@rwq891 Post a screenshot of a VLAN's settings from the article, and firewall rules for it. Firewall rules evaluate as traffic enters an interface. So on VLAN3 add a rule allowing traffic to go from that subnet to VLAN4. The default for new interfaces is no rules, hence no traffic...except LAN where the default is LAN to any.

Ah, that sort of adapter. Nice catch. Yeah weird set of faults, glad you found it though.

@dridhas Block from North America to that IP address as the destination.

@dridhas said in Wireless with VLAN not allowing traffic: TPLink The name for "quality" network gear! Yeah, right!

So where are you actually stuck here? I don't see a question. It sounds like you are going to setups pfSense as 'router on a stick', a single NIC with VLAN interfaces. So you are going to havbe to configured the DDWRT device to handle those VLANs to separate switch ports. Or use some other managed switch for that purpose. Steve

@tac57 said in pfSense -> Ubiquiti EdgeRouter X VLAN Help?: Any Ubiquiti EdgeRouter ER-X experts out there? I am very much not that! But it looks like you're trying to use the same subnet on two ports of a router which would normally not work. They would have to be configured as a bridge or as switch ports. Steve

Mmm, I wouldn't expect to see an issue with any of that. Do you see anything using a lot of CPU in System Activity when this happens?

How are you testing? 941Mbps is the limit of what I expect to see there so if you are seeing 950 there is probably some averaging errors happening. It could be some hardware off-loading issues. I would disable all hardware off-loading at least as a test. If you compiled your own driver to get i219V support I assume the i350s are using that too? Have you tried the in kernel driver in setup 2, without the i219V? Steve

Are you running 2.5.2? Do clients connect but just can't pass traffic? Are you routing traffic just to local resources or all traffic? Do you see ant thing blocked in the firewall logs? Steve

Not easily. That is usually accomplished by having staff and student VLANs where you can apply different firewall rules to the traffic. So if it's wifi for example you can have a separate ssid with 802.1x authentication that only staff can connect to. Steve

@jegr said in Solved: Can't update bogons on a 2.4.5-p1 (cert expired): @bingo600 said in Solved: Can't update bogons on a 2.4.5-p1 (cert expired): And a ... I'm not giving up kinda moment. I haven't even bothered implementing that "trick" on the Job ones .... I appreciate it! I have some 2.4.5 systems in the wild myself that customers aren't able to update right now and those had rising numbers of dead/zombie processes (dying bogon procs) that we were able to fix that way - so thumbs up from me for the fact finding mission Glad to be able to give a little back And ... Now i know that to tomorrow on the job for 7 firewalls Done .... And home fwall Fresh install w. ZFS , and config restoren only one minor "quirk" iftop didn't install , but the pkgmgr. was informing about that [image: 1635060752074-0cae61d6-e22b-46aa-b42e-6eaa8ab59577-image.png] /Bingo

@dialsoft Did you get this figured out?

@johnpoz https://redmine.pfsense.org/issues/12480 thank you ;)

@macwarrior said in Dual Port WAN (6100 is not available) HELP!: Hello all, I built an ASUS ProArt B550-Creator with 2x2.5G ethernet ports to use for pfSense (I know, probably overkill but Netgate 6100 is not available right now) and I added a SolorFlare 4-port SFP card. Can I turn 1-port of the SolorFlare SFP card into 1 WAN and a 2.5G ethernet port into a WAN (to = 2 WAN's) and the other 3 SolorFlare SFP ports into LAN's? Thank you in advance, MacWarrior Yes, you can turn all but one ports into WAN if you wish. PfSense allows you to use/define ports as you see fit. Only requirement is that the NIC’s are supported and has a driver in the pfSense distribution (Which may be an issue with that SFP card).

@stephenw10 Re-saving the ACB settings fixed the inconsistent schedule on both boxes.

@jc1976 said in Driver Update: I've gone through all the documentation and whatnot, and it's all just very odd to me. My nic is a genuine intel.. it's not an intel by HP or Dell.. straight intel.. and i would've thought by now the drivers would've been updated. the I340 is a fairly old card, and considering that intel has cards that are running at 10Gb+, what happens to those who are running pfsense on connections such as that at the enterprise level? what about the latest 800 series cards? Will the iflib work with them? Agree that it can be very confusing, especially with Intel, because for a while (and it may still be true) the version numbering scheme used by Intel on their web site for various NIC drivers differed from the scheme used for the same Intel drivers in FreeBSD. That makes it hard to determine which is actually the most "current" version. But for the most part, FreeBSD depends on Intel contributors to provide updates for Intel NIC drivers in FreeBSD.

The 21.09 release has been postponed. There are a few reasons for this such as some issues found in late-stage testing. We want to make sure the next release will be a quality release. There is a high focus on 22.01. We are confident it will be worth the wait.

@patch You can create whatever rule you want be it allow or block or reject - and set it not to log.. But unless you were using something like avahi to pass on the mdns query - pfsense really has no use for such traffic, and wouldn't be doing anything with it. If you allowed it. Pfsense is clearly blocking it already, what interface your seeing the traffic on would be the interface you create the rule on to block it and "not" log it.

@stephenw10 Thanks

@zatco said in Unable to Reach CloudFlare IP address via DNS/IP: Is it possible ISP could be blocking the IP? anything is possible - but that shouldn't create a ping permission denied.. Do a sniff on your wan - do you see the ping go out? I would assume no if your getting permission denied on the send to.. But if see it go out - maybe your getting a specific reject back? Or maybe that IP specifically is blocking your IP.. But again that really shouldn't create that error, unless there is a specific reject that comes back.. Sniff on your wan will show for sure be it your sending it out the wire.. Traceroute via linux normally defaults to UDP, and is not a icmp message other than ttl expired that comes back.