Ah, that would do it! 😉

As long as that single IP they assign you is outside the /24 then you don't need to add any routes. They would be statically routing the /24 to that IP but pfSense would just route between it's interfaces, the single IP on WAN and the /24 on LAN, by default.

Steve

@gullible-goose-gander said in Router web UI locked up and won't boot:

Is this something I should be worried about recurring?

You should probably change some rules.

It's 2020 : we are still allowed to pull the plug on a (some) coffee machines. All other devices , you have to activate the shut down method.
if the GUI, accessible with a web browser, doesn't work, you could use the other, even more important interface : SSH (it should be activated on at least LAN) and this port :

COM: Support 1*RJ45 COM（Support CONSOLE Function）

That port, the console port, permit you to shut down properly, do file system checks (see one of the latest Netgate videao on Youtube).

Just ripping out he power could mess up the file system. What happens then can be easily tested : try with your PC : boot and cut the power several times .... it won't take long for your PC not to boot any more.

@NollipfSense said in Pfsense solve my latency ! why ?:

@Raffi_ said in Pfsense solve my latency ! why ?:

Interesting, does it block bad IPs with the default config? Being a firewall it blocks anything incoming by default, but I didn't think it filtered out bad sites without some kind of package like pfblocker.

You intuitively got the answer that I implied ... with a package such as pfBlockerNG as well as by default it blocks all.

:) Got it. pfSense and you guys in the community seem to teach me something new all the time. I wanted to make sure it wasn't new pfSense magic I wasn't aware of.

The docs are probably wrong on that. That section may have been copied over from one of the other similar pages like PPTP which used to have two RADIUS servers.

good to know, thanks

@pi said in Can a modem/router combo & Netgate SG-1100:

@Raffi_ said in Can a modem/router combo & Netgate SG-1100:

@stephenw10 said in Can a modem/router combo & Netgate SG-1100:

I'm not sure how you could use the wifi parts of a modem/router when it's in bridge mode since it will not have a public IP itself.

I guess I could imagine using it to access the modem for admin purposes.

Even if it were possible in some roundabout way with VLANs it's impossible to recommend a setup like that unless you really had no other choice.
If you want to filter all your traffic through the SG-1100 put the modem in bridge mode and forget about using the wifi on it.

Steve

I second this. I think you have to choose if you want it to be a modem or wifi access point. If your ISP is charging a modem rental fee, then replacing it makes sense. Put it in bridge mode, you'll most likely sacrifice the wifi capability, but you'll be avoiding that fee. If the ISP is giving you the modem for free, then use the Motorola as a wifi access point. Disable, all services like DHCP and only use the LAN ports on the Motorola. The LAN from the Motorola can go to Opt 1.

This sounds like a good idea. I’ll try that out

Make sure to check with the ISP on the modem fee though. Because even ISP's that state the modem is "free", it never really is, they just include it in the cost. What I mean by that is unless you explicitly ask if there is a discount on your bill for BYOD, they will get away with billing you for that "free" modem. In other words, they should give you credit for your own device even if they're not billing you for their modem. If they don't offer credit, or they really aren't billing you for it, then wifi it up.

Thanks for this thread.

I'm using a cron job with
ifconfig run0_wlan0 up , and
ifconfig run0_wlan0 down

Seems to work nicely, enabling and disabling guest wifi on regular schedule.

Well when you put it like that, it's so obvious. Thank you!

Just tried restoring part of the config (vlans and interfaces) and went to check the switch ports config and they are NOT restored.

This may be an overlook on netgates part, but I think a backup config should contain the port vid and lagg state of integrated switches in their product line.

If it is an overlook, well I am very frustrated and disappointed.
Now I am going to have to redo the lagg setup by hand....

@High_Voltage said in Web gui, ssl/https connectivity, squid, and wpad:

just took me a bit to realize I was having a moment of brain dead, THANK YOU ALL! - THX 😉

BTW:
if you want to perform a serious Squid + Squid Guard installation.
I have an acquaintance here on the forum and I can bring you together with him...☺

@bmeeks said in rclone sync command crashes WAN interface with “No buffer space available” errors (endto error: 55):

It's possible that under heavy loading your gateway stops responding to the pings from dpinger. In that case dpinger will think the gateway is down and start taking action.

You could try either turning off gateway monitoring temporarily, or greatly increasing the "setpoints" for packet loss before dpinger assumes a gateway is down. My suggestion would be to turn off gateway monitoring completely as a test.

That solved it. I ticked "Disable Gateway Monitoring Action" and while the errors still show up, the interface keeps up. It also looks like that even though I limit the upload to 20Mbytes, it still hits near 100Mbytes per second on the interface.

@greymouser

With the IP cameras I've worked with, they connected to a recorder. The recorder had 2 ports, one for the cameras and one for connecting to the main network. You'd connect to the recorder to see the cameras.

Better to add any specific suggestions here: https://redmine.pfsense.org/issues/9717

Steve

@viktor_g

perfect ... thank you!

Not really. It pretty much has to be coming from that access point, you'd have to ask Netgear why it's doing that.

It would not normally cause a problem if it was an expected load-balancing strategy or lagg interface.

Steve

Just wanted to update the post with what I figured out on this. OpenVPN was prompting for a password on boot. Turned out I had client settings with a null password, so it prompted me for it on boot. Not using this now, so once I deleted the client, no more stall on boot.

I ended up grabbing a new SG-1100, went through the setup wizard - DSL connection fully working.
Then selectively copied over config sections and recreated the rest by hand, did not restore system or interfaces.
All is working now.
Probably for the best, I think this router config is on its 4th device and needed to get reset.
Alix, APU, 3100, 1100