@JKnott : @cezarq said in ISP bridge mode without Internet just in pfsense box: he computers in my LAN has Internet as expected. so WAN should be up. @cezarq : Why should you want to ping a web site ? Why would a web site reply to a ping ? That IP address is set up to reply to http requests on its port 433, and probably also on the ancient 80. Not '25'. Nothing says it's also a mail server (port 25) or has a SSH access (port 22) or a NTP service (port 123) etc. True, some servers are set up to reply to ping requests, that 's strictly an optional setting, decided by the admin of that web server. It's not the IP protocol but ICMP. Do you pass the ICMP protocol on your LAN firewall ? Where are you ping from ? A LAN device or from pfSense ? You could test ping www.google.com or ping 8.8.8.8 : both are not working ? If the first doesn't work, but the second does, it's a pure DNS issue. Access this page on pfSense : System > Package Manager > Available Packages and does it list all the available packages ?

@ray123 said in Unbound: failed to prime trust anchor -- could not fetch DNSKEY rrset . DNSKEY IN: nabling that support disables support for regular queries (If that's even correct? No enabling dnssec does not disable normal non dnssec - the vast majority of the internet is not dnssec signed.. Is a sad state of affairs to be honest.. While the % of signed tlds is pretty good.. The percent of total domains is not... edit: Here is the site I was looking for!!! https://rick.eng.br/dnssecstat/

@JKnott I did not create a diagram because I thought that what I was trying to achieve is simple… I thought that because I already know how to solve every problem I have IF I configure everything on pfsense. But the real issue here is that I wanna be able to use some amazing fritzbox features. A friend of mine proposed that I could just create a static route between fritzbox (192.168.3.0/24) and pfsense (192.168.2.0/24) but I am well aware of assymetrical routing… Can someone explain to me what is a real life problem that you could face when using assymetrical routing ?

The DNS server runs on a Windows 2016 server. But I suspect you are right, maybe I can set up the route without even changing anything on the pfSense firewall?

@zauberplume: also note that pfSense now supports ONLY 64-bit hardware. Just mentioning this since with an installed pfSense version that old it's possible the underlying platform is a 32-bit one.

There is no way to show them because they don't exist. There is no "changelog" for packages. Package maintainers sometimes post threads in the forum saying what changed but it's not required. Linking to github wouldn't necessarily indicate what changed in a way users would understand either.

@jdeloach said in Sensitive Software & Unable to start vnstatd: @WannabeMKII Sounds to me like you need a Battery Backup UPS that the SG-1100 is plugged into if it is that sensitive when it is not powered down gracefully. Yeah, this is something I'm going to have to look at, just a small UPS for the pfsense box. Any recommendations for a small UPS?

I'll check the pfSense firewall rules. I used the Wizards to set up the protocols. Our firewall/VPN router had been running on pfSense 2.3.2 since 2016, but we upgraded to Windows Server 2019 and were informed that one of the protocols was now considered unsecure. The person who set the router up has moved to another city, so while running an engineering practice I'm spending my off-hours dabbling in IT issues that I haven't messed with for ~25 years. I'm now running to pfSense 2.4.5 via incremental upgrades from 2.3.2 - no problem with the upgrades from what I can tell. I'll also check the Windows Server firewall to see if RDP connections are allowed. Thanks for advise.

I found the solution. I activeted the "Enable Forwarding Mode". Now, it is working like a charm.

@RonpfS I know it's an ancient thread but I googled and couldn't find existing solution to this problem. In my case time sync issues in Windows (all those 0x800705B4 errors) were fixed by unchecking the "Enable KOD packets" option in NTP server ACL page. Hope it could help someone.

So turns out there is no loop. pfSense rewrites ICMP errors IP addresses. Asking more details about that in https://forum.netgate.com/topic/152252/pfsense-rewrites-source-ip-for-icmp-errors-breaking-traceroute

@NKOADMIN Awesome...congrats!

No problem.

Still should conflict with 192.168.30.0/24 where the printer is. Also it would be an all-or-nothing type deal. If you can connect at all to the printer it is not a conflict. Steve

I went ahead and just blew everything away and started over. Once I rebooted and everything was down I figured it was time to start over.

@jlw52761 Thank you for your time and professionalism in presenting...I really appreciate that. Neither is I a Netgate sales person...The OP is an informed network person having taken a Cisco course...he stated, his needing multiple network such as a DMZ...he stated, he "would like advice on what Netgate product would suit me the best." He stated, his having multiple network toys and his looking at the SG-3100. Personally, I would have recommend the XG-7100 desktop longterm...I am even thinking now of getting that SG-3100 from Amazon and flip it...on a second look, I get the reality check...it's the SG-1100. https://www.amazon.com/SG-3100-pfSense-Security-Gateway-Appliance/dp/B07JBWRQ3K

thanks @jlw52761 that is a great dashboard, and so much easier than what I was trying to do with the above.

Thank you for clearing that up. -Rico