@johnpoz excatly , so i can change the gateway in routing of this isp , and under interface assimgnets, change the ip ,and add the new gateway that was given by isp.

@bly I did see (only now) on LAN side I did put 'TCP' instead of 'any' in the protocol. That was the error...

@hfarinha forgot to mention that I had to add acl's manually as well under DNS resolver otherwise dns resolution does not work.

@ddbnj I personally do not have such rules on my lan side interfaces currently. I do have some log rules for some specific blocks and specific allows. But my sons haven't been teenagers in like 20 years (both in their 30s) and long gone from the home.. But I get your reasoning ;) If I was needing to troubleshoot something where I need to see all blocks for sure, I would just toggle the default logging back on.. But sure you could do the same sort of rules on your lan side interfaces. I personally am more interested in unsolicited inbound into the wan that is interesting.. Gives me an idea what major noise is going on right now - remember back awhile when those modems got compromised and were generating tons of traffic globally - that popped up to the top of my block list in the report.. Then there is always the common 80,443,22,21,3389, etc.

@johnpoz I have it done through the host now. I'll get the opt port setup later today I'm just not by the device to do so now.

Ok, I get it now. Sorry.

I looked at my wan rules and noticed there had been activity on the port. Opened up Emby on my phone and the magic networking fairies did there thing over night.... it now works

@nic82m, can detail more your configuration! How do you have your wan interfaces configured for example ...?

I managed to solve this. I needed to add a NAT rule and fix the allowed IPs in the Peer definitions which used a /32 netmask and should have used a /0 netmask.

@bob-dig I have seen the same, when using OpenVPN interfaces. It is like pfSense won't rekognize the usual preassigned interface or net address. Since i use /30 L2L nets , i have an idea about them being assigned at "connect" time , confuses pfSense , and they won't resolve. I have also reverted to use the addresses directly (or via alias) in firewall rules /Bingo

Yes, exactly that. I think that statement was intended to imply the same; the antispoof rules match traffic before the user rules but without 'quick' set their action is not applied until after the user rules. Therefore it's possible to by-pass the antispoof rules with an excessively wide user rule. Pass rules should use actual subnet(s) they apply to as source where possible. The Interface group example above is an interesting one though. Steve

@dmcgurn said in Access Cameras Inside Lan from Phone - Rules ? NAT ? Forward ? Alias?: What do I need to do for the inside for phone connected to wifi to see NVR? Rules ? NAT ? Forward? Alias? or should it just work ? If its on the same network it should just freaking work.. Since the pc does makes no sense another device on same network wouldn't What would make sense for why wifi not working if same network, is isolation mode setup.. AP or Client isolation are two common terms used.. This normally prevents wifi clients from talking to each other or wired devices. Or guest wifi network vs normal wifi network as well. But this normally not really an option when just using wifi router as AP which is what should be done when using pfsense.

@WhiteTiger-IT said in How to address three servers in DMZ always using the same port?: But pfsense puts a gui on haproxy. And it drastically reduces the learning curve and configuration minutia requirements. @WhiteTiger-IT just as john poz says !! I agree with him. @whitetiger-it said in How to address three servers in DMZ always using the same port?: The servers are virtualized in Proxmox. yes

@silence So far, it seems to be just one of my gmail accounts. I'm not sure why that one is in paranoid mode, but the others are acting normally. We''ll call it okay for now. :) Thanks for the responses!

@w5ofwur1xtomtk9zbo that is blocked in the outbound direction. see the little triangle thing before the interface. But @viragomann is correct that is out of state block RST. Port 32400, that is the plex port.. Odd that pfsense would be making connections to plex.. Are you doing any port forwarding between your interfaces? A nat reflection setup? Outbound nat setup on lan? Is that 222.10 box your plex server? Could you post any port forwards you have setup and your outbound nat tab.

@jpk_pfsense would of been no reason to restart the interface.. Just look in the state table for the traffic you were going to block.. I would of just filtered on say the NVR IP, and killed all its states. Rules with 0/0 point to for whatever reason that rule is not being triggered, a rule above it allowing or block what this rule would do, or client you believe should hit that rule isn't actually using pfsense as its gateway, or maybe its using a vpn and your not seeing traffic as you thought with the rule. Or big one - some state exist that allows the traffic that would trigger that rule. Glad you got it sorted. Other possible issues, rules didn't actually reload fully.. You can reload the filters under status and watch the output looking for any errors, like table memory errors, etc.

@bars your wan would be how pfsense gets to other networks its not attached too. Normally this would be just a public internet IP. Or if behind a nating device from your isp, it could be just rfc1918 address.. A wan is the network a router uses to get to other networks its not attached to.. The wan net alias, is just that the network your "wan" interface is connected to. Yes the wan IP would be included in that alias, since it is the whole network that interface is attached to.

@tomatonoheta Those all out of state blocks. Your traffic flow is asymmetrical most likely.. But odd that is not SA.. (syn,ack) If pfsense was blocking syn, you would have issue but those are Acks being blocked not the syn. Why are you hiding rfc1918 addresses?

So I was able to find a bug report about this problem and its due to a chrome issue. I am using Brave so I guess it would be a similar issue. I was able to easily fix this by just clearing the cookies and site data. The bug report was 5 years old and says it was to be fixed but I guess the problem is still happening. Luckily its an easy fix and not something major. Original Bug Report