Responded in chat.

You would usually add VIPs (IPAlias) on the WAN for each additional public IP. Then change the outbound NAT rules to manual and add rules for the internal subnets via the appropriate VIP. https://docs.netgate.com/pfsense/en/latest/firewall/additional-ip-addresses.html#single-ip-subnet-on-wan Steve

@stephenw10 Memories! Nokia ip530

@Gertjan Thanks , the trick at the end was "just " the cert , it is not mentionned explicilty in the post with the command but part of the actions to make. For benefice of the Forum Q, command to run is certctl rehash This info is from PFsense Troublehoosting Manual Solved ! Thanks !

Mostly it gives you access to the pfSense Pus pkg repos. It's the entry level subscription that does so.

I rediscovered this today restoring two 3100 configs to 2100s. Short version, clicking Save before clicking Apply does work. Clicking Apply first results in an inaccessible router (aside from console).

@JeremyJ-0 said in how to stop logging blocked LAN IGMP?: Is there some part of the firewall that reads the rules on startup and does not re-read on a filter reload? Not that I am aware of. The reload of rules failing would explain your results however.

@Bob-Dig Sure, thanks. I plan to re-evaluate my values and start from scratch.

That fixed it the Gateway change did not transfer over to the floating traffic shaper access control lists so I had to resave them after that error is gone.

@Antibiotic said in ns8250: UART FCR is broken duirng boot OS: What did you add? I just used a 2 spare NAND gates to toggle one bit on board select. BTW, this is going back over 40 years to when I did that. The IMSAI was an S-100 bus computer. Various makes of S-100 bus computers were popular in the late 70s, until the IBM PC came out. They were generally used to run the CP/M operating system. BTW, I built that IMSAI from a kit, which was essentially bags of parts that had to be soldered to the circuit boards and then the system assembled.

@dgall Are you set to the 24.03 branch? If so, see https://docs.netgate.com/pfsense/en/latest/troubleshooting/upgrades.html#upgrade-not-offered-library-errors

@jeff3820 said in So why is my firewall logs full of mDNS pings that should pass??: Still looking for the sources... You most likely will need to sniff and see the mac address of the sender, then you should be able to at least get a clue to who it is by the maker via the first 3 of the mac, if its wired you can track that down to what port its plugged into. Wireless can block the mac and see who screams or what device stops working. You could do the same on pfsense, once you know the mac you can see what actual IP it has and that can be helpful, maybe it registered a name with dhcp, etc.

@stephenw10 Thanks again! I was able to change the config of lnav, so that it uses sh instead of bash. Now it is working!

I mean when you ran the pcap was it capturing all traffic or was it filtering by just a limited set of MAC addresses or IP addresses for example?

@stephenw10 Yea , set exception in proxy settings for pfsense ip))))

@stephenw10 I just check, created a cert for 10 years.. Put it on my printer and firefox didn't say a word about it being valid for 10 years.. Signed by my CA that it trusts.. [image: 1714513121754-length.jpg] https://source.chromium.org/chromium/chromium/src/+/main:net/docs/certificate_lifetimes.md?q=certificate%20lifetime&ss=chromium&originalUrl=https:%2F%2Fcs.chromium.org%2F Beginning with Chrome 85, TLS server certificates issued on or after 2020-09-01 00:00:00 UTC will be required to have a validity period of 398 days or less. This will only apply to TLS server certificates from CAs that are trusted in a default installation of Google Chrome, commonly known as "publicly trusted CAs", and will not apply to locally-operated CAs that have been manually configured.

@stephenw10 - I think it should only need to be this query - (&(objectClass=posixGroup)(cn=vpn)(memberUid=*)) I just get a red box on the authentication test page in pfSense - The following input errors were detected: Authentication failed. Unfortunately there doesn't seem to be any LDAP logs generated on the QNAP :(

See: https://redmine.pfsense.org/issues/15078 It will always show Plus as an update if your device is eligible because it checks all available update branches. If you really need it I can manually remove the eligibility. Steve

Yes that could work, assuming it's a USB device since there are only 3 ports. Modem support in pfSense is variable though. Be aware.