Categories

  • Discussions about TNSR

    446 Topics
    1k Posts
    S

    I have a 2 TNSR routers connected to a pair of MLAG connected switches. I also have my own IPV4 subnet that is being announcec by BGP via Interface 1 on the first TNSR device. I have no problems at all right now, all of the servers on my network can access the internet and be accessed via their public IP address.

    What I am struggling with now is segregating clients into VLANs. When I create an access VLAN (22) for my client, I can no longer access the internet. My understanding is that I must create a bridge so that the VLAN22 can access the LAN interface with the gateway IP assigned. Each VLAN client will have a public IP from the single /24 subnet.

    When I followed the instructions for TNSR VLAN, nothing seemed to be problematic, but when I created the bridge things went wonky. Not only do the VLANs not work, but I also lose access to the non-VLAN devices.

    interface bridge domain 10
    flood
    uu-flood
    forward
    learn
    exit

    int Interface1
    bridge domain 10
    enable
    exit
    int Interface1.22
    bridge domain 10
    enable
    exit
    interface loopback bridgeloop
    instance 1
    exit
    interface loop1
    ip address 10.25.254.1/24
    bridge domain 10 bvi
    enable
    exit

    I did try changing the loop1 IP to my gateway IP and removing it from Interface1 but that didn't help. Maybe I am going about this wrong, but I need some guidance if possible.

    Thanks,
    Shawn

    For background:
    On TNSR device1:
    Interface1 is connected to a switch that carries my upstream BGP using a 10.34.14.0/24 address for now.
    Interface2 is the interface that has my gateway IP 23.x.x.x/24 and is also the port connected to the first switch.
    Interface3 is connected to a second switch and has no IP address

    TNSR device2 :
    Interface1 is connected to the switch that carreies the BGP but has no IP address and for all practical purposes is doing nothing

    Interface 2 is connected to the 2nd switch and has no IP address

    Interface 3 is connected to the first switch and has no IP address

    As you can see, the 2nd TNSR device is mostly sitting around doing nothing but eventually should be integrated in via VRRP or whatever I can get working.

  • Discussions about pfSense Software, click a category below

    120k Topics
    760k Posts
    Bob.DigB

    @pst said in pfBlockerNG: when configured to use floating rules, blocks both directions even for unidirectional rules:

    there is a complete block of the ISP subnet that I am currently on

    It is what you want, if you are hosting a mail server: No connections from "residential IPs". I wouldn't have thought though, that these are available to us in that feed.
    And I have disabled that feed because of false-positives in the past.

  • Discussions about pfSense software packages

    20k Topics
    127k Posts
    R

    @Bob-Dig @keyser
    Ahhh, OK. So the wg<#> Wireguard interface will be assigned to a new logical pfsense interface (as WAN, LAN, OPT1, and OPT2 already have things assigned under Interface Assignments), which will be the next in logical sequence, ergo OPT3. OK, thanks, that helps!

  • Discuss pfSense in other languages

    43k Topics
    267k Posts
    M

    Pessoal boa noite, espero que possam me ajudar.

    Tenho uma empresa de games e migramos pro pfSense, alguns jogos estao com o NAT Estrito devido as postas necessarias estarem fechadas, fiz todo o procedimento de port forward do pfsense para as portas especificas juntamente as regras de firewall do pfsense e nao consigo libera-las, fazendo com que o NAT fique aberto para esses jogos.

    Obs: Com os computadores ligados diretamente no modem da operadora (vivo fibra) e o encaminhamento de portas configurados no modem, as portas funcionam, ou seja o NAT fica aberto, mas passando pelo pfsense nao funciona.

    Alguma luz pra me ajudar? Obrigado.

  • Information about hardware available from Netgate

    2k Topics
    20k Posts
    A

    Wow, I stop checking the forum for a bit and come back to find that the ZFS patch has been released! 👏

    Thank you to @marcosm @stephenw10 @cmcdonald @dennypage @arri @w0w @SteveITS @Gertjan @fireodo @chrcoluk and everyone else that has contributed to this discussion and process.

    Hopefully, this change will help reduce the change of storage failure for all devices running pfSense, especially those using small-sized and/or eMMC storage.

    It is encouraging to see that additional areas have been identified for further improvements to storage wear and space usage.

    We have progressed a long way from "you're holding it wrong." 😉

  • Information about hardware available from Netgate

    44 Topics
    211 Posts
    AriKellyA

    It looks like unified web management could be coming soon. It would be great if it means easier control and management of all web services in one place. Let's see if any companies announce more details about it!

  • Feel free to talk about anything and everything here

    3k Topics
    19k Posts
    L

    @Wylbur Сould you try connecting a single PC directly to the ISP’s modem to verify internet access, as @SteveITS mentioned? If that works, it might point to a configuration issue in pfSense. Also, have you checked the WAN interface settings in pfSense to ensure the gateway is properly set and there’s no firewall rule blocking outbound traffic?

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.