@torontob: 1- I want to know how the backup can be triggered? Would OS boot automatically fall to the second partition if the first fails? 2- Would it be by simply choosing option 2 at boot time? 3- What is the way to set the mirror as the default at start-up? 4- Are the configurations copied between the two mirrors as a system is built? If not, really this other partition is useless and waste of space isn't it? Since, it's probably much more cleaner and might take the same time to re-image the whole thing anyhow. you have to choose it at boot time. yes Diag>Nanobsd there is one shared config partition. It's primarily if you want to upgrade one and have the option to revert back to the previous version. (with caveats for drastically different versions, like 1.2.3 vs. 2.0, where the configs aren't compatible)

Just remove it. Without the % it logs to just normal plain text files. Be aware, you will have to monitor the logs and either rotate them manually or setup an automated process.

First hit on pfSense irc on Google, also found one click off of the pfSense home page.

You may need multiple overrides for variations of the domain. ( like example.com and www.example.com )

Virtual IPs are exactly what you want to use.  Consider implementing 1:1 NAT for your servers which means the virtual IP addresses will live on the WAN interface of your pfSense box and each unique IP will be NAT'd to the specific server you want to give access to.  Depending on the security stance of your network, it would be a good idea to consider putting your Internet facing devices in your OPT1 network and implementing firewall rules to limit their access into your LAN.

It would be better to assign your second static IP as a VIP on WAN, and then use 1:1 NAT to associate it with your internal server. If you only had that server on a segment, you could bridge it to WAN and assign it directly, but that isn't advisable (or workable) if you have other items on LAN that are privately numbered