Because the NAT IP is set to 192.168.1.4, the proxy. The destination IP defined what traffic that port forward will match on coming into the WAN. Unless you have more than one public IP on the WAN it can only be the WAN IP. Steve

@stephenw10 Nothing was hard coded but I confirmed the issue with tcpdump. The areas where this impacted me seemed to be only in NAT functions

What port test are you using? 192.168.1.146 should report success on port 8443. You won't be able to test the forward from pfSense itself. But if you try some external test such as canyouseeme and then check the state table for :25565 you should see the NAT'd state with traffic both ways. Steve

Did you reboot the modem?

This https://forum.netgate.com/topic/104475/resetting-mac-address-to-nic-real-address ?

I've never used Vultr so I have no way to know if this fits you usage.... https://www.vultr.com/docs/configuring-private-network I note that: "Private networks are only available on Vultr compute and dedicated compute instances." Steve

We set the LTE as bridge mode but not too happy with it. Looking at getting the MikroTik LHG 4G/LTE to replace it

So in this scenario both your DCs are down? Because AD can for sure share their dns info. If both your DCs are down - you have bigger problems then a copy of your dns records running on pfsense ;) But sure running bind on pfsense would allow for zone xfers from your AD dns..

@freska99 I'll keep an eye for next time it happens, I am pretty sure it is going happen again, because It had happend to me, couple time. Thanks.

@dreamslacker Bingo, that was the piece I forgot, thanks!

@jimp LOL! I have been thinking this very thing and will probably do it. If I do, I’ll report back.

@marvosa said in how to block bad guys who is sharing internet by laptop: We even have a few clinics that are sharing a single T1... A real T1? These days, those are generally emulated over Ethernet. I first did that over 10 years ago. They have also been run over SHDSL for many years. I was working with that stuff back in the early '90s. I suppose there are still some parts of the world that rely on 2 cans and a string.

Possible solution here: https://forum.netgate.com/topic/141034/rate-limit-on-radius-reply-attributes-for-pppoe-connections-not-working/3 Pretty hacky though.... Steve

@jimp said in [2.4.4p3] Reboots with ctrl-alt-del on console even though hw.syscons.kbd_reboot = 0: kern.vt.kbd_reboot That was a quick fix, that indeed works. I wonder if that could be in the default tunables table, or maybe even a GUI options somewhere, I musn't be the only one who rebooted their box unintentionally by pressing this often-used MS combination... Thanks!

Just crosslinking the other thread, basically asking the same question. https://forum.netgate.com/topic/148666/cve-2019-19521-and-pfsense To date: no "official" statement there either, but same assumptions about FreeBSD != OpenBSD, plus pfSense not using anything of the mentioned auth mechanisms exept for SSH, which would fail anyways.

Diagnostics > Backup & Restore > Download configuration as XML

It looks like you have something configured using 192.168/16 somewhere that is conflicting. It's not in the routing table though. I would open your config file and search it for 192.168 and see what pops out at this point. There will be a lot of entries since you're using that for LAN. Steve