exactly!  You can setup mDNS to work across segments but its a PITA ;)  avahi makes it easier.  But if you only have 1 segment, or your wifi and wired are on the same segment and your resources are wired n that segment your wireless devices on that segment can find them. I ran into this issue when I isolated my wireless for security reasons and still wanted to print ;)  Easy solution was to move my printer to that segment..

Some more detailed feedback for those potentially facing similar issue: as suspected and highlighted by Derelict, problem was misalignment between DSL device and pfSense. In order to reach internal web service, if DSL device acts as a router, 2-steps NAT is required. One from internet to pfSense and one from pfSene to internal server. This needs to be consistent all along the path however paying attention not to open everything in order to grant access  ;)

Is my "real" information safe to use for a private server? Who will see it? If this is a private installation you could also put into it bogus names or company names as well this doesn´t matter, but if this is a installation used in a productive network it should be also going with real names and informations.

Rule 2 should be moved to the bin.. What point is it if you already allow wifi net to go anywhere..  Is that address on a different segment than wifi net?  If on same as wifi net also pointless. As to 3 and 4 they could be removed by making 1st rule a ! alias that includes your other networks.

Buy Intel NICs. Realteks are crap (or at least the drivers are crap). Not just pfSense. I think VMware pulled Realtek drivers from ESXi for the same reasons.

https://doc.pfsense.org/index.php/What_is_policy_routing https://doc.pfsense.org/index.php/Bypassing_Policy_Routing

Blocking bogon on wan would have NOTING to do with it that is for sure!!!

You won't be able to see any requests for encrypted connections. What you think of as a "file" HTTP thinks is just a request. Just loading up a web page will issue hundreds of requests on many of these bloated web pages. Every image, every javascript file, every web page, is just a file to download.

Which is weird as TWC has checked their line and stated nothing is wrong and even had a technician come out and verified the connection at the demarc is fine. I've used 2.2.3 and 2.2.4 both with my normal configuration and with fresh installs and had the massive timeouts and name resolution errors. I'm at a loss as to what to do at this point but it's severely hindering my ability to work properly.

"Issue is security is weak on SFTP/SSH as logs into root" What??? Not even sure what to say here - agree with dok, this basic concept has nothing to do with pfsense operation.  Clearly your port forward is working but you don't understand how to use what your forwarded.

Yeah I don't recall ever seeing any soho wifi router that allows for dhcp to its LAN IP for if you were using it as AP by turning off its dhcp server and not using its wan interface. How you would do that is by setting its lan IP to something on your network your going to put it on.  Other issue with most native firmware for soho routers is they quite often don't even allow setting up a gateway so you can not manage them if coming from a different network. To be honest if you want to start doing fancier stuff with AP you would be better off getting a more enterprise type AP.  Unifi would be something to look at.. Price points are very good.. The new line of AC models they are coming out with the lite I believe starts at 89$ the LR model is like $109 and pro is $149 I think that really makes them attractive for home use even. With this you can set your AP via dhcp, or static and they have vlan support on your SSIDs and support of to 4 SSIDs per radio 2.4 and 5ghz.  Plus of other great features like band steering and wireless uplink and zerohand off, etc. etc..  Plus the ability to have a controller for statistics and captive portal and guest services, etc.  That 89$ price point should allow for pretty much anyone to deploy a few of those around the house for great 5ghz coverage that we all know doesn't like walls ;)

https://doc.pfsense.org/index.php/2.2.4_New_Features_and_Changes#Security.2FErrata_Notices https://forum.pfsense.org/index.php?action=search

indeed now its very responsive on save(s), thanks!

Well I managed to fix the iTunes issue. Apparently you have to add in the IPs that is linked to iTunes under Target Categories and adding; 54.214.28.210 17.158.28.83 17.172.116.74 17.172.116.75 17.158.10.52 17.172.116.36 17.154.66.156 23.9.237.102 150.101.152.240 17.173.255.108 17.167.138.24 150.101.98.211 150.101.98.200 150.101.98.226 150.101.98.211 150.101.98.234 150.101.213.173 150.101.98.211 17.151.36.30 17.142.160.7 208.72.242.165 173.192.76.134 66.235.139.206 150.101.96.224 150.101.96.232 17.154.66.11 69.54.181.89 17.111.65.223 23.37.139.27 23.37.139.27 150.101.98.200 23.7.18.217 17.151.36.30 17.149.240.70 151.101.152.219 150.101.152.234 17.154.66.38 It worked fine after that.

11 can't come soon enough, but PFSense 2.3 will keep me excited for a bit.