Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Bob.Dig

#1
Quote from: nero355 on June 30, 2026, 06:35:22 PMI get that, but the question is : Why not ?!
In is important, out is just nice. Many people in the US probably had cable-modems web-UI on 192.168.100.1 for statistics.
#2
I use hybrid mode. The Automatically generated rules in SNAT are less then in NAT: Outbound. For me, it looks like, wg0 networks and 127.0.0.0/8 are missing.
Also static port is not shown in the summary/has no column.

Edit: Interesting, according to the docs, Step 4(b) - Create an outbound NAT rule, you have to add this manually for WireGuard. Still, for me it was in automatic in outbound and isn't in SNAT (visible).
#3
Quote from: glenb2 on June 30, 2026, 03:00:03 AMSorry if this is a dumb question
That is how routing works, if it is not local, it gets out the default gateway.

Why is your last screenshot not showing any ports, that is dumb for sure.
#4
Thanks for pointing to that discussion. My English ain't that good, so I have the feeling, that I still might miss something. Let's say I have two WANs, for both I block RFC1918 outgoing, so I used one floating rule. But for one WAN, I have an allow rule for WAN_network before that. Now I am forced to do things differently.

Quotein which you can move rules at any spot you want
That sounds like more freedom but yet we will get less. :)
I kinda think that you could achieve that goal in the same time without that floating-decision, I can't see that benefit, yet. ;) And some people hate any friction.
#5
Quote from: OPNenthu on June 29, 2026, 04:13:14 PMthat floating rules have special properties.
They have, in pfSense. And you can select different interfaces, which is special too, for both. 

Btw. I don't understand, why the choice for creating a floating rule for one interface only has been taken away from users. Is there an actual, good reason? What does it solve to not allowing it. 
#6
Quote from: silmarine on June 29, 2026, 12:38:11 PMI will just make the network aliases manually
Why? There is one for every Interface. Also you can create a RFC-1918-Alias for all private IPv4.
#7
Don't use floating in the first place, it is not meant for that. First learn the basics (and then you still don't use floating). Post a screenshot of your new rules if it still doesn't work out for you.
#8
So you testing externally, ok. A network diagram could help, especially what is ULA and what is GUA.
None the less, WireGuard-interfaces don't have reply-to by default. You have to go in the firewall-rule on your WireGuard-interface, which allows the traffic, tick advanced mode and then set the reply-to to your gateway of choice: WireGuard.

You have a lot of other variables though, so good luck. :)
#9
Quote from: inkeliz on June 24, 2026, 07:27:42 AMIf I send one UDP/TCP/ICMP packet to 2001:my:isp:1111::4242 I get a reply from the same 2001:my:isp:1111::4242.
What does this even mean. You ping your own IP-addresses? This is not a valid test I would guess.
#10
Why? Did you make your rule right this time?
#11
Why do you set a source port... Ok, the WebUI could be a little more specific about that.
#12
Quote from: lumilumi on June 14, 2026, 03:48:52 AMdoes anyone have any other recommendations?
Get a all-in-one box, it will be more secure for you than doing the stuff all on your own.
#13
Quote from: kruemelmonster on May 29, 2026, 12:13:45 PMAllerdings habe ich auf meiner Sense (reiner Heimgebrauch) die LANs/VLANs nur ausgehend dicht und regele hauptsächlich dort die Querzugriffe zwischen den Netzen.
Hoffentlich nicht und Du verwendest nur die falsche Begrifflichkeit. Hover mal mit der Maus über den Pfeil in deinen Regelen und da wird Dir vermutlich "in" angezeigt und nicht "out".

Quote from: kruemelmonster on May 29, 2026, 11:57:20 AMDemnach kann ich die unter "Rules [New]" also löschen.
Du hast doch gerade dahin migriert, warum willst Du ausgerechnet dort Regeln löschen.
#14
Wobei der Stammtisch auch nicht der "wir machen deine Hausaufgaben"-Tisch ist. 
Quote from: chrisfnf on May 26, 2026, 11:27:06 PMin dem VLAN, mDNS und IPv6 zusammen behandelt werden
Warum auch, Du musst schon jedes Thema für sich lernen und wenn dann noch was offen ist, ggf. fragen.
#15
Interesting, now I see the potential for trouble. ;)