Nice write up!  :) You should probably add a security disclaimer of some sort.  ;) Steve

is it possible….any help.

@jimp: Check your /boot/loader.conf, /boot/loader.conf.local and /boot/device.hints and make sure no lines in there are set to disable ACPI Thanks for the suggestion, It is empty in /boot/loader.conf. In /boot/loader.conf.local, I set: kern.cam.boot_delay=10000 And in /boot/device.hints, I see the below: # $FreeBSD: src/sys/amd64/conf/GENERIC.hints,v 1.21.2.1.4.1 2010/06/14 02:09:06 kensmith Exp $ hint.fdc.0.at="isa" hint.fdc.0.port="0x3F0" hint.fdc.0.irq="6" hint.fdc.0.drq="2" hint.fd.0.at="fdc0" hint.fd.0.drive="0" hint.fd.1.at="fdc0" hint.fd.1.drive="1" hint.atkbdc.0.at="isa" hint.atkbdc.0.port="0x060" hint.atkbd.0.at="atkbdc" hint.atkbd.0.irq="1" hint.psm.0.at="atkbdc" hint.psm.0.irq="12" hint.sc.0.at="isa" hint.sc.0.flags="0x100" hint.uart.0.at="isa" hint.uart.0.port="0x3F8" hint.uart.0.flags="0x10" hint.uart.0.irq="4" hint.uart.1.at="isa" hint.uart.1.port="0x2F8" hint.uart.1.irq="3" hint.ppc.0.at="isa" hint.ppc.0.irq="7" hint.atrtc.0.at="isa" hint.atrtc.0.port="0x70" hint.atrtc.0.irq="8" PS : Just found that I forgot to give sufficient info for my config, very sorry as I was making a few posts and did not aware they aren't connected. The router is using Intel G530, with NIC = 82579V+82574L.

If this is the setup you want, then yes pfsense will do the job wan1–---| wan2-----|-----pfsense----webserver wan3---- att, Marcello Coutinho

Just an update. The traffic from OPT1(192.168.300.0/24) gets NATed correctly on the WAN port of the bridge (191.168.100.252) and I can ping and access anything in the 192.168.100 network, including the gateway (192.168.100.254), but no traffic is getting to the internet despite having a rule that specifically allows traffic from 191.168.100.252. Updated 2: [SOLVED!] For some reason, the default route to the gateway 192.168.0.254 was not in the routing tables of the pfSense bridge box despite being selected in the WAN interface settings as such. So I just went in the gateway page, clicked the edit button, left it unchanged and the clicked OK. That added the default route back and everything started working.

Thx ;)

@wallabybob: I'm not sure if this answers your question: If I recall correctly pfSense will update a dynamic DNS registration on 25 days since last registration. I confirm. /etc/inc/dyndns.class - lines 811-875 - function _detectChange() will return 'true' if A new IP WAN is found 25 days passed without IP WAN change The IP WAN update is being called for the first time … What I didn't discover is where and how often dyndns.class is being called to do the checking. But: I have proof that the checking is done at least ones a day: I found it in my (and your) system log file: .. Mar 8 01:01:00 php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. .. Mar 7 12:00:00 php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. .. The update from 12 AM was triggered after a WAN IP change - the one at 01:01 was triggered by (some kind of daily check). Conclusion: the forced update after 25 days when your IP doesn't change should work. edit: Stupid me. /etc/crontab .. 1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update .. So, every 01:01 the WAN IP is checked …

I just realised that what i am having problems with is that squid and lightsquid are installed but for some reason, squid will not start.  If i remove squid and then install again, will all the old cache and logs still be there?  i really dont want to lose the last couple months of usage that i see in the lightsquid logs

we will run the tests soon, the reason we are doing this is to get rid of the Cisco and their licensing terms. Cisco is in the most cases waste of the money when we are talking about Firewall, its cheaper to invest in "monster" server one time fee and run a monster firewall with no such a limitation as VLANS, VPNs etc… as the Cisco is selling a VLANS as it where a "milk" for example IPSEC plus license for Cisco ASA 5505 20 vlans limit ? what a f***** the VLAN is nothing new and there is absolute no reason to make the licenses on vlans which is the primary factor in the networking, this is just as example, but there is another "licenses" features that should be included in the firewall when we purchase it but no, they sell the hardware, features just everything is limited, so not any more... Tom

jimp, yes that was the problem… I tried with Firefox and no problem. Then I tried Chrome in incognito mode so it doesn't use previous caches and it works too... Thanks!

Nothing different, I have rsa keys working fine on pfsense 2.0. The public key goes on the host(server) machine, not the client. The client is the machine you are connecting "from". So put your local machine's id_rsa.pub in the pfsense authorized_keys and you'll be all set.

Check for any kind of proxy or filter between your firewall and our server, including something like snort that could be blocking certain http traffic.

I think NICs that don't support vlans are fairly uncommon these days. I haven't seen one, but it is my understanding that if you had one it would still appear on the vlan page and you could select it. Once configured I expect it would default to an mtu of 1496, which is not likely to cause you big problems in my experience. I serve a lot of clients with a WAN (PPPoE) mtu of 1452 and never a complaint.

Godt at se du er begyndt at bruge en ordentlig firewall Anders. ;)

just metioning ran into a similar  problem a yesterday days,, it seams the only way to get the work was to run setup wizard under system.  if you manually enter in  a gateways or any system  they are not registered properly.. the only way they register properly is once the wizard was used.. any changes manually could break and the only way to repair again was via the setup wizard this was the amd version ( it sure seems buggy that version)