You may well be able to script something. Or modify one of the existing scripts. It would be unsupported though. You would have to take care at firmware upgrade to ensure the scripts were replaced etc. Steve

The ports on the 6100 are completely independent. The only way to make them work the way you describe is via bridging.

@nikolaosinlight Ok, I might have interrupted the crash dump gathering. Thank you.

Yeah, I used a Draytek V120 with ADSL for years. It just worked. When my last Huawei HG612 expires I might have to go to the V130. Unless FTTP has arrived by then. Steve

pfSense is designed to be a web configured firewall. It's pretty much the reason it exists! You could block access to the webgui on every interface and just use links at the console directly: [image: 1637421294924-screenshot-from-2021-11-20-15-11-02.png] It's pretty inconvenient though for the security it gets you. At some point int the future this might become a more practical option as we move functionality out of the front end. Steve

@stephenw10 thanks Stephen, my idea is just to have a 100% safe laptop/PC only to access the router. I don't think you need to be connected to the net to login/configure the router(?) I'm also looking at Linux & physically removing the wifi/bluetooth capabilities. Or even OpenBSD/FreeBSD OS... Thanks Tails may be going too far for me, but I will need to understand it better. Hopefully a VPN will be enough to stop them acquiring my IP. Anyhow, I think I'm started to understand enough to know that I am going to give the Netgate 6100 / PFSense a go - then add additional security measures on top. Just some last Qs, since all this networking lark requires a fair bit of knowledge, and is therefore easy to mess things up in configuration - Would I be able to get someone from your support to screenshot me the [100%] correct setup/configurations for whatever I decided to go with in terms of devices/clients and addons such as pfBlockerNG-Devel? Am I going to need a separate switch to do VLANs? Should I add Squid / ACLs for extra security? If possible, can briefly explain how ACLs will help (I can't figure it out with VLANs & whether it's necessary). Thank you very much!

@steveits thank you for the reply, I had thought about setting it up with the double nat, its how my current system is, mostly because i was being lazy. I am getting ready to buy some security cameras and was thinking it would be wise to create an IOT ssid and segregate it off with vlans and I am not sure that would work very well with a double nat type setup.

Excellent!

You can still get in if the console is password protected, it's just trickier. https://docs.netgate.com/pfsense/en/latest/troubleshooting/locked-out.html

@stephenw10 : also, how can I be 100% certain that the plug polarity required is as follows? Barrel / conductor / outside: minus Tip (inside): plus This is the most common plug type but if it’s reversed I may damage the unit. Thanks, Pete [edit: never mind that, it's written on the bottom of the device]

Applying a change by playing back a php shell script is the same as editing it in the GUI. Assuming the script is correct! Both those things apply changes via the etherswitchcfg command. So, yes, I'd expect the behaviour to be the same at the time of the change. Steve

Hmm, not that then. You can remove that cron-job if you don't have Squid installed. Hard to say what that might have been then. You'd have to check the process list while it was stuck, after restring the config. Steve

Indeed, the VLAN group number there is just to define the config entry. You could define those in any order and the resulting switch config would be the same. Steve

@stephenw10 said in Netgate 6100 dropping LAN: Does the Avahi service actually stop? If so a possible workaround would be using the service watchdog package. Steve It doesn’t seem to stop, or if it does, it doesn’t seem to stay stopped as the icon in Status > Services shows a green check when I’ve gone in to restart it.

hello with good software img all is ok now thanks

@ajturner The LAN ports are a switch. You can configure them to be discrete ports.

@stephenw10 Thank You for that information. Is there a possibility to cross-ship. The unit is effectively useless. I cannot use it... resell it or anything else... and shipping and waiting for customs is a huge business impact. We bought this to take advantage of a fibre line using the SFP+ port for a service we planned on launching this weekend. I would appreciate it if Netgate can ship the unit overnight AIR "immediately" and I will definitely get this defective unit in the hands of courier ASAP today after I receive the label. --Nikolaos

@scooterwa Generally the 65 error is if the cable is unplugged, the other end isn't responding, etc. No communication. You might try putting a switch in between the pfSense and the Netgear just to see if that helps? I've seen posts occasionally that it does.