Alternative DNS Servers - no filter/censorship (buydomains.com problem)
-
Name servers that return a bullshit IP address instead of NXDOMAIN for A records that don't exist are an abomination.
I will be switching over to a resolver-based configuration this weekend now that I'm on 2.2.
-
well your resolver is on all all, which is not how I would set it up.
Resolver should only listen on your lan port, and should only talk to other dns on your wan.
And don't see how you expect pfsense to resolve anything - so its not going to be able to check for updates..
-
You could deselect WAN without hurting anything or you could just not open port 53 on WAN… Either way. (P.S. Its not open)
It should work and resolve just fine the way you have it here.Easy way to check if your system is resolving and if you can get updates is to go to the main pfsense gui and see if it show "you are on current version"
If it does, your pfsense is resolving fine for its self and probably for all the other machines on the LAN.
Now, go to https://www.dnsleaktest.com/ and see how many resolvers show up.
Hopefully its like...1
-
Selecting just LAN on "Network Interfaces" and "Outgoing Network Interfaces" gives the error:
This system is configured to use the DNS Resolver as its DNS server, so Localhost or All must be selected in Network Interfaces. -
Select all. Port 53 is closed on the WAN. No issues there.
-
Now only the gateway question is still open :)
-
Then select both lan and localhost ;) ALL is BAD practice!!
Here is mine
-
I wouldn't screw with the gateway… unless you are in the mood to upgrade to a ISP/Modem combo that gets you a public IP on the pfsense wan?
-
Not sure if you know, but you select individual interfaces by holding the cntl key while clicking on the ones you want.
What johnpoz is saying is best - I was trying to keep it simple…
-
Not sure if you know, but you select individual interfaces by holding the cntl key while clicking on the ones you want.
I know that :-) - My computer knowledge is good but pfSense is overwhelming :-)
So the important part here is that on "Network Interfaces" you just have the internal and
on "Outgoing Network Interfaces" the external stuff?Gateway:
I did check my ISP router and i have the bridge option now.
I made the hack a year ago and the option was not there - seems like after
some firmware update it changed.
I have a warning "from manufacture not supported change".So i can select LAN2 as bridged.
But if i do that and connect my pfSense WAN NIC to LAN2 i can not reach the router anymore with 10.0.0.1.What changes do i need to make in pfSense to test it?
I guess in "Interfaces > WAN" and "System > Routing > Gateways" -
Is your WAN DHCP or PPPoE?
(Or Static?)
-
Wait. If you select bridged your router is no longer a router so you might not be able to get to it any more at all and, frankly, who cares?
-
Is your WAN DHCP or PPPoE?
(Or Static?)Static - pictures of WAN and gateway settings are ad top of this page :)
Wait. If you select bridged your router is no longer a router so you might not be able to get to it any more at all and, frankly, who cares?
I care cause the phone book, caller list, fax stuff and everything is handled by that box.
There are two phones connected to that box. You can't use dedicated VoIP phones with german
cable ISPs (VoC) cause they don't work. They don't give you the access data and it only works from
your box in your house (not like normal VoIP). -
Yes - I call it built in BS and multifunction trash designed to purposely remove your options. Very familiar with the concept.
-
Is your WAN DHCP or PPPoE?
(Or Static?)Static - pictures of WAN and gateway settings are ad top of this page :)
Meh, what is your connection protocol to your ISP ….
You should get your public IP on WAN if bridged works or is supported at all, which you must test.
Close your firewall WAN inbound vulnerabilities first. -
@hda:
Meh, what is your connection protocol to your ISP ….
What do you mean by protocol?
It's DOCSIS, IPv4… -
Static - pictures of WAN and gateway settings are ad top of this page :)
At the top of what page?
Forum users can set how many messages per page are shown.
Please provide a link to the exact post or attach it again. Thanks.
-
Sorry: https://forum.pfsense.org/index.php?topic=87678.msg483594#msg483594
-
Yeah, that's a static on 10.0.0.1. If you're bridged to the internet you should, somehow, get a public IP on WAN. This is usually accomplished with DHCP or PPPoE.
-
What do you mean by protocol?
It's DOCSIS, IPv4…So, then probably your protocol is a DHCP on WAN, anyway you have to test.
Beware if it works or is supported by ISP Unitymedia:- "front door" is open, control inbound ports on WAN
- may lose the phone capabilities.
- "front door" is open, control inbound ports on WAN
