Sorry, this was a mispost. I was replying https://forum.netgate.com/topic/180691/at-t-gateway-bypass-true-bridge-using-new-authbridge?_=1694719968811

Start your own thread, it's unlikely to be the same issues others have hit. While symptoms may be similar, there are numerous possible causes that can look the same, and trying to diagnose multiple people's issues in a single thread is not feasible.

@jbeez fixed... definitely user error. I was restoring a filter.inc from a prior version. Restored the proper one and its good to go.

So, I found a GUI "bug". I had correctly set the prefix ID's in the "Tracked Interface" for each VLAN, but at the RA page, I mistakenly reinserted the prefix ID in the fields that are for static (full, not delegated) prefixes. Removed the static prefixes and everything now works. GUI should not let you enter static prefixes on a tracked interface, aside from fc00 or fd. And if it does, it should check if they are correct. One of the prefixes was ::1/64.

@rub75f
So you set up an IPSec server on pfSense with intention to connect to internal devices. No, there should be no more to do.
However, it seems your mobile device cannot connect.

So do you have a public IP on pfSense WAN?
Or is there a router in front of it? If so how did you set up NAT on the router?

Do you have a static public IP or a dynamic?

On pfSense WAN you will have a firewall rule allowing the IPSec packets. So check if any packet hit the rule.

@alek said in pfBlockerNG blocking SMTP:

No ?

That's the easy / easier way.

Have a look at this list : Youtube Netgate everything you always wanted to know, and more.
There is a Muti WAN video. There is a video about VIP, Carps, etc.

The videos are old, but still very valid and very informative. It's a guy from Netgate talking about Netgate/pfSense.

@bob-dig said in IP logs are not being created/populated:

It is odd that this problem still exists for so long now. Sure, it is just an Package but it is the most important one in my book.

Yeah, @BBcan177 is likely a busy gentleman, but I’m sure a new build will surface eventually.

But pfBlockerNG is much more than “just a package”. I’ll bet you pfBlockerNG is BY FAR the most used package on pfSense. In fact I’d highly recommend Netgate to find the currency needed to purchase the talents of bbcan177 and the pfBlockerNG name, and start including it as a bulitin feature of pfsense. With the same development/maintenance and continuity as pfSense itself.

Without pfBlockerNG, pfSense would be a much much less relevant product.

@kiokoman

Thank you for your quick and clear reply!
This helped me out a lot, I didn't realize we could add "Send options" in such a way!

I haven't managed to get a public IP yet but am getting closer and closer :)

Have a great day

It can depend on the switch/router on the other end of the cable. For instance with Comcast routers often when replacing a router in an office (inside the Comcast router) I've found it's fastest to power off or reboot the Comcast router so it learns the IP has a new MAC. If you have the second router on, and are just plugging in cables, I would wonder if restarting the second router (or just leaving it off and powering it on) would help.

But overall CARP set up properly works basically instantly so that would be preferred. https://docs.netgate.com/pfsense/en/latest/book/highavailability/index.html

@NollipfSense @tompark
ok so here are the results of my efforts last night until 0130!
I am currently unable to get my plex to work.
the plex server is on the server 192.168.1.251 and I am trying to access it via the tv firestick. can anyone help?

Skynet.jpg

The entire running config can be backed up from Diag > Backup/Restore.

The file is /conf/config.xml if you're digging through the filesystem directly.

https://docs.netgate.com/pfsense/en/latest/backup/index.html

Steve

@ccigas said in Basic Firewall Set Up:

I guess from there, I would not have to allow DNS or HTTP/S through the firewall from there or is that not needed?

Typically, on an second LAN interface - called OPTx - you would block http and https acces to the Firewall (= pfSense) itself.
Don't block DNS, devices could use pfSense as a DNS, or whatever other DNS they want to use on the net.

@ccigas said in Basic Firewall Set Up:

For the DNS, it seemed to only work
pfSense doesn't use or care about DNS in receives from upstream routers.
The resolver - unbound - uses the 13 main root DNS servers (the real back bone of the Internet) to find domain info. That will always works.
There is no need - isn't used by default :
Ustream DNS servers,
ISP DNS servers,
Private info collection servers (Google and others);
etc.

If the default resolver doesn't work, something is wrong with your Internet access.

Btw : 'named' or bind, isn't used by pfSense. bind is much bigger and capable, and offers functionalities that hugely surpasses the needs of a firewall.

Hey all.

I hate to dig up a long dead thread, but I was wondering if this ever got resolved (other than reinstalling Pfsense and restoring from a working config.

Having a similar issue actually on my machine.
Little more background: these issues started with an attempted install of a freeRadius package. It was having trouble, giving similar "assigning address" errors (didn't screenshot at the time. apologies). I gave up, thought nothing of it, and removed the freeradius package and then my pfblockerng dns blacklist started giving me trouble. I restored to a config that I knew was working, but that also did not solve the problem. I've tried reinstalling pfblocker, totally deleting the config, and resetting it up, rebooting the whole pfsense box, and continue to get the same error.

I still could reinstall pfsense from scratch, and then restore that config file, but have there been any updates?

Hmm, well if you use Squid/Squidguard to do web filtering I would want to see 2 cores there really, at least.

Steve

Try these. I can't test them against hardware but they load fine in 2.5.2:

[2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: ls bwi_v3_ucode.ko if_wg.ko linker.hints t4_tom.ko toecore.ko [2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: kldload t4_tom.ko [2.5.2-RELEASE][admin@252dev.stevew.lan]/boot/modules: kldstat Id Refs Address Size Name 1 15 0xffffffff80200000 3aea720 kernel 2 1 0xffffffff83f19000 1000 cpuctl.ko 3 1 0xffffffff83f1a000 2698 intpm.ko 4 1 0xffffffff83f1d000 b40 smbus.ko 5 1 0xffffffff83f1e000 344d8 if_wg.ko 6 1 0xffffffff83f53000 137b0 t4_tom.ko 7 1 0xffffffff83f67000 c7e toecore.ko

t4_tom.ko.txt
toecore.ko.txt

Remove the .txt extension.

Steve

I would suggest you reconsider the configuration of your setup with pfSense, by following this guide:
https://www.netgate.com/docs/pfsense/wireless/use-an-existing-wireless-router-with-pfsense.html