I doubt it.  Your traffic is probably being converted to ATM over the DSL network.  I highly doubt layer 2 info like VLAN tags can survive the trip.  But being a bridge it might.  You really need to talk to your DSL provider.  If nothing else, you will need to get your DSL bridge ports configured from untagged to tagged.  Then you need to determine if your q-in-q tags make it across.

thank you for your answer, ill do as you say… thanks

@BeerCan: try User naming attribute = samAccountName Group naming attribute = cn Group member attribute = memberOf There is more but I am late for a meeting :) perfect thank you, that works under Diagnostics - Authenication and with the space in the OU name (no need for %20 etc). Now how do I allow this to log on to pfsense for report monitoring ?

What would be cool would be if SMF would automatically suspend posting privileges for accounts with < 5 posts with a 1:5 or greater posts:smites ratio.  That way we could just crowd-moderate these fuckers.

@cmb: @kejianshi: Is it a 2.1.5 problem also?  Thats what those pfsense I was talking about are on. No, that problem never existed in 2.1.x, that was a regression in 2.2 only that I fixed a couple days ago. Guessing it is the cause of OP's issue if that's on a snapshot that's more than 1-2 days old. It worked! :D Current build is  Fri Nov 07 00:00:15 CST 2014, FreeBSD 10.1-RC4-p1. Unchecked Firewall -> NAT -> 1:1 -> Edit -> NAT reflection = use system default Services -> DNS forwarder -> Register DHCP leases in DNS forwarder and Register DHCP static mappings in DNS forwarder Unchecked. And of course the settings for DNS Split in Services -> DNS forwarder -> Host Override. Only thing is. When having multiple websites on one machine that you can access via different subdomaines like site1.mydomain.com site2.mydomain.com etc. Host Overrides only gives you the default website since I can not assign a specific directory to a subdomain. But I guess we will figure something out. It is not as important as the mailserver was. So thank you very much! –--------------------------------------- //Edit: Just a little update for all the googlers that might come here later. To solve the website issue, we setup our own bind DNS on an extra machine. This DNS handles all requests from IPFire. Directs requests to sub.domain.com to the internal IP of that server. And in case that IP is a Webserver, Apache with Vhosts handles it and forward that to the specific directory. So thats it :)

FreeBSD-based.  Going to look at upgrading in the first instance.  Thanks for your help

up!

Sounds like either your pfsense is seriously hosed or the computer you are using to access it is.  Not sure if a switch could cause this, but I'd direct connect to the pfsense to test.

haha - well take comfort in knowing that your simple mistakes are the only mistakes I could spot (-;

Well that is easy enough to fix - why would those ports be open, only thing outbound from a work network should be the proxy ;)

Basically in the DNS forwarder where you can specify a domain override, I had to also specify the LAN IP of pfSense (172.26.10.254 in my case) as the "Source IP" on the domain override configuration. You usually have to do that when the DNS server that services the domain in question is over a VPN, because otherwise the source IP of the request (from the pfSense, across the VPN to the DNS server) will be some IP address of a VPN tunnel endpoint, or some internal tunnel address. The remote DNS server typically won't have a route back to that and so the reply to those DNS queries would never make it back.

Cable attached, yepp, both ends…

If I am understanding correctly, you basically want the pfsense box to be the modem and your homehub just to provide wifi? if so you just set one of your interfaces up as WAN, IP and DHCP, connection as PPPoE and username and password as you say. I have done that for my infinity without issue. Then you can setup one other interface on a separate VLAN and plug the WAN port of the homehub into that pfsense port. Place rules on the guest vlan to deny traffic to your other main interface, deny ports 22 and 443 (so they cant SSH or get to the router management pages) and allow other traffic. Theres plenty of tutorials on the subject just google "pfsense guest vlan" HTH.

I went back to the provider with the information we had obtained through this test, and they 'have identified an issue with the host node' my VPSs are on. Thank you for your help, at least I could go to them with some idea of what I was talking about. Per your signature, I'll be buying some Nepalese children a Christmas party. Thanks again.

@cmb: @cabnet: so i better switch to the lower version which lusca cache is supported .. Hell no. Use Squid. There is absolutely no reasonable reason to use Lusca. you always say to use Squid but there is no noob step by step tutorial to make it work like lusca does. lusca caches everything and there is a lot of step by step guide to make it happen. and that satisfies our needs. I tried to install Squid many times  and try to follow every procedure in the net but still fail to cache everything that i browse like webpages, patches for games, specially videos from the net, etc. i guess some of us are maintaining 5 or more pc's that is why pfsense lusca is very handy. hope you get what i mean and why we still insist to use lusca.