It looks good to me and I'm also using the same resolver on my OpenBSD router where twitter.com displays fine: leiter% drill -T twitter.com com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. twitter.com. 172800 IN NS ns1.p34.dynect.net. twitter.com. 172800 IN NS ns2.p34.dynect.net. twitter.com. 172800 IN NS ns3.p34.dynect.net. twitter.com. 172800 IN NS ns4.p34.dynect.net. twitter.com. 30 IN A 185.45.5.32 twitter.com. 30 IN A 185.45.5.43 twitter.com. 86400 IN NS ns1.p34.dynect.net. twitter.com. 86400 IN NS ns3.p34.dynect.net. twitter.com. 86400 IN NS ns2.p34.dynect.net. twitter.com. 86400 IN NS ns4.p34.dynect.net.

Just checking : what is your WAN IP ? Or, saying the same thing differently: is there a router in front of pfSEnse, or pfSense deals with an "Internet IP" (is != LAN IP).

The finalised version of this was committed a few days ago. @rowell - can you try https://github.com/pfsense/pfsense/blob/RELENG_2_2/usr/local/www/interfaces_ppps_edit.php (that is the version to be released in 2.2.4) Does that fix the issue?

Thanks!!! I will be contacting Dyn.com

I have allowed my pfsense box to be pinged, so as long as they don't somehow look for their SPECIFIC router, I should be good. And if they are calling you otherwise they perhaps where monitoring the MAC address of their router. Perhaps you are able to change the MAC address from their WAN interface to your WAN interface.

You could set it up with just the one LAN interface as a pure Squid3/squidGuard/ClamAV web proxy.  No need for NAT.  Squid would have to be in explicit mode, so all your clients would have to be configured to use the proxy or you would have to setup WPAD for proxy auto-detection by your clients.

The last time I saw this, the person incorrectly configured the forwarder on his DC.  By chance did you manually configure the forwarder in on your DC?

@n3by: @NOYB why don't you use Captive Portal for that ? It add another layer of security for your network. Nice suggestion but take this further, when you dont have total oversight of the physical network ie cables or insides of a device with wifi capabilities namely a laptop or mobile plugged into synch with a computer especially in a bring your device to work scenario, there is still the situation of a device/code hijacking one or more machine(s) and off loading the network traffic via a wifi/mesh network of sorts. In this instance only the absence of traffic at best will show up in pfsense if all traffic is rerouted via a dhcp/dns redirect, although if only off loading sensitive data you wouldnt even spot this potentially*, abit like a multi wan set up but on the device in question or would you? I can think of one situation which could theoretically show this up, but its not something pfsense could do and the OS'es could still potentially be the weakness.

I'm not opposed to having a granular option there, the problem is that more often than not people will want both and may miss setting one or the other. Splitting it into two checkboxes makes new problems while "solving" one that would rarely be hit. It makes it more difficult for most users while benefiting relatively few. It's a bit more complicated to code up but it may be better to have a drop-down that has options such as: /var and /tmp on disk /var and /tmp in RAM /var in RAM, /tmp on disk /var on disk, /tmp in RAM With appropriate upgrade code to migrate from the old setting.

So like I said Alias ;)

Maybe this will help? https://doc.pfsense.org/index.php/Multi-WAN#Load_Balancing For OpenVPN but the principle/idea/concept may be relevant for your needs/uses. https://forum.pfsense.org/index.php?topic=39328.0 https://forum.pfsense.org/index.php?topic=68605.msg375799#msg375799

Could also trying logging everything ie rules and see if anything shows up which is being blocked or not that might give you a clue as well. Its usually a good idea to log everything in order to help see when you have been hacked as anomolies occur which you might be able to pick up with some good analysis tools that can indicate when you have been hacked, eg looking up particular DNS servers can be a way to communicate code/instructions amongst many other methods.

https://doc.pfsense.org/index.php/Importing_OpenVPN_DH_Parameters

Currently pfSense can only match DSCP, not set. Setting is up to the endpoints.

Cpu utilization is at 6%, I also just noticed I do not have a PCI express nic card in there. I just ordered one so will see if that makes a difference. David

Heres what I do. Firstly I prevent anything from getting out onto the internet, next I monitor the fw logs to see whats talking, I then identify whats talking and if I want to allow it, I create a rule to allow it. Now creating a rule could mean creating an alias which has one or more domain names/sub domains in, which makes it easy to add to once the alias is set up in one or more rules. Its a good way to troubleshoot problems as well as see what devices on a network are talking to each other. I've never used whatsapp, but do you know if it initiates the communication in anyway or is a separate service giving away your location to the whatsapp servers and then they try to connect to you through a port they expect to be open?