Switch it to auto and you should be fine. That's got the IoT network working, thanks--it'll take a little checking to make sure that trunk still works for the PBX, but if not I'll set it to Hybrid and add that rule. Thanks!

@Ev4nsp479 found the fix. geoip/dnsbl auto rules clear when updated, so you need to create an "alias rule" from the geoip list action settings instead of the typical allow/block in/out. You then create the firewall rule desired using the alias created from the geiop list and continue on from there with schedules etc. Then it maintains. The credit and thanks goes to BBcan for this!

Hi I have solved the problem by following this recommendation: https://www.reddit.com/r/PFSENSE/comments/89sfw4/pfsense_and_iptv_igmp_proxy/ I've skimmed the Ubiquiti thread and it looks like this is what you need to do to adapt my CenturyLink guide to Fioptics: Now to configure the IGMP proxy Go into the pfSense Web UI and navigate to "Services" -> "IGMP proxy" Click the "+" button to add a new upstream proxy as follows: Interface: WAN Description: Fioptics Upstream Type: Upstream Interface Threshold: Leave empty Networks: 10.0.0.0/8 Save the changes Back at the IGMP proxy screen, click the "+" button to add a new downstream proxy as follows: Interface: LAN Description: Fioptics Downstream Type: Downstream Interface Threshold: Leave empty Networks: 239.0.0.0/8 Save the changes In the "WAN Rules" section, add the first two and also this one (not sure if it's necessary, but I don't think it will hurt): Action: Pass Interface: WAN TCP/IP Version: IPv4 Protocol: UDP Source: Network, 10.0.0.0/8 Destination: any Log: unchecked Description: Fioptics Multicast UDP Advanced features -> Advanced options -> Check the box next to "This allows packets with IP options to pass. Otherwise they are blocked by default. This is usually only seen with multicast traffic." On your WAN interface, you will likely need to uncheck the Block private networks and loopback addresses and Block bogon networks options. You don't need to do any fiddling with the igmpproxy package or editing services.inc anymore on the 2.4 series. Everything else should still apply. I think (hope) that's all. Good luck! Let us know how it goes.

thanks John, that's great!!

@nafeasonto said in How do I test if something is being blocked, or find out what teh firewall is actually blocking on incoming connections?: it's direct connection between the two players, there is no back end server. Well then you would have the ports need port forwarded on your end... How do you do this - manually or do you allow UPnP to do it.. Connecting to them would have zero to do with pfsense out of the box because its default lan rules are any any outbound.. Simple sniff show you that pfsense is sending syn to their IP, etc. You still haven't listed any logs show anything blocked, nor have you even stated if these connections are ipv4 or ipv6. You haven't posted your rules, etc. So there is zero info here to to work with to help you figure out what your problem is. For all we know the guy(s) you were trying to connect to were the problem. Or your isp talking to those IPs was an issue, etc. etc.

okay that makes sense. Thanks!

@JKnott said in (SOLVED) is it a good practice to disable the DSL routers firewall.: @whitekalu said in (SOLVED) is it a good practice to disable the DSL routers firewall.: Not a big fan of IPV6 Why's that? That's the future, as IPv4 hasn't been adequate for many years. because i find it easier to read 10.152.155.22 than fe80::14bd:3881:c4a4:b750%11. also using ping command, ping ipv4 address is very easier than ping ipv6 address. seems like the thread is going off topic, mods and admins feel free to lock the thread :)

@mgodinez said in Port being blocked: I am too stumped of why it works with the old router and not PfSense. But just before that you said : @mgodinez said in Port being blocked: well, I did place the old router back and removed PfSense and noticed that the browser now it didn't get the web interface of the AC server, So, even with the old router you didin't get to the web interface of the AC server ..... right ? So : the old router works - or it didn't ? @mgodinez said in Port being blocked: I had to type the whole url (e.g. http://192.168.2.230:32032/cgi/login ) which seems strange. Strange ? This is how the things works since the earlier seventies (last century). In the address bar of your browser you have to use an IP (IPv4 or IPv6) address, or, if you gave your device (192.168.2.230) a A record in the local DNS, an URL like http://my-local-server.local.lan/cgi/login

You can tell a lot from what the browser is displaying. These are from a recent firefox: This occurs when going to an address that does not exist in DNS - or you cannot resolve the name for some reason. Note that this is displayed almost immediately because the browser only waits until the DNS servers return NXDOMAIN. Page Title: Server Not Found [image: 1556560672847-screen-shot-2019-04-29-at-10.50.38-am.png] The following example occurs when going to an address that does resolve in DNS but there is no web server listening. In this case the browser tries to connect for about a minute then times out and displays this. Page Title: Problem loading page [image: 1556560687858-screen-shot-2019-04-29-at-10.57.45-am.png] Note that you can tell if you are looking at a DNS issue or a connectivity issue simply by looking at what the browser is saying. Note that there are other scenarios such as no working DNS resolvers configured that would present differently.

If you're blocking by IP like that you will need to pass by IP also and that's difficult since you will need some way to resolve the IPs to something you can work with. You might be better off blocking access with DNS to those clients. That would not prevent connecting using hard coded IPs though. Steve

NP - glad you got it sorted..

Click on the (?) on your Firewall -> Rules -> Interface TAB. It will take you here https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-basics.html Download the book here https://docs.netgate.com/pfsense/en/latest/book/ Videos here https://www.netgate.com/resources/videos/

@Gertjan Thank you. I created the rule again. It was.

Then the rule is wrong. This really does work. How about you post everything you have done. The limiters, how they are set on the rules, the alias contents, etc. If you post floating rules be sure you detail the whole rule so we can see what interface the rules are on and the direction, etc.

Thanks for the link akuma1x Firewall->pfBlockerNG->DNSBL->Custom Domain Whitelist ->added my site And now it's working as expected.

Thankyou jimp That was very good to eyes and much more friendlier.

@johnpoz said in active directory domain trust: nses and thanks, for the VPN part i also found this tutorial: https://www.ceos3c.com/pfsense/pfsense-site-to-site-vpn/