What are the rules you put on your opt interfaces that are you vlans - can you post your vlan setup in pfsense. So for example here are 2 vlans I have in pfsense that are connected to my em2 physical interface.  So your saying if you plug a device on your switch that is in vlan 10 you get IP from dhcp for that vlan, and if you put in switch port for 20 you get IP from that vlan pool. Can you ping the pfsense IP you put on that vlan?  So for example mine are 192.168.4.253 and 192.168.5.253.. Devices on those vlans can ping pfsense IP address on that vlan.  Pinging pfsense IP address on your lan segment would depend on your firewall rules.  Well for that matter even pinging pfsense IP in that vlan would depend on your firewall rules.  Please post up your vlan configuration, the ips of your pf interfaces in those vlans.  Your firewall rules for those vlans and ipconfig from clients in those segments. Your using just /24 for your masks right? [image: vlanspfsense.png] [image: vlanspfsense.png_thumb]

you sniff on pfsense under diag, packet capture. And your floating tab is empty? I see your blocking bogon - is it possible your source of dns traffic would be in bogon?

There has never been a problem when the dongle loses and later finds the signal (other than that I have to manually reconnect because pfSense doesn't do that automatically). My problem only exists when my ISP decides it's time to change the IP.

@jqueiroz: No, the time on the internal time server is correct. This server is my internal network's official NTP server. It was the HV2012 host that was out-of-sync… The good news is that the pfsense's problem is solved; the bad is that now I have to fix time sync in 4 HV2012 hosts. :( Glad you figured it out … Yes, time sync in VMs can be a minefield

Thanks for everything Derelict, i´ve solved my problem, it had the DNS resolver activated (by default) and the DNS forwarder too (activated by me) which is what i actually needed. Now everything is running normally.

http://www.openbsd.org/faq/pf/tables.html "A table is used to hold a group of IPv4 and/or IPv6 addresses. Lookups against a table are very fast and consume less memory and processor time than lists. For this reason, a table is ideal for holding a large group of addresses as the lookup time on a table holding 50,000 addresses is only slightly more than for one holding 50 addresses. Tables can be used in the following ways: source and/or destination address in rules.     translation and redirection addresses nat-to and rdr-to rule options, respectively.     destination address in route-to, reply-to, and dup-to rule options. " So a quick google searching for "cannot define table bogons:" threw up this link. https://forum.pfsense.org/index.php?topic=90838.0 Might be worth a go although an error message saying it cant create what is in effect a memory table might suggest not enough ram perhaps or something being loaded out of order perhaps? Do you see the same problem in a different version of pfsense? Seems to be a similar problem, http://www.reddit.com/r/PFSENSE/related/30r784/cannot_define_table_bogons_error_frustrating_me/.compact Might also be relevant https://208.123.73.68/index.php?topic=3353.0 http://comments.gmane.org/gmane.comp.security.firewalls.pfsense.general/270

@doktornotor: @johnpoz: If the device is in standby/sleep why would it send out a dhcprequest is the question I would have. This is not really any suspend-to-disk/ram hibernation. The only thing "hibernating" are the HDDs which are spun down. Now, look at this: # ps ax | grep dhclient 4606 ?        Ss    0:00 /usr/sbin/dhclient -4 -d -q -lf /etc/dhclient/ipv4/dhcpv4.leases.eth0 -pf /etc/dhclient/ipv4/dhcpcd-eth0.pid eth0 5551 ?        Ss    0:00 /usr/sbin/dhclient -6 -pf /tmp/dhclient6-eth0.pid -lf /etc/dhclient/ipv6/dhcpv6.lease.eth0 -cf /etc/dhclient/ipv6/dhcpv6.conf.eth0 -nw eth0 Those dhcpv[46].lease.eth? files have stuff like this: lease {   interface "eth0";   fixed-address 192.168.1.10;   option subnet-mask 255.255.255.0;   option routers 192.168.1.1;   option dhcp-lease-time 7200;   option dhcp-message-type 5;   option domain-name-servers 192.168.1.1;   option dhcp-server-identifier 192.168.1.1;   option host-name "DiskStation";   option domain-name "example.com";   renew 2 2015/05/19 19:46:58;   rebind 2 2015/05/19 20:35:47;   expire 2 2015/05/19 20:50:47; } This is just stupid. There's /tmp which is on tmpfs (ramdisk). Now, the lease file is on /etc instead, which is a HDD. Of course, when the lease is renewed, the HDD needs to spin up to write to the file. Tell Synology to move their temporary dhcpv[46].lease.eth? shit to /tmp when people enable "hibernation" – and it won't wake up HDDs from hibernation.  ::) This is a good catch. Thanked.

True, But if the LAN device is FTPing to another box on the LAN then it never hits pfSense and its not going to get mirrored to SO… The nice thing about SO is that it can be setup in a distributed format in a Network... I have it currently monitoring pfSense LAN, MS AD Server, and MS File/Print Servers at different locations all tied together into one Master SO Server.  :)

Edit: the pfsense forum board is giving me a 500 when I try to attach a picture: [image: screenshot.png]

@johnpoz: Well the OP domain is tellmon.net not tellmom.net ;) There just isn't enough coffee in the world today to get this right…. :) Sorry about that.

It's possible that the PPPoE server can't handle that many connections.

huh?  Have no idea what your asking..  There is no 1to1 nat for accessing the web ui.

@charliem: @musicwizard: Modem -> router -> switch1 / switch2 -> computers/nas etc i can use lan for switch1 can i use opt1 and/or opt2 for the other switch? seeing both cables go in a different direction. Are switch1 and switch2 currently on separate networks?  Doesn't sound like it, so you are better off using pfSense LAN to one switch and then cascade the other switch from there.  Or get a small switch, say 5-port 1 GB unit: pfSense LAN -> 5-port -> cascade to other switches. LAN and OPT1 are treated differently in pfSense, and cannot be on the same subnets. Your firewall is not the right place for a bittorrent client (or fileserver, printserver, etc.),  sorry. they are still on the same network yet. Currently i use the lan ports on the current router.  both cables go into a different direction.  If i only want to use 1 lan port i have to add a switch. like modem -> pfsensebox -> main switch -> switch1/switch2 it's impossible to put it all on 1 switch because of the locations of the computers. the modem/router is in the middle of the house. and goes both sides. so adding another switch is another "thing" what can break. so if it's possible to use the cables to the switch1 and 2 from the pfsensebox it self it helps a lot. Also the main thing is we wnat to have a LESS clutter as possible and adding another switch is just another thing we need to add etc. well i wont be storing the data it self on the BOX. that will be send to a NAS Which isnt really capable of installing the client nicely because of it's limited OS and the clients that are available does not do what i need it to do. Only like/want to run the client on there. That saves a lot of trouble/space if i have to setup a separate system for that.

what would it matter what IP you put in.. So your saying your dhcp server normally hands out something else and you put in the lan ip interface..  Well I can test that as well.. But I don't see why pfsense would care what IP it hands out. Seems you might be running into this https://redmine.pfsense.org/issues/3915 Would need to see some sniffs of your dhcp to validate your running into this situation

I searched the bug list and see that this has already been fixed in a future patch. https://redmine.pfsense.org/issues/4693

Oh, well that's a lot more simple than I thought…. Well, for now it seems to work. Ideally I'll change it eventually but as for now that's what I'll use.