What you want is absolutely not a job for DNS server. You need some webserver with a proxy which will look at the HTTP headers and redirect the requests to appropriate internal servers according to the requested hostname. Simple Apache example: <virtualhost *:80="">ServerName server1.example.com    ProxyPreserveHost On    ProxyRequests off    ProxyPass / http://192.168.1.1/    ProxyPassReverse / http://192.168.1.1/</virtualhost> <virtualhost *:80="">ServerName server2.example.com    ProxyPreserveHost On    ProxyRequests off    ProxyPass / http://192.168.1.2/    ProxyPassReverse / http://192.168.1.2/</virtualhost> <virtualhost *:80="">ServerName server3.example.com    ProxyPreserveHost On    ProxyRequests off    ProxyPass / http://192.168.1.3/    ProxyPassReverse / http://192.168.1.3/</virtualhost> You forward all requests to port 80 to this server, which deals with the rest. Reading: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html

What I have done in some cases is this: 1. Make sure there is enough space on the slice to hold the upgrade image 2. Go to the shell prompt and run: fetch -o /root/update.img.gz http://wherevertheupdateimageisonthewebsites/pfSense-blah-blah-512m-blah.img.gz 3. Wait for that to finish, that's just downloading the image to your CF. 4. When that is done, back up to the console menu and use the console update function, then by file, and give it /root/update.img.gz

It's normal to see the router's real IP in traceroute rather than a CARP VIP.

It won't help because they won't have the privileges to actually use the menu. If you install the sudo package and allow them to run /etc/rc.initial without a password, you could then add "sudo /etc/rc.initial" to their .tcshrc or .profile and it may have the intended effect.

I strongly discourage anyone from using Acronis products for anything. Esp. since it (almost irreversibly) damages the host system.. (This is still valid even with 2013 versions of their products.)

Nice.  :) Surprised it didn't cause a flood of complaints. Steve

Hi wallabybob, unfortunately with mounting pressure from the users I needed a solution for "now" rather than a solution that was "right", so I have restored a backup from 2 weeks ago which seems to have fixed things for the most part. It irks me that I don't know what the actual problem was and printing is still slow from the other subnet. Looks like I'm going to solve that in a different way now. To answer your questions: How do users in LAN D attempt to access the printer in LAN O? Printer drivers were installed on each PC in LAN D. At the time of installation the driver setup was able to communicate with the printer which configured an appropriate printer port on the client PC. What happens when they attempt such access? The print job sits in the print queue on the client PC indefinitely Does the access attempt get reported in the firewall log? I enabled appropriate logging and saw PASSes noted in the firewall log, however running a packet capture on the LAN O interface of pfSense I did not see any matching packets. Does the printer allow access from LAN D? Yes. Does the printer respond to pings from LAN O? Pinging from a client on LAN O to the printer was successful. Pinging from the firewall interface LAN O to the printer was NOT successful. Does the printer respond to pings from LAN D? No. Firewall Logs show PASSes but again, nothing in a packet capture from LAN O interface Please post a screen shot or other full specification of the firewall rules on the LAN D interface. Sorry, as I've restored from backup the rule is the now the same as when it was failing. What i have now is: [image: NZhdqC3.png] I've highlighted the rule that should allow access to the printer (and the file server) on LAN O The OfficeResources alias contains the IP addresses of the printer and the file server only. However when the firewall was allowing nothing out its LAN interfaces I had removed all the rules but the last one, which was copied from the LAN O (the "LAN" inferface asopposed to the "OPTn" interfaces) rule and then modified to relate to LAN D. I hope that's clear, reading back there's a lot in there and it may be moot given I have restored to a backup. I'm also looking at dropping LAN D and combining the clients with the LAN O. Just need to convince management that the separate LANs are causing more problems than they are solving. Thanks, Lee.

Check the "mailreport" package: Allows you to setup periodic e-mail reports containing command output, log file contents, and RRD graphs.

You probably need to do a packet capture to be sure, but rsyslog would have to be the suspect.

