@Gertjan I have 8.8.8.8 1.1.1.1 I am not new to networking, just new to pfsense and firewalls

CARP is for a high availability setup, where at least two routers are sharing a virtual MAC. @cl1nt said in Arp Issue - No wan: The MAC not change. So it's strange that it resumes working though.

@pedro1x You will have to create a VLAN in pfSense for the guest network and create appropriate rules, etc.. You need a matching VLAN on the AP for the 2nd SSID. A managed switch will keep the VLAN off other parts of the network, but that's not essential. You do that by configuring the switch so that the VLAN only goes to the port that the AP is connected to.

@heper said in NAT couters in pfSense: from shell: root@pfSense.lan]/root: pfctl -vvsn @8(0) nat on vmx1 inet from 10.123.0.0/24 to any -> 192.168.0.203 port 1024:65535 [ Evaluations: 194138 Packets: 47019367 Bytes: 51593880791 States: 79 ] [ Inserted: pid 20145 State Creations: 31883 ] Thanks a lot @heper

hello guys thank i will debug with the above as i am curnntly away from the setup and. the clinet is using Ethernet if i connect the same port same cable to another PC i dont have any issues

Hi Folks, FYI bug is back and reported as https://redmine.pfsense.org/issues/10812 Cheers

Hi, check out the great pfSense docs about Multi WAN: https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html https://www.netgate.com/resources/videos/multi-wan-on-pfsense-23.html https://docs.netgate.com/pfsense/en/latest/routing/troubleshooting-multi-wan.html -Rico

Thank you for your support. I will check the wan quality graph and report to my ISP. Do you know why the router provided by them, don't lose the connection? Is their equipment prepared to accept the "bad" connection quality? Best regards

@stephenw10 this was the best application for the mobo, CPU, and some memory I had lying around. Plus, I got sick and tired of all the limitations of the stock gateway from Centurylink. pfSense is so much better now that it is running as expected. [image: 1596410330384-7cd2741f-aeec-4d0a-a026-36e1e56c3ab0-image.png] Being able to set things up the way I want them to be and control cross VLAN traffic is precisely what I wanted. And I did not feel like spending money on some hardware FW appliance with all the issues they usually run into.

Unfortunately there isn't (yet) ab MBIM or QMI driver for FreeBSD and hence pfSense. I would expect the current Sierra devices to work if they present a known USB PID and u3g recogises it. But limited to AT connection interface. Steve

@stephenw10 said in Sourcing default firewall blocks: TCP ack packets Makes sense. Thank you very much.

In addition to that, there have been amplification attacks based on ntp. So using an external service increases your attack surface in any future possible breach attempts. Best security practices dictates to use as less external services as possible. Same goes for dns and forwarders. (and the beauty of running a stratum 0 ntp server, over pps, remains with the few who have attempted the task. Now, I wish datacenters had glass roofs so gps could work on top of racks.. :)

Internet is back. Aug 1 10:15:24 dpinger WAN_DHCP XXX.YYY.128.1: sendto error: 65 Aug 1 10:15:27 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.YYY.128.1 bind_addr XXX.YYY.144.93 identifier "WAN_DHCP " Aug 1 10:15:32 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.YYY.128.1 bind_addr XXX.YYY.144.93 identifier "WAN_DHCP " Aug 1 10:24:53 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.YYY.128.1 bind_addr XXX.YYY.144.93 identifier "WAN_DHCP " Aug 1 10:24:53 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.YYY.128.1 bind_addr XXX.YYY.144.93 identifier "WAN_DHCP "

@1OF1000Quadrillion Okay.

@justice41 Yeah, you'll most likely have to search for FreeBSD support on that card, like you said. Maybe one of the pros here can comment. I don't have any 10Gb networking gear, so I can't say for sure on that one. Here's an old post from the forum: https://forum.netgate.com/topic/128108/new-firewall-with-10gbit-asus-xg-c100c-help-needed Jeff

@Gertjan you are right, actually WAN GW is 10.125.190.254 as per your advice I changed settings to no interface (wildcard) and relaunched NTP service and everything works fine now, even package manager. All packages are in the place available for downloading. Thank you

@ivanildogalvao said in Redirect traffic to a link using Proxy.: However, from the moment I start using Squid and SquidGuard this does not work, not even with NAT Outbound, Squid always throws http and https traffic to the standard link (WAN1). Hi, Please note this: https://docs.netgate.com/pfsense/en/latest/routing/multi-wan.html Under the LOCAL SERVICE "By default, traffic using a proxy such as Squid will bypass policy routing and use the default route for traffic at all times. It also bypasses expected outbound NAT and leaves via the WAN IP address directly." [image: 1596126704524-3d698f2c-5b4e-4f64-b203-75971e97cfcd-image.png]

Also worth noting is that you were correct - before I reverted my config because all routing was broken and I had no connectivity except on my fallback OPT1 HW interface, I did check the GPS settings and was able to change to 9600. On 2.5x with the baud rate able to be changed, the GPS immediately started working and had a lock, with PPS working and all was well.