wireless access point in another room via normal cat6 wiring. Pretty ordinary. Works great. Re port forwarding: I don't know your system and port forwarding is an absolute necessity for a lot of purposes. I use one of my OpenVPN servers for remote lan access. Then access is just as if I were at home. OpenVPN protects the open ports. No ports are forwarded. Obviously, this would not work if you needed public access to a server behind the router.

Right. Status > Interfaces is probably the easiest way to see all the naming, including the optX asssignments.

Update: I'am now running a pfSense Firewall on a Dell PowerEdge R220 using this fiber card: https://www.startech.com/ch/Netzwerk-IO/Adapter-Karten/PCIe-Gigabit-Ethernet-LWL-Karte-Offen-SFP~PEX1000SFP2 I now got almost Gigabit througoutput. (about 940 MBits) The hardware works very good with pfSense.

I know that Ruckus APs are picky about this unless you tame them. Connecting a Win7 VM on my MBP through the same WiFi connection (MBP MAC bridge) was originally refused. I assume your Cisco AP might have the same behavior. This is Ruckus specific: We might have an option to work thru the bridge, if you can test it. When attempting to connect non-Ruckus wireless bridge devices, we can test by disabling directed-DHCP, our proprietary conversion of broadcast to unicast of DHCP offer and ack messages, and evaluate how this affects the WDS with wireless bridge clients. rkscli: set qos directedDHCP usage: set qos directedDHCP {enable|disable} From ZD CLI: remote_ap_cli –A “set qos directedDHCP disable” The “-A” switch before the double-quoted AP command, means apply to all currently connected APs.

the host was not setup to use anything.. which is a problem, but also I have no clue where it's getting the a1.pcloud.com.  Does pfsense use it's own NTP settings? [EDIT] actually, in this situation i have to laugh at myself cause it was obviously getting the time for the VM from the host machine… well, that is when it was configured to sync it.