@stephenw10 Issue #15734 created. -nic

@aaronssh said in FW rules for subnet-only traffic?: Adding this rule to allow traffic within the subnet solved my problem This rule does work but is suboptimal. "More correct" would be to change the second _net to _address.

The Nord DNS servers are only accessible via the VPN. So setting it to 'none' or 'wan_pppoe' in general will fail. I have no idea how you have the lancache server setup. I would assume anything you want to use that has to also use it for DNS. In turn its own dns queries can only be either via the VPN or not. So I'd expect to only use it for VPN clients or non-VPN clients. In general. Though you could use domain overrides in Unbound to forward specific queries to it.

@johnpoz the firewall router to which the workstation from which I ran the command is connected is pfsense

@WhoAmI68 said in Sed stream editor on the filter.log file: I am using this sed stream editor "sed -i '' '/65.20.170.33/d' /var/log/filter.log" to delete the match line from the filter.log file. sed reads the file, 'seds' it and rewrites the same file ? But what about this ? AFAIK : can syslog 'grep' what it is outputting ? Thus filtering the messages. ? If so, have a look at where /etc/syslog.conf is created, add your grep instructions and call it a day ?

It will fragment if the MTU is to large

@NaibElSayel said in intel i350-t4 always shows network connection down on pfsense 2.6 and higher: @stephenw10 nope no issue, it seems legit @WN1X Awesome!

@michmoor said in DNS Resolver not resolving a specific hostname: Ok...Figured it out. It was due to logging settings Previous global letting setting wouldn't have shown me the blocks Lesson to be learned ... - Anytime you have a blocking package installed (pfBlockerNG, DNSBL, Snort, or Suricata) and something acts weird or does not work, 99 times out of 100 it's going to be the blocking package(s) that is the cause.

Mmm what are the devices in these subnets you are testing between? The fact you mentioned 'TV-stream supplier' initially makes me thing there is more in play here than simply routing between two subnets.

I would use snort also :)

@stephenw10 That's good to know. This event has prompted me to review and record all the firewalls we manage and note down their keys. TBH, the pfsense HA config is like magic when restoring. I always expect it to be more of a hassle to rebuild a firewall that has lots of interfaces, vlans, DMZs, and special rules but it always works out like magic!

Yup I would always set a limited source for that.

Big grin on my face...

@elvisimprsntr said in WAN interface has ports 22 and 53 open: ATT upgraded me to a Pace 5268, which had port 22 open. I sent it back and reinstalled my old NVG599 Christ.

You can roll back to a previous config from the console menu option 15. Steve

@jrey i see got it, thanks

@Keithj if the PLC have hard coded identical IP addresses you could use pfsense connected to a level 2 switch. Program the switch with all Ethernet ports but one in a different vlan. You may then be able to use NAT on each vlan to access each PLC from a different translated address but generally pfsense doesn’t like having the same address range on more than one interface. As @stephenw10 suggests a hypervisor running multiple VM each with one virtual WAN NIC connected to a common virtual switch and a second virtual LAN NIC connected to a unique VLAN / physical NIC on your programable switch. Running pfsense on each VM with NAT should then allow access from different WAN addresses of each PLC on identical LAN addresses. Your programable switch size limiting how many PLC can be simultaneously accessed.

Do you have any plugins in firefox? A script blocker could present like that.

@dhenzler said in Accessing my own content... when hosting on my server.: Layer 3 (smart switching) remembers configurations to make faster routing of data. huh? Are you routing at your layer 3 switch or pfsense.. To be honest in a home network, unless your like doing above 1gig where what your running pfsense can not handle it.. There is little reason to do internal routing. And in almost every case I have seen around here people that attempt it are doing it such a way that they create asymmetrical routing. If you going to route on a downstream device it should be connected to pfsense with a transit or also called a connector network.. [image: 1726333509689-pfsense-layer-3-switch.png] If your not, then yeah your more than likely causing all sorts of issues in your network. I do routing and switching for a living and I have a layer 3 switch capable of routing, so for me its something I could setup with my eyes closed so to speak.. I don't do it, because it doesn't make any sense in my network and it removes the ability to easy firewall between segments like you can do if your routing with pfsense. So while its nice that your switch could route, unless you have a specific reason to actual route on it, your prob just causing yourself pain.

Hmm, interesting. I would have expected to see an alert confirming the BE roll back when it did. Whenever I hit that it's usually because I've broken something completely so the firewall fails to boot entirely resulting in some pretty obvious errors.