@dominikhoffmann said in Has my SG-1100 been pwned?: I discovered that I couldn’t log into my SG-1100: In that case - do nothing - and switch over right away to the second access : That could be the SSH access (has to be setup up before) - or the console, which always works. The menu shows up ? Use option 11 - (restart the GUI part). @dominikhoffmann said in Has my SG-1100 been pwned?: Now it again is failing. Time to regain access and do what admin always do : By looking at the dashboard you'll learn nothing. The dashboard is there for the times when all is ok. Look at the - all the - logs. You should always be looking at the logs. Eventually, you'll know what messages are normal. The day things go south, you'll know what messages are new, and you know what happened. @dominikhoffmann said in Has my SG-1100 been pwned?: rather than a maliciously changed password? They would have to use the certificate to gain access, first. Just ise the classic 1234 password for GUI access. Lock down the GUI access to a trusted LAN - do not let non trusted devices access this LAN, and use a OpenVPN access if you need to do some remote admmining of pfSense. See the Youtube => Netgate => OpenVPN vdeos (even the old ones).

@froboz Yes. I am trying to update the FW from 3/31/21 on Intel's Support page. https://downloadcenter.intel.com/download/24769/Non-Volatile-Memory-NVM-Update-Utility-for-Intel-Ethernet-Network-Adapter-700-Series There is another thread that another user got this working: https://forum.netgate.com/topic/162333/intel-x710-issues/8?_=1620678897780

@jknott said in No internet connectivity after replacing cable modem: @soul710 Well, it's time to start some packet captures to see what's happening. As I mentioned, something has to tell pfsense to get the new address. As for rebooting, Is the modem going through the same steps when you reboot pfsense? If so, then all you're doing is repeating the situation. The only alternative I can think of, other than the modem dropping the connection s an extremely short DHCP lease on the first address. Disconnect the modem and reboot pfsense. Once it's up, start Packet Capture on DHCP and reconnect the modem. You might keep an eye on the Ethernet LEDs to see if the link drops briefly when the modem changes addresses. What happens if you use the ifconfig command to disable and enable the WAN port? Okay so, in fact, I had a second router running OpenBSD, and it was suffering from the same issues. I had set up the OpenBSD box as replacement for the pfsense even, and I have used for a while now instead of the pfsense, but now I switched back to pfsense to track down the internet issues. As it turned out, I had a firewall rule which was preventing the traffic: #--------------------------------------------------------------------------- # default deny rules #--------------------------------------------------------------------------- block in log inet all tracker 1000000103 label "Default deny rule IPv4" block out log inet all tracker 1000000104 label "Default deny rule IPv4" block in log inet6 all tracker 1000000105 label "Default deny rule IPv6" block out log inet6 all tracker 1000000106 label "Default deny rule IPv6" Which is a bit weird, after I removed the block out log inet things went back to normal. I don't quite understand this; since I don't have succeeding pass rules, which should have allowed outgoing traffic. So this rule should have blocked internet even before I have replaced the cable modem? The essential change was that the WAN IP of the box changed from 192.168.0.10 to 178.xx.xx.xx (public IP).

@hugovsky Thanks. No, I haven't tried bare metal, I was really hoping to use this 8-Core server to do both pfSense and Virtual Servers (seems like it would be beefy enough). Is the consensus that pfSense isn't really going to see gigabit speeds in a virtualized environment? Appreciate your feedback! Randy

Just contact Netgate sales and see what they have to say. They're the only ones who can possibly give you the information you're seeking. It might be too early for them to say or perhaps they're just waiting for your email/phone call. Regardless of anyone else's position, or education level, or people they know, only Netgate can answer the question you asked. I've been curious to see what the pricing model was going to be. Best of luck!

@bpsdtzpw said in internal LAN routing: which I thought was curious. I had expected 192.168.1.1 192.168.2.1 As I mentioned before, those are the same device, so only one hop. This is the way all routing works, not just with pfsense.

@tsawyer I've been using pfSense for about 8 years and have helped out here on & off for more than 6 years. I've never read a pf book and don't think it would be that useful to you except as an intellectual exercise. You almost never need to work with pf directly from cli. Do your basic setup step by step. Get one thing working at a time. Make one change at a time. Figure out generally what you want to accomplish and then read up/watch video or ask here how to do it. A lot of new users make the mistake of deciding (incorrectly) how to do it and then asking specific questions to get them to the inferior result.

