Urgh. Nice catch though. 👍

Hi Steve,

Thank for all the pointers - turns out it is indeed a 2.6.0 issue, I just upgraded to pfSense 22.05 plus and the limiter issue seems to be resolved.

I'll keep monitoring.

Observium could be doing something like that but I think it's simply a different data source it's indicating.

Yes if you have selected serial console as the primary console then kernel panic info will be sent to it. You should also see global messages there such as logins.

Steve

ah ok so basiclly i just stuck.. its like 90s all i could get was 2.8k connection while people lived in town go cable modems and faster rates..
now i have similar to cable modems dsl and people in town have 10x or more faster rates lol vicious circle.

least its working the unbound stuff.. was main goal the 192.168.0.1 as dns so i not switching back and forth 192.168.0.1 and 192.168.0.33 just for each time gaming.. stick with either vpn or just wan

or maybe ill do 2 lancaches
1 for games and windows updates for WAN
1 for just windows updates on VPN as going through the vpn and gaming either doesnt work or lags alot.. i guess thats due to the overhead stuff vpn does

and i really appreciate the help and explaining things you done too it helps.. espcially when you dont understand all this stuff.. really like pfsense over my asus router so i greatly appreciate it (:

In a site-to-site tunnel you can route traffic across it either way. Without port forwarding or DMZ (1:1 NAT) at the Comcast end though the 1100 behind it will always have to initiate the tunnel to the other end. That's fine but it means the other side must be something fixed that can be connected to.
I'm not sure what the TV service requires but you are probably going to need to route all your traffic over the tunnel to make it work.

Steve

@terryzb or you could of changed it to any for the protocol.. Yeah igmp is not udp or tcp which is what your no log rule was ;)

Yes, I would be looking there if you need that sort of encrypted traffic level.

Steve

@andyrh said in Allow or block internet access:

@hardware_bxl said in Allow or block internet access:

As for the no gateway solution, I have a default option and the wan gateway, should I create a dummy gateway for this to work? It how would I set no gateway for an interface?

You can assign an address to the printer in DHCP and set option 3 to 'null' and the device will not receive a gateway.

Yes ok I thought of that, SteveITS already explained that security-wise it's not ideal, but that is an option yes.

So it loaded correctly once the clients renewed their leases and pulled the expected IPs?

Steve

@jimp quick response!

ok, started while wan was down would explain.

but 192.168.xx.1 can be a perfectly good default gateway ip whether there is a wan or not so kind of curious behavior. now that I have populated the default default I won't be bothered by it again but it cost me in down time after ISP was restored. it makes the advertised behavior on that page no longer a certainty, maybe add 'might' or 'should' there?

@johnpoz Thanks!. Looks like setting up the bridge in docker is better suited for my needs. I don't know where exactly docker traffic go i terms of IP and Port.

Will also explore macvlan. Thanks again!

And logins to other more remote sites will be encrypted with https or similar.

That's probably good enough but more data never hurts!

You can upload files to me here: https://nc.netgate.com/nextcloud/s/kfzcg536kMRgtGd

Steve

Yes, it almist certainly didn't upgrade fully for some reason.

If you're on 22.09 now though the only way go back is to reinstall. Unless you were already running ZFS and can use Boot Envs.

Steve

It was a device, simulating network card. Once I installed it as network card (just added it's interface), everything worked

Thanks a lot!!!!

After rebooting the errors disappear and seems to be working perfectly.

Thank you for your fast and awesome attention to this problem.
Have a great day.

So what is 172.28.254.237? Should it respond to ping?
It it's some internal switch or router but just doesn't respond to ping I would just disable gateway monitoring for it.

Steve

Thanks so much to everyone who replied. This is very useful

@rcoleman-netgate I was leaning that way and i plan on grabbing a new drive tomorrow to test it out. I didn't think about the drive going to sleep though! I'll take a look into it as well and see if I can find out. Thanks!