Yes, that applies to the local side where the VPN would effectively be the other WAN.

At the remote side you just need firewall rules to pass the traffic coming in over the VPN and outbound NAT rules to translate it at the WAN. The OBN rules may already be added.

Try routing some traffic from a single client. Start a ping to something unique then check the states at both ends.

General Motors makes Chevrolets.
And Cadillacs.
EOF

Oh, yes indeed. And by far the easiest! 😁

Then the ISP router must be configured to forward traffic to the Sonicwall. It might be forwarding all traffic (a DMZ style setup) or just forwarding the required ports for the SSLVPN.

You need to setup similar forwards to pfSense.

But, yes, a better setup would be to eliminate the ISP router entirely. That may not be possible though.

@SteveITS said in host in alias used by firewallrule refuses to work:

@a1aba ...you're welcome...?

¯\_(ツ)_/¯

thanks for the help of course!
vereybody who helped thanks for the effort 👍 😊

No, patches survive a reboot. They may not survive an update but, yes, this would be in 25.03 anyway so you shouldn't need to do anything.

https://redmine.pfsense.org/issues/15544

That seems to cover what you're asking. You can add comments there.

@Fandangos said in DLNA discovery doesn't work:

I am not using the wan port. I'm using the first lan port.

Ok perhaps I found pictures from a different model router than the one you have. The one I found had one orange and four blue ports.
But that's good, you need to be connected to one of the LAN ports. And even though some routers these days have an "AP Mode", all you really need is to turn off DHCP to make it function as an AP.

So I guess, problem solved right?

@stephenw10

Thanks for the replies and insights. So far it's been over 24 hours with no issues. I'll report back after a longer period of time if issue re-occurs with details.

If they are statically assigned and in the same subnet then you should just be able to use virtual IPs.

How did you test it?

Adding a bridge is only required if you need multiple MAC addresses. Usually you would not. You can only add one though. Your screenshot implies you either already have WAN in a bridge or you tried to add it to more than one.

@patient0 yeah I would assume that a static mapping would override any deny, same goes if there is an existing lease already I would think.

@stephenw10 Well I got through the login page to the checkout page by moving to another desktop..... but it wants me to agree to the terms and conditions - and I finally realized I had to click on the whole Legalize paragraph to agree and finish the transaction.

I guess I better order some hard drives.

Again thank you for your expertise and answers.

@stephenw10 said in Is 24.03 -> 25.03 upgrade path supported?:

It's tested internally. We may enable it for RC.

That'd be great!

When you connect out from the interface address directly there is no outbound NAT required. You should be able to ping out from it.

However you are seeing some traffic from it so perhaps you're not selecting the source correctly?

The gateway monitoring would be the same, is that showing as up for WG?

@stephenw10 @Darkk

umm...

Screenshot 2025-02-21 at 10.42.22 AM.png

there are two tmpfs - one for tmp, one for var
Screenshot 2025-02-21 at 10.53.10 AM.png

/var is on a tmpfs. (that 89M shown here is mostly log files, and yes they rotate) I can force that number to near zero just by removing log files. or just watch it over time goes between about 87 and 92 as log files build out compress and rotate -- Not all of var is on the tmpfs either)

/tmp is on a tmpfs (the smaller one in my case)

to which tmp do you refer and 8GB does seem excessive

@am-steen said in Block All WEB SITES Except https://web.whatsapp.com:

note: I do not know how to open logs

Goto Status > System Logs

pfBlocker, a nice short cut is hiding in plain site :

3e1fbf6c-1210-41a4-bb06-fb168dc5a8b3-image.png

Or Firewall > pfBlockerNG > Log Browser and pick your file in de second pull down box.

For the no-mouse solution : console or SSH, menu option 8 and then

cd /var/log

Looks like those states are created outbound. I assume bxe0 is an internal NIC? The 'route-to' tag there implies policy routing in a firewall rule for that.

Only inbound states on a WAN will get tagged reply-to.

My hardware wasn't actually shutting down by holding the button. I pulled the plug and restarted and then it booted to a screen with a yellow "SHELL>" prompt.

So I downloaded the 2.7.2 installer and put it on a stick and reinstalled from scratch.
Then logged in and uploaded my latest backup.
After a restart it got stuck on this screen twice.

I then pulled the plug again expecting to have to start from scratch, but when it powered on the 3rd time I had my config back.

So I'm up and running again with the latest version installed.

Let that be a lesson to everyone. DO BACKUPS. It saved me hours of time, plus I'm sure I've forgotten all the tricks I learned while setting up the first time.

IMG_2399.jpeg

@madbrain said in Automate full config backups from a pfSense to a Synology NAS on the same network:

The command I posted yesterday did not work. It produced 0 byte files. Turns out logging in to pfSense+ 24.11 via ssh presents the user with a menu. One needs to select option 8 before executing any command. Is there any cleaner way than forcing the input of 8 + LF before the command ?

Aha .... Let "AI" the thing ... 😊
What about these 4 keywords ? :
pfsense ssh backup config

Use the very first Alternate Remote Backup Techniques | pfSense ... solution proposed.
Over there, 3 solutions. the last one, Basic SSH backup will interest you.
edit : ok ... stupid me, this link was already given above. But take note : no "menu" issues for me.

Still, this doesn't work for me, as I'm using this :

43f98ab9-41ef-4a0d-bd40-e98da3c073eb-image.png

so no root (admin) password is asked, but a key passphrase is needed.

After placing my pfsense private key in some '.ssh' directory (name : pfsense.key) I could use

Christian@DiskStation2:~/.ssh$ ssh -i /var/services/homes/Christian/.ssh/pfsense.key root@192.168.1.1 cat /cf/conf/config.xml > backup.xml Enter passphrase for key '/var/services/homes/Christian/.ssh/pfsense.key': ############

Now I have the config file "backup.xml" on my NAS :

Christian@DiskStation2:~/.ssh$ ll backup.xml -rw------- 1 Christian users 639484 Feb 20 08:41 backup.xml

Look at this if you want to automate it 100 % (somewhat not secure)

A bridge interface is tricky because there is no sent/received really. Every packet crosses it. Unless the interface is assigned in which case pfSense can send/receive from it and will use the generate bridge MAC.