Some wireless clients periodically report no internet access

By The Dark Knight
in Smart Home, Network & Security

 Share

Recommended Posts

Veteran

The Dark Knight

Posted
  • Author
Posted

So I've moved my Pi-hole on to a new dedicated VLAN and have temporarily setup an allow all rule on the interface. I've created more rules that only allow specific movement of traffic based on what made sense to me. I'll actually be surprised if the proposed rules I've set are correct! Sorry, still learning all this! ;)

 

pihole-vlan.thumb.png.ee6063a8e6857fe68065096c3b0437b1.png

 

Also, what should the NAT Redirect rule look like now? Previously there was an invert match on LAN only. Should I leave it like that? I basically want Pi-hole to handle DNS for my primary LAN only. Other networks are using Cloudflare.

Veteran

The Dark Knight

Posted
  • Author
Posted

By the way, my original problem has now gone away completely. Turns out I was having that issue because I changed something somewhere. No idea what though! A fresh setup of pfSense, and all is well again! :)

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

where are those rules?

 

You have an any any rule? at the top - any other rules below that mean nothing.  And rules are placed on the interface where traffic would enter pfsense.. If you want to allow lan to your pihole vlan then the rule would be on your lan interface not your pihole interface.

 

Yes your port forward would be on your lan interface and sure !lan address still works.

 

Rules are evaluated on interface where traffic enters pfsense from the network the interface is attached too.  First rule to trigger wins, no other rules are evaluated.

Veteran

The Dark Knight

Posted
  • Author
Posted

I created these rules on the new Pi-hole interface. Yes, I did make the any to any rule but that was meant to be temporary. Unless that is the only rule required? I created the other rules thinking it could be locked down for specific movement of traffic. Wanted you to vet them before I enabled! I already have a LAN to any rule (the default one). And yes, do know that rules are evaluated from the top. :)

 

Cool, so will change the NAT Redirect rule accordingly!

 

Thanks BudMan for all your help! :happy::beer:

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

Well if that is on your pihole interface then the dest pihole net is never ever going to be used.. Since the interface would never see such traffic..

Veteran

The Dark Knight

Posted
  • Author
Posted

Oh ok. So I'll delete them and only keep one Allow to Any rule on the interface then. And of course the NAT Redirect rule.

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

well you can for sure lock it down if you don't want the pihole vlan to create traffic to your lan - but since its really just a vlan to allow for the redirections of the dns I wouldn't think there are any security concerns.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Posts

    • Microsoft about to radically change how often your Edge browser updates

      By seacaptain · Posted

      Why? Does anybody actually want this? The constant need to close all browser sessions and wait for a new version to install, just so that there’s a integrated coupon manager feels like a waste of everyone’s time
    • Louis Rossmann suing Samsung over "990 Pro SSD warranty scam"

      By PsYcHoKiLLa · Posted

      I remember when Louis used to just do interesting Mac/iPhone repairs, now he's boring and just launches "crusades" every week
    • Microsoft releases new Windows 11 Media Creation Tool with the latest updates

      By ad47uk · Posted

      A shame it don't allow people to bypass the MS account, I will stick to using Rufus.
    • Microsoft about to radically change how often your Edge browser updates

      By zikalify · Posted

      Microsoft about to radically change how often your Edge browser updates by Paul Hill Microsoft has just announced that starting with Edge 152, it will be moving to a two-week release cycle for faster, smaller updates. This faster release cadence will begin on August 27. This change comes just several months after Microsoft switched Visual Studio Code to weekly updates. The company said that the Extended Stable releases will remain on an eight-week cycle and that no admin changes are needed to experience the faster release cycle on the Stable channel. The new two-week release cycle will enable the faster delivery of security updates and platform improvements, all while reducing the size and complexity of individual updates. Microsoft claims that organizations will benefit from this change as it offers predictable validation cycles. For organizations that prefer a “more deliberate pace”, the Extended Stable channel remains an option. This change will affect Edge Stable releases on Windows, macOS, Linux, and mobile. The Extended Stable channel will continue to be updated every eight weeks, or every fourth Stable release, for example: versions 152, 156, 160, and 164. The Extended Stable could be a good option for organizations that don’t want the latest updates twice a month and don’t want as much hassle constantly updating browsers. In the case of Visual Studio Code, many of the updates being pushed by Microsoft are AI-related. As we all know, Microsoft Edge has a lot of AI features, so we could see Microsoft pushing more AI, thanks to the faster cycles. On the flip side, quicker releases could mean faster security updates, which is beneficial in a world where AI systems are hunting for software exploits. What do you think? Let us know in the comments. For more updates on Edge, be sure to follow Neowin's coverage. In May alone, we reported on Edge offering in-browser pop-ups to assist users with website compatibility issues, that Edge was losing Copilot Mode, and that Microsoft had fixed a plain-text password bug in Edge. Source: Microsoft 365 Admin Center
    • Euro-Office must default to ODF to be considered "genuinely European", LibreOffice argues

      By ad47uk · Posted

      not yet, because at the moment it is not a threat to MS, if and I mean if it did become a threat to MS Office, then it may be a different thing. MS don't like competition

  • Recent Achievements

    • Week One Done
      davidbazooked earned a badge
      Week One Done
    • One Month Later
      Jamswaz earned a badge
      One Month Later
    • Week One Done
      Jamswaz earned a badge
      Week One Done
    • Rookie
      Marzoid went up a rank
      Rookie
    • Community Regular
      coch went up a rank
      Community Regular

  • Popular Contributors

    1. 1
      +primortal
      514
    2. 2
      PsYcHoKiLLa
      185
    3. 3
      +Edouard
      159
    4. 4
      Steven P.
      83
    5. 5
      ATLien_0
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!