Thanks for reporting back.

You don't have a security issue.

A /24 subnet (common on a small or home network) is equivalent to a subnet mask of 255.255.255.0. This implies addresses between x.x.x.0 and x.x.x.255. A computer using that subnet can send packets directly, not via a router or gateway, to any other computer in that subnet.
A /1 subnet would be the entire internet! Your computer thinks it can reach any address without going through a router or gateway, clearly wrong.
It's hard to say exactly what was happening that allowed some traffic to be routed correctly.

Steve

Edit: You could use a subnet of /32 on your WAN instead. This would imply that all traffic from it has to go via the gateway. However if /24 is working for you it's not a problem.

glad you got it working :)

took me 6 hrs to figure out how to get php modules to load into pfsense with out breaking it.

that's why i posted my howto's  get them to install, so other people world not have the same problem that i had..

also for my "memory back up". because in a couple  months when I need to do it again for some reason I will probably of forgot how to do it..  :P

@brcisna:

The card you have listed in your example is the exact pci-x card I have.

How can you tell that?

That boot log extract is from FreeBSD 8.2 booting on a Sun Fire V490.
You can see in the log that cas0 is on pci0, a standard 33MHz PCI bus.

I suggest booting from your knoppix CD and copy/pasting the boot log.

The cas(4) driver is still active, have you tried one of the new build snapshots based on FreebSD 8.3?
http://forum.pfsense.org/index.php/topic,46459.0.html

Steve

I don't know how to explain…

Just imagine one pfsense with 2 Public WAN IP and PPTP Server.
I have another site with a WebServer.
This Webserver connect to my pfsense with PPTP Client and the traffic for port 80 of the second WAN IP is redirected to the PPTP Client ?

PPTP Server is just an example, it could be OpenVPN or a direct "tunnel" between the router.

PPP will "normally" allocate an IP address with a subnet mask of 255.255.255.255.

PPP is Point to Point Protocol - the interfaces don't belong to a "subnet" in the sense that LAN interfaces do. PPP is not a broadcast protocol.

Static IP on PPP "normally" means the PPP server always allocates the same IP address.

Here's what the pppoe interface on one of my pfSense systems:

$ ifconfig pppoe0
pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492
inet 203.144.23.199 –> 121.50.212.9 netmask 0xffffffff
inet6 fe80::219:e0ff:fe68:314b%pppoe0 prefixlen 64 scopeid 0xa
nd6 options=3 <performnud,accept_rtadv>$</performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast>

@stilez:

Connectivity here need PPPoE (to handle CHAP) and also need the interface to 'know' its subnet.

Why does the interface need to know its subnet?

Tough luck. Only physical interfaces can be bridged. I can't select virtual OPTx interfaces. And I would still have the issue of the parent interface, if that would get disconnected, the whole VLAN falls apart and fails. I'll be able to test the bridge this week or early next week, as my boss wants it in use before I go on vacation (which is in two weeks :)). I'll report back with the results once it's in production use.

thanks guys … Everything up and running ... finally i can breath easy))

I noticed the code looks for specifically for an IP. I have commented out the code suggested to the OP and I am able to work using both a port and a DNS entry.

Is there a way to enable it to allow for DNS entries in the future?

Thanks.

EDIT

After posting, I stumbled upon the following Redmine ticket: http://redmine.pfsense.org/issues/1544
It appears hostnames will be enabled in 2.1

Nice write up!  :)
You should probably add a security disclaimer of some sort.  ;)

Steve

is it possible….any help.

@jimp:

Check your /boot/loader.conf, /boot/loader.conf.local and /boot/device.hints and make sure no lines in there are set to disable ACPI

Thanks for the suggestion,
It is empty in /boot/loader.conf.
In /boot/loader.conf.local, I set:

kern.cam.boot_delay=10000

And in /boot/device.hints, I see the below:

# $FreeBSD: src/sys/amd64/conf/GENERIC.hints,v 1.21.2.1.4.1 2010/06/14 02:09:06 kensmith Exp $ hint.fdc.0.at="isa" hint.fdc.0.port="0x3F0" hint.fdc.0.irq="6" hint.fdc.0.drq="2" hint.fd.0.at="fdc0" hint.fd.0.drive="0" hint.fd.1.at="fdc0" hint.fd.1.drive="1" hint.atkbdc.0.at="isa" hint.atkbdc.0.port="0x060" hint.atkbd.0.at="atkbdc" hint.atkbd.0.irq="1" hint.psm.0.at="atkbdc" hint.psm.0.irq="12" hint.sc.0.at="isa" hint.sc.0.flags="0x100" hint.uart.0.at="isa" hint.uart.0.port="0x3F8" hint.uart.0.flags="0x10" hint.uart.0.irq="4" hint.uart.1.at="isa" hint.uart.1.port="0x2F8" hint.uart.1.irq="3" hint.ppc.0.at="isa" hint.ppc.0.irq="7" hint.atrtc.0.at="isa" hint.atrtc.0.port="0x70" hint.atrtc.0.irq="8"

PS : Just found that I forgot to give sufficient info for my config, very sorry as I was making a few posts and did not aware they aren't connected.
The router is using Intel G530, with NIC = 82579V+82574L.

If this is the setup you want, then yes pfsense will do the job

wan1–---|
wan2-----|-----pfsense----webserver
wan3----

att,
Marcello Coutinho

Just an update. The traffic from OPT1(192.168.300.0/24) gets NATed correctly on the WAN port of the bridge (191.168.100.252) and I can ping and access anything in the 192.168.100 network, including the gateway (192.168.100.254), but no traffic is getting to the internet despite having a rule that specifically allows traffic from 191.168.100.252.

Updated 2: [SOLVED!]
For some reason, the default route to the gateway 192.168.0.254 was not in the routing tables of the pfSense bridge box despite being selected in the WAN interface settings as such. So I just went in the gateway page, clicked the edit button, left it unchanged and the clicked OK. That added the default route back and everything started working.

Thx ;)