I do the same for firewall on CentOS. Maybe the dev team can take this into consideration and create a fail-safe button that restores settings after a specified time if user doesn't acknowledge by clicking on fail-safe button. 1- Fail-safe can be ENABLED or DISABLED when needed - so the admin can use it ONLY when needed. Maybe OFF by default 2- Fail-safe allows for time setting as in 1 minute, 3 minutes, 5 minutes, 10 minutes…. 3- Fail-safe Restore DOES NOT apply or roll back the settings if user presses "ALL GOOD" button after the change is done within the kick-off time. Any other suggestions? Thanks everyone for input - I hope this gets picked up by Dev team! Vote here please

since I'm under a tight deadline, and it is out of business hours here and I have a relatively small amount of machines here, I have refreshed all the PC's and they are all using the new gateway, 192.168.1.2. This is a hotfix that has worked for me, hopefully I this will not be an issue anymore, but it is an odd one at least.

@mastry0da: could you point me at a reference for reading the log format? if not could you possibly break down this example packet for me? pf: 00:00:00.306610 rule 1/0(match): block in on msk1: (tos 0x20, ttl 40, id 33721, offset 0, flags [none], proto UDP (17), length 58) They are standard pf logs, so OpenBSD may have some documentation. Or: Use the source - https://github.com/pfsense/pfsense/blob/master/etc/inc/filter_log.inc#L136

The pfTop shell command can give a display of current top users of bandwidth through the firewall.

Yes i Understand  .. Thank u Bro

I don't know if you still need an answer but I managed to install the packages. I actually did it according to same person's another post: http://forum.pfsense.org/index.php/topic,47086.0.htmlhttp://forum.pfsense.org/index.php/topic,47086.0.html But I changed all of the packages according to stephew10's post (I picked all of them from 8.4 release). This are the packages I've installed (by the way I'm using pfSense 2.0.3 too) : (Install all of the packages in this order.) pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/php52-gd-5.2.17_13.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/t1lib-5.1.2_2%2c1.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libX11-1.4.4%2c1.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libXpm-3.5.9.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libxcb-1.7.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libXau-1.0.6.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libXdmcp-1.1.0.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libpthread-stubs-0.3_3.tbz pkg_add -r http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/mysql-server-5.1.68.tbz pkg_add -r http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/mcrypt-2.6.8_1.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/php52-mcrypt-5.2.17_13.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libltdl-2.4.2.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/php52-gd-5.2.17_13.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/t1lib-5.1.2_2%2c1.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libX11-1.4.4%2c1.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libXpm-3.5.9.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libxcb-1.7.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libXau-1.0.6.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libXdmcp-1.1.0.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/libpthread-stubs-0.3_3.tbz pkg_add -r http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/mysql-server-5.1.68.tbz pkg_add -r http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/mcrypt-2.6.8_1.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/php52-mcrypt-5.2.17_13.tbz pkg_add -rfi http://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.4-release/All/jpeg-8_4.tbz (After installing these packages continue from the post above because the touch commands and everything else is the same) I've added the last pakage myself because  ' /etc/rc.php_ini_setup  '  said that it was missing. And also I have came across the exactly same ERROR as you. It was because I tried to use ' /etc/rc.php_ini_setup ' command from the webGUI's command prompt. Don't do it :P It really breaks the pfSense. You can use the webGUI's command prompt for pkg_add and touch commands but when it comes to '/etc/rc.php_ini_setup' use the shell !

If you want to do something slightly more custom you're probably better off using tcpdump directly from the CLI: http://doc.pfsense.org/index.php/Sniffers,_Packet_Capture I'm not too familiar with it, I'd usually read the man page every time  ::), but perhaps something like: tcpdump -i fxp0 -c 500 port 25 or port (your second port) >> capturefile.log Steve

WOW, thanks a lot guys really helpfull, will install at the weekend and keep you all posted, thanks again. Steve

see this http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/19/time-synchronization-in-hyper-v.aspx

try to look out more info, like the interface went down or lost conn with some other if, and post it here! cheers!

sorry bro! i was outsite town on some "Vacations trip" so not laptop allowed o any smartphone xD, ok if you gonna treat like a switch you does not have to have any special config, just trunk, trunk and ready to roll on the layer 2 sw, if it gonna be a firewall/router, you should prepare ir like a dhcp relay agent to work, this is gonna be in almost case the setup PFSENSEBOX –->> MikroTikBox(as firewall or router with dhcp relay included) --->> layer 2 sw, please check out this document of mikrotik, http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay and related, with a mikrotik cheap? more than pfsense? lol i love the product even in some case have failed me