You might have the AT&T homegateway device that requires shenanigans to get a true 'modem' mode. What's the actual model number?

I've never used Adguard so I can;t comment on the specifics there but if it's just DNS filetering then I'd expect to just set the DNS resolver in pfSense to forwarding mode and enter the Adguard IP in Sys > General Setup. Of course that will filter queries from pfSense itself too. I just use pfBlocker on pfSense itself to do that. Steve

Assuming the AP management is in the same subnet it too would need an ARP entry in order to reply to connections from the client. If pfSense is losing it's ARP entry or has a bad one the AP may well be seeing the same thing. When it fails do you just see no ARP entry rather than a bad entry? With no entry it should just ARP for the device to create one. You should see ARPing entries in the pcap. Make sure you're not filtering them. If the wifi interface became detatched n the client I imagine that would blow away any ARP entries that were built on it. I would still expect the client to just send ARP queries as soon as it re-attached though. Steve

@johnpoz The fun thing is the webserver behind the DMZ does vhosts so that is why there is a wildcard in the DNS for the domain.

My IP block files are pfsense Aliases so backup is not an issue since these will be done with pfsense backup. Unbound in Docker is a blessing I tell you. Backup is done with Synology using 123 backup strategy.

The WAN disconnects appear to have nothing to do with accessing the rockstargames sign-in page. Unless you are saying that is logged everytime you try to connect? I see your LAN IP is the expected 10.0.10.1 though so that's good. The AP really is running as an AP. I suggest continuing this in the other thread. Putting info in more than one place just confuses everyone. https://forum.netgate.com/topic/176134/please-help-me-under-stand-what-the-issue-is/ Steve

There isn't a way to do it, and shouldn't be. Do not run something like that on your firewall, especially the unifi controller as it requires Java. That is not a task you should be overloading on a security device.

Most BIOSes will pass a different set of ACPI values to Windows than any other OS. You can set FreeBSD to pass a different string so it pretends to be Windows, or some other OS, but I doubt that's the problem. Nothing there would have changed between 2.6 and 22.01. Yes, some sort of log from the upgrade would help a lot here. A virtual com port would be ideal if it supports that. Steve

You can add and remove interfaces in pfSense and it doesn't affect the ordering. The problem is if you delete the NIC from the VM. I'm not sure what you could do about that other than using the MAC address since in a VM even the PCI device location may not be fixed. Steve

@michmoor I reeeeeeally got to do a better job of RTFM. https://docs.netgate.com/pfsense/en/latest/troubleshooting/dns-queries.html

@stephenw10 said in Twice-NAT capability: a useful feature. However it's something I've seen very infrequently. Usually when I do see it it's to work around some network issue that shou You def got a point and im in one of those situations now. The solution is to Double NAT and unfortunately this is a long-term solution short of redesigning an entire colo. Maybe when its time roe re-IP our data center than that's fine but again this is a huge lift at this point. Sigh....

@stephenw10 ^exactly but if your multihoming with a SAN only network or a backup network. Where the server/host has its own private network with say your nas or backup server that is easy to make sure no routing problems. But yeah as Steve states - lots of issues with users just messing it up.. And I wouldn't multihome a box into multiple networks that other devices are going to talk to it from, etc. Example I have my pc and nas multihomed so they can talk to each other over 2.5ge - but this is an isolated network that only they are in. These IPs have no gateway.. Its just a storage network.

Can that test client ping the pfSense internal IP address? Can it ping the pfSense WAN IP address? Sounds like the client might lost it's default route. Is it using a static IP? Steve

@stephenw10 ok ill fix that in a few after we try to fix this other issue don't want to change to anything at one time

You can open a feature request: https://redmine.pfsense.org/ Looks like apprise is written in Python. It also looks like people have run it in FreeBSD but I don't see a FreeBSD port for it which would make it far easier to create a package from. There would also be some PHP work to integrate it with pfSense. Steve

@bingo600 thank you, Bingo. Following your idea, I was able to configure the LocPrf for the BGP. Here the link that I read https://docs.frrouting.org/en/latest/bgp.html Thanks again, Mauro

In that sort of setup you just need to add port forwards in pfSense to whatever you need to access. You can't just route between them because your clients are using the ISP router as their gateway. I doubt you can add vlans or static routes to that router. Steve

@stephenw10 Thank you, Steve Have a nice weekend. Mauro

@jarhead he left.. Deleted his account..

@gabacho4 said in SG 5100 WAN IP no Internet: https://docs.netgate.com/pfsense/en/latest/troubleshooting/connectivity.html Those docs are good. But in my case not too fruitful. The WAN IP addressing and DNS is under Status>Interfaces. My WAN is clearly labeled as "WAN Interface (wan igb0)" Those labels help a lot! I had configured my PFSense as a client to ExpressVPN a month or two back. I didn't get the full config they way I wanted and decided to come back to that project later. Well the service started up again on reboot and that kicked me off the network. It's not supposed to work that way, but it does right now. So stopping that service gives me the desired result. I think I may just clear that config and come back and do the whole thing when I can get it done. Anyway, I think that resolved it. I can ping public IP addresses now and google.com. Thanks!