Is it really rebooting? What's the system uptime?

Thanks again, don't know how I missed that...

@stephenw10 Yes i did this, but only for one side.

@bgroper Thank you for you reply, I want this not to be allowed at this time. The lab is for pen- testing, and for now the only available point to access from "outside" should be from Win 10 computer to the DMZ:80. Best, rick

@bigchoppers2003 said in pfsense boot stuck at "starting dns resolver": corrupted from a bad shut down. Technically that's possible on anything with a file system. Just because it doesn't always happen, or a device can sometimes self-recover, doesn't mean it can't break. Sorry you ran into it.

You may also need static outbound NAT configured in pfSense for the internal IP(s) you are gaming from. You can't 'pass' UPnP through to an upstream device. However I'd be surprised to find a CGN provider listening for that anyway. Steve

Since I found out I could display gifs it's been amusing me daily.

@JKnott : @cezarq said in ISP bridge mode without Internet just in pfsense box: he computers in my LAN has Internet as expected. so WAN should be up. @cezarq : Why should you want to ping a web site ? Why would a web site reply to a ping ? That IP address is set up to reply to http requests on its port 433, and probably also on the ancient 80. Not '25'. Nothing says it's also a mail server (port 25) or has a SSH access (port 22) or a NTP service (port 123) etc. True, some servers are set up to reply to ping requests, that 's strictly an optional setting, decided by the admin of that web server. It's not the IP protocol but ICMP. Do you pass the ICMP protocol on your LAN firewall ? Where are you ping from ? A LAN device or from pfSense ? You could test ping www.google.com or ping 8.8.8.8 : both are not working ? If the first doesn't work, but the second does, it's a pure DNS issue. Access this page on pfSense : System > Package Manager > Available Packages and does it list all the available packages ?

@ray123 said in Unbound: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN: nabling that support disables support for regular queries (If that's even correct? No enabling dnssec does not disable normal non dnssec - the vast majority of the internet is not dnssec signed.. Is a sad state of affairs to be honest.. While the % of signed tlds is pretty good.. The percent of total domains is not... edit: Here is the site I was looking for!!! https://rick.eng.br/dnssecstat/

@JKnott I did not create a diagram because I thought that what I was trying to achieve is simple… I thought that because I already know how to solve every problem I have IF I configure everything on pfsense. But the real issue here is that I wanna be able to use some amazing fritzbox features. A friend of mine proposed that I could just create a static route between fritzbox (192.168.3.0/24) and pfsense (192.168.2.0/24) but I am well aware of assymetrical routing… Can someone explain to me what is a real life problem that you could face when using assymetrical routing ?

The DNS server runs on a Windows 2016 server. But I suspect you are right, maybe I can set up the route without even changing anything on the pfSense firewall?

@zauberplume: also note that pfSense now supports ONLY 64-bit hardware. Just mentioning this since with an installed pfSense version that old it's possible the underlying platform is a 32-bit one.

There is no way to show them because they don't exist. There is no "changelog" for packages. Package maintainers sometimes post threads in the forum saying what changed but it's not required. Linking to github wouldn't necessarily indicate what changed in a way users would understand either.

@jdeloach said in Sensitive Software & Unable to start vnstatd: @WannabeMKII Sounds to me like you need a Battery Backup UPS that the SG-1100 is plugged into if it is that sensitive when it is not powered down gracefully. Yeah, this is something I'm going to have to look at, just a small UPS for the pfsense box. Any recommendations for a small UPS?

I'll check the pfSense firewall rules. I used the Wizards to set up the protocols. Our firewall/VPN router had been running on pfSense 2.3.2 since 2016, but we upgraded to Windows Server 2019 and were informed that one of the protocols was now considered unsecure. The person who set the router up has moved to another city, so while running an engineering practice I'm spending my off-hours dabbling in IT issues that I haven't messed with for ~25 years. I'm now running to pfSense 2.4.5 via incremental upgrades from 2.3.2 - no problem with the upgrades from what I can tell. I'll also check the Windows Server firewall to see if RDP connections are allowed. Thanks for advise.

I found the solution. I activeted the "Enable Forwarding Mode". Now, it is working like a charm.

@RonpfS I know it's an ancient thread but I googled and couldn't find existing solution to this problem. In my case time sync issues in Windows (all those 0x800705B4 errors) were fixed by unchecking the "Enable KOD packets" option in NTP server ACL page. Hope it could help someone.

So turns out there is no loop. pfSense rewrites ICMP errors IP addresses. Asking more details about that in https://forum.netgate.com/topic/152252/pfsense-rewrites-source-ip-for-icmp-errors-breaking-traceroute