@jimp: When dealing with an AD Domain, it is usually best to leave DNS and DHCP handled by the DCs. You can set the DNS forwarders on the DCs to the pfSense router, but the clients should still point to the DCs directly for DNS. Yea finding that out now.  I'll leave the AD server to deal with local DNS and then forward all other requests to the Pfsense box.  I'll test out DHCP, i'd like to keep that under Pfsense, but if i can't i'll keep that on the AD server as well.

Thanks wallabybob for calling out the routing issue.  Though your suggestion didn't immediately solve my problem, it got me to thinking and I decided to call my ISP for additional information on my IP address block.  It turns out that I needed to use a different IP range on the WAN side of the interface.  Case closed.

Hi, dc0 also has the "Bridge with" option set to none. However I tried force saving the same configuration again and then rebooted pfsense. And after that, the bridge was gone :) I've enabled the DHCP on both interfaces and now everything works fine(I will do some more tests though!). I remember that some time ago when I first tried to configure the second interface dc1 I've tried to bridge it with some other interface. Even though I think pfsense has been rebooted a few times after that, it seems that for some reason that bridge interface never was removed and that was the reason for this strange behavior. Thank you very much jimp and wallabybob for your support! This forum rules ;)

If the DNS query from pfSense is supposed to go across the IPsec tunnel, you also need to be aware of this: http://doc.pfsense.org/index.php/Why_can%27t_I_query_SNMP,_use_syslog,_NTP,_or_other_services_initiated_by_the_firewall_itself_over_IPsec_VPN%3F

@tux3132: I think that my switch has an implementation 802.1q buggy. Might be worth checking the switch support web pages to so see if there is a firmware upgrade or if others have reported similar problems. What switch are you using? @tux3132: Question : if I plug a cross cable between my server and my client Debian on which I have installed and configured the vlan packet, is it functional ? If both ends of the cable support VLANs and are configured compatibly it should work. (I know nothing about configuring VLANs in Linux.) You probably won't need a cross over cable since it seems your NICs are pretty modern. Using a cross over cable won't hurt.

@brah: Contrary to what the hint says, if you disable the override checkbox, the DNS Forwarder still works. It (the DNS forwarder) should should still work, unless you disable the DNS forwarder. That override box doesn't disable the DNS forwarder it just controls where the DNS forwarder gets its name service: the DNS in the box above OR the DNS specified by the DHCP server upstream of the WAN interface. @brah: @wallabybob: I don't understand what this means: @brah: The problem I'm having is that the WAN DNSs dissapear from now and then, but are still reachable, leaving my whole network without DNS service. Until I read "but are still reachable" I thought you meant your manually specified WAN DNSs went offline for a while. They don't go offline, they just disappear from the interface, which is why everything work fine if I set them as static. Sorry, but I don't understand the explanation: from what interface do the DNSs disappear? Back to the original statement: @brah: If I go into General Setup I can set a static DNS instead of taking the ones provided by my ISP, but if I do this the DNS Forwarder entries stop working. I have two static DNSs specified in General Setup  to override DNS specified by my ISP. My DNS forwarder entries (specified on Services -> DNS forwarder) work. This has continued to work across a number of reboots.

Thanks JimP. I usually listen to Leo and Steve's podcasts (here for those with some interest in what I'm talking about - they can be found here: http://twit.tv/sn or on ITunes search Security Now)  in the background while doing other things. He sure can ramble.. The words caught my attention. It will be intesting to hear from which side of the network he contends these "crashes" can source from. And yeah maybe linksys/belkin/dlink type devices. I think I did hear those names. For those reading this thread, I'll revise it after next week if he discusses this. We'll see.

Seems that this error ocurred because of I forgot to disable the "Open WAN Rule" that comes with the appliance. Disabled it and now the error doesn't appear anymore.

im sorry if make confusing the issue … i just read the subject : (help) I need to protect my server from NetCut MeroMarko, you get advantage or disadvantage from NetCut app ? or maybe, if some one on your network use NetCut app, you get advantage or disadvantage ?

yes, it works i forgot create a host map to the public IP :p thx for ur helping,

There is already a similar enhancement request in redmine for "future" - it should be possible, though generally if you have separate subnets they are on separate interfaces so doing exactly what you propose isn't necessary.

Getting off topic, but I haven't had trouble using simple vlan setups on an Alix. You would create vlan interfaces for each lan with the proper tags, use the vlan interfaces for LAN and LAN2. It's easy to shoot yourself in the foot when reconfiguring, I like to do it via the WAN side. Then make sure the parent interface on pfsense is connected to a trunk port on the switch. There is good info on vlan configurations if you search about a bit.

@jimp: I see. I thought this post about how to do that on the same box. But ohwell, i see. Thank you for response.

Should be fixed now, once my checkins sync to the package server (~5 minutes). I just happened to have a call from a support customer who noticed the same thing, then remembered a forum post mentioning MX records… You can enter either an IP, a hostname, or both as ip:hostname in the box for an MX record. All are valid. If you enter ip:host, it will make an A record internally that points that hostname to the given IP.

Try the custom DynDNS patches here: http://forum.pfsense.org/index.php?topic=27704.new;topicseen#new If they get enough testing/approval they might make it in.

Since you apparently have only one public IP address you will have to use some sort of port forwarding.

Thank you for your reply. Nevertheless I hope I it will be available in the new version. I have seen other posts asking for such or similar functions for the dhcp in the forum. So I am not the only one. I'll keep my fingers crossed :) Best regards! Fishrman

Ok, thanks! I found this also, about pfSense and WPAD: http://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid Regards, Josep Pujadas