No pfsense is not going to be the master browser for the moronic windows network neighborhood. I would suggest determine who your master browser is..  Here is a simple tool to do that with.. https://scottiestech.info/2009/02/14/how-to-determine-the-master-browser-in-a-windows-workgroup/ Why do you care about the stupid browse list anyway??  Do you not know the name of your NAS?  Why do not just access it via is fqdn ie nas.yourdomain.tld ?? But to be clear, unless you installed some samba package on pfsense, it has ZERO to do with participation in maintaining the brwose list.  And it being your gateway, it has ZERO to do with broadcast traffic between devices on the same network.  You do understand that the browselist can take long time to fully populate.  Had you recently turned off machines, say your master browser and now a new election was held, then all the clients have to register themselves with the master browser, etc. etc.. While I do not use that stupid list, I do make sure it works on my network for examples for people that do want to use it ;)  What I would suggest is you turn off the computer browser service on all boxes that you do not want to be the master browser.  You should pick a box that is on 24/7/365 or as close to that as possible to be your master browser..  For example I have my linux box as my master browser running samba. $ nbtstat -A 192.168.9.7 Ethernet: Node IpAddress: [0.0.0.0] Scope Id: [] Host not found. Local: Node IpAddress: [192.168.9.100] Scope Id: [] NetBIOS Remote Machine Name Table Name              Type        Status     –-------------------------------------------     UBUNTU        <00>  UNIQUE      Registered     UBUNTU        <03>  UNIQUE      Registered     UBUNTU        <20>  UNIQUE      Registered     ☻MSBROWSE☻<01>  GROUP      Registered     LOCAL          <00>  GROUP      Registered     LOCAL          <1D>  UNIQUE      Registered     LOCAL          <1E>  GROUP      Registered

Sorry to bump this thread but I have the same symptoms (v2.3.2 crashing everyday, multiple times): https://forum.pfsense.org/index.php?topic=120513

Cache/Proxy forum Anything in squid's log?  Anything in System log when it happens?  By 'crashes', you mean the service stops and must be manually restarted?

Thanks

Dude I did check.. And your forcing the connection out your BL, capture 1.2 For only stuff that is in mis group.  You have not other rules that would allow outbound at all to your wan IP.

Hi. I have already checked the execution order of the 3 pfSense options to launch a command or script at startup. Is the next: 1- /usr/local/etc/rc.d/.sh 2- <earlyshell>3- <shellcmd>4- /usr/local/etc/rc.d/.sh</shellcmd></earlyshell> It seems that sh scripts in /usr/local/etc/rc.d/ run twice, first order and again, after shellcmd and earlyshellcmd I defined in config.xml <earlyshellcmd>echo "I am earlyshell" >> /order.tmp</earlyshellcmd> <shellcmd>echo "I am shellcmd" >> /order.tmp</shellcmd> I created a script with execute permissions in /usr/local/etc/rc.d/order.sh with #!/bin /sh echo "I am /usr/local/etc/rc.d/order.sh" >> /order.tmp; And the dump of /order.tmp cat /order.tmp I am /usr/local/etc/rc.d/order.sh I'm earlyshell I am shellcmd I am /usr/local/etc/rc.d/order.sh Regards

If that old router can run openwrt/dd-wrt you might be able to have it run multiple SSIDs over VLANs. Steve

No it's not getting responses to DHCPREQUESTs or DHCPDISCOVERs so it used what it had cached from the last time it got 192.168.0.28 from somewhere.

Well that makes me feel stupid. It looks like that got it to work by just not selecting a provider. Thank you!

@MicheMuche: For several reasons, those objects can not be wired => Wireless communication Do you power all devices by battery as well? There are countless protocols not bound to ethernet with only one or two wires needed for communications.

Until Vodafone gives you public IP all the configurations make no sense. Most likely you have private IP starting with 10. or 100.

@Derelict: It's in your packet capture. It's coming from somewhere. Check the MAC address tables in your switches, etc. Wireshark out on a mirror port on the physical network. Something. ;D  "Something" ok will do.

Look at your rules on WAN. What is passed there? It is perfectly normal for you to be able to bring up the web gui from the inside using the outside IP address unless you specifically block that. That behavior is governed by the rules on LAN. Being able to connect from the outside is governed by the rules on WAN.

well…... anonymity:  where I live the Government insists on keeping a record of everything done online so using the ISP DNS server will have every request logged  (not that the like NSA dont have a direct link to pretty much everything) And google is not much better. But some kinda separation is comforting as is an anonymous VPN  - So really anything that will make data collection harder an more costly has to be good! Actually not concerned over cashing - just thought DNSBL was an useful addition to blocking stuff- maybe Ive missed something? Thanks for your help!

I can help you with a few answers, but I can't answer all. The box you found is probably a good one. It and a similar one on Amazon appear to be very popular. I built a J1900 oriented router with 8GB ram and a 120GB ssd. It was over-provisioned but I wanted a device that could be used for something else if it ever stopped being a router. Ram and a SSD were cheap extras. The router has a lot of processing capacity. I have three OpenVPN servers built and active. One is specifically for safe remote browsing where I need my home IP address visible. Two have remote lan access. I keep the lan access servers off when I don't expect to need them. (use different ports and different internal network addresses to keep them from locking each other up.) They work great. pfSense allows you to create multiple users and certificates and give each a different password. These users can be linked to OpenVPN on an as needed basis. The download wizard makes makes it easy to download certs and config files for user devices. OpenVPN is pretty flexible about the network range you can connect to. I wired my lan port to a switch and the switch goes to a wireless access point in another room via normal cat6 wiring. Pretty ordinary. Works great. Re port forwarding: I don't know your system and port forwarding is an absolute necessity for a lot of purposes. I use one of my OpenVPN servers for remote lan access. Then access is just as if I were at home. OpenVPN protects the open ports. No ports are forwarded. Obviously, this would not work if you needed public access to a server behind the router.

Right. Status > Interfaces is probably the easiest way to see all the naming, including the optX asssignments.