• 0 Votes
    7 Posts
    733 Views
    stephenw10S

    Yup that's a fun* one!
    More than 4 vmx NICs in esxi changes the PCI device ordering. Crazy.

  • pfSense and disapling prefix delegation for LAN side

    IPv6
    1
    0 Votes
    1 Posts
    386 Views
    No one has replied
  • 0 Votes
    27 Posts
    5k Views
    JonathanLeeJ

    Could it be set flags SYN ACK ? and or state type keep or sloppy ?

  • 0 Votes
    4 Posts
    2k Views
    A

    @miracullix So just bridge the ports together and give it a try. You can always "undo" what you setup - go in reverse order to tear it all apart.

    Under Interfaces, select the Bridge button. In there, click the Add button. In there add the 2 ports you want together (use the shift key on the keyboard to select multiple ports) and then click the Save button. Keep in mind, the only interfaces you can add to a bridge are "enabled" interfaces. In other words, they have to be active. I think the 4100 comes with all interface ports enabled.

    So, now that you have a bridge added, you have to enable it and set it up. Be careful here, I think you could inadvertently lose your LAN connection and the IP address range you already had on it.

    Long story short, I don't believe you can simply click a couple of buttons and add another available interface to a bridge. There's a little bit of setup, and some pretty good setting tweaks. And, obviously the performance hit. So, that's why it's said to just add a switch to keep it simple.

    Hope that helps...

  • 0 Votes
    4 Posts
    2k Views
    G

    I figured out how to connect my computer to the pfsense vm. On windows server 2016 i went to network connections where i can see all my ethernet adapters. Then i selected in my case ethernet 3 where my computer is connected and the internal lan adapted and bridged the two adapters. In the bridged adapter i changed the ipv4 adress and i was connected to the router.

    However now i am connected but still dont have internet and i am able to ping 8.8.8.8 but not google.com i get the error dns could not be resolved when trying to access internet in chrome.

  • How to keep networks separated

    L2/Switching/VLANs
    9
    0 Votes
    9 Posts
    1k Views
    GPz1100G

    @johnpoz said in How to keep networks separated:

    Seems odd to me that your saying pfsense is getting a public IP - but other devices are getting 192 - this isn't normally how a gateway in bridge mode works.

    That's how the att garbage works. Their gateways have what's called passthrough mode. Via dhcp it assigned the public ip to a single device on the lan side.

    However, the public ip still remains assigned to the gateway's wan as well. It's a pseudo passthrough mode of sorts, fake bridge.

    The end result, customer's device (router, pfsense, etc) has what appears to be a public ip as well as the gateway. As such, the gateway can assign various private ip's to other devices (wired and wireless) connected its ethernet ports and/or wifi ssid. A traceroute behind the customer's router (pfsense or other), will show the gateway ip as the first hop (192.168.1.254) rather than the real wan gateway.

    For those of us on fiber in areas not get upgraded to xg-pon, several bypass methods exist which eliminate the isp gateway box entirely. The best is extracting (or buying) the 802.1x certs then implementing them in software using wpa_supplicant. This gives customer full access and control of the network, no double nat, etc. Also a /60 PD for ipv6 vs /64 from the gateway box.

    The other methods still rely on the gateway box in one manner or another.

  • 0 Votes
    7 Posts
    1k Views
    johnpozJ

    @autourdupc said in VLAN to LAN ping always possible despite rules:

    Next time, i will ask community before spending soo much time !

    What we are here for.. If there is some issue you have question on - or not sure if your understanding something correctly.. Yup just stop on by, here to help.

  • 0 Votes
    6 Posts
    1k Views
    stephenw10S

    When you connected the PC directly to Eth1 did it show the expected link speed/duplex?

    40Mbps is sufficiently slow to point to a link issue.

    Steve

  • Secure DNS

    DHCP and DNS
    1
    0 Votes
    1 Posts
    794 Views
    No one has replied
  • 0 Votes
    5 Posts
    946 Views
    jahonixJ

    @giminik You can assign subdomains at the interface's DHCP server tab.

    Domain name: "The default is to use the domain name of this system as the default domain name provided by DHCP. An alternate domain name may be specified here."

    So you can end up with
    -firewall.home or firewall.lan.home
    -firewall.lan2.home
    -firewall.dmz1.home
    -firewall.dmz2.home

  • How to give access from WAN to LAN using Squid

    Cache/Proxy
    1
    0 Votes
    1 Posts
    478 Views
    No one has replied
  • I need help with VLAN

    L2/Switching/VLANs
    17
    0 Votes
    17 Posts
    2k Views
    S

    I solved the issue a while ago and forgot to answer here.
    After entering the IP in Captive Portal / Allowed IP Addresses, everything was perfect.
    As my CP is authenticated, so I believe that the question was precisely at that point. The other end had no way to authenticate itself to be able to pass and from the moment I released the IP there, he started to communicate. I even thought about doing a test of this type, taking the CP's authentication to see if it worked directly, but I ended up not having time.

    Anyway ... it's resolved.
    Thanks to everyone who was willing to try to help.

  • Comunicação entre rede LAN e VLANS

    Portuguese
    17
    0 Votes
    17 Posts
    3k Views
    M

    @gabriel-silveira Se você tem 2 provedores, os 2 estão conectados no pfsense, certo?
    O Gateway group permite você configurar essas saídas de Internet em failover por exemplo, caso provedor A caia, utilize o provedor B até que o A seja restabelecido.

    Ou caso você queria por exemplo que a VLAN20 utilize o provedor A apenas, você adiciona na regra de Firewall que permite o acesso a Internet dessa VLAN o gateway apontando para o gateway do provedor A.

    Você fez alguma configuração nesse sentido?

    Pois caso tenha feito, você precisará criar regras de Firewall, permitindo a conexão entre as VLANs, com gateway sem alteração, ou seja, em default, e essa regra deverá estar no topo.

    Ela precisa estar antes das regras que permitem o acesso a Internet com gateway específico, ou seja, que não seja default.

    Uma recomendação para que possamos te ajudar melhor, é sempre postar uma topologia do ambiente. Estou tendo que fazer suposições sobre o problema e o ambiente.

  • Bridge oder LAN? Vorteile und Nachteile?

    Deutsch
    88
    0 Votes
    88 Posts
    22k Views
    Bob.DigB

    Auch der Reboot löst das Problem mit der fehlenden IPv6 auf LAN nicht immer. Da bleibt wirklich nur auf 2.5 zu hoffen. I am ready! 🤞

  • 0 Votes
    4 Posts
    748 Views
    N

    Hey there,
    I think the problem is not within the Router but in the testserver.

    Even though I did a reinstall recently and never installed anything else than apache2 and openssh-server, a tcpdump confirmed that the packets arrive at my testserver but my testserver does not respond to them for whatever reason. So most probably my fault.

    Anyway

    Thank you @Rico !

  • Wifi AP to LAN communication

    Moved General pfSense Questions
    5
    0 Votes
    5 Posts
    832 Views
    stephenw10S

    I would not expect a port forward to be required there as Plex can usually be accessed from anywhere, even externally.

    UPnP is disabled by default in pfSense and you should leave it that way unless you have a very good reason not to. Plex can open port forwards in the firewall to allow access otherwise.

    Usually when people device their network like you have it is for security. Consider what would happen if one of your cameras was found to have a vulnerability and was hacked for example. What would that give anyone access to?

    You probably want firewall rules on the 192.168.2.1 interface in pfSense that allow only the required access outbound. So the cameras may not need any external access or maybe only to a known IP or set of IPs. Wifi IoT style devices may not need any access to to the LAN subnet. Though maybe you want Alexa to be able to control Hive....

    What you want to do is allow only the traffic that is needed and segregate devices as much as possible to mitigate any security issues should they occur.

    Does your access point allow for multiple SSIDs / VLANs?
    If so I would create more so you can separate general access devices like laptops and tablets from IoT devices like cameras and Alexa.

    Currently you have separated devices simply by wired or wifi and that might not be the best way. The Hive and Hue hubs are IoT devices. I would want those on a separate subnet to desktop PCs and servers if possible.

    Steve

  • Wifi AP communication to LAN

    General pfSense Questions
    2
    0 Votes
    2 Posts
    477 Views
    D

    ok so here are the results of my efforts last night until 0130!
    I am currently unable to get my plex to work.
    the plex server is on the server 192.168.1.251 and I am trying to access it via the tv firestick. can anyone help?Skynet.jpg

  • Setup für die Messung Lan-Wan

    Deutsch
    3
    0 Votes
    3 Posts
    678 Views
    S

    Hi Rico

    Danke für die Rückmeldung. Ich konnte es mittlerweilse lösen, hab die Schnittstelle zwar angelegt, aber nicht aktiviert.

    Danke

    Gruss

  • 0 Votes
    1 Posts
    610 Views
    No one has replied