@MedfordTech said in Traffic throttled to 100Mbs: Well, if nothing else, it goes to show that when you write your problem down, you can most likely solve the problem. Going through all the things that should be added to the post so someone else can help you - yup is quite often a trigger that hey did I check that, or what about this, etc.. Glad you got it sorted.

Yes, you can enable it from System > Advanced > Admin Access. Set it as primary there if you need it to be the primary console. Steve

Ah if you edited the names with find-and-replace that could well have broken some certs.

Thanks for all the inputs. Apologies if I was not clear, but my first point of call was a colour diff of old and current config. This revealed most things. I went ahead and spun up a VM and loaded my old config in the GUI. To my surprise, it did not force a reboot and I was able to browse at leisure. Without having to assign VLANs to virtual interfaces. Mostly what I was missing were disabled rules, but there were a couple of NAT rules where the interface was changed and I had not noticed. So I am glad to have done it.

Not yet in internal 2.8 builds but would be before any release.

@bmeeks Thank you sir! You have educated me, and I am a better person for it. Your analogy of the Post Office is excellent.

@nimrod Cool! When I first did this, the option you showed did not exist. I have not tried this since they are grown now and I don't limit internet this way. Phizix

@stephenw10 yes, static IPs, sending you in DM. please check

@ydderf2426 said in Newbie pfSense user - configuration using DMZ: Created client export leaving selected option hostname resolution with interface IP address value Yes you need to specify the external IP address for server resolution there. Or an FQDN if you have a real host/domain setup.

Bell gives you a PPPoE password when the service is first setup/activated. You can plug that into pfSense immediately without ever having to visit a Bell website or the IP of the GigaHUB. Since the password is limited to 6-8 characters, I'd argue there's no sense in creating a new one - it's not going to be any more "secure" than the original one. :) And this doesn't put the GigaHub into bridge mode. It's still happily doing everything it did before on its own public IP. If you're feeling it, you can continue to use its WiFi as a separate network.

@stephenw10 Thanks :) I have been rebooting between each change. It feels like i've been rebooting all day lol

@cyberconsultants To avoid lockout I'd try to set up rules on each interface, or maybe an interface group if you have a lot. Something like: allow from my_pc to pfsense:443 allow from my_pc to pfsense:22 reject from LAN Subnets to any (rest of LAN rules) Then client devices can't resolve DNS or get past pfSense.

Hi @Gblenn , thank you for your information, I just find out they use a split tunelling VPN .... so some of the software on the work PC pass through the VPN. So that is why Chrome see the Chrome-cast on my Lan. Your right they ca do whatever they want on that PC. The document I saw was not for me to view, it was an error, but I had time to see a quick 2 sec results. Again, thank you for your information. I have my response a long time ago : can we stop this thread now? Thank you all, Richard.

Well I'm not sure why you have the outbound NAT rule on OPT. That shouldn't be required, everything there is routed. But that test is not something I've done with PIMD. I have done it with IGMPProxy and it did work last time I tried it.

It sounds like the /30 CGN subnet is used for transport only and it not routed (or NAT'd) by the ISP. In which case you would need to source traffic from the firewall itself from the public VIP. To do that you need an outbound NAT rule that matches it. An alternative here might be to set the public IP as the primary WAN address wit the CGN address (100.64.136.210) as the VIP. To add the gateway to the WAN you would need to set the advanced gateway option: Use non-local gateway This is a very unusual config!

You should see it reported on the dashboard after rebooting. It requires a SWAP partition to copy the crash report onto though. Does your system have SWAP? How often does it crash? Can you log the console output, assuming it has a serial console?

@SteveITS Cheers for the link, still confused but will give it a go and see where I get to!

Based on my own experience, Wake-on-LAN can be a great thing when it works, but there will always be a situation where this thing won't work under any circumstances, even with the manufacturer's assurances that it should. In my case, it ended with assembling and connecting a PiKVM to the power button, and as a result, I also got a full KVM over IP setup.

If you have multiple downstream subnets on the LAN you will need to add static routes to the mik2 switch and firewall rules on LAN to pass that. The default firewall rules only pass traffic from clients in the LAN subnet directly. Also make sure you don't have a conflict between WAN and LAN. Make sure pfSense itself can connect out from Diag > Ping.

Yes you'll still need to configure VLANs 5 and 6 since they're passed tagged to something external. But WAN, LAN and OPT can just be assigned to NICs directly in the other device.