So when you connect your dlink and it gets public IP.  Disconnect it and reboot your modem (if it has battery backup on modem pull the battery) then connect pfsense or a client.  Does it work then? Quite often when you change a device connected to a modem you have to reboot it to clear the mac cache on the modem.  And I do believe from what I read on that device you have to be connected to port 1 to get the public. You can use pfsense in double nat, if you can not get bridge mode to work.  But if works with dlink then it should work with anything.  Unless for some reason your isp has it locked to that mac of the dlink - if that is the case you can try cloning the mac of the dlink [image: spoofmac.png] [image: spoofmac.png_thumb]

Thanks for your help, I will take a look at that!

Interfaces->Assign - add the OPT1 Enable OPT1 with some other static IPv4/netmask Put rules on OPT1 like: block source any destination this firewall block source any destination LANnet pass source OPT1net destination any If you want to stop LAN devices reaching OPT1, then put a rule at the top of LAN to block source any destination OPT1net.

Untangle Works like a charm! Thanks alot Of course looping my vSwitch was a part of my setup, so had to tweak it abit after advice on the untangle forums :)

It all really boils down to being able to match traffic with rules. In most cases you do one of three general things: Put all traffic in the default queue and put certain traffic in priority queues. Put all traffic in the default queue and put certain traffic in penalty queues. A combination of both. My advice: start simple, get familiar with how it works, then add targeted rules and queues to solve specific problems. In your example I would suggest the first option because your mail traffic should be pretty easy to identify with floating rules and put in a priority queue.  Everything else would yield to that traffic if present. With 65 users and 2.5Mbits total I would imagine your usage is pretty much maxed a lot of the time.  Shaping should help but the real answer is probably a bigger pipe.

@Cletus: Because it's been sent to that special IP it will go to the ff:ff:ff:ff:ff:ff and therefore it will be broadcasted to the correct subnet right? Correct. As for sending to x.x.x.255 rather than x.x.x.254.  That may or may not work.  Depends on if pfSense will route an IP broadcast between local subnets.  The reason I use x.x.x.254 is that it can be NAT port forwarded through the firewall from external internet sources.  Where as x.x.x.255 cannot.  At least not in in previous versions of pfSense.

It also depend on what you mean by 'guests'.  Personal friends in your house, or paying customers at the villa?

just restart Apnger changing IP would restart Apinger

2 interfaces on the same subnet has serious potential to be the culprit ;)

@jahonix: An install of this size needs a budget in the range of US $10k to $20k EASILY. Double or triple it for Ruckus/Aruba/Cisco.  Take the apartments.  350 units, say an AP for every three if they're really small.  That's 120 APs.  Figure $200 each.  That's $24K right there. I would probably lean toward Ruckus for the apartments and Ubiquiti for the outdoor stuff (Houses).  Ruckus really shines in high-density and pushing through walls.  But their outdoor stuff is for high-density.  Ubiquiti is pretty solid in the PTMP CPE realm.  And the radios are cheap. Do not think that you can put a few access points in cupboards somewhere and users will be happy.

Read this and ask again after: https://doc.pfsense.org/index.php/Firewall_Rule_Troubleshooting

Blank spots are negative values being clipped off. More here: https://forum.pfsense.org/index.php?topic=76620.msg482370#msg482370

Ups! thanks doc! I see it now! I get the welcome screen again! sorry for the noob question!  :P Best regards and thank you! Francisco

Does acl random provide failover if one gateway is down?

Please, re-read the article linked and fix your internal DNS.

Ignore those guys…  Its dead.  Mail it to me.  I'll send address (-: Also, intel SSDs suck.  I'll dispose of that for you...