Those are root name servers for the gtld (Generic top-level domain) .net -> https://www.iana.org/domains/root/db/net.html

Need the 3 router setup to replace my fios router with a router with more features and better wifi and keep Caller ID and Remote DVR access on my FIOS system. The PFSense would be primary and the directly connected to the internet.  http://www.dslreports.com/faq/16858  if you want to see more about it.  Hopefully I replace the secondary router with one of the Ethernet ports on the PFSense and have control of what uses the VPN and what doesn't.

will try it. but scared its gonna go to 2.3.4

Normally that element would be removed from the configuration after you restore the configuration file. It shouldn't be in there persistently. Is there an error on the console or in the system log about it not being able to import the RRD info?

OK will upgrade later and revisit

I didn't read the linked article to find out what you are trying to accomplish but regardless I can make a recommendation. Buy a used server pull (preferably from not-China, but even that's really not important) i340-t4 off of eBay http://www.ebay.com/itm/IBM-49Y4242-I340-T4-4-Port-Gigabit-PCI-E-Server-Network-Adapter-Card-/361940630659?hash=item544557bc83:g:VSQAAOSwc-tY3XdW Something along those lines. Just use those NIC's and disregard the Realteks. The Realteks will probably work perfectly fine for 5-600Mbps throughput, might not work at all, might give you a bunch of headaches? That's why they aren't recommended, they are just a mixed bag which is not what you want for NICs on a networking device. So, since you are already planning on buying another NIC, just get a good one and use it.

https://forum.pfsense.org/index.php?topic=112335.0

Agreed..  And thanks for the info it holds my curiosity cat at bay ;) I send alerts from my pfsense box to google over 587..  Depending the server your sending to and connectivity to it, and who the sending email is saying its from and address its going to.. Its quite possible not to auth at all, etc. I have not looked too deep into how exactly pfsense is sending the alerts.  But I would think it possible to send to the server directly accepting the mail for the domain your sending too without any need to auth at all.  Only reason you would have to auth if sending to an email server that would be sending the email to where its going for you.  So sure such a mail server you would want to auth who is trying to get "me" the server to send mail for.. Making sure it really is you and not just some spammer. But sure in such a scenario it should be easier to pin or trust in pfsense a private ca or self signed cert for secure auth to your sending email server - in this I do agree..  They prob have not gotten around to it as of yet since its prob not a lot of requests for it.. Since if sending through some public email domain the certs should be signed by some common public CA.  If sending your own email server, its quite possible the server is actually internal to where pfsense sits and auth should not need to be via tls for security reasons, etc. etc. I would think if was brought enough attention there is lots of need and not just a few one offs in setups that require trusting self signed or non public ca certs in the pfsense user community it would get more attention.  If something you really want done - there is always the bounty program to have some put it together.

I had some similar issues as well, turns out I set three things: I enabled SNORT as the IDS I had Automatically checked the block systems from SNORT The SNORT IDS automatically blocked some web pages that had been flagged by innocuous http inspect errors ( BYTE BLOCK etc) Once I suppressed the false flags http inspect, I then reset (cleared) all the blocked sites and poof I could get to where I had been unable to previously. ~Zackis

IDK if this can give a clue but I'll leave it here: The last events were on last Thursday (13. April) where the connection went down several times in the afternoon. Only thing that helped was pulling the LAN cable between modem and pfsense and replugging it. Screenshot: http://imgur.com/a/XcmId Then, 14. - 17. April was Public Holiday so nobody in the office, not a single connection loss in this time. Now, back on working day, first disconnect happened around 9 AM…

@mikeisfly: No need to port forward all ports, just have the ISP assign your PfSense box a statically assigned IP address. Then put that IP address in their router's DMZ. That should forward all unsolicited traffic to your PfSense box. Thanks for an alternative approach, the install is happening today, will present the options to them.

Hi Guys, Do you guys know how to do this? Steps?  :( I'm new to PFSense and not sure if this can be done. I see this topic is  2+ years old but no solution is mentioned. Can I get some help in same situation? I have pfsense instance with 1 NIC with let's say Public IP is 1.1.1.1 I have a web server instance that not on local network and hosted somewhere else with public IP 2.2.2.2 VPN is not an option on these IPs. I'm trying to configure pfsense so all traffic arriving on ports (80,443,20,21,22) on IP 1.1.1.1 is forwarded to 2.2.2.2 on the same ports. I am able to do it with SOCAT utility using the following command socat TCP-LISTEN:80,fork TCP:2.2.2.2:80 but it's a small utility and no proper deamon/service is available for it. The only other option is IPTable  but I really like pfsense GUI and I can use it for VPN as well. Can someone please help?

The SG-1000 will not push 80Mbps of encrypted traffic unfortunately. Not yet at least, it does have hardware crypto for which a driver has not yet been developed. No figures for that yet though. You would be looking at the SG-2220 to do that on our hardware. Thanks, Steve

To reach PC2 pfSense will need to have a static route to 10.2.0.0/16 via the other router. Unless that is it's default route. The inverse is also true. The other router will need a route to 10.1.0.0/16 via pfSense unless that is it's default. Obviously you will need the right firewall rules in place to pass that traffic too. Check the firewall logs to see if anything is blocked. More information needed to diagnose further. Steve

your doing a downstream router.. Yeah there are a few things that have to happen.  And this downstream router is on a lan side port right. your not using it as your wan on pfsense? While I like your /30 transit.. Your other segments - why are you using /16?? There are quite a few threads that go over downstream routing with pfsense.  I should prob put something up on the wiki, seems to come up quite often as of late. Your going to need to create a gateway on pfsense pointing to this /30 IP of the downstream router.  And then a route for the network behind the downstream router.  Your then going to have to adjust the rules on your transit network to allow the downstream.  And your also going to need to alter your pfsense outbound nat rules if these downstream networks are going to use pfsense for internet access, etc.

Is there anywhere else to specify a "default gateway" for the internals of pfSense?

Last come back here but yeah it sounds like you can just hand external DNS servers to DMZ clients if they only need to resolve unfiltered external hosts. No need to bother with dual DNS on the firewall etc. Steve