@smokinjo said in Updating pfsense before using as firewall?:

Can I just connect it to the local network and log in? Pfsense will be behind the firewall, but updating things should work fine.

Yes, as long as there is no subnet conflict between the WAN and default LAN (192.168.1.1/24). If your existijg LAN is already using that you would need to set a different LAN subnet in pfSense first.

Yeah I am pretty much an exclusive firefox user, while I do have other browsers, edge and chrome installed. I almost never use them other than odd testing of something here or there.

I only ever interact with the pfsense gui using firefox and have never ran into any sort of issue editing anything.

Currently using 131 of firefox.

@DS_DV said in Is there an RSS Feed with Patch/Release notes ?:

but i dont want to look every day or hour into my firewall :D

Me neither 😊

That's why I use this.

Btw : very AFAIK and IMHO : there are no "zero day - need to interact with pfSense right now - situations". I've not seen them the last decade (and more).
So, check up with your firewall ones a week, or month, and see what's up.
This forum will also show any possible issue.

@pFence
Did you create redmine bug report already?

I was using outlook with app password and login and it just fails to connect

@mikek DOH! thanks! I thought of that right after I posted but haven't edited yet. how is that ;)

Still doing a lot of learning myself. trying to get involved and posting forces me to thing through these scenarios.

@smokinjo You can restore forwards to a new or same config version:
https://docs.netgate.com/pfsense/en/latest/backup/restore-different-version.html

Restore will prompt you to assign interfaces. Click Save there before you click Apply.

Super easy as long as you have the same number or fewer interfaces on the old router.

Aha. Yes that's because tailscale isn't present at that point but you have assigned it as an interface. But tailscale should never be assigned.

You should unassign it.
https://redmine.pfsense.org/issues/14780

That sounds like the server is blocking those pings from outside it's subnet.

You can confirm that by running a pcap on the interface connected to the server in pfSense whilst pinging from the laptop.

@stephenw10
For the record, the network is today working 100% magically.
I might buy a 3 NIC PCIe card to resolve any potential IP conflicts. Just a guess as the tcpdump was a bit detailed.

@JonathanLee said in Log / routing full of upnp related messages:

Yes does your ip schema still the same

Hmm? Does my IP schema still ?look? the same??

The LAN, where UPnP is enabled has two of the Static IP's (gaming PCs) which in the ACL list (192.168.1.92) and they have the same port range allowed.

The IP's that show up in the log are all from the DHCP range .130 and above.

Yes we are running current now in Plus so you would need to use 15.

And, yes, I can ask but I think there would be almost no chance of Netgate developers getting involved here. 😉

@johnpoz , Thankx....

The WAN interface is the local NIC in pfSense. It has an IP address assigned to it.

The gateway is the remote device that pfSense sends traffic to which also has an IP address assigned to it.

The WAN and gateway IP addresses are (almost always) in the same subnet so they can connect at layer 2. I.E. using ARP or DHCP.

Remember Parallel DB25 print servers where you could connect your laser printer to a couple years ago? Same thing if it has no web server running or access to the network it won't work. My question is can you do a test page from the printer itself? Think in Isolate.

Does the printer work? Does it get an IP address? If that works why can't windows see it. Can you ping it? Can you ping pong it from the firewall? Have you attempted a complete wireless reset on it? Can it see the SSID.

This is a new install? Behind an ISP router?

What IPs are you actually seeing now? How is the WAN configured?

What is not working?

Steve

Your 'Allow Trusted Devices' rule is UDP only. If that is intended to pass traffic it should be UDP+TCP or TCP only at least.

@Efren
Sorry, it's already fixed. There was another AP on the network that had DHCP activated giving those IPs.

@stephenw10 Awesome. Will give it a go this evening. Hope that solves the problem.

@johnpoz Yea I just read that post,

I had it setup as a /31 as there was only going to be one host on it, but I could not set that host as static so tried to add the DHCP server,

Increased to a /30 and this seems to do the trick! I knew it had to be something stupid.

Thanks!