Thanks John. I'll proceed and assume hardware is ok, but be alert to possible future disturbances like this. I'm thankful for the good backup features of pfSense.

@jarhead what I was getting at is the default setup from fios when they install it is that they don’t use the Ethernet port; they use the coaxial cable. But if the router they gave you was plugged into the Ethernet port then it’s a moot point—you got lucky that they didn’t use the coax connection. My guess would be to call fios and tell them that you want to use your own router. Verizon (frontier) likes to make it difficult for users that want to use their own equipment. I know because they pushed back when I told them to enable the Ethernet port on my ONT, but they eventually opened it up for me. Same when I wanted to use my own cable box—I bought my own CableCard along with it and FiOS told me they couldn’t activate it (more like wouldn’t)—I had to rent their CableCard for $5/month if I wanted to use my own cable box. But I digress. Assuming the NIC in your pfsense box is good and you’ve verified the cable isn’t the issue then I’m thinking it could be one of two things: Fios needs to do something on their end to allow your router onto their network, or... If you’re running 2.5.x there are known issues that tend to bork WAN connections—been plaguing me for a while and I haven’t gotten around to downgrading, so I’d try the latest version of 2.4 if fios says you’re good to go on their end.

@bingo600 said in segment wifi traffic (guest, IoT, trusted): with a recent firmware it Wasn't all that recent - quite some time ago that feature was added. I don't recall the min required firmware or controller software. But if your running the current version you can yes run tagged management... Here you go https://help.ui.com/hc/en-us/articles/360046773733-UniFi-Using-VLANs-with-UniFi-Wireless You have to adopt via untagged.. But "As of Controller software version 5.8, access points and switches can be set to tagged VLANs" While I concur it should be a requirement for equipment to support if expected to be use in a true enterprise.. Running a vlan untagged is not really an issue where unifi stuff would be most used, small business, small offices, homes, etc. It mostly would be a concern where some sort of company security policy required tags.. I have not bothered to change my home setup. While I have multiple tagged vlans, the vlan that my APs are on for managment is untagged for the connection to the APs 5.8.X was released stable over 3 years ago.

Same issue here... It was working fine for a few weeks (since my last trouble with network driver) Webgui : Nginx time out... Pfsense response to ping ssh login allow but nothing after the password... On the screen.. keyboards does not work properly but the menu is not present... I did a hard reboot...

@akegec thanks ... no luck so far. I'll see if I can find the post you are referencing.

@jknott there is one Asian saying that I know from former colleague. "Like rice paddy, the more contains they have, the more they bow." [image: agriculture-1552390__340.jpg]

@jknott lol I think my fingers were buffer overflowing my brain.

@akegec That's kind of an open question. The basics should be pretty much the same for everyone. The question becomes what's significantly different form IPv4. For example, there's nothing comparable to ULA with IPv4 and the same with SLAAC. You also do not normally see multiple IPv4 addresses on an interface, something that's normal with IPv6. If you're running SLAAC and ULA, you will have up to 17 valid addresses on an interface and that's with just 1 ULA prefix. You could have multiple of those too. Another thing that's different is you have router priority, to determine default router, etc. Where do you start, when you don't know what someone needs?

@gertjan Thank you for the detail and suggestions. I will cable up the console so I'm ready next time. Understood about politely shutting down the hardware. Yes, I'm running vanilla pfSense, I've run update from the GUI once or twice when there was a new version. I think that "darkstat" is the only extra package I have explicitly installed (and that was just last night). Just looking for something to display bandwidth in use. Yes, the SG-1100 is the low end of the Netgate boxes, but it should be more than adequate for my SOHO network (only 60 Mbps service from ISP).

@clags it's difficult to tell. it could be anything. Try to fresh install pfsense and don't use old config. Take a note when that happens. Let's hope it' not the hardware issue.

Hi Guys, Just to update on this old thread...for those having the same issue. I got an Intel Dual NIC card from ebay and just installed it, so far so good, i guess the realtek card was the culprit after all. Say my amazon photos would start synching or i would update a computer's feature release (large file), internet would go down, i would have to run setup wizard after which it would come back up every time. Thank s for all your help,