I would not expect a port forward to be required there as Plex can usually be accessed from anywhere, even externally. UPnP is disabled by default in pfSense and you should leave it that way unless you have a very good reason not to. Plex can open port forwards in the firewall to allow access otherwise. Usually when people device their network like you have it is for security. Consider what would happen if one of your cameras was found to have a vulnerability and was hacked for example. What would that give anyone access to? You probably want firewall rules on the 192.168.2.1 interface in pfSense that allow only the required access outbound. So the cameras may not need any external access or maybe only to a known IP or set of IPs. Wifi IoT style devices may not need any access to to the LAN subnet. Though maybe you want Alexa to be able to control Hive.... What you want to do is allow only the traffic that is needed and segregate devices as much as possible to mitigate any security issues should they occur. Does your access point allow for multiple SSIDs / VLANs? If so I would create more so you can separate general access devices like laptops and tablets from IoT devices like cameras and Alexa. Currently you have separated devices simply by wired or wifi and that might not be the best way. The Hive and Hue hubs are IoT devices. I would want those on a separate subnet to desktop PCs and servers if possible. Steve

@tgdsilva said in Cannot access pfSense LAN subnet from outside: I think I would need it just for the purpose of converting incoming ONT (coaxial) to Ethernet. Exactly... Get an AP put it behind pfsense, then you can do whatever you want for segmentation of networks.. I would suggest you get an AP that supports vlan, and also a switch that does as well.. Then you be cooking with gas ;) For anything you might want to do.

Thank you! I have set it through SSH and finally, after 4 days I have rebooted it (I was afraid it won't work and didn't have the time to setup a monitor and a keyboard to the pfsense machine). It works great!

The HG612 will be plenty fast enough if it works, it doesn't really do anything but pass the traffic to pfSense. I think you will need it unlocked to change to bridge mode. That's quite easy though. I hope it's the 3B version. Some of the earlier ones had known over heating issues. Steve

@Fredouye THANKS!! I had done a search, but obviously my search was not well stated to come up with the right answer. I entered the "0-4,6" in the weekday field. So it should run tonight. Thanks again. Phizix

The XG-1537 or XG-1541 can easy do 10 Gbps. https://store.netgate.com/XG-1537.aspx https://store.netgate.com/pfSense/XG-1541.aspx -Rico

ok so here are the results of my efforts last night until 0130! I am currently unable to get my plex to work. the plex server is on the server 192.168.1.251 and I am trying to access it via the tv firestick. can anyone help?[image: 1587817831767-skynet.jpg]

@NollipfSense @tompark ok so here are the results of my efforts last night until 0130! I am currently unable to get my plex to work. the plex server is on the server 192.168.1.251 and I am trying to access it via the tv firestick. can anyone help? [image: 1587817467532-skynet.jpg]

Although I have not gotten my VPN to work yet, the youtube video "pfSenseBasics - Remote User VPN" has been very helpful for doing the VPN configuration.

@fischstäbchen said in pfsense short cpu load hang: Zotac Zbox CI329 Barebone nano https://www.reddit.com/r/PFSENSE/comments/8kasfm/celeron_n4100_fanless_dual_nic_zotac_any_good_for/

@NollipfSense I am using a cable modem, so I guess I'll just wait and see if the issue returns. Hopefully not!

Yes, you will almost always need a modem of some sort. The only time you would not is if you have a direct Ethernet connection which would be extremely in likely in the UK, certainly for any home/soho user. But you can ditch the ISP supplied router in almost all cases and use something is, or acts as, a modem only. Steve

@notarobot said in Hosting websites on DMZ gives cert error from LAN: Does it seems like the right thing to do ? This is the moment that Iwould advise to check up with pihole manuals/forum/faq/. So I'll to that ;)

From the description of the symptoms it sounds more like a hardware problem

You welcome and Cool_Corona didn't accidentally ask the bogons, ;-)

Attached logs ? The errors were present before you tried to upgrade to 2.5.0 ? Upgraded from what version ?

@yon-0 said in How to solve ISP blocking remote UDP port?: https://github.com/bol-van/zapret/ Incredible. And impressive, the effort that has been taken to circumvent this 'MITM' thing. Using this tool asks for some serious networking knowledge. It's rather simple to know how much you need : you have to be smarter as those guys that made and put in place this 'DPI' thing. I don't know where you are, @yon-0 , I advise you to move out/away. Btw : DPI on https (TLS/SSL) : forget it, those DPI guys are not human, or aren't using terrestrial resources to do so.

I'm guessing some kind of routing issue. The tracert from both the LAN & WAN interface should be identical as they will be both routing via the same gateway - at least that what's I got when tested on my firewall. Have a look at the routing table of FW1. It's LAN interface (which is the WAN/FW2) may require a static route telling it that 192.168.1.0/24 should be routed via its 192.168.2.1 interface. This would explain why WAN/FW2 works & LAN/FW2 doesn't as WAN/FW2 is sitting on the same subnet as LAN/FW1.

I'm not aware of any issues using AES-GCM dircetly to Azure either. But, yeah, better to start a new thread for that. Steve