I don't know how to explain… Just imagine one pfsense with 2 Public WAN IP and PPTP Server. I have another site with a WebServer. This Webserver connect to my pfsense with PPTP Client and the traffic for port 80 of the second WAN IP is redirected to the PPTP Client ? PPTP Server is just an example, it could be OpenVPN or a direct "tunnel" between the router.

PPP will "normally" allocate an IP address with a subnet mask of 255.255.255.255. PPP is Point to Point Protocol - the interfaces don't belong to a "subnet" in the sense that LAN interfaces do. PPP is not a broadcast protocol. Static IP on PPP "normally" means the PPP server always allocates the same IP address. Here's what the pppoe interface on one of my pfSense systems: $ ifconfig pppoe0 pppoe0: flags=88d1 <up,pointopoint,running,noarp,simplex,multicast>metric 0 mtu 1492 inet 203.144.23.199 –> 121.50.212.9 netmask 0xffffffff inet6 fe80::219:e0ff:fe68:314b%pppoe0 prefixlen 64 scopeid 0xa nd6 options=3 <performnud,accept_rtadv>$</performnud,accept_rtadv></up,pointopoint,running,noarp,simplex,multicast> @stilez: Connectivity here need PPPoE (to handle CHAP) and also need the interface to 'know' its subnet. Why does the interface need to know its subnet?

Tough luck. Only physical interfaces can be bridged. I can't select virtual OPTx interfaces. And I would still have the issue of the parent interface, if that would get disconnected, the whole VLAN falls apart and fails. I'll be able to test the bridge this week or early next week, as my boss wants it in use before I go on vacation (which is in two weeks :)). I'll report back with the results once it's in production use.

thanks guys … Everything up and running ... finally i can breath easy))

I noticed the code looks for specifically for an IP. I have commented out the code suggested to the OP and I am able to work using both a port and a DNS entry. Is there a way to enable it to allow for DNS entries in the future? Thanks. EDIT After posting, I stumbled upon the following Redmine ticket: http://redmine.pfsense.org/issues/1544 It appears hostnames will be enabled in 2.1

Nice write up!  :) You should probably add a security disclaimer of some sort.  ;) Steve

is it possible….any help.

@jimp: Check your /boot/loader.conf, /boot/loader.conf.local and /boot/device.hints and make sure no lines in there are set to disable ACPI Thanks for the suggestion, It is empty in /boot/loader.conf. In /boot/loader.conf.local, I set: kern.cam.boot_delay=10000 And in /boot/device.hints, I see the below: # $FreeBSD: src/sys/amd64/conf/GENERIC.hints,v 1.21.2.1.4.1 2010/06/14 02:09:06 kensmith Exp $ hint.fdc.0.at="isa" hint.fdc.0.port="0x3F0" hint.fdc.0.irq="6" hint.fdc.0.drq="2" hint.fd.0.at="fdc0" hint.fd.0.drive="0" hint.fd.1.at="fdc0" hint.fd.1.drive="1" hint.atkbdc.0.at="isa" hint.atkbdc.0.port="0x060" hint.atkbd.0.at="atkbdc" hint.atkbd.0.irq="1" hint.psm.0.at="atkbdc" hint.psm.0.irq="12" hint.sc.0.at="isa" hint.sc.0.flags="0x100" hint.uart.0.at="isa" hint.uart.0.port="0x3F8" hint.uart.0.flags="0x10" hint.uart.0.irq="4" hint.uart.1.at="isa" hint.uart.1.port="0x2F8" hint.uart.1.irq="3" hint.ppc.0.at="isa" hint.ppc.0.irq="7" hint.atrtc.0.at="isa" hint.atrtc.0.port="0x70" hint.atrtc.0.irq="8" PS : Just found that I forgot to give sufficient info for my config, very sorry as I was making a few posts and did not aware they aren't connected. The router is using Intel G530, with NIC = 82579V+82574L.

If this is the setup you want, then yes pfsense will do the job wan1–---| wan2-----|-----pfsense----webserver wan3---- att, Marcello Coutinho

Just an update. The traffic from OPT1(192.168.300.0/24) gets NATed correctly on the WAN port of the bridge (191.168.100.252) and I can ping and access anything in the 192.168.100 network, including the gateway (192.168.100.254), but no traffic is getting to the internet despite having a rule that specifically allows traffic from 191.168.100.252. Updated 2: [SOLVED!] For some reason, the default route to the gateway 192.168.0.254 was not in the routing tables of the pfSense bridge box despite being selected in the WAN interface settings as such. So I just went in the gateway page, clicked the edit button, left it unchanged and the clicked OK. That added the default route back and everything started working.

Thx ;)

@wallabybob: I'm not sure if this answers your question: If I recall correctly pfSense will update a dynamic DNS registration on 25 days since last registration. I confirm. /etc/inc/dyndns.class - lines 811-875 - function _detectChange() will return 'true' if A new IP WAN is found 25 days passed without IP WAN change The IP WAN update is being called for the first time … What I didn't discover is where and how often dyndns.class is being called to do the checking. But: I have proof that the checking is done at least ones a day: I found it in my (and your) system log file: .. Mar 8 01:01:00 php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. .. Mar 7 12:00:00 php: : phpDynDNS: No change in my IP address and/or 25 days has not passed. Not updating dynamic DNS entry. .. The update from 12 AM was triggered after a WAN IP change - the one at 01:01 was triggered by (some kind of daily check). Conclusion: the forced update after 25 days when your IP doesn't change should work. edit: Stupid me. /etc/crontab .. 1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update .. So, every 01:01 the WAN IP is checked …

I just realised that what i am having problems with is that squid and lightsquid are installed but for some reason, squid will not start.  If i remove squid and then install again, will all the old cache and logs still be there?  i really dont want to lose the last couple months of usage that i see in the lightsquid logs

we will run the tests soon, the reason we are doing this is to get rid of the Cisco and their licensing terms. Cisco is in the most cases waste of the money when we are talking about Firewall, its cheaper to invest in "monster" server one time fee and run a monster firewall with no such a limitation as VLANS, VPNs etc… as the Cisco is selling a VLANS as it where a "milk" for example IPSEC plus license for Cisco ASA 5505 20 vlans limit ? what a f***** the VLAN is nothing new and there is absolute no reason to make the licenses on vlans which is the primary factor in the networking, this is just as example, but there is another "licenses" features that should be included in the firewall when we purchase it but no, they sell the hardware, features just everything is limited, so not any more... Tom

jimp, yes that was the problem… I tried with Firefox and no problem. Then I tried Chrome in incognito mode so it doesn't use previous caches and it works too... Thanks!