Can I also use 3 different public ip's and THEN do the NAT ?

so
one.domain.com has 81.82.120.21
two.domain.com has 81.82.120.22
three.domain.com has 81.82.121.23

and then make sure on the pfsense the NAT forwards
one.domain.com:443 to 192.168.10.11:21443
two.domain.com:443 to 192.168.10.11:22443
three.domain.com:443 to 192.168.10.11:23443

?

I can't use 192.168.10.11:443 as this is used by the TSGATE service.

Yes, captive portal is on the LAN interface with CARP.
I was wondering as it seems to stop talking ARP if the issue is lower down. Presumably the jump from FreeBSD 12 to 14 involved some changes down in the drivers?

/24 is the cider version over using the 255 octets for your subnet mask 192.168.1.1 255.255.255.0 or just 192.168.1.1/24

You have your host address your network, and a broadcast address. this occurs on the private ip class. You have different class addresses also like class a, b, c, for the private addresses. check out subnet calculator. I had to do all this stuff by hand when it was taught at the College. You have to learn how to subnet by hand but the calculator can help you get a start on it.

@beerguzzle is there a benefit though? Isn’t port 1 the only remaining port on LAN…?

Cool.

You almost certainly only need one of those rules. You wouldn't need static source ports for that connection.

If you removed those rules deliberately to prevent traffic 'leaking' past the VPN (a lot of VPN setup guides will have you do that) then you might want to tighten it to only apply to traffic with modem as destination.

@sysbitnet said in Can pfsense detect requests and routing to set hostname:

Dest. Address: web1

That destination on the WAN would be the WAN address if you don't have any VIPs on it. web1 is an internal IP that could never be reached by an external host.

OutBound NAT.

The /1 route being passed by the VPN provider is a more precise route than the default route which is /0. So it would be used in preference.

That's likely why you see the DNS states on the VPN interface. That should work.

I prefer to set the VPN client not to pull routes from the server and then add policy routing for clients/subnets I want to use the VPN.

@stephenw10 said in Exceeded input buffer (on reboot):

It could well have ended up with a newer boot loader when starting from 2.7.2. That could explain the difference.

Possibly as I think most times I saw it I had restored from 2.6.x clean install restore and then upgraded. It is certainly an odd error as searching for it exactly yields few results. If it reoccurs I will come back here with a video or screenshot.

@stephenw10 said in Large packet sizes fail to send to internet:

You can use the new Net Installer to install Plus directly if the NDI is eligible.

I had missed that post when it came out. That certainly resolves my concerns once it makes it out of beta. In the meantime it looks like things are stable again and we found the oddities that were causing issues. Thank you for your assistance.

So it does show the retransmissions from pfSense arriving at the client?

@SteveITS

I'll have to chalk it up to me being super tired yesterday. I honestly did not see that anywhere -- but I've registered now and submitted my comment.

@stephenw10 hahah - that could be staged, but it wouldn't be unthinkable that was a legit conversation... I take it that was some video off his doorbell camera or something.

Pretty funny either way. But more funny if actually legit conversation.

Ok testing here....

@tompark so here this is really simple.. So my nas has entry in unbound for 192.168.9.10.. So currently if anything queries nas.home.arpa it gets back 192.168.9.10

I created a view and access list that says hey anything from 192.168.3.0/24 that queries you, use this entry for nas.home.arpa that has IP of 192.168.3.42

view.jpg

So if any of my other networks query for nas.home.arpa they get back the normal 192.168.9.10, if anything from 192.168.3.0 queries they will get 192.168.3.42 as you see above that last query is from a pi I have on the 192.168.3 network.

Now here is a query from my device I have on the 192.168.2.0/24 network

ucquery.jpg

If I get myself motivated can show you how to do with a rpz..

I had to call out specific IPs on my pfsense when I did the digs, because most of all of my devices point to my pihole, which is on the 192.168.3 network... So currently none of those devices can actually resolve my nas - hehe ;) Time to comment the view out..

There were some threads discussing it. For example: https://forum.netgate.com/topic/187100/serious

"Multilink extensions over single link" is not enabled.