For future reference, if you need to track down who is making a specific query, you need only put "log-queries" into the DNS Forwarder advanced options. Then the resolver log will contain all DNS queries along with the IP addresses which made the requests, for example: dnsmasq[19543]: query[AAAA] packages.pfsense.org from 127.0.0.1

@johnpoz: And are you appending what they suggest?  Say something like? something like regexi ^(http://www.google../search?.) \1&safe=active regexi ^(http://www.google../images?.) \1&safe=active to do the rewrite of the url? I used the above mentioned regular expression in rewrite option available in Services->Proxy Filter, but the result is same. Safe search was not enabled in google. @johnpoz: Are you blocking https searches? I have enabled SSL filtering option in Proxy server and due to which every HTTPS website gets blocked. So I added www.google.com to the whitelist and tried to redirect it using rewrite option as well as DNS forwarder and the result is still the same i.e No redirection and No safesearch enabling.

No problem, I'm happy to say I learn a little more every day I check through the forums  :)

I make LANGW as defaultGW and it's ok

Did you look at the TFTP package that's available under System->Packages->Available Packages ? Might be a little easier to handle for many folks. :)

Just as I suspected.  Glad to see you got it working.

For internal domains, use tld that is internal only.. I use local.lan for my local domain if you registered domain.ca - then use domain.lan for local or domain.local or domain.whatever that is not a public tld and tells you its local.

Yes, once you have installed Marcello's mod for multiple scopes, then you can provide true separation of dhcp scopes outside of the interface range. The dns server(s) are defined per scope (or default if you leave them empty) Can't remember if you can do this with standard config, sorry :-[ See bounty:  https://forum.pfsense.org/index.php?topic=65736.0 (funny, 2nd time today I refer to this bounty… people are going to suspect me for publicity ???)

Ok, forget about viconfig. Your setup might not survive it. A good XML is what you need. Btw: I read about bugs, but I never found Gremlins in my firewall …. You're sure ? ;)

Humm, interessting. Read here for some more info https://forum.pfsense.org/index.php?topic=72514.msg427622#msg427622 - I guess I have the same issue. I've a work around proposed over there. The end of /etc/rc.newwanip:         .......         restart_packages();         filter_configure();         sleep(5);         log_error("rc.newwanip: Done some sleeping. Go for DynDNS ...");         /* perform RFC 2136 DNS update */         services_dnsupdate_process($interface);         /* signal dyndns update */         services_dyndns_configure($interface); } else         /* signal filter reload */         filter_configure(); ?>

Always happy to take credit for you doing all the work  ;)

No problem - sorry I missed it the first time I looked at the rules ;)

Strange indeed. I guess I have a 'basic setup' with 3 interfaces, WAN, LAN and OPT1, my Portal interface with its own DHCP instance. When I activated "Deny Unknown clients" my logs started to fill up with: 06-21-2014 17:50:02 Local7.Error 192.168.1.1 Jun 21 17:50:06 dhcpd: DHCPDISCOVER from 0c:77:1a:2b:13:35 via sis0: network 192.168.2.0/24: no free leases 06-21-2014 17:49:54 Local7.Error 192.168.1.1 Jun 21 17:49:58 dhcpd: DHCPDISCOVER from 0c:77:1a:2b:13:35 via sis0: network 192.168.2.0/24: no free leases 06-21-2014 17:49:49 Local7.Error 192.168.1.1 Jun 21 17:49:53 dhcpd: DHCPDISCOVER from 0c:77:1a:2b:13:35 via sis0: network 192.168.2.0/24: no free leases 06-21-2014 17:49:47 Local7.Error 192.168.1.1 Jun 21 17:49:51 dhcpd: DHCPDISCOVER from 0c:77:1a:2b:13:35 via sis0: network 192.168.2.0/24: no free leases And of course, my 'client' device didn't get an IP anymore …... The only thing I don't have neither use, is VLANs ......

I have a setup which works for me and should work for you as well: Modem (Bridged) > pfSense > Switch Server and clients connected to same switch. I have got a single AP (Linksys WAP54 kind of) which is also connected to same switch. AP does not do any DHCP etc; let us say it is just doing ethernet to wi-fi conversion. DHCP and internal DNS are handled by server. pfSense takes care of rest i.e. firewalling, caching, etc.

Bit of a kludgy solution, but there are a few boot loader options you can set to delay the start of pfsense. If you go to Diagnostics->Edit File->Browse, look in "boot" folder for a file named loader.conf.  There should be a line that says "autoboot_delay="3".  This is a builtin start delay when rebooting pfsense just before the 2nd stage of the boot process begins.  You can increase this to build in a wait for the satcom to come alive, the value is in seconds.  You click "Save" to save you changes. Be careful when editing internal files! You can definitely muck things up badly in there.  I would suggest you take a backup before you start so in the worst case you could a fresh install and then simply restore the backup. Good luck  :)