Configuration MIGHT be somewhat easier if your modem-router can operate in bridge mode. I have tried to setup two different ADSL modem routers in bridge mode and failed to get it to work so used a modem instead. If you can get your modem to work in bridge mode then pretty all subsequent configuration will be done on pfSense. However getting your modem to operate in bridge mode could be a frustrating learning experience. I'll assume you will stick with the modem acting as a router. If your modem-router supports dynamic DNS registration to no-ip set that up, otherwise configure dynamic DNS in pfSense through Services -> Dynamic DNS/ Dynamic DNS setup on your modem-router is preferred since it can more closely track changes to your public IP address than pfSense can. You will need to configure your modem router to forward the required TCP (and UDP?) ports to the virtual server IP address and add a static route to the modem-router so it knows to get to your virtual server IP address through the IP address of the pfSense WAN interface.

Looks like that may be normal if the settings were present and then were removed. Checking the code, it just tests if the settings were ever there, and if they were but the IP is empty, it prints that message.

Damn it, it seem's that I've forgot to set the trunk port on the switch, because this time everything worked out after the firewall reboot. Thanks for your help! Cheers, Szop

So you got the bridge setup ok? That router appears to have a bridge mode that might work in pppoa. There is almost no description in the user manual though so it's impossible to say for sure. In 'Interfaces Setup' in 'Internet' select pppoe/pppoa as the connection type and set 'Bridge Interface' to 'activated'. If that doesn't work the next best option would be to use the DMZ feature to send all traffic to the pfSense box. Please start a new thread for that though if the pfSense bridge is now working. Steve

Alright, I'll try with IGMP proxy first. Mostly I would like to prevent unnecessary torrent and file transfer traffic to flood the WiFi. If I manage to get the iptv pass-through working with igmpproxy, then that as well.

not at this time

And how many hosts are you going to forward too?  Thats 1 right - so why do you need an alias? Why do you need to put something under Wan Address - is that not going to be the destination IP??  What is normally your Public IP, or in your case 10.0.0.3 which your first router will be NAT inbound traffic to, since you put your pfsense wan IP in its DMZ. No other forwards on your first router - just the DMZ setting is all that is needed.

Perhaps they haven't heard of the issues linked above - if they care at all about security, they wouldn't still be using PPTP. That said, if your rules don't pass GRE, or if you have GRE forwarded in on WAN with a port forward or 1:1 NAT to some other box, it wouldn't work for outbound connections.

Now it's working the traffic goes thru the Switch with the right VLAN ID to the pfsense BOX.  :) I updated to the newest snapshot yesterday. Strange that after the update the VLAN are working because I tried some reboots before. The only Problem I have now is that from a VM I can reach the pfsense VLAN Interface with IPv4 and IPv6 also the traffic with ipv4 go to the wan but ipv6 to the wan doesn't go thru. I have done a rule on the VLAN Interface from any ipv4 to any and any ipv6 to any. On the WAN Interface I tried the same rules for testing. Did I forget something ? cheers

Thanks for your reply.Do you know what that two input boxes are for?

@rikar: I'm a huge OpenVPN user and adding 2 factor would pretty much make my f_cking day!!! You can already do this with OpenVPN and basically every two-factor auth solution in existence, either via RADIUS or LDAP.

Does you ISP requires a constant MAC address for the NIC?  If so, you have to know that spoofing the MAC for PPPOE in pfSense does not work. http://redmine.pfsense.org/issues/2641 If this is the case then I may suggest you a workarround solution to spoof your MAC address.

" it has some kind of "remote management" (not Drac, but BMC? )" Normally those would be their OWN port on the box though, not part of the normal nic.  Remote management would be for outofband access normally and a different port than standard nic, even if built onboard and not a add on drac card, etc. R200 - will look into what I see about that model. edit:  Yup looks like you can do a shared lan method.  That has go to be it!  Try telnet to the IP and see what prompt you get. [image: sharedlan.jpg] [image: sharedlan.jpg_thumb]

No, that would be a separate issue and doesn't belong in this thread.

