@elvisimprsntr said in WAN interface has ports 22 and 53 open:

ATT upgraded me to a Pace 5268, which had port 22 open. I sent it back and reinstalled my old NVG599

Christ.

You can roll back to a previous config from the console menu option 15.

Steve

@jrey

i see got it, thanks

@Keithj if the PLC have hard coded identical IP addresses you could use pfsense connected to a level 2 switch. Program the switch with all Ethernet ports but one in a different vlan.

You may then be able to use NAT on each vlan to access each PLC from a different translated address but generally pfsense doesn’t like having the same address range on more than one interface.

As @stephenw10 suggests a hypervisor running multiple VM each with one virtual WAN NIC connected to a common virtual switch and a second virtual LAN NIC connected to a unique VLAN / physical NIC on your programable switch.

Running pfsense on each VM with NAT should then allow access from different WAN addresses of each PLC on identical LAN addresses. Your programable switch size limiting how many PLC can be simultaneously accessed.

Do you have any plugins in firefox? A script blocker could present like that.

@dhenzler said in Accessing my own content... when hosting on my server.:

Layer 3 (smart switching) remembers configurations to make faster routing of data.

huh? Are you routing at your layer 3 switch or pfsense.. To be honest in a home network, unless your like doing above 1gig where what your running pfsense can not handle it.. There is little reason to do internal routing.

And in almost every case I have seen around here people that attempt it are doing it such a way that they create asymmetrical routing. If you going to route on a downstream device it should be connected to pfsense with a transit or also called a connector network..

pfsense-layer-3-switch.png

If your not, then yeah your more than likely causing all sorts of issues in your network.

I do routing and switching for a living and I have a layer 3 switch capable of routing, so for me its something I could setup with my eyes closed so to speak.. I don't do it, because it doesn't make any sense in my network and it removes the ability to easy firewall between segments like you can do if your routing with pfsense.

So while its nice that your switch could route, unless you have a specific reason to actual route on it, your prob just causing yourself pain.

Hmm, interesting. I would have expected to see an alert confirming the BE roll back when it did.

Whenever I hit that it's usually because I've broken something completely so the firewall fails to boot entirely resulting in some pretty obvious errors.

@MedfordTech said in Traffic throttled to 100Mbs:

Well, if nothing else, it goes to show that when you write your problem down, you can most likely solve the problem.

Going through all the things that should be added to the post so someone else can help you - yup is quite often a trigger that hey did I check that, or what about this, etc..

Glad you got it sorted.

Yes, you can enable it from System > Advanced > Admin Access. Set it as primary there if you need it to be the primary console.

Steve

Ah if you edited the names with find-and-replace that could well have broken some certs.

Thanks for all the inputs. Apologies if I was not clear, but my first point of call was a colour diff of old and current config. This revealed most things.

I went ahead and spun up a VM and loaded my old config in the GUI. To my surprise, it did not force a reboot and I was able to browse at leisure. Without having to assign VLANs to virtual interfaces.

Mostly what I was missing were disabled rules, but there were a couple of NAT rules where the interface was changed and I had not noticed. So I am glad to have done it.

Not yet in internal 2.8 builds but would be before any release.

@bmeeks
Thank you sir! You have educated me, and I am a better person for it. Your analogy of the Post Office is excellent.

@nimrod

Cool! When I first did this, the option you showed did not exist. I have not tried this since they are grown now and I don't limit internet this way.

Phizix

@stephenw10 yes, static IPs, sending you in DM. please check

@ydderf2426 said in Newbie pfSense user - configuration using DMZ:

Created client export leaving selected option hostname resolution with interface IP address value

Yes you need to specify the external IP address for server resolution there. Or an FQDN if you have a real host/domain setup.

Bell gives you a PPPoE password when the service is first setup/activated. You can plug that into pfSense immediately without ever having to visit a Bell website or the IP of the GigaHUB.

Since the password is limited to 6-8 characters, I'd argue there's no sense in creating a new one - it's not going to be any more "secure" than the original one. :)

And this doesn't put the GigaHub into bridge mode. It's still happily doing everything it did before on its own public IP. If you're feeling it, you can continue to use its WiFi as a separate network.

@stephenw10 Thanks :) I have been rebooting between each change. It feels like i've been rebooting all day lol

@cyberconsultants
To avoid lockout I'd try to set up rules on each interface, or maybe an interface group if you have a lot. Something like:

allow from my_pc to pfsense:443
allow from my_pc to pfsense:22
reject from LAN Subnets to any
(rest of LAN rules)

Then client devices can't resolve DNS or get past pfSense.

Hi @Gblenn ,
thank you for your information, I just find out they use a split tunelling VPN .... so some of the software on the work PC pass through the VPN.

So that is why Chrome see the Chrome-cast on my Lan.

Your right they ca do whatever they want on that PC.

The document I saw was not for me to view, it was an error, but I had time to see a quick 2 sec results.

Again, thank you for your information.

I have my response a long time ago : can we stop this thread now?

Thank you all, Richard.