@stephenw10 I did some reading on floating rules, I wasn't aware of that feature. That's great, thank you very much!

Alright I am back online after the help from Netgate support (huge freaking kudos to Alexey Prokofiev). He was able to edit my config from the SG-1000 I had and made it work for the SG-3100. Thanks again for everyone's help and recommendations. Office is back online!

@stephenw10 said in PfSense changes subnet in the nat rules!!: Either way it's fixed in 21.09 so... Which should be released any day ;) Since only a couple of days left in September (Month 9) hehehe..

That is not preventing DHCP. Link-local IPs are only assigned after DHCP has failed. They are non-routable and should be blocked. Steve

@h0110 said in BT FTTP & PFSense: Based on the the advice above from the other two members sendto error 65 has now disappeared, along with the 172.16.12.222 gateway IP. You are only not seeing that because you disabled gateway monitoring. I would suggest leaving that enabled and just disable the monitoring action so you are still logging the gateway response. You might also set the monitoring IP to something else since BTs gateways do not have to respond to ping at all. 8.8.8.8 is commonly used. If it won't respond to ctl+t at the console that is a hard lockup. I would be looking at a hardware issue at that point. Your setup is not unusual. Steve

@marco42 said in DNS Resolver stops working after pppoe_restart_pppoe0: I just checked the restart frequency and got this result: Keep in mind that these log files could have been rotated, which means older records have been purged. In that case, you'll find less results. Always have a look at the file, as log files are there to be looked at. Mine was rotated last month, on august 13 : Aug 13 14:36:00 pfsense newsyslog[90565]: logfile turned over due to size>1024K <31>1 2021-08-13T14:36:03.090423+02:00 pfsense.athome.tld unbound 799 - - [799:0] debug: validator[module 1] operate: extstate:module_state_ini> < ........ <30>1 2021-09-28T02:35:18.370449+02:00 pfsense.athome.tld unbound 45024 - - [45024:0] info: generate keytag query _ta-4f66. NULL IN

@ninthwave said in pfSense cannot get WAN IP after reboot: @gertjan Thanks. I know how to use pastebin. My problem is I cant download the log with WinSCP. [image: 1632768832529-5b83df89-0dcb-4369-877d-f9a37f3c6195-image.png] Can you guys starts another new thread? This is a year old already.

@johnpoz No doubt. I did at one point simply because I was lazy and didn't trust comcast to do the right thing if I swapped out a wrt54g. In my case, it actually saved me because my sg2440 fell victim to the red led of death, so moved one cable, rebooted wifes stuff and minimal downtime. (that sg2440 was fixed under RMA and has been working fine, but I've got a 5100 on order just in case). I always liked seeing the rules as applied (pf user before pfSense), that command helps me figure out exactly what is going on, you can mentally walk a packet flow.

@gertjan I should've mentioned that I have the BIOS set to a graceful shutdown once the power button is pressed. I would never just push and hold the power button for a hard power down unless something was really wrong. pfSense has been pretty rock solid in staying up all the time. Thank you for providing the link to the script. I'll be the first to say that I'm not a coder/programmer, but looking at the code in the script, I'm wondering if the ALLDEST is necessary? I guess by pinging whatever is chosen for ALLDEST you could tell whether or not any data was able to get in or out. I like the idea of checking the WAN to see if any data is able to pass, and if not, restart.

Interesting. So the xbox just doesn't allow connections from outside it's subnet? And there's no way to set it to do so? Steve

@bcnx Glad you got it sorted.. Here all the time if you have questions - happy to help!

Hello, I've solved the problem by increasing the max table entries allowed. KR, P' Bear

Guys, thank you, ended up with the console access and rebuilding the LAN configuration through it, all is working now...

@mrturner19 sure.. You could do it for 200 ips if had that many..

@gertjan I am aware that I am dealing with topics far far beyond my knowledge. Thanks a lots Ilario

@stephenw10, the User to Authenticate is mine. And i can Logon, also if the User was Expired the "Select Container" function woulden work. But it dose and i selectet a Container for Authentication.