@CodeNinja in this case, DMZ + WAF will be your good friend something like this that I can suggest: • OS: Debian 10.x (Buster) 64bit • Apache Worker, factory package • Mod Security apache module with OWASP rules, factory package • PHP-FPM 7.3 or rather 7.4 if it goes with everything but definitely 1 version • PHP can only write where we allow it, ie it stays on the www-data user • firewall inbound to CF IPs is limited to http and https, just as SSH access is also severely limited (http can be completely disabled by likely, CF solves http-> https redirect) • SSH access is password protected + Cert. • firewall to the outside, by default everything that is needed (external APIs and their counterparts) is enabled separately • hosting-type access via SFTP, SSH, although shell access may be possible CF = CloudFlare (https://www.cloudflare.com/plans/) edit: we have had such web servers for years, nothing is secure, but we try to make it that way

@twoj it is clear what you need: xFinity Router in bridge mode, if it exists for this type and your ISP allows it or you mention a modem (Arris modem) that does not contain NAT per se and you get a public IP directly the difference between the measurements is very large approx. 900 and 400 we didn't get ahead professionally, because this difference is not justified by the dual -NAT throughput, so there is still a cat hiding somewhere in the bag if you have the opportunity to exchange, please come back to us afterwards (the curiosity moves the whole world )

@guardian Thanks for your time and support. We already have this problem for weeks no so my boss decided to make a "big bang" and just shut off the old network and go to the new one as we run out of time to make the switch. It will be a sh*tstorm but we have 4 days as yesterday was a free day here and today most employees are not in the office and off course we have the saturday and sunday. Till now it looks not that bad and there is a lot of progress. I wil mark this question as closed.

Well after lots of testing and trying here is why. I had DNS Resolver options checked for: 'Enable Forwarding Mode' 'Use SSL/TLS for outgoing DNS Queries to Forwarding Servers' Un-checking them and checking back fixed the problem! I suspect that reboot will help as well, but I not very often reboot my router. Hope maybe beneficial to somebody else.

@kiokoman Saved my bacon! Thank you! And, despite @stephenw10's suggestion, @kiokoman had it right: date yymmddhhmm (two digit year and no seconds).

@yakatz Also a word of warning, as some who deals with PHP's LDAP bindings on a regular basis, ldap_connect is incredibly picky about TLS/SSL connections. And until about PHP 7.3, they are very hard to override and allow insecure connection even for testing.

@Gertjan @Rico Yes yes thanks ! I also found a very short and great video on the subject, so sharing for all people. https://youtu.be/AZ_ju6pCbow

thanks for your help, a reboot helped, now it works just fine :)

@bingo600 said in Best Budget Low Profile Intel Quad Port NIC (May 2020): I just got a refurb IBM i340-T4 for £18 https://www.ebay.de/itm/Intel-I340-T4-IBM-49Y4242-49Y4241-Quad-Port-Ethernet-Gigabit-PCI-Network-Adapter/324173295984 Not a bad price too Has "DELTA" engraved in the Xformers ... So should not be "China cr.." Edit: Not low profile though FYI you can get x5 Intel low profile brackets that fit the E1G44ET, E1G44ET2, I340-T4, I350-T4 quad port NICs here: eBay item number:131838369914 £4.70 for the lot.

I found that after adding/changing vlans, nics and other major settings it always needs rebooted to work right. also unifi gear can be slow to provision after changes, especially if using unifi cloud and/or remote network controller.

@marpfsense said in No WAN IP from Arris TG2492LG in Bridged Mode: @JKnott The computer gets the public IP from the modem when in bridged mode. Do it does not. The modem only provides local LAN IP's when NOT in bridge mode. In bridge mode, the cable modem simply forwards the DHCP discover, etc to the cable operator. Typically the service provider DHCP detects the differences between the cable-modem E-router and a bridged client device, and then responds accordingly. Pete

Yes, but it should be OK now.

@jimp OK, great!

At least you still have those WAN NAT rules. Many VPN providers have you remove them to give a feature they totally confusingly name "Kill Switch". Fail Safe would have been much better but I guess that didn't justify their existence sufficiently. Anyway the problem here was likely that the default route was changed causing Unbound to use the VPN for DNS queries and services like Netflix will detect that and block you. Steve

Yes it should not be enabled on the SG-3100 because, as it says, there is no driver cpufreq can use for the ARM processor there. It does not hurt trying to start it though beyond that error message. Steve