If you have that many proxy ARP VIPs, just define them as a "subnet" and proxy arp will make that many of them in a chunk. If they are CARP, you couldn't have that many anyhow (vhid limit of 255), if they are IP alias or a combination of CARP+IP Alias it may work but I'd epxect some sluggishness from having that many IPs bound at once if your hardware is slower. If they are "Other" type VIPs, then you might consider upgrading to 2.1 where the subnet trick works for Other type VIPs like it does for proxy arp.

got it working now…in case anyone would like to block facebook apps and games.. put the ip below in 1 alias and firewall rules reject them apps.facebook.com SOA server: glb1.facebook.com email: dns@facebook.com serial: 2011072035 refresh: 10800 retry: 3600 expire: 604800 minimum ttl: 86400 555s apps.facebook.com NS glb2.facebook.com 86400s apps.facebook.com NS glb1.facebook.com 86400s apps.facebook.com A 69.171.242.30 0s apps.facebook.com A 69.171.242.47 0s apps.facebook.com A 69.171.242.48 0s apps.facebook.com A 66.220.146.52 0s apps.facebook.com A 66.220.146.53 0s apps.facebook.com A 66.220.146.54 0s apps.facebook.com A 66.220.146.55 0s apps.facebook.com A 66.220.149.53 0s apps.facebook.com A 66.220.153.27 0s apps.facebook.com A 66.220.153.28 0s apps.facebook.com A 66.220.153.29 0s apps.facebook.com A 66.220.153.30 0s apps.facebook.com A 66.220.156.43 0s apps.facebook.com A 66.220.156.44 0s apps.facebook.com A 66.220.156.45 0s apps.facebook.com A 66.220.156.46 0s apps.facebook.com A 66.220.158.43 0s apps.facebook.com A 66.220.158.44 0s apps.facebook.com A 66.220.158.45 0s apps.facebook.com A 66.220.158.46 0s apps.facebook.com A 69.63.189.59 0s apps.facebook.com A 69.63.189.60 0s apps.facebook.com A 69.63.189.61 0s apps.facebook.com A 69.63.189.62 0s apps.facebook.com A 66.220.156.44 0s apps.facebook.com A 66.220.156.45 0s apps.facebook.com A 66.220.156.46 0s apps.facebook.com A 66.220.158.43 0s apps.facebook.com A 66.220.158.44 0s apps.facebook.com A 66.220.158.45 0s apps.facebook.com A 66.220.158.46 0s apps.facebook.com A 69.63.189.59 0s apps.facebook.com A 69.63.189.60 0s apps.facebook.com A 69.63.189.61 0s apps.facebook.com A 69.63.189.62 0s apps.facebook.com A 69.63.189.63 0s apps.facebook.com A 69.63.189.64 0s apps.facebook.com A 69.63.190.26 0s apps.facebook.com A 69.63.190.27 0s apps.facebook.com A 69.63.190.28 0s apps.facebook.com A 69.63.190.29 0s apps.facebook.com A 69.171.224.27 0s apps.facebook.com A 69.171.224.28 0s apps.facebook.com A 69.171.224.29 0s apps.facebook.com A 69.171.224.30 0s apps.facebook.com A 69.171.224.55 0s apps.facebook.com A 69.171.224.56 0s apps.facebook.com A 69.171.224.57 0s

Thanks for the concise answer stephen :) *currently looking into the PFcenter thing.

Interesting. 5-6dB seems low for a 10Mb connection to me. Generally speaking you should be able to get a high connection speed at lower margins but at a payoff with stability. The rate adaptation should take care of that but it can be reset manually if it goes awry for whatever reason. However I don't think it's the cause of the disconnects, you would see that in the system logs and the modem uptime. It looks to me as though something at your ISP is sending the disconnect commands at the ppp layer, as JimP suggested in the other thread. Maybe you can capture those and present them as evidence to your ISP? I've never tried. @stilez: 24 mbit line I see! :) Yes. My connection here at home has always been very good. It should be, I can see the exchange from the window!  :) Although I have a 24Mb line speed I only get 20Mb because Plusnet is not an LLU provider. As an aside there is a lot more information available from Draytek modems via the telnet interface. See: http://forum.pfsense.org/index.php/topic,52091.0.html Steve