Some wireless clients periodically report no internet access

By The Dark Knight
in Smart Home, Network & Security

 Share

Recommended Posts

Veteran

The Dark Knight

Posted
  • Author
Posted

So I've moved my Pi-hole on to a new dedicated VLAN and have temporarily setup an allow all rule on the interface. I've created more rules that only allow specific movement of traffic based on what made sense to me. I'll actually be surprised if the proposed rules I've set are correct! Sorry, still learning all this! ;)

 

pihole-vlan.thumb.png.ee6063a8e6857fe68065096c3b0437b1.png

 

Also, what should the NAT Redirect rule look like now? Previously there was an invert match on LAN only. Should I leave it like that? I basically want Pi-hole to handle DNS for my primary LAN only. Other networks are using Cloudflare.

Veteran

The Dark Knight

Posted
  • Author
Posted

By the way, my original problem has now gone away completely. Turns out I was having that issue because I changed something somewhere. No idea what though! A fresh setup of pfSense, and all is well again! :)

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

where are those rules?

 

You have an any any rule? at the top - any other rules below that mean nothing.  And rules are placed on the interface where traffic would enter pfsense.. If you want to allow lan to your pihole vlan then the rule would be on your lan interface not your pihole interface.

 

Yes your port forward would be on your lan interface and sure !lan address still works.

 

Rules are evaluated on interface where traffic enters pfsense from the network the interface is attached too.  First rule to trigger wins, no other rules are evaluated.

Veteran

The Dark Knight

Posted
  • Author
Posted

I created these rules on the new Pi-hole interface. Yes, I did make the any to any rule but that was meant to be temporary. Unless that is the only rule required? I created the other rules thinking it could be locked down for specific movement of traffic. Wanted you to vet them before I enabled! I already have a LAN to any rule (the default one). And yes, do know that rules are evaluated from the top. :)

 

Cool, so will change the NAT Redirect rule accordingly!

 

Thanks BudMan for all your help! :happy::beer:

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Well if that is on your pihole interface then the dest pihole net is never ever going to be used.. Since the interface would never see such traffic..

Veteran

The Dark Knight

Posted
  • Author
Posted

Oh ok. So I'll delete them and only keep one Allow to Any rule on the interface then. And of course the NAT Redirect rule.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

well you can for sure lock it down if you don't want the pihole vlan to create traffic to your lan - but since its really just a vlan to allow for the redirections of the dns I wouldn't think there are any security concerns.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Microsoft unveils new Surface Laptop with improved trackpad, Snapdragon X2, and more

      By FunkyMike · Posted

      Not even an OLED display on the laptops. Also it seems that the laptop design isn't the same as the Surface Ultra model. Looks like bargain bin at high prices.
    • Microsoft announces 12th-gen Surface Pro with Snapdragon X2 processors

      By tsupersonic · Posted

      make your own notch - it's not that hard
    • VirtualBox 7.2.10

      By Copernic · Posted

      VirtualBox 7.2.10 by Razvan Serea VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use. Targeted at server, desktop and embedded use, it is now the only professional-quality virtualization solution that is also Open Source Software. Presently, VirtualBox runs on Windows, Linux, macOS, and Solaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista, 7, 8, Windows 10 and Windows 11), DOS/Windows 3.x, Linux (2.4, 2.6, 3.x, 4.x, 5.x and 6.x), Solaris and OpenSolaris, OS/2, OpenBSD, NetBSD and FreeBSD. Some of the features of VirtualBox are: Modularity. VirtualBox has an extremely modular design with well-defined internal programming interfaces and a client/server design. This makes it easy to control it from several interfaces at once: for example, you can start a virtual machine in a typical virtual machine GUI and then control that machine from the command line, or possibly remotely. VirtualBox also comes with a full Software Development Kit: even though it is Open Source Software, you don't have to hack the source to write a new interface for VirtualBox. Virtual machine descriptions in XML. The configuration settings of virtual machines are stored entirely in XML and are independent of the local machines. Virtual machine definitions can therefore easily be ported to other computers. VirtualBox 7.2.10 changelog: VMM: Fixed issue when CentOS 10 VM was not booting due to the message "Fatal glibc error: CPU does not support x86-64-v3" (​github:gh-642) Devices/EFI: Fixed booting issue when ARM VM had less than 1024 MiB of RAM assigned (​github:gh-679) USB: Fixed issue when it was not possible to attach USB device to headless VM on Apple Silicon/macOS 26.4.1 (​github:gh-631) Storage: Fixed issue when VIRTIO-SCSI device was not recognized as SSD device by guest system (​github:gh-634) Network: Fixed issue in E1000 emulation code which triggered debug log creation (​github:gh-645) Network: Fixed issue in E1000 emulation code which prevented OS/2 guest from booting (​github:gh-683) Linux Host: Fixed issue when VMs could not be started due to kernel oops (​github:gh-639) Linux Host and Guest: Fixed issue when kernel modules were failing to build with openSUSE 16.0 kernel Linux Host and Guest: Added initial support for kernel 7.1 Linux Host and Guest: Added extra fixes for RHEL 9.8 kernel (​github:gh-676) Linux Host and Guest: Added possibility to build source code using NASM instead of YASM as the assembler (​github:gh-520) Linux Guest Additions: Added initial support for Extended Data Control Protocol for clipboard sharing with Plasma on Wayland guests (​github:gh-33) Linux Guest Additions: Added extra fixes for preventing vboxvideo kernel module build with kernel version 7.0 and newer (​github:gh-655) OS/2 Guest Additions: Fixed issue when Shared Folders automount and clipboard sharing stopped working (​github:gh-551) Download: VirtualBox 7.2.10 | 170.0 MB (Open Source) Download: VirtualBox 7.2.10 Extension Pack | 19.1 MB View: VirtualBox Home Page | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • UK to ban under-16s from social media following a six-week trial with teenagers

      By FloatingFatMan · Posted

      OK, now ask yourself how are they going to enforce that law? By requiring every single adult to prove their age and provide their legal identity documents to an UNREGULATED 3rd party company that already has a long track record of multiple data breaches. Not to mention, parliament have voted AGAINST this ban, twice, and Starmer is going ahead anyway. So, where's the democracy here, because that looks like dictatorship to me. The solution here is parental responsibility, not government control. Run some public service announcements on TV and UK social media teaching parents how to setup parental controls. That's already been proven to actually work. But the, this is not and has NEVER been about keeping kids safe. It's about control and monitoring. Watching what you're doing online and controlling what you can see and what you can say.
    • what other retro software do yall use

      By +InsaneNutter · Posted

      Interesting read. I knew the adware was quite controversial at the time, however never realised to the point The Guardian wrote an article about Patchou. I just said no and enjoyed his creation, I’d probably be a lot more wary of something like that today though.

  • Recent Achievements

    • One Month Later
      Prasann earned a badge
      One Month Later
    • Week One Done
      Prasann earned a badge
      Week One Done
    • First Post
      Dys Topia earned a badge
      First Post
    • Collaborator
      vjlex earned a badge
      Collaborator
    • Reacting Well
      Dys Topia earned a badge
      Reacting Well

  • Popular Contributors

    1. 1
      +primortal
      525
    2. 2
      +Edouard
      180
    3. 3
      PsYcHoKiLLa
      105
    4. 4
      Steven P.
      89
    5. 5
      ATLien_0
      70
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!