Not directly related to the OP in this thread but it's quite similar: If your upstream DNS does not return NXDOMAIN on failure, but rather returns an IP for its oh-so-helpful (not) search page instead, you can see similar failures to resolve DNS in the expected order. If you resolve host "www.google.com" (no trailing .) and it tacks on the domain, "www.google.com.example.com" and your upstream DNS returns a response record for that, it will use that IP. OpenDNS does this, so their landing page IP 67.215.65.132 may turn up in your DNS responses. DNS needs to see the NXDOMAIN to continue the search, so if you can switch off that option in your upstream DNS that's best, failing that, change to an upstream DNS server that does return proper NXDOMAIN records. Another similar failure can happen if you use wildcard DNS for your domain.

It's working! I installed a new nic in the PCI slot.  I was using the onboard MB nic before for opt1.  apparently it was crap.  Thank you for all your assistance on helping me figure out it was a hardware issue.

If you worked with the other dyndns code, is it somehow possible to trigger the detection of the external WAN address and write that to a file? That whould help, as it could be written to the nsupdate file.

@bradenmcg: In my area, Time Warner will issue up to 3 IPs (free) on my tier of service. How are these IPs allocated? On request by DHCP? Do the requests need to come from different MAC addresses? Perhaps there is a single IP address and you can use an additional two on the same subnet? @bradenmcg: I guess I could work-around by plugging the cable modem into my (managed) switch and using VLANs and OPT interfaces to get the additional IPs without requiring more physical interfaces on the pfSense box… But I'd have to treat them like a multi-WAN setup, which it really isn't - just multiple IPs that I'd like to be able to use as alternate sources / rule options for "WAN." How do you envisage that would work? Without more details of how this "issue up to 3 IPs" happens it is difficult to answer your questions. Will these IPs be very dynamic? If so, what would be the use of using them as "alternate sources for 'WAN'"?

@Nonsense: Ah, I tried the setup quickly, early this morning, when I was in a rush.  I retried it again and discovered that I had neglected to configure the "destination" changes in the rule this morning.  It appears to be working now–I'll find out if it still works the next time I reboot pfSense.  Thanks ptt and johnpoz. :) Bad network admin.  Fixed/hardcoded IPs on clients are bad juju.  pfSense can do DHCP reservations - use them.  DHCP makes your life much easier.  Why do you want your life to be difficult?  ;D

Oh, I overlooked the fact you said it's only attempts that's triggering Snort, I thought you actually had responses going out. Generally the requests will come in at a rate adequate to peg your upstream, which you'd notice, and your states show you aren't actually responding. What you're seeing is just typical Internet noise that you can't do anything about. Usually such attempts are targeted at IPs that are known to be running an open resolver, so if you have a dynamic IP that's recently been assigned to you, it's likely someone else was running an open resolver on that address previously. Sometimes they're just blindly fired though. You just have to ignore things like that, nothing your ISP is going to be able to do or even cares about, and nothing you can do about it. You're blocking it. This is a good example of why I usually don't run Snort on WAN or outside the firewall. Too much noise that you're blocking and hence don't need to care about. Snort generates enough noise without adding a slew of things you're blocking to the list.

OK I will try to make tests. Thanks. I´ve just notice that some firewall rules stop to work after returning to original factory and recover the backup. For example my rule to send all packages on the 443 port to my wan link (to not use loadbalance because access to banks). Thanks and regards

Perhaps you have multiple DHCP servers on your network. Perhaps you have another system with IP address 192.168.1.188

I quit running squid after I reset to defaults, but by that time the disk was full. I ended up reinstalling because I was already at near zero configuration. I am 100% sure that squid was culprit, or my configuration of squid to be exact. I'm guessing I added a digit when I was setting up the amount of disk space it could use for caching.

Does your dhcp server also do NAT for your network, or route your other devices that are on public IPs? pfsense is designed to be your networks gateway/firewall to the internet.  It can be used as just an internal router/bridge/firewall - but by default its going to expect your internet to be on its WAN, and then NAT all your devices to your public IP behind it. I am guessing your dhcp and if it does dns that is maybe a AD DC?  If so it should be behind your gateway/firewall - and you can just have it forward its external dns to pfsense, or outside for public dns.  And all your internal clients would still use it for your internal AD dns, etc.

If you haven't seen it: this might help you: http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

I fixed this up on 2.1 last week https://github.com/bsdperimeter/pfsense/compare/752c6ca8117e05e6bb74115d2199dab7ff99168d…0a35ca7ccf198cfa6654ccc17741005a58cd6aee

How is this related to pfsense?  If you are having issues with server 2012 you really should be on a windows support board. But if your dc is on 192.168.7 – and then you hand out clients 192.168.50 addresses, how exactly do you think they are going to talk to 7.200 for dns?? If you want  to use .50.x as your range - then change your dc to be on that network, and I would assume your using pfsense as your gateway.  Its lan IP will also have to be on this .50.x network.

How many clients? If you have a lot of clients or a large amount of lease turnover, ALIX may not have enough RAM or space for the DHCP leases file to keep up.

On 2.1 you could (though it would be a bit cumbersome) setup separate DHCP pools and put in the list of MACs on one to allow and deny on the other, and they can have unique DNS servers that way. Of course that would only last until the kids figure out they can hardcode an IP/DNS or spoof their MAC and get around the restrictions. Separating them onto a distinct network is best, assuming they don't have physical access to the gear to switch themselves over to the other network… How much you need to worry about that stuff really depends on how smart/sneaky/crafty the kids are :-)

@esnakk: it seems Win XP "does something wrong" (not following standards/protocols correctly probably), When we connected a test-computer running Mac OS X everything worked fine. Not going to say that MS does everything by the RFC's - but come on XP at one point was what 80+ % something of the market share for OSes..  You can find this sort of info at  http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10 It currently shows still having 35% of the market – that is still a shit load of computers.  If it was doing something wrong that broke networks or didn't work with devices, etc.  It would be a pretty big issue and would of never gotten any significant share of the market.

Totally agree! Use AD server to act as a DHCP. Then in DNS on the server go to the DNS forwarder and put them to 8.8.8.8 google ETC and let it forward traffic on. Pfsense doesnt need to be involved really accept to make the inital connection.

Put up your OpenVN server config.