You need a rule on LAN to allow that.

You may also need to NAT that traffic because the AP probably has no default route in order to reply.

Easy fix for now..

go to-
/usr/local/share/pfSense/pkg/repos/pfSense-repo.abi

change "FreeBSD:14:amd64" to "FreeBSD:12:amd64"

save.

Yes this is almost certainly because the hypervisor is not actually using VLAN5 for the interface linked to that VM so you actually need to untag it at the switch to make the connection. Which is what you were unintentionally doing by setting VLAN 5 as the 'native VLAN' for that port.

So, yes, set the hypervisor interface to VLAN5 on NIC0 there. Unset VLAN5 as native for the switch port.

Additionally you can probably choose to pass the traffic tagged to the VM in the hypervisor but you'd need to actually set VLAN in the VM then which you usually wouldn't do.

Steve

@gme How did turn out? 8 years later... I'm looking at how best to integrate with New Relic.

@stephenw10 you are absolutely correct. That is why I consider this a work around and not a solution.

You probably need to use sudo for that. pftop is accessing some pretty low level stuff, you can't access /dev/pf even with admin permissions.

Steve

I would use the main pkg unless you need something from the dev package package specifically. So something that's in HAProxy 2.5 and not 2.2.

Steve

It looks like it isn't 192.168.1.248 because pfSense has that IP. So it doesn't match the traffic and the ping fails.

@fox95 said in help with Gateway/DNS configuration:

i guess my question is, these are settings i never changed so why dont the defaults of pfsense out of the box work for me?

Go here, and read the message at the top ;)

Additional information : A resolver like unbound, used by pfSense, uses these root servers. The list with their host names and, more important, their IPv4 and IPv6 addresses, are build ('compiled') into unbound.
These rarely (if ever) change. And if one doesn't answer, another is used. There are 13 of them, so pretty redundant.

If pfSense (unbound) can't reach any of the 'root servers', you have a severe "connection to the Internet" issue.
You can test that yourself : ping, using their IP addresses, them all.

Hi all, I posted the cause previously.

The problem was simply that pfsense was not the default GW on the LAN.
GW @ 10.0.0.1
pfSense @ 10.0.0.254

pfSense was set up in parallel to the existing GW so it could be configured to replace the existing GW.

As pfSense was not the default GW none of the LAN traffic was being routed there and accordingly the modem GUI could not be accessed from the LAN.

Simply adding a 2nd GW of 10.0.0.254 to the workstation, temporarily, allowed the modem GUI to be accessed.

@johnpoz

I think bigger box would be fine .. keep in mind i virtualized pfsense vm on a server with 5GB of ram just for it anly 2 instances of suricata activated one on wan and other on one of my lan interfaces and that consumes about 3GB on normal and adding one more instance increase it to 4.5 and go to swap part :D

Ah, well a power cut would explain it! 😉

@dobby_
thx
Not long ago, the Odroid H3+ board was introduced. The positive thing is that the MB has 2x 2.5 GB NICs (Realtek, no Intel chip).
CPU N6005
If I had known that 1GB of traffic could really handle it, I would have considered buying it.
Odroid H3+

How are you testing exactly?

What hardware are you using for pfSense? I assume the interface MTUs are all at least 1500?

Steve

We can convert that for you but you should be able to import it into the 6100 directly. It will ask you re-assign the interfaces from the VLAN on mvneta0 in the 1100 to whatever NICs you want to use the 6100 and then reboot to that.
If you have additional VLANs you need or PPPoE interfaces etc it's usually easier to modify the config in advance.

Steve

Hmm, well pfSense does have the ability to send different boot files for different client types so you may be able to do that:
Screenshot from 2022-10-25 01-52-30.png

Otherwise you would need to arrange some sort of override for the auto-generated conf file. I thought there might be something build in for that, like there is for mpd.conf, but I cant see anything.

Ancient but would probably still work: https://happy-coder.com/2014/06/27/pfsense-custom-dhcpd-configuration/ YMMV!

If you do find something that works you might drop a reply here as that looks like the same problem: https://forum.netgate.com/topic/174712/ltsp-on-vlans-pfsense

Steve

Mmm, fun*. I'll have to watch out for that.

@febu see

405070ad-8da8-468b-b50d-7634b0cb8dfd-image.png

Almost certainly this: https://redmine.pfsense.org/issues/12873

There are workarounds in the linked thread there for 2.6 if you need to use that.

Steve