There are a bunch of implementation, OS-reliability and security issues to be thought through. If the BIOS just goes looking for attached "memory disks" and maps them into the 64-bit physical address space seen by the CPU(s) then BIOS memcheck diags, BIOS functions that zero all of memory and the like have to be VERY careful to still understand what is built-in-local-run-time memory and what is some poor sods "memory disk" with a file-system that they care very much about.

Similarly if the "memory disks" are mapped into physical address space by some OS loader code (or done already by the BIOS) - the OS has to be VERY careful with its physical address space management, not to accidentally zero some pages that are somebody's file system storage.

@rsumook:

i called thru landline our domain name registrar…

Honestly, why would you want to run your own name server?

You had to call your registrar (through landline!) to get these informations? Really? You could have looked them up easily yourself. If you don't know how to do that you don't want to run your own public DNS server. Really not.

;; QUESTION SECTION:
;example.com. IN ANY

;; ANSWER SECTION:
example.com. 86399 IN A 93.184.216.34
example.com. 86399 IN NS a.iana-servers.net.
example.com. 86399 IN NS b.iana-servers.net.
example.com. 3599 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2016110744 7200 3600 1209600 3600
example.com. 59 IN TXT "v=spf1 -all"
example.com. 59 IN TXT "$Id: example.com 4415 2015-08-24 20:12:23Z davids $"
example.com. 86399 IN AAAA 2606:2800:220:1:248:1893:25c8:1946

There's everything in for example.com
You could and should have done the same for your domain (not through landline, though)…

We're aware of it, but I don't know that any of us have looked at its contents. It's another Packt Publishing special, so I have no confidence in its quality given their usual output.

Just an update after all parties are back from holiday leave…

I finally managed to talk to NOC which was kind of interesting.
Their first approach was: what do you know, why do you bother?

Now we're talking.
Installed is one Catalyst 4500 chassis for the building which means that private VLAN mode will work.
They got quite excited like: "Your idea is reasonable. We never did that before but we'll try first thing tomorrow. Let's test this together then?"

The biggest problem was getting to the right party. We were engaged by facility mgmt which doesn't want the institute's admin to be involved beforehand. ??? NOC provides and manages the backbone where we hang off but we weren't allowed (by FM) to talk to them. After FM couldn't answer our questions we were redirected to NOC again.
And the local (institute's) admin still doesn't even know what gear he gets and is supposed to monitor...

Thanks Derelict for pointing me to PVLAN mode! That really made the difference and I highly appreciate your input.

@korax:

As for posting some logs can you be more specific which ones

No audio is commonly a NAT issue.  Are you saying that you have this issue on internal to internal AND internal to external calls.

OK.  Please post a screen shot of your NAT rules, the firewall rules on the interface that has Elastix on it and the rules for the WAN.

Can you also describe how the networks are configured and what network(s) your phones are on?

That may help with working out what is going on for pfSense.

BTW Is there a reason you are using Elastix 2.5?  Its quite old and 3CX has moved in and replaced Asterisk with their own system for version 5.0.  If you want a supported system maybe FreePBX distro would be a better choice?

If it makes sense to invert the match in your case, then I guess do so. You haven't said what "specific ip range" is so I can't really say one way or the other.

Source ports for DNS queries are random. So any there.

Got this inquiry return from the proxy service, which usually never replies:

That is what should be happening, the encryption is done by the ssh
connection, the tunnel just passes data through that encrypted
connection to the proxy.

@chpalmer:

@phil.davis:

others in the delayed hemisphere were still awaiting New Year.

Lucky guy!  I haven't been sleeping at midnight come new years in years and don't do any of the parties either..  Kids somehow know you want sleep (or something else) and can read your mind!    ;D :o :D    )

Actually I was up at midnight local time, UTC+05:45, the leap second happened at 05:45 local time, by which time I was well-and-truly asleep.

@KOM:

Enjoy the holidays and come back fresh in 2017!

Merry Christmas to you as well!

Thanks for helping out so much around here.  :)

thanks johnpoz, your right it doesnt take long to do it for all the servers so…

No, we Dutch are not stupid: we founded the USA and some other countries (many, actually :-)). We're just not always responding at the second since we're busy founding new countries, new stock exchanges, and new trillion EUR companies.

So I'm late to this party to say: thank you and wish you well @ Ubiquity: and EXCELLENT choice in my book. We've had this hardware for many years, and it NEVER failed. Disruptive technology reads: Ubiquity. I'm sure you will be a most valuable contribution to that already very valuable company.

Be well, and, as we say in The Royal Kingdom of The Netherlands: eat much vegetables, not fat fast food mcdronalds junk  ;D :P :-[ :-* ;)

What version of pfsense is that?  Is not current that is for sure..