Thanks

generally speaking for dmz with private ips: 1. create DMZ 2. create NAT Mapping (DMZ = home for hosts that are reachable from the outside, so you want your external ips translated into private ips - or map ports of your external ip to the private ips) 3. create inbound rules for dmz (here you use as destination the private ips of the dmz hosts) the default lan to anything rule allows you to access the dmz hosts if you like to access lan hosts from your dmz (which you dont do generally) you need to create dmz->lan rules too hope that helps to find more detailed infos

Did you install the vmware tools? Then you see the vmware ifs. Otherwise i had also IntelPro1000 in the list (hope i dont mix it up with fusion right now)

Considering Gmail ONLY lets you use the encrypted variants (465/587, 993, 995), cannot see what's strange about this.

The only way you might be able to get away with a slightly simpler configuration is if your new switches support "private VLANs", the actual name varies by brand/implementation. Basically you define one upstream port (the gateway, pfSense) and define the other ports as client ports, and then the client ports may only talk to the upstream port. It's similar to AP client isolation, but for wired clients. Using Separate VLANs is a more secure practice, but also significantly more to manage.

What's your network's default gateway? If it's 192.168.1.1, it would be because of a duplicate gateway. That will wreak havoc with a network.

On pfSense you must have the first interface, which is internally named "wan" and can be assigned to whatever network device you like and you can give it a "friendly name" - e.g. yours is called "DSL". Look in /cf/conf/config.xml for "DSL" and "wan" - I expect you will find those together in one of the interface sections. I guess you are saying that "DSL" and the selected device are not used any more, and you ant to get rid of them. You can shuffle device assignments around to get some other current WAN device on that first entry, rename the friendly name to whatever is good for you, then you would have to re-enter the settings and rules from whatever OPTn the WAN-style interface used to be and put thme on the "real wan" interface.

@mrhub: Thanks for the RTFM and the warm welcome. It's nothing personal, he's always like that!  ;) Since WGXepc is small I keep it in /conf which isn't overwritten during a firmware update. Steve

Tons of information on using own router + Actiontec with Verizon FiOS is here in the 3.0 Networking section. http://www.dslreports.com/faq/verizonfios? Many ways to go about this and the folks in the Verizon FiOS forum are very helpful with specific details. http://www.dslreports.com/forum/vzfiber

@stephenw10: Anyboby else know how to use apinger to monitor other IPs? Well, you could create bogus GWs. Frankly, with the source being unavailable, the thing reporting inexplicable "packet loss" when in fact there is none etc., I would not recommend anything like this. @OP: Get back to the APs vendor about some centralized monitoring, also, there's SNMP and whatnot, again depends on particular HW model.

Do you actually need the public IP on your server? Commonly this would be done by using a virtual IP on your WAN to get the second address and then 1:1 NATing it to the server. Steve

Thanks for the buffer bloat explanation, figures comcast would have a huge buffer. :| I did try the traffic shaping wizard, and that worked great to almost eliminate the upload latency spike while saturated, though download still hits about 200ms, which isn't all that bad I guess.  I'll continue to research and tweak it. The only thing left I can't figure out is why polling causes the network interfaces to stop working, I would think Intel Pro NICs would support that feature.  Is there something in the kernel that isn't compiled in by default which is required for polling?

Indeed HAProxy is an option i think reverse-squid and mod-apache can also do this. If your going for the haproxy option i recommend the 'haproxy-devel' package.  ;D (which i currently maintain)..

Writing this from my phone. after waiting another 20 minutes I did a force reboot. I'm never using the gui updater again, broke my shit completely, wouldn't even boot complaining about some sbin installer init script is missing. so right now doing reinstall and config restore. this shit suck. also I think the devs need to add to the gui a log output window to show what stage it's at in the update and any errors, because I had no fucking idea what caused this.

small bump.

Hello, So after thinking and reading, I will not go away from pfsense. It has a great captive portal system, that i will not missing. I will try to establish the same like doktornotor and I hope this is working with capitve portal as well? And when I put my second Box into "AP"-Mode where can I configure the sync to the master? When the second box is in sync with the master, will it work with captive portal, so that users can log in on box A and Box B. And do they have to reauthenticate when they switch from box A to B or visa versa? Thank you for your help and your nerves.

So you only see one gateway? A common mistake is assigning a gateway on the LAN interface which becomes the system default and breaks routing. Have a look in the PPP log. Do you see the modem connecting correctly, the username/password being authenticated, a public IP being handed out? I assume that the modem is known to work, that you've tested it under some other OS, that it is in contract/has credit? Steve