@pethead: I just got the pfsense book for version 1.2.3 haven't seen anyone for 2.0? There is not yet a book for pfSense 2.0 @marcelloc: you will need to nat ports 80,443, and 21 on wan interface to dmz ip. See Section 7.2 (page 130) of pfSense book for a lengthier discussion of Port Forwards and how to create appropriate rules.

@wallabybob: @w00t: However, wouldn't it be possible to write a startupscript that put the interface in promisc mode on startup? :) Yes. However I expect it would be rather quicker for me to configure a bridge as suggested, check the interface is in promiscuous mode, reboot, check the interface is in promiscuous mode than it would be to write the script, work out how to invoke it safely, reboot, check it gets invoked correctly and not too early in the startup, check it won't get overwritten by a firmware upgrade etc.  Hence I would try the bridge idea first and have the startup script as a fall back. Also the bridge idea gets backed up with the configuration file, the startup script probably doesn't. Good point.

http://forum.pfsense.org/index.php/topic,42039.0.html thanks for that. Regarding the other points would it be best if I used a secondary machine to handle Freeradius and daloradius as the AAA interface ?

@stephenw10. SOLVED. VLAN190 Subnet…. not address. THanks.

For the client export, + will probably break it as it's handled in JS. It probably needs some extra code to escape or encode the whole thing. I thought it was already doing that, but I may have been thinking of a different field.

I tried the extra interface method last night. Rather than messing with rules, I just added the vigor as the default gateway for that extra NIC and it worked fine.

The config backup/restore functionality (Diagnostics->Backup/Restore) lets you backup and restore only certain aspects of the configuration. Hope that helps.

An extra physical interface is definitely the right way to do it.  :) I wasn't referring to VLANs though. Steve

Thanks very much for the link and I'm sorry to ask stupid questions: I found the patches but not the script to apply all of them. Also found this file, which looks like the config: pfsense-tools / builder_scripts / conf / pfSense.8 …but I'm not sure if the config is split into several files as there are more files containing device and options lines. acpi is not included in that particular file so in that case it looks like the problem code is not compiled in but is a module after all. I did see the "device acpi" line in the pfsense_wrap.8.i386 file, but that's for embedded, right? Can someone quickly go through the procedure to patch the 8.1 generic source and apply the complete config before building? Many thanks

@chenZ: Dear all, can i use my netgear router as wireless interface? Do you mean as an accesspoint? @chenZ: Or hw can i use my router to boardcast the wifi signal n use pdsense to do session management. Thx, in the mean time, let me try to add a wifi interface in VMware. This part i didn't understand

Think of a VLAN as a physical LAN without extra cable. So what you're saying is exactly right, create lan1 & lan2 using separate physical media or virtualize it. Then add firewall rules for connection, as traffic between separate lan:s need to go through a router. The benefits of VLAN:s are several, to mention a few: You don't have to get extra equipment for every lan - a vlan-capable switch can handle multiple lan:s. You can add clients to a specific vlan in several ways, for instance: Ports 1-4 on switch are vlan2, ports 5,8 & 12 are vlan3 etc. Create a vlan based on clients mac-adress You can have a VLAN with clients in Rome, New York, Berlin whereever

It doesn't have to be a marathon, or even much effort at all for something along these lines. Diagnostics>Packet capture, pick the affected WAN, filter on the IP you're pinging from, start the capture. Run the ping until you get duplicates and stop the capture. Then just a glance through the output will show echo request, echo reply, repeatedly. If you don't see more than one echo reply for each request, you know it's not coming from the firewall itself. One being a wireless ISP, that's almost certainly where it's being duplicated. It's probably indicative of excessive buffering or another problem within their network, I would contact the ISP about it.

@luke240778: Yeah, was just thinking that i would do that.  How come on the easy install it would have created the partition as only 4gb?  shouldnt it use the entire disk available? It wouldn't unless the entire disk was only 4 GB (sure it's 100 GB? maybe misrepresented to the OS, check the system log after boot to see what the hypervisor tells the VM it has available) or it was manually partitioned.

Interesting story! But anyway - as i understand, the problem is in the DHCP Server of Windows which is normally not capable to deploy the DomainSearchList … ... but I'm using DHCP Server of pfSense with Windows Clients! My Problem is, that if i use the DomainSearchList option inside the DHCP config, the client doesn't inherit the settings made there.

Did you defined any gateway as default on system -> routing? Enabling this, you can see that no interfaces requires a gateway(of course you can set if you want).

I could not see any info on how to get pppoa wan pppoe client working in the manual, also could not see any other instances of it working on the net. However  :) I seem to be up and running using the pptp relay! Wan is getting public ip and internet is accessible. tfg.

@wallabybob: The Windows update was still downloading on the first box when you started it on the second box? no, it was the next day… the updates took several hours to download, and the box was rebooted in between (we cannot leave it on overnight, as the centre is closed, and power is so erratic) I'm out on my bike now in town, but will post up the output from the box when I get back up the mountain :)