@viragomann said in Port forwarding: @ulflaursen said in Port forwarding: Should I first forward the port from the mobile broadband router to pfSense, and the forward it further on to the Synology? Exactly this. You have to put the Synology into the LAN behind pfSense and reconfigure its IP. Then forward the traffic to pfSense WAN and again on pfSense to the Synology. Consider that pfSense does not allow access from private networks on WAN by default. So if your broadband router does masquerading on incoming forwarded traffic it might be blocked. You can enable access from private addresses in the WAN interface settings by removing the check at "Block private networks". Thanks a lot man :-) /Ulf

Do you have some sort of problem with my personal opinion of the lack of info given in this thread @papdee Yes I am a global moderator.. That has little to do with my personal opinion on specifics, just like you can post your opinion on something, so can I ;) Where did the OP give any details worth anything? Love for you to point them out to me.. Do you actually feel this thread has use to the next guy having a problem? I am not seeing it.

@cool_corona I'll try it, thanks!

@johnpoz I deleted all the Outbound NAT rules and added one as you suggested. I also disabled 'pull routes' in client config. Everything working well so far and NTP status is still showing 377's for the five individual servers. I presently have 1.1.1.1 and 9.9.9.9 in System > general > DNS servers. Leak tests showing VPN public IP (good) and DNS servers as cloudflare and quad9 (should I care? Is it cloudflare trust vs VPN provider trust?). Here are my DNS Resolver settings in case I'm wrong/confused on something. [image: 1619191128573-pfsense-dns-resolver-settings.png]

@kom said in First time user / install problems: @ulflaursen said in First time user / install problems: but should the "pfSense box" not have DHCP enabled as default? When you installed it, part of the step of configuring LAN is it asks you if you want to enable DHCP and if yes then it asks for the IP range to manage. Perhaps you missed that. Give yourself a 192.168.1.2 address, login to pfSense gui and check your Services - DHCP Server settings. That, or reconfigure LAN and do the DHCP part again (option 2 in the console menu). Thanks a lot @KOM it works!! /U

Well no issue since my last update. It was the driver ;-)

@netblues I have done other tests: I plug a mikrotik or a linux netbook and I get immediate pppoe working connection. With PFSense some days I get immediate connection even if I restart the box several times. Other days starts again in an infinite loop but after several hours it "repairs" itself. In this cases if I put a mikrotik/linux I get immediate connection so it is not a pppoe server fault. I will try a pcap but I need some hints.

@gertjan system has already been reinstalled.. I think I have things working well now. I will not make any changes till I know it is rock solid. New to all of this and just learning about the features. I lots of options in the package manager.. Just making sure my network is secure (more than it was)

@slu said in Cannot Access Local servers After update 2.5.1: https://redmine.pfsense.org/issues/11805 Yes, multi WAN setup. I'll check the link, Thank you.

@tgimagine the queue is full / too many connections, check with netstat -Lan try without ntopng

well i given up so much a headache. i learned about conf/config. on usb it install config so i did that internet partially works.. some websites work most dont.. webpages work on firefox but not Edge Packages will not install at all.. if i manaully install it from the config file it just hang and sits there that its being initialized.. how long does it take 30 min being initialized is long enough "Please wait while the update system initializes" .. Nord VPN is down but Site to Site Open VPN is connected but. and there is a BUT only the other pfsense box. nothong on the network is accessable i locked out.. on 2.5.1 i going crazy i fed up and i got a migrain 4 days and i cant get this to work and the only reponse is its not a bug and what not from the comment above.. i not crazy.. how can it worked for 2.4.5 but soon i upgrade to 2.5.1 its totally broken and its not a bug? ugh for now i give up so fed up and dont know how to get it.. ill just wait till a real stable version out there.. sorry venting too much i just cant figure this out deleted this and that changed WAN interfance to DHCP that i got it to dhcp ... you think it would work .no still broken.. so ill just wait and use 2.4.5 as long as it works till bugs are fixed i appreciate the help and input so far.. i give up for now as no one else really put in input how do i fix this and i searched forum and couldnt find similiar issues i do a usb of 2.4.5 and config file and installs everything ok.. i sitll have some websites not working but i back up and working though ill just wait

That depends a lot, you can play with kali linux attacking from inside.. You could attack the dhcp server, like a dhcp starvation attack.. In case you have Cisco, you could attack the CDP.. You could attack the wifi network, especially those using WEP.. These are just some examples of attacks in case you are already inside the network.. ARP poisining and etc.. Rogue DHCP server, the list goes on... In case you are from outside the network, there is a block all rule in WAN. This block rule means that the firewall won't be accepting anything from outside. In the other hand, you may have a port forward in which your server could be vulnerable, and not pfsense. Also, as pfsense is a stateful firewall, it will allow the clients to go to the internet, and allow the packets to return automatically. Based on that there is a possibility that you have a host that has a malware, botnet, or this host has a CPU vulnerability (MDS, TAA, Spectre/Meltdown) and thus is vulnerable to code execution, which, according to Arch linux security wiki, this host could be remotely exploited just by accessing a website running JAVA..