pfsense has a 'recipe' for this type of setup. https://docs.netgate.com/pfsense/en/latest/recipes/external-wireless-router.html?highlight=wireless%20router By the way, if you plug Mercury the WAN port into pfsense LAN port, pfsense logs will show the IP address/traffic of only the Mercury. This is because wireless clients are behind Mercury FW/NAT. By using both LAN ports (LAN to LAN port) you bypass the internal Mercury software/apps which at this point is essentially a just switch with WiFi. Hope this helps.

@johnpoz Thank you for the information. Just as you said, it was because they were not enabled.

@pzanga were you ever able to get PPPOE setup in PFSense behind the Arris NVG443G with Frontier? I have been trying for days to get this working with no luck! I even tried a call to support where i was told to basically give up cause they do not support it. I dont want to give up as i still think this is possible i just think im missing something. Any guidance on your setup would be a huge help.

@stephenw10 Removed IP4 preference and confirmed working. Also did a tracert pkg01-atx.netgate.com - 20 hops on IPv6 vs 13 for IPv4 - thought IPv6 routing was supposed be slicker! Tracing route to pkg01-atx.netgate.com [2610:160:11:18::209] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2001:4d48:ad5c:fe10::254 2 9 ms 8 ms 8 ms 2001:4d48:feed:97::138 3 10 ms 10 ms * 2001:4d48:feed:97::1 4 9 ms * 10 ms 2001:4d48:feed:99::a 5 15 ms 15 ms 15 ms 2001:4d48:ace::43 6 15 ms 15 ms 15 ms ams-ix-1.enta.net [2001:7f8:1::a500:8468:1] 7 15 ms 19 ms 22 ms er1.ams1.nl.above.net [2001:7f8:1::a500:6461:1] 8 * * * Request timed out. 9 * * * Request timed out. 10 * * * Request timed out. 11 126 ms * 126 ms ae5.cs1.lhr11.uk.eth.zayo.com [2001:438:ffff::407d:1d7e] 12 * * * Request timed out. 13 * * * Request timed out. 14 134 ms 130 ms * 2001:438:ffff::407d:1c9e 15 126 ms 126 ms 126 ms ae8.mpr1.aus1.us.zip.zayo.com [2001:438:ffff::407d:1b1e] 16 123 ms 123 ms 123 ms 2001:438:ffff::407d:20c6 17 124 ms 124 ms 124 ms 2610:160::ffff:4014:e59e 18 123 ms 123 ms 123 ms 2610:160:11:1::6 19 124 ms 123 ms 123 ms 2610:160:11:1000::6 20 124 ms 123 ms 123 ms 2610:160:11:18::209

Thanks to all! I installed the latest version, use DNS Resolver and disable the "DHCP Registration". IPv6 is disabled. I will see if its now better. Thank you!

You could choose not to pass though the hardware and then set the virtual NICs as e1000. Then they will use the em(4) driver and match. Steve

Level 1 is the default. Logging queries can produce a lot of logs of your network is at all busy. It's usually unnecessary. I only set that logging level when trying to diagnose something. Steve

Our own training is now also online and self-paced: https://www.netgate.com/training Steve

No I can't do that here. We have commercial support if you need it. Post screenshots showing how are accessing it and from where. (the source IP address) Steve

You should be able to ping the pfSense WAN interface at 70.70.70.2 from the Win7 VM in the LAN with only the default rules. The only reason you might not be is if the VM has no default route or a bad default route. Or something in the hypervisor is blocking it. You will not be able to ping from the server to anything on the LAN without firewall rules to pass it and a route to reach that subnet. Steve

@fabrizior said in 2.6.0 - Installed Pkgs - Unable to retrieve package information.: ipv4 workaround has now been working reliably https://forum.netgate.com/topic/171035/since-about-1400-hours-i-have-been-unable-to-get-updates-in-dashboard/13

@bingo600 That's it! Thanks.

Okay. Finally solved this for the friend. She had SimpleWall installed and it was blocking everything! I did not know it until I found we couldn't ping websites then investigated further and wallah! Thank you all!

@rcfa said in How to enable ssh and remote web UI access from the console?: @stephenw10 Just one more question, which I can't seem to find answered: what sort of wildcards does easyrule accept? e.g. easyrule pass wan any any any any because I don't mind opening up the system completely, since it's only going for the time until the configuration backup is uploaded, so the chance of someone hacking the system in those 90 seconds is pretty low. OK, I tested it somewhere: the "any" wildcards work. Might be nice to mention that in the documentation...

@adrianoebm See that link I posted above, https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-office-3. Microsoft has turned off SMTP AUTH (option 1 on the page) for new accounts and those with Security Defaults enabled.

@dma_pf here are some tests you might want to do to see if your isp is intercepting your dns.. so query a specific authoritative NS for a record - say www.google.com to one of the actual google ns.. You should see aa in the response field showing that it was an authoritative response.. [image: 1648217341577-aa.jpg] Notice when I just ask some other NS for www.google.com I do not see the aa in the flags.. This means was not an authoritative response.. This points to dns being intercepted if you don't see the aa when doing a directed query to specific authoritative name server. Another simple test to see if all dns is being intercepted is just do a query to some IP you know for sure isn't actually running dns. So for example 1.2.3.4 sure and the hell is not providing dns.. But if its being redirected - sure looks like it is. So a quick test to see if all dns is being redirected is to just do a directed query to some IP you know for sure is not providing dns services - if you get a response, then your dns is being intercepted. [image: 1648217772988-redirect.jpg] another sign of interception is when you query an authoritative ns for a record it is authoritative for.. You would get back the full TTL.. Notice I got a 300 back when I asked ns1.google.com for www.google.com, but when I asked another ns I got back some odd ttl.. That was something lower than the actual ttl - since it was from cache and not from the actual authoritative NS.. Another possible hint of dns shenanigans is odd response times. Lets say 1.2.3.4 was actually some dns I could talk too.. But look at the response time I got back, 0 (since my redirection is local).. But if through some vpn while a query to maybe 1.2.3.4 might take 40ms, if your seeing much lower response time than what would be normal - that points to dns interception as well. There are many clues to look for to see if your isp or vpn is messing with your dns..

Now that I actually have a little free time, I'm starting to play with my pfsense box like this: -10.1.1.1/24=management LAN -10.20.30.0/24=LAB env., have a few poweredge servers with vsphere 7, TrueNAS Scale, unRAID, might get lucky and learn something configuring Microsoft server 2022 ADDNS/DHCP within vSphere on this LAN. -172.16.1.1/24=Personal, or basic home network for laptops, etc. -192.168.20.1/24=IOT devices I guess May try to figure out using the other two ports for the home and lab LANS.....future endeavor maybe. Directing traffic via firewall rules. Management LAN will have access to ALLOW ALL and ofcourse pfsense GUI All other networks, BLOCKED from each other and also blocked to pfsense GUI I dunno.......it all sounds right in my head. I'm sure I'm missing some things. You guys foresee any issues? Is all this needed? I dunno.... Will I break something? All signs point to yes..... Will I learn something? Fosho!! Will the kids if and when I shut this mother down with some jacked up configs? Ofcourse but.......I grew up without internet, they can go without on it occasion.

@bmeeks : Bummer. But I understand now. Thanks!