add a wireless router by connecting it from the WAN port on the router to the switch I see the confusion here - the WiFi device is one of these that is also a router - has a few LAN ports and a WAN port. Normally you just ignore the fact that it has a WAN port - put tape over it. Plug one of the LAN ports into your LAN switch. Switch off DHCP on the "WiFi router". Just have it offering WiFi, the DHCP will come from pfSense, through the LAN switch, through the WiFi device and delivered to WiFi clients. You could, as I think you were meaning, connect the WiFi-router WAN port onto the LAN switch. The WAN of the WiFi-router will get an IP address handed out by DHCP on the pfSense LAN. If you static map this address in pfSense DHCP, then you know that all your WiFi clients will be NATed behind the WiFi router. I guess that has some advantages - WiFi devices can't set themselves a static pfSense LAN IP, your pfSense LAN firewall rules can be sure about the source IP address of all traffic from the WiFi. That might help with a bit of control of WiFi "guest" devices.

Well, if it's not blocked… then, you need to actually try to send real mail via the SMTP server, using telnet, exactly like the phones that fail would. Google it if unfamiliar with the procedure. There can be other policies in place breaking this.

Set that IP as the gateway monitor address and make it fail over to a dummy gateway.

Hello, thanks for the answer. I have tried the dhcp static mapping with no luck. I have pfsense version 2.0.3 i386. The problem is that I have a pxe menu as the default. I put a file with the corresponding nic's mac address in the same location of the default pxe menu file. It should pic up first the file named with it's mac address but it keeps going to default menu. Correct me if I'm wrong, in that scenario there is no need for dhcp mapping. I have tried naming the file with uppper and lower case and with conbinations of "-" and ":" with no luck. after that I also tried to make dhcp mapping and it only stop seeing the default file to load, but doesn't see or load any file. Has someone done this on this version, or the only posible solution is to upgrade? My questions point to the fact that in version 2.0.3 these options does exist, but probably the behavior is buggy. another questions comes to my mind. When you go to static mapping and you add the "Netboot filename"  option. What is the locations it make reference to? I have allready consider permisions where the "default" file is located. Also have tried to make reference to files on the "Additional BOOTP/DHCP Options" with the option 209, text, and the name of the file and it keeps droping to "default" file.

Yes , for multiple clients accessing diferent websites should help.

@KurianOfBorg: I just did a test and I am able to successfully add a new virtual IP address of type IP alias and gateway in a new subnet different from the interface IP address and gateway. Hi, I managed to add new VIPs from a different WAN subnet without even adding a new gateway. After turning pfSense config upside down so many times, I realized to have mistyped an entry in the routing table, that's why my VMs were not responding. Now it's all up and running.  :-[ Thanks

If I understand it correctly, you need to create an interface and gw for the tunnel which you can then create a static route against.

Hello, i try to set route but not have success. route add -host x.x.x.x netmask 255.255.255.255 em2 (my DMZ interface). The DMZ (noip) iface is bridged with external iface (noip). The pfsense answer is: route: writing to routing socket: Network is unreachable add net x.x.x.x : gateway netmask: Network is unreachable Can you help me? Thank you

Should be easy - Interfaces->assign a new OPT1 to a space NIC. Give OPT1 a different subnet. Plug the WAP-AP into that NIC, and give it an IP in the new subnet. Connect your sensor devices to the WAP-AP. Assuming you just want to connect in from devices elsewhere (e.g. from devices on the LAN) to read the sensors, then you should be able to have no pass rules on OPT1. That way someone else who connects to your WAP-AP will get nowhere except for your sensors. If they are just sensors, then who cares if they know your fridge temp. If the sensor also lets you switch off the fridge, then there is a bigger problem, don't want the neighbours doing that for a prank. On LAN put whatever restrictive or permissive rules you like to let things get to OPT1 subnet.

So, you are telling me under the Firewall Rules for LAN1 instead of: ID | Proto | Source    | Port |  Destination    | Port | Gateway | Queue  | –  | *     | *           | *   |  LAN1 address | *   | *           | none    | --  | *     | LAN1 net  | *      | *                   | *     | *         | none    | it should be?: ID | Proto | Source  | Port |  Destination  | Port | Gateway | Queue  | --  | * | LAN1 net | *    |  LAN address   | *   | *             | none   | WAN1: ID | Proto | Source                                        | Port |  Destination  | Port | Gateway | Queue  | --  | * | RFC 1918 networks                    | *      |  *             | *      | *       | none    |  Block private networks --  | * | Reserved/not assigned by IANA | *      |  *             | *      | *       | none    |  Block bogon networks LAN2: ID | Proto | Source    | Port |  Destination      | Port | Gateway    | Queue  | --  | *     | LAN2 net | *    |  LAN2 address   | *   | *             | none   | WAN2: <no entries="">Btw, I got the WAN2 to get PPPoe connection (in bridged mode from router to WAN2) but LAN2 can ping within its network but cannot get onto the internet now. Any ideas?</no>

I don't believe you can route your subnet further unless your ISP allows it and is setup to allow you to do so. Assuming you have a simple Ethernet Internet connection with your subnet, you can setup pfSense in bridged mode with the second pfSense. The second pfSense will need to be plugged into a dedicated interface on the first pfSense. This will allow you to share the public IP addresses between both boxes. It's easier to just plug the second pfSense box directly into the Internet switch though… Also, there is no benefit over a 1:1 NAT unless you require the actual public IP on the internal machine for some reason.

You will need to have 3 DNS names, 1 for each of the WANs, that translate to each of the WAN public IP addresses. (since you have 1 static IP, you could specify that static IP in OpenDNS as 1 of your "sites") Use the Dynamic DNS on pfSense to keep the name up-to-date with the current public IP. Tell OpenDNS the names, and it can lookup the current IP address. That way, OpenDNS knows the public IP addresses that are "yours" and can apply your filtering rules to DNS requests from those IPs.

Thank you! As per your instructions, I went looking to see why nothing was in the log. It seems as if I had all those things checked, and yet there is still not data in the log whatsoever. I've included a screenshot. As of yesterday, I am on the latest build. You are right, and I no longer receive the erroneous message that my lines have gone linkdead. However, now, my CPU usage is either 50% or pegged at 100%. While not new, a Phenom II x2 should handle what I'm throwing at it. This is all new since the update and I am puzzled. About IPv6. Even though on a local basis it's still somewhat enabled, why should I see requests under the PPP log? I'm going to tinker. Thank you very much for replying! [image: Untitled.png] [image: Untitled.png_thumb]

Sigh…  Take a look at your status > DHCP leases. Do you see your VMs there or not?

I see - So, then 1 VLAN switch and 1 pfsense will do the trick.  (Getting this on one pfsense seems to make sense) I'll think about how to do it the hard way in a minute.  Get back with you.

forgot to mention what exactly i added to a every-15-minute-cron: /etc/rc.filter_configure the problem i'm experiencing is happening multiple times / day. i'm not even sure why it is being triggered. i've currently set the latency high-set-point to 450 and the packetloss high-set-point to 50. RRD shows a max latency of 200 & a max packetloss of 2 … still there have been multiple gateway-down events the last 8h's any clues ? edit: oh yea, i just noticed the monitor ip WAS 8.8.8.8, i've removed the manual override and it's now monitoring it's actual gateway. Oddly enough i set the monitor ip to 8.8.8.8 on all my site's and there are no issues with it, except on Site Alpha ;)