@Gianni71

Ok, it's time an azure-expert drops in.

Btw : Your are using this ? Then you have expert support.

@alihashmi

29660dfc-42b3-4d89-bcb3-50ba680a1578-image.png

Something changes, as that is not the default LAN network, 192.168.1.1/24

You had also to change the DHCPv4 server settings.
Overthere, the DNS IP is set to the pfSEnse LAN IP - which isn't 192.168.1.1 any more ,

Btw : the TV image just shows "error".
Nice.
Not what the error is.
Not nice.

Can your TV tell you what its gateway is ?
What its DNS is ?

When you deal with "networking", you have to deal with the details.
Like (a connected Samsung TV nearby) :

4c4325d9-11d7-45c8-a792-3bbcd1e3b59d-image.png

where you can see the IP (less important) and the gateway and DNS - both very important, set to 192.168.10.1 as my upstream router to which the TV is connected uses that LAN IP. The DHCPv4 server in that router gave my TV these parameters.

@Gertjan yes pfsense address is 10.1.0.4

@louis2 said in 1) How to get rid of multicast alarms!? 2) faulty rule behavoir:

@bmeeks

I will study the doc trying to find out how to work around this, however I stick to my conclusion that this is terribly wrong behavoir.

Of course the firewall needs to discriminate packets the correct way, but the resulting effect is definitively not !!

There was a discussion thread about this behavior change when it came out. You can probably find it if you search. I think there may be multiple threads about it over the last year or so. My memory may be faulty, but I think the new behavior came out in pfSense 2.7.2. It was due to an upstream bug fix in pf, the firewall packet filter engine.

@viragomann outboud didnt work, but i changed SiteD as client and now works well.

Thank you so much !!!

@markster huh? Firewall log lists the rule that blocked, if your logging the rule.. Are you not logging your block rules?

block.jpg

@viragomann

There are a lot of things I did always take for granted, up to the moment I had a few things which did not work for some reason and I did start reading the documentation as related to floating rules ..... which really did confuse me start doubt yourself.

@laurens-DS

Ok, I get it "VLAN20 subnets" is a pfSense Interface alias 😊

Your rule 2 :

6fc7dbd2-cf81-46ce-b233-bfcf77b0f4b3-image.png
change the green "VLAN20 subnets" for "VLAN20 address".

@pst 10.10.10.1 is my firewall LAN address. I'm not using pfblocker for any DNS. That part of pfblocker is disabled. Something is reaching out but my state table is only registering the replys.

@QuantumParadox can you run top -HaSP' before killing iftopto see whatiftop` is doing cpu-wise? Is it running while, consuming lots of resources?

On what does box pfSense+ run, what specs, what NICs? And does iftop hang at all download speeds or only when downloading at full speed?

I am trying to play with ntopng and I can't see it get it to run in the command line.

I don't know about ntopng, maybe someone else can step in?

nobody has faced same issue ?
thanks

@katakuri FWIW the only interface/rules tab with anything on it by default is LAN. The anti-lockout rule there looks like:
446416df-db20-4d13-bf86-df8965cb583e-image.png
There's a checkbox on System>Advanced>Admin Access to remove that.
(there are also two default rules there to allow IPv4 and v6 to any)

@katakuri said in Firewall Rules and the Gateway:

But when traffic has to go through the gateway, such as traffic going to the internet, the destination for the traffic will be the actual target, not the gateway itself, right? Traffic destined for outside the subnet is sent to the gateway but for the firewall the actual target is the remote address?

Yes.

Firewall rules in pfSense work at layer 3. Each IP packet includes the source and the destination address in its header. These are evaluated by pfSense for filtering the traffic.

The gateway, however, is a case of layer 2. A packet can be sent to the gateway (per hardware address) even the destination address is something different.

@bmeeks got it, thank you

@johnpoz You nailed it. ntopng is installed!

@pfsense57352 I am new to pfsense and It might seem a bit overkill to install Home Assistant just to monitor pfsense, but the built in integration is really nice and I don't know your use case.

It even has an addon that runs locally called Uptime Kuma (basically an uptimerobot alternative).

The ha pfsense addon has a lot of sensors... just fyi here is a home assistant page where I get info from pfsense:

pfsenseha.jpg