Are the clients assigned interfaces? I would certainly expect to see those via the correct clients.

Do you see the gateways on the correct clients?

@johnpoz said in Static ARP Mapping:

So in general there is quite a bit of stuff going on with dhcp in general - also the move to kea version not supporting all features, etc. etc. I would hope they have all the issues worked out by next release.

I found out that it was really kea dhcp not letting go of leases that was the culprit. I have gotten rid of the static mapping.

@iSagen

Now it works! I had some NAT-rules ruining my setup. Deleted them and now it works.

:)

So it turned out that even under the leases section of the menu the old wifi router was listed as offline and inaccessible. I finally tried clearing my browser's history which did allow the browser to connect but there was a server error on the page. I then downloaded the new app that didn't exist when I bought the old router from Netgate back in 2015 and tried to use it to connect wirelessly to it after having reset it to factory settings. This was able to wake up the router I guess because I was able to access it through the browser finally, after having disconnected the pfsense router. I then set the old router to AP mode and it asked me to hook up the new pfsense router to the internet and then attach the new router to the old one and it worked. Thanks for everyone's help today. I really appreciate it. I guess I should have been using the dumb phone app for the old router a lot sooner but even a couple of months ago it was unnecessary. What a day lol

Well in that pcap it's just responding to Syn with Reset so it's refusing the connection anyway.

What interface is it using for replies though? How does in the state table?

Check the MAC address replies from the DC is using as destination. Is it actually sending them to the correct gateway to go back over the VPN?

What does the routing table on the DC look like?

On a hunch, I swapped the modem for one of the same model from my ISP. Problem is solved & I have GUI access once again. Chalking it up to coincidence with the modem failing at the same time NIC was replaced.

Thanks to everyone for your assistance.

@TMG Just note that with a bridge all packets between those computers goes through the router. So that could impact CPU usage on it for example, or network speed.

You mean you also couldn't connect to internal resources?

@firefox 1. boot environments, also less issues with cold boot resets. More stable filesystem.

@stephenw10 Good ideas.

Thanks all!

LRP 0

Ok so hit return to reach the CLI.

You can use bectl there to switch BE snaps if you're running ZFS. If you're running UFS you can run an fsck:
https://docs.netgate.com/pfsense/en/latest/troubleshooting/filesystem-check.html#manual-filesystem-check

Hmm. Does it do it every time you visit that page? If you clear the php error is it regenerated?

@stephenw10 I didn't find any options in System/User Manager/Authentication Servers to keep them both configured but one enabled and one disabled.
I confirm that they both work if there is only one configured at time

@michmoor said in rate limiting / policer:

Shaper wizard

Yeah sorry, low on coffee. Same general idea though...

LAN outbound to *:443 limit 10 Mbps is one pipe.

LAN outbound to *:443 limit 10 Mbps with a mask of /32 is one 10 Mbps pipe per device.

"When a limiter is set for Source Address or Destination Address, the pipe bandwidth limit will be applied on a per-IP address basis or a subnet basis, depending on the masking bits, using the direction chosen in the masking."

@Gertjan Munin... haven't seen that in a long time!

as a home user I am also taking the Official Announcement or send me an email since I have a pfsense + install...either way please let us know asap some of us are disabled veterans- well at least I am and have strict as frick budgets

Yes if you set Unbound in forwarding mode you can just point it at the local DNS servers on the network.

@stephenw10 said in Yes, I know! Another OPT1 and OPT2 no internet connection!:

what could possible cause dhcpd to listen on a different port like that.

Yeah - what would be the point, if dhcpd can not bind to 67, it should just fail with an error could not bind, etc.

Not like dhcpd could work if not listening on 67

@parry Well I don't know about 2.6 but it's in the package for 23.09 so I assume it would be in 2.7.x:
30d95061-8bf3-4927-ac89-d7f3b3173a28-image.png

You might be looking at pfBlockerNG vs pfBlockerNG-devel? -devel was moved/copied into non-devel I think when 23.01 was released, so they are identical now.

@stephenw10 Oh my god. Well, this has made me realize that I had dhcpd in my service watchdog even though the DHCP service has switched to kea. I've removed that and logs are looking much more calm. Thank you!