@particleman: The purpose of listing two dns is just in case one fails , correct? I think I have read that a DNS client asks all the servers concurrently (presumably to get the fastest response, particularly if a server is not contactable).

Try again in about 5-10 minutes. I just checked in a fix.

Doh! Thank you! Works as expected now.

Ok I think I understand now.  I am currently using my existing Bind server and having it handle my domain, and then forward to pfSense for internet requests.

Thanks guys, I will try the 2.0 beta. Kind regards, Jozef00

Anyone?

XP's repair option does renew the IP address, but I'm not sure it does a release first. Vista/7 go even farther in their 'Diagnose' option, they disable/enable the whole adapter as part of the routine.

H

When working with VLANs: If you assign a VLAN on a parent interface, DON'T assign the interface itself. (ie: vlan100 on rl0, vlan200 on rl0, vlan300 on rl0, rl0 itself NOT assigned). Traffic leaving the pfSense is always tagged. The switch should be apropriatly configured –>accept only tagged traffic from the port going to the pfSense. Drop/block untagged traffic. Traffic going to the pfSense should be tagged as well. We dont assign the parent interface itself so untagged traffic will be dropped on the pfSense side too. I dont see any problem with having VLANs on different parent interfaces.

I want to thank you guys for all the help. So far so good running perfect.

The message stopped.  It seems your trick worked. Thanks.

Well there you go sinac, you've got two answers now! Jimps is much easier than mine so I'd go with that.

Put the untrusted guest users behind captive portal on an OPT interface Put the full access users on LAN Segregate them with separate switches or VLANs. If you don't want the full access users to get to porn and such, you'll also need to run squid+squidGuard and such. I'm not sure how well that plays with captive portal these days though.