Luke, Configure you access point in route mode without nat, this way you will have all clients ip on your dhcp /radius/firewall. But on any setup(bridge/route/route+nat), your clients can setup an access point with cloned mac address from configured machine and share their connections.

Have anybody will do network exchenge?  :)

None If your WAN have a public IP This is only usefull if your WAN have a "Private" IP (RFC1918) He's just replying without reading that you have solved the problem. Maybe you can Edit the Thread Title and add [SOLVED] to it.

No requests were denied nor are any of the pools close to the maximum value so it looks as if the problem wasn't one of running out of a kernel network resource.

Yes, That sounds correct. Just don't forget the firewall rules. The destination is not the external IP, but the internal IP (10.0.0.22).

@Metu69salemi: Two tasks to comply  ;) 1. Goto Firewall:Schedules 1.1 Create ones as you need 2. Goto Firewall:Rules 2.1 Apply schedule on rules what you want(search below 'normal' view) Hint: I'd use block all on top of the list and schedule it to go online during that night time, then you don't have to modify every single rule on the list Thank you Metu69salemi. I used your suggestion and achieved. Regards, SGTR

thank you very much !

Update- was able to get everything working after several more hours of trial an error.  Initially I thought it was perhaps something tied to DHCP options but that does't appear to be the case. Regardless, all is well now and the Uverse STBs are working fine behind PFSense =)

this is literally becoming a nightmare. i've searched up and down and cant figure this out … all i want to do is: give my captive portal users items from the cache at full speed. get squid to cache as much as possible. can anyone help? please? (my config for squid is above)

Yeh it's a simple WAN/LAN config. But my problem got solved this morning. MediaMonkey updated itself when i opened it to check what it said in the firewall logs. Oddly enough the new version uses the same configs for auto-tagging as the previous version, but it works. Oh well. Thanks anyway.

i do have squid installed but the traffic was towards outside (upload) not inside, i want to spend sometimes checking wireless devices, disconnect them one by one, maybe its noise or data collision

Dude, this gotta get you trouble  ;D Basicaly, I guess the way to do so is setting up one "Times" rule that the Admin can set up the period of time for that especificaly IP. And that time must be bind with the target category (so you can grant access only to some websites that the IP is allowed). Hope it helps  :D

I have several blocks of IP's from several providers (3 separate up-links) and was wondering what most people do. My routers use 3 with CARP, and I use PPPOE for one client and have used 1:1 NAT. It just seemed that If I bridge to a DMZ interface, I could Traffic Shape and use firewall rules per IP.  Since PPPOE and DMZ both require the client to be on the same "LAN" (VLAN) then I see bridged as "easier", no PPPOE to configure.

If so inclined, I would contact Netgate for a problematic unit. They have had more than a few returns concerning this issue of the Celeron unit. The atom unit has now been up for 4 months with the exact same configuration without crashing. I stressed the old unit, ran memtest for a day, maxed out traffic on all the ports, I couldn't get it to choke. It was random after 2-4 weeks. The replacement unit actually crashed 5 times in the same day.

O think it just means that you have no files on /tmp to be removed.

Well, just to inform those interested. After a struggle decision was laid and I have moved my FW to version 1.2.3 and all was back as it was. No problems with bridging and NAT. Sasa Baksa

Increase nmbclusters, it's covered here: http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards