You are correct derelict – how did miss that?? ;) So is problem is most likely just can not resolve because he is not pointing to his AD dns.. Good catch..

disclaimer: this is just speculation based on some googling is tso offloading enabled? if yes => try todisable it. ifconfig igb1-tso These commands may be placed into a shellcmd tag to execute at boot time to make the change persistent.  (install shellcmd package) this appears similar for em-driver (no clue if its related). https://reviews.freebsd.org/D3192

I was suffering high load on a 2.2.5 system that had DHCP6 enabled on a WAN interface.  It was working (ISP was TimeWarnerCable) but sometime in the middle of the night they decided to switch my modem from bridge mode to router/NAT mode and start handing out 192.168.0.2 to my WAN interface.  This broke DHCP6… Suddenly I saw high load on my pfSense (caused by dhcpd and unbound according to top) and clog -f /var/log/system showed this pattern over and over again every 1-2 seconds: Dec 14 11:52:42 php-fpm[30155]: /rc.newwanipv6: Removing static route for monitor 24.29.99.36 and adding a new route through 192.168.0.1 Dec 14 11:52:42 php-fpm[30155]: /rc.newwanipv6: Removing static route for monitor 2607:f8b0:4006:807::1000 and adding a new route through fe80::8e09:f4ff:fe10:217 Dec 14 11:52:42 php-fpm[30155]: /rc.newwanipv6: Removing static route for monitor 68.237.161.12 and adding a new route through 108.30.185.1 Dec 14 11:52:42 php-fpm[30155]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8e09:f4ff:fe10:217%igb2 Dec 14 11:52:41 check_reload_status: Syncing firewall Dec 14 11:52:37 php-fpm[30155]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2604:2000:f10b:300:208:a2ff:fe09:9bd3) (interface: opt2) (real interface: igb2). Dec 14 11:52:37 php-fpm[30155]: /rc.newwanipv6: rc.newwanipv6: Info: starting on igb2. Dec 14 11:52:36 check_reload_status: Reloading filter Dec 14 11:52:36 php-fpm[98434]: /rc.newwanipv6: Removing static route for monitor 24.29.99.36 and adding a new route through 192.168.0.1 Dec 14 11:52:36 php-fpm[98434]: /rc.newwanipv6: Removing static route for monitor 2607:f8b0:4006:807::1000 and adding a new route through fe80::8e09:f4ff:fe10:217 Dec 14 11:52:36 php-fpm[98434]: /rc.newwanipv6: Removing static route for monitor 68.237.161.12 and adding a new route through 108.30.185.1 Dec 14 11:52:36 php-fpm[98434]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8e09:f4ff:fe10:217%igb2 Dec 14 11:52:31 php-fpm[98434]: /rc.newwanipv6: rc.newwanipv6: on (IP address: 2604:2000:f10b:300:208:a2ff:fe09:9bd3) (interface: opt2) (real interface: igb2). Dec 14 11:52:31 php-fpm[98434]: /rc.newwanipv6: rc.newwanipv6: Info: starting on igb2. Dec 14 11:52:30 check_reload_status: Reloading filter Dec 14 11:52:30 php-fpm[67665]: /rc.newwanipv6: Removing static route for monitor 24.29.99.36 and adding a new route through 192.168.0.1 Dec 14 11:52:30 php-fpm[67665]: /rc.newwanipv6: Removing static route for monitor 2607:f8b0:4006:807::1000 and adding a new route through fe80::8e09:f4ff:fe10:217 Dec 14 11:52:30 php-fpm[67665]: /rc.newwanipv6: Removing static route for monitor 68.237.161.12 and adding a new route through 108.30.185.1 Dec 14 11:52:30 php-fpm[67665]: /rc.newwanipv6: ROUTING: setting IPv6 default route to fe80::8e09:f4ff:fe10:217%igb2 For now I just disabled that WAN interface completely which has caused things to settle.  Not sure why the lack of valid DHCP6 would cause the router to go into a tailspin though.

If I use the ldap option, the User will be required to enter login / password to browse. NTLM takes the User section, requiring no login / password. Thank help everyone.

OK, thanks. That answered my question.

For future usage or other new switches it might be working also well, to connect the switch at first to your PC and change the IP address to the default IP address from the switch with a small tool named NetSetMan for this.

+800 public schools, each one with his own internet access.

Thank you so much John. I will play around with it and update this thread (probably looking for more help) with my finding. Regards Jacob

My mail provider is Google. As I created an application password (16 characters), it reports some SMTP activity each time I push on send "TestMail". If I alter the password and resend a TEST mail … the System-log reports it all fine but the "Activity reported on the account" does not report any trace of the attempt. Fishy ... \T,

Hi, it,s that if i change somethink and suddently i am not able to access the box from remote because of some mistake i can't revert this steps. A reboot from a customer is not a big deal. Maybe AutoSave on logout is also an option It was just an idea.

Status: Interfaces I have this : Uptime 96:30:27 on the WAN Interface section.

Doesn't sound anything like a "typical" pfSense issue. My first instinct would be to ask in the Virtualization forum.

@MAHDTech: I know I'm a bit late to the party and apologies if this has been discussed, I have searched, but I was just reading this blog post https://blog.pfsense.org/?p=1588 and had a couple of questions as it seems pfsense is going from strength to strength. Why the choice of Intel DPDK over something like netmap or dna -> does DPDK perform better? what about the license for DPDK, I thought there was certain things only accessible with purchase of a premium license? I like the mention of moving to a model closer to crochet, would that potentially make it easy to get pfSense on ARM or MIPS64 as well as AMD64? Bootstrap + Python FTW! I believe your question was answered in a later blog. In https://blog.pfsense.org/?p=1866 it seems like pfsense 3.x is leaning more towards netmap or even a combination of both. Back in February, I wrote a blog post that discussed our plans for pfSense software version 2.3, which is now in alpha, and our plans for pfSense 3.0.  While I promoted DPDK then, we’ve since found that netmap provides a simpler API, and substantially better safety, as the device drivers remain in the kernel, rather than running in userspace with DPDK.  Still, DPDK provides a set of libraries, such as longest-prefix match, which uses a variation of the DIR-24-8 algorithm for routing lookups, which we should find useful in our pursuit of the ultimate open source software router. Carlos

Is this possible with one installation of pfSense? Of course.  This is a very common use scenario.  Firewall with local servers on LAN port-forwarded, or 1:1 NAT.

As said: Please verify DNS The question is very known on the forum. The answer also. It's a DNS setup issue. It boils down to : (pfsense) DNS serves your attached client, but can't use (its own) the DNS itself. edit: when it works, test by upgrading to 2.2.5  :)