Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    1. Home
    2. Tags
    3. interface
    Log in to post
    • All categories
    • G

      Access Modem GUI Behind Firewall

      Watching Ignoring Scheduled Pinned Locked Moved NAT firewall rules nat rules interface gui access modem
      107
      0 Votes
      107 Posts
      11k Views
      JonathanLeeJ

      Great job, and you also learned port forwarding, ACL ordering, alias creation and much more. I love this forum you can learn so
      much. Now you just need a OpenVPN configured with a NAS server for private cloud use

    • C

      Routing IP's/ Hosts through a VPN/ Created interface.

      Watching Ignoring Scheduled Pinned Locked Moved L2/Switching/VLANs vpn host routing interface forwarding
      1
      0 Votes
      1 Posts
      294 Views
      No one has replied
    • JonathanLeeJ

      SG-2100 Network Interfaces Question

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions offloading interface sg-2100
      15
      0 Votes
      15 Posts
      2k Views
      M

      @JonathanLee said in SG-2100 Network Interfaces Question:

      Happy new year everyone

      Happy new year to everyone !! =)

      Going to meet my friend now, Mr. Jack Daniels.. Nice guy.. hehe

    • T

      Network interface MAC address shuffles on new interface addition

      Watching Ignoring Scheduled Pinned Locked Moved L2/Switching/VLANs configuration interface esxi freebsd
      1
      0 Votes
      1 Posts
      463 Views
      No one has replied
    • U

      WAN Interface Dies Quickly on Specific Interface

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN wan interface packet loss starlink
      1
      0 Votes
      1 Posts
      375 Views
      No one has replied
    • I

      Interface does not appear while creating a Span port

      Watching Ignoring Scheduled Pinned Locked Moved pfSense Packages span interface securityonion sniffing bridge
      1
      0 Votes
      1 Posts
      360 Views
      No one has replied
    • A

      How to combine interface isolation and External Client DNS Queries

      Watching Ignoring Scheduled Pinned Locked Moved DHCP and DNS dns firewall rules interface
      3
      0 Votes
      3 Posts
      687 Views
      johnpozJ

      @ASGR71 putting a block rule to 53 just below the rule you allow 53 to pfsense IP would be a valid solution if you want to block clients on that network from talking to any normal dns on the internet.

      If you are having issues with clients using dns other than pfsense. While that rule would block normal dns, it doesn't prevent clients from using doh (dns over https) or dot (dns over tls).. while dot should be easy to prevent since the standard part is 853.. And clients don't normally use dot. A forwarder would use dot to forward to some other resolver via tls.

      Blocking clients from using their own dns to circumvent local dns has become an uphill battle.. Browsers deciding to use doh on their own without explicit opt-in by the user is a problem.

      Blocking doh is becoming a challenge. Since it uses standard 443 port of https traffic - which is pretty much everything on the internet these days. Blocking this has come down to using lists of known doh servers and blocking the IPs.. Which can turn into a wack-a-mole game..

      But if you just want to prevent some client talking to say 8.8.8.8 or quad9 or 1.1.1.1 on 53, etc.. then yeah that 2nd rule accomplishes that.

    • S

      Interface with Wireless Adapter Not Displaying Wireless Config Settings

      Watching Ignoring Scheduled Pinned Locked Moved Wireless wifi interface adapter wireless
      5
      0 Votes
      5 Posts
      1k Views
      stephenw10S

      Excelllent. I added a feature request for it: https://redmine.pfsense.org/issues/14050

    • J

      usb iphone ipv6 WAN dhcp6

      Watching Ignoring Scheduled Pinned Locked Moved Routing and Multi WAN usbconfig ipv6 dhcp6 interface
      1
      0 Votes
      1 Posts
      682 Views
      No one has replied
    • ?

      Do I need to create a new interface for every port?

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions interface newbie
      7
      0 Votes
      7 Posts
      957 Views
      stephenw10S

      There are two Netgate devices that have a port marked 'LAN4'. In the 2100 that is part of the switch that is connected to the LAN interface by default and no additional config is required to use it.
      In the 6100 that is a discrete NIC and not enabled by default. There you would have to enable the interface and set a firewall rule on it at a minimum to use it.

      Steve

    • QuasaurQ

      Wireless: Getting the MAC to the Right Interface & DHCP Server

      Watching Ignoring Scheduled Pinned Locked Moved Wireless interface vlan wireless dhcp mac-address
      13
      0 Votes
      13 Posts
      2k Views
      stephenw10S

      Yes you could use pools in one subnet and filter them differently using aliases but you can't filter traffic between the clients on one subnet that way. Traffic would just go between them directly without passing through pfSense. Only one interface.
      Really you need to use VLANs in there to separate the traffic at layer 2.

      Steve

    • K

      How do I setup ddns on carp interface

      Watching Ignoring Scheduled Pinned Locked Moved General pfSense Questions ddns carp interface
      1
      0 Votes
      1 Posts
      390 Views
      No one has replied
    • beremonavabiB

      Cox IPv6 Settings?

      Watching Ignoring Scheduled Pinned Locked Moved IPv6 cox ipv6 interface
      3
      0 Votes
      3 Posts
      4k Views
      beremonavabiB

      @virgiliomi Thanks. That's a really helpful answer. I appreciate it.

    • S

      OpenVPN interface assignment

      Watching Ignoring Scheduled Pinned Locked Moved OpenVPN openvpn interface clients
      2
      0 Votes
      2 Posts
      740 Views
      RicoR

      The interface used by the firewall to originate this OpenVPN client connection
      so typically this would be WAN.
      In my case for some Sites it is not directly WAN but some Gateway Group containing different WANs.
      I've never thought about switching it to any internal Interface like LAN or OPT...why did you do that? Just leave it as default.

      -Rico