Thanks jump. I may well go for a pfSense box on an esxi server. I need an SMB server to share files and I could run pfSense on the same hardware (already do that at the other end anyway). Will update the thread when I have it working.

I took a break from this, but I still have not got this going.  If anyone has any suggestions on the issue, please let me know.  I suppose it's time to keep trying different things.  :-\

@LinuxTracker:

Interestingly, my IP is one that shows open.
nmap seems to indicate that I (and other IPs in my /24) have 1900/2864 UDP open w/ no services.

Just a misunderstanding of port scanning UDP. With UDP, either you get an ICMP unreachable, so the port is closed, or you get no response at all, which either means the port is open or it's filtered by a firewall. That's what "open|filtered" means in nmap. Not very helpful, but there is no difference in response between an open UDP port and one that a firewall is silently blocking.

Tools that actually send a UPnP request and will check for responses will be able to determine whether it's open or filtered. A UDP port scan can't differentiate between those.

Don't know the exactly solution - please search the forum you will find some solutions for that.
As far as I know there were problems with different perl versions und wrong symlinks and so on.

Another solution could be to just run the lightparser.pl and see if it works or not.
Doing a "full refresh" on the GUI and click "CTRL+F5" to reload the browser windows/logs without the browser cache

Right now it's only an opt-in trial so I'm not too worried.
Plusnet are by far the best ISP I've ever dealt with, their customer service is quite frankly astounding. So I'd be very surprised if they started forcing CG-NAT on their users.

http://community.plus.net/forum/index.php/topic,110652.0.html

Steve

Sorry for the late followup on this. Finally resolved the issue. The DNS was open to public, closed that and after a week it all went back to normal.

Thanks everyone for the input and help. Learning as I go.

~ Tom

Your picture looks nice but the link is to a thumbnail so it's hard to appreciate it fully.  ;)

1: Is there any particular reason you are using the wifi APs for DHCP? In my opinion it would be much better to use pfSense for DHCP on each interface. Doing that makes it much easier to keep track of the leases or to hand out static addresses for filtering purposes. All your admin can be done in the one place rather than having to log in to each AP to change things.

2: Normally you would not bridge them. pfSense will route traffic between them if you have firewall rules in place to allow that so that you can access, say, the AP in zone 2 from a computer in zone 1. The only reason you would bridge the interfaces would be in you had software that needed to see machines in the same subnet. Many media player programs will only look for servers in the same subnet for example.
By default all traffic from the additional interfaces will be blocked so you will need to add firewall rules to allow traffic that you want. Only the LAN interface has a default allow rule.

3: You can add a rule to allow traffic from Zone 2 to the printer but no other address. Better, you can restrict that rule to allow access only from specific clients in zone 2 if you have all static dhcp leases.

4: Squid with Squidguard is a lot more mature (in pfSense at least) but Dansguardian has more/better filtering options.

5: You could use VLANs to get more interfaces in pfSense without having to add further NICs however I don't believe you will need to. Do your switches support VLANs? Do your APs?

Steve

We fixed m0n0wall's CSRF issues over 2 years ago with csrfmagic, same thing they implemented recently. 2.0.2 fixed a couple that were found more recently.

At (very long) last:

http://www.freebsd.org/releases/9.1R/announce.html
http://www.freebsd.org/releases/9.1R/relnotes-detailed.html

Thanks :-)

Happy/Merry/Joyous $winter_solstice_holiday

You are currently running Double NAT, which is a very undesireable setup. See if you can get your modem/router to be in bridge mode so the real wan address goes to the pfsense box.

Thanks it worked, I wish you a Merry Christmas

Pffft i probably wont shut up as i mess everything up LOL its not live as i havent received my Intel dual nic, I have been messing around with the settings on the box with nothing but the realtec and an add on 10/100 old intel

Yes, I tried WebGUI, and indeed, when the cover is closed on the CPU load is less than when open.
WiFi there is little used, and the load is too small. With him there is no such problem.
No, I do not use QoS and Traffic Shaper.