If you see the ports open on your WAN IP, and there are no rules on the WAN interfaces, it is probably the device in front of your firewall.

Firewalling / Re: pfSense with a rare networking issue
« on: November 20, 2017, 03:48:01 pm »
At first glance, it look like you have no rules on 'servers' interface. Create a rule allowing source 'servers lan' to destination any, similar to the LAN default rule.

Wireless / Re: Guest Wi-Fi using on-board adapter
« on: November 20, 2017, 10:20:52 am »
This is getting a bit overblown. Especially as, while we don't always agree 100%, I think you (johnpoz), and Derelict are two of the most helpful people on the board. Yes, I suggested a user contact the reseller- for a hardware issue.
The point I was trying to make, is that a wireless board exists, where people can presumably ask questions about using wireless cards in the actual firewall. Telling them it is not best practice is fine. What I thought was out of line was (and perhaps I was reading too much into it) that a new user was being told that he was not deserving of help because he bought some hardware that a mod did not approve of. I have lots of 'official' hardware, and have in the past told people that they should get some decent hardware (like an adi) when they were running on flaky garbage. The OP had a configuration question. I don't like the implication that if you don't have approved hardware, you are not welcome to ask questions. I don't think Derelict meant that, but his response was not in his usual character. How about I buy the fist round of  Old Man Grumpy Ale and we can all get back to normally scheduled programming?

Official pfSense Hardware / Re: Bricked SG-2220
« on: November 17, 2017, 03:40:00 pm »
I would contact Netgate. I'd guess it had the same Atom bug as the 2440 and larger Rangely boxes. If you didn't update the bios to fix it, it may indeed be bricked. IIRC, they are covering Atom failures for three years from purchase, but contact them to confirm.

Wireless / Re: Guest Wi-Fi using on-board adapter
« on: November 17, 2017, 03:31:29 pm »
I'm just wondering why you give them money then post here looking for free support.

You will find that I am fairly opposed to trying to use the wifi stack in FreeBSD/pfSense and that you should just use an external access point like everyone else.

If you want to use an internal wifi adapter, ask Protectli for assistance.
With all due respect, I think that reply is beneath you.
You could have not replied, or stuck with the fact that an external AP is best practice. If someone has an APU, do they need to contact PC Engines? Are they also not welcome to get support from fellow users on a public forum? This is an open forum and users should be allowed to ask questions of the community whether they loaded pfSense on an ADI, an APU, and old Dell server, an HP thin client, or a Chinese mini pc.
You are a mod and one of the most respected and helpful members of this forum. Maybe I'm reading it wrong, but you sounded like you didn't want to help the user just because you disapproved of his hardware choice.

Hardware / Re: New pfsense for soho
« on: November 16, 2017, 01:21:15 pm »
Is Alibaba the same as aliexpress? Canít find an english website for aliexpress.
Follow the link from the Dutch site to the English site. (Go to Global Site) The language will be stuck from when you visited the Dutch site.

Hardware / Re: New pfsense for soho
« on: November 16, 2017, 01:17:22 pm »
Basically, the first link is the box that is being sold on Amazon for 100 more.
I accidentally added the shipping twice, but for a barebones shipped 6-13 days, it's $191.46, so you save $57
Mine shipped free two day from an Amazon warehouse. I've never done a return on Aliexpress, I'd be amazed if was better than Amazon- they have always just sent a replacement and a label to return the old one.
It all depends on your location, how soon you want it, and if you would rather deal directly with the factory, or with a local reseller.
Anyway, they seem to be decent boxes, I'm reserving final judgement until I've had several in the field for a year or so.

Hardware / Re: small 4 NIC (AES-NI) system
« on: November 16, 2017, 12:30:30 pm »
Sorry for being so unclear. It must be owed to my poor english language skills.
No problem. In your country, the best I can manage is ordering two wheat beers and explaining that I don't speak the language well.

Hardware / Re: New pfsense for soho
« on: November 16, 2017, 12:02:22 pm »
I was told on the Qotom thread that the Protectli was not a Qotom, and the hardware looks slightly different.
Nevertheless, I am more comfortable ordering from Amazon than Aliexpress, and have ordered several of the boxes you referenced.
I'm using 4 GB memory sticks and 16 GB msatas that were surplus from laptop upgrades. If you don't order the barebones, it will come with decent memory and a cheap msata. Mine was Samsung memory and a hoodisk msata. Easy install from the memstick, boxes have been solid so far.
edit- Yes, you could get the same box shipped from China in about two weeks (DHL), or you could pay $28 more and get it in two days from Amazon and be able to easily return it if there is a problem. You pay your money and take your chances. Maybe the price difference is greater in the Netherlands, but for me (in the US), it's not worth my time to deal with China directly. Protectli does have some sort of support. I've never had to use it, but I'd rather have someone to reach out to in the same country, if only for time zone and language difficulties.

Hardware / Re: small 4 NIC (AES-NI) system
« on: November 16, 2017, 10:25:51 am »
pfSense SG-2440 would be nice matching too, to that case of usage.
My first thought also, but they are no longer available. They were also more than twice the cost of an APU2. The SG-3100 is twice an APU2, and it's ARM. Even something like a QOTOM or Protectli is going to be around twice an APU2.
The only thread I remember detailing using a miniPICe card in an APU noted they tend to overheat and fail.

FWIW, I recently re-loaded a half dozen old Alix boxes (2D3 and 2D13) with 2.3.5
I used the 2g-nano and they all worked fine. You really need a null-modem cable if you use an Alix.

You didn't mention you were running a double NAT and had multiple interfaces with the same gateway. If you had a wan with a public IP and multiple IPs on the subnet, the instructions I gave would work fine. I doubt if anyone is going to be able help you running a strange config like that. What is the purpose of having multiple interfaces going to the same gateway? AFAIK, you still can't run multiple routing tables in pfSense.

If you want to point your outbound NAT to a pool, you need to create an alias of hosts, consisting of the public ips you want in the pool. Then use manual outbound nat and change the translation address to the alias. You will be presented with options for the pool. You can also enter a subnet directly, but I haven't tried that method.

That cable is fine. One from somebody's old phone is fine. The serial chip is on the SG-2440, you are just connecting it to your PC. Grab an old cable and download putty, the docs are pretty straightforward. If your box is toast, you are going to need to load up a usb stick with the ADI installer and reload the box.

Messages from the pfSense Team / Re: pfSense 2.3.5-RELEASE now available!
« on: November 01, 2017, 11:14:37 am »
Yeah, they are there now. Must have arrived later than the other files.

