@stephenw10 Seems like changing ARP Cache TTL to 60 seconds fixed issue I was observing. Finally I have resolution to my issue such a relief.

No worries, glad you're up and running.

@johnpoz Yup it was an issue with the box. Thanks!

So you plan to have two connections between the modem and the existing router and you want to put the SG-2100 in one of them? I thing we might need a diagram here. Steve

@volfied said in Nintendo won’t take static IP: What I’m really trying to do is assign a DHCP reservation from outside the dynamic pool. It has always worked before. That's how it normally works. pfSense will not allow you to assign an address from within the pool.

The address does not change. Most devices use dynamic IP addresses, which are assigned by the network when they connect and change over time.

SOLVED - I figured out my problem. It was caused by this setting below (Static ARP under the DHCP Server configuration for the interface), which I had enabled on the interface because I interpreted it incorrectly. It essentially took precedence over any and all allow rules configured for the OPT2 interface, and prevented any host without a statically assigned DHCP address from communicating with the interface even though the host received the dynamic DHCP assignment from the OPT2 interface. I hope this saves other folks time and headache. [image: 1573105135994-screen-shot-2019-11-06-at-9.46.34-pm.png] As explained in docs.netgate[.]com[image: 1573105210701-screen-shot-2019-11-06-at-10.40.04-pm.png]

I realized that I do not need to add 192.168.0.x since my WAN interface is 192.168.0.1 and /32 was incorrect too. I have removed that. I can see the route in the table but still the ping to google.com or 8.8.8.8 or 192.168.0.1 from a VM(192.168.1.100) connected to pfsense is very random. how can I troubleshoot that? edit: do I have to reboot each time I save anything? that seems to do the trick

With IPAliases you can usually use either /32 or the correct subnet size. The important thing is you have at least one IP defined on the interface with the correct subnet in order to add the correct routing. https://docs.netgate.com/pfsense/en/latest/firewall/virtual-ip-address-feature-comparison.html#ip-alias Steve

Glad you have it working now. -Rico

Yeah you could do that - or you could do this for living and just now that .192 is /26 Just like .248 is /29 and 255.255.255.252 is /30 etc. etc.

You won't get ANY https traffic in transparent mode unless you install a trusted cert on every single last client that will use your proxy.