@alek said in pfBlockerNG blocking SMTP:

No ?

That's the easy / easier way.

Have a look at this list : Youtube Netgate everything you always wanted to know, and more.
There is a Muti WAN video. There is a video about VIP, Carps, etc.

The videos are old, but still very valid and very informative. It's a guy from Netgate talking about Netgate/pfSense.

If it helps anyone else, I just did 2 pfSense clean load upgrades from 2.5.x to 2.6. After installation the version of pfblockerNG was version 2.1.4_27. pfblockerNG logging did not work on either installation until I uninstalled pfblockerNG and reinstalled. After the reinstall it works great again!

Awesome Package!

@kiokoman

Thank you for your quick and clear reply!
This helped me out a lot, I didn't realize we could add "Send options" in such a way!

I haven't managed to get a public IP yet but am getting closer and closer :)

Have a great day

It can depend on the switch/router on the other end of the cable. For instance with Comcast routers often when replacing a router in an office (inside the Comcast router) I've found it's fastest to power off or reboot the Comcast router so it learns the IP has a new MAC. If you have the second router on, and are just plugging in cables, I would wonder if restarting the second router (or just leaving it off and powering it on) would help.

But overall CARP set up properly works basically instantly so that would be preferred. https://docs.netgate.com/pfsense/en/latest/book/highavailability/index.html

@NollipfSense @tompark
ok so here are the results of my efforts last night until 0130!
I am currently unable to get my plex to work.
the plex server is on the server 192.168.1.251 and I am trying to access it via the tv firestick. can anyone help?

Skynet.jpg

The entire running config can be backed up from Diag > Backup/Restore.

The file is /conf/config.xml if you're digging through the filesystem directly.

https://docs.netgate.com/pfsense/en/latest/backup/index.html

Steve

@ccigas said in Basic Firewall Set Up:

I guess from there, I would not have to allow DNS or HTTP/S through the firewall from there or is that not needed?

Typically, on an second LAN interface - called OPTx - you would block http and https acces to the Firewall (= pfSense) itself.
Don't block DNS, devices could use pfSense as a DNS, or whatever other DNS they want to use on the net.

@ccigas said in Basic Firewall Set Up:

For the DNS, it seemed to only work
pfSense doesn't use or care about DNS in receives from upstream routers.
The resolver - unbound - uses the 13 main root DNS servers (the real back bone of the Internet) to find domain info. That will always works.
There is no need - isn't used by default :
Ustream DNS servers,
ISP DNS servers,
Private info collection servers (Google and others);
etc.

If the default resolver doesn't work, something is wrong with your Internet access.

Btw : 'named' or bind, isn't used by pfSense. bind is much bigger and capable, and offers functionalities that hugely surpasses the needs of a firewall.

Hey all.

I hate to dig up a long dead thread, but I was wondering if this ever got resolved (other than reinstalling Pfsense and restoring from a working config.

Having a similar issue actually on my machine.
Little more background: these issues started with an attempted install of a freeRadius package. It was having trouble, giving similar "assigning address" errors (didn't screenshot at the time. apologies). I gave up, thought nothing of it, and removed the freeradius package and then my pfblockerng dns blacklist started giving me trouble. I restored to a config that I knew was working, but that also did not solve the problem. I've tried reinstalling pfblocker, totally deleting the config, and resetting it up, rebooting the whole pfsense box, and continue to get the same error.

I still could reinstall pfsense from scratch, and then restore that config file, but have there been any updates?

Hmm, well if you use Squid/Squidguard to do web filtering I would want to see 2 cores there really, at least.

Steve

Try these. I can't test them against hardware but they load fine in 2.5.2:

[2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: ls bwi_v3_ucode.ko if_wg.ko linker.hints t4_tom.ko toecore.ko [2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: kldload t4_tom.ko [2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: kldstat Id Refs Address Size Name 1 15 0xffffffff80200000 3aea720 kernel 2 1 0xffffffff83f19000 1000 cpuctl.ko 3 1 0xffffffff83f1a000 2698 intpm.ko 4 1 0xffffffff83f1d000 b40 smbus.ko 5 1 0xffffffff83f1e000 344d8 if_wg.ko 6 1 0xffffffff83f53000 137b0 t4_tom.ko 7 1 0xffffffff83f67000 c7e toecore.ko

t4_tom.ko.txt
toecore.ko.txt

Remove the .txt extension.

Steve

I would suggest you reconsider the configuration of your setup with pfSense, by following this guide:
https://www.netgate.com/docs/pfsense/wireless/use-an-existing-wireless-router-with-pfsense.html