@jimp: Sounds like this: http://redmine.pfsense.org/issues/1572 It's been fixed in 2.0.1 (pending release) and 2.1. https://github.com/bsdperimeter/pfsense/commit/0389f03498994dbdaf47543a325b58d14b1cdbab Thanks for the heads up on this fix. I applied this fix manually and now I am able to spoof without it going into a loop. Thanks!!

yes, both has sync options.

@waiyan.pickme: Hello everyone …. I used pfSense as gateway and connected 18 clients over switch .... no package installed ... pfSense 2.0 (release) (i386) ... Unfortunately since start using of pfSense, the client computer's network become unplugged randomly .... I don't know why ... is that because of pfSense .. ? Is there any options to solve that ... ? When client became unplugged, it can't reconnect by unplug the cable and replug it .... It has to shutdown and also need to close UPS ... (no power to client computer) and then it back again .... I don't know how to solve and that's the main major problem for me ...... P.S --- I already changed switch but it's still happen like that ....... **ံHello everyone, sorry that it's take too long to respond …. , I've got an answer and now everything working fine with pfSense except the pfSense pre-version (before released) was crashed once ... The problem for network cable unplugged was because of Symantec Endpoint Protection Small Business Edition 11.0 .... I don't know the details but after reinstalling all computer with MS Essential and now everything fine ... but we found out the problem before that .... Thanks for everyone who gave me the opinions .... I appreciate that ..... !!**   ;)

@jimp: mdima - yes I got it, haven't had a chance to look it over in detail. I'm not familiar with that port/package so I'm not sure what options can really be used in it, probably best to keep that in a separate thread on here. ok, sorry for the OT!

Use virtual IP to assign a second public IP address to the WAN. I don't know much about VIPs so I can't help you with the details. Turn on advanced outbound NAT and you'll see a bunch of auto-generated NAT rules. For those sourced from the vlan, change the NAT address to the VIP.

Yeah I try not to judge only on release time, especially given how long pfSense has historically gone between releases :-) You might try adding a bounty to see if there is any interest in someone putting together a package there.

And to make it even easier, you can use gitsync to pull the code in without grabbing files from github by hand. http://doc.pfsense.org/index.php/Updating_pfSense_code_between_snapshots

For those who were interested: Changing the <ports>setting inside the XML to the proper interface was the solution (as i assumed before).</ports>

What happened? What did you try? I'd be surprised if FitPC had implemented some other watchdog, why would they when there is already one built into the chipset? Steve

You have to configure the external DNS IPs from Open DNS on every computer. You can do it using DHCP configuration on those clients.

No, never heard of either, I will look into them, thanks for the tip!

@torontob: Hi everyone, While back, I setup traffic shaping on a router to allow dedicated Bandwidth to Phones. After a month of being in service, the pfsense router started slugging. The Data subnet would not allow any data to go through because there was a huge Queue for traffic shaping. This happened over time and not all a sudden which makes me believe there was something wrong with my config and the environment. So, I had to restart and get rid of the traffic shapper. Now, I need to put Traffic Shaping in again but I don't want to face the same problem. If anyone has experience with this please guide me. Thanks I am facing the same issue. Any help in this regard would be appreciated, thanks! :)

Hi guys. Thanks for the replies. After stepping away for a while and coming back I made a discovery. I ran packet traces on both the trust and untrust side. On the untrust I immediately noticed something. The 172.30.2.10 address was being seen on the outside. I jumped back into my NAT settings and noticed I "fat-fingered" an ip address. I can't tell you how many times I checked these settings, but apparently I glossed over it repeatedly. Sorry about that. Thanks again for the replies!

Hmm, OK. Because you are not using pfSense for DNS things get confusing. I assume you can access the server from outside your network? And you are using URLs to do so? You may have to restart the pfSense box before the NAT reflection starts to operate or reset the state table in Diagnostics: States: Reset States. Steve

myxir, As for your first problem I'm not sure, I created a test user and assigned him the admin group and was able to login to the admin page just fine. Maybe the test user is disabled? As for your second problem: When using LDAP I've found that you cannot control or assign groups rights within pfSense. You are using LDAP against your DC (im assuming and that you are using RADIUS) and therefore your DC is going to take care of any permissions. If you want your pfSense to manage the users/groups you will need to manually create each user/group. I may be wrong but this is what I've found. Overall what is your goal? Are you simply trying to setup VPN and authenticate users against Active Directory?

If you're using ESXi you will need to create a new virtual NIC and assign the physical WAN NIC to a new virtual NIC. Once done you will then want to add another NIC to the VM, and select the WAN NIC. Hope that makes sense

that did it! thank you again

Setup squid and run a proxy, this will give you the info you want. Lightsquid is the package you want; High perfomance web proxy report. Requires squid HTTP proxy.

It's ok with multi-WAN, not ok with server load balancer.

I also advice you to look for Mikrotik solutions - it's proprietary linux-based routers, but they are damn good, and level6 Mikrotik software license are free for their own hardware. Although, again, I have to tell you, that both Mikrotik and pfSense will be overkill in your case - netgear 3700v2 will cover all your needs until you will become something like to Google!  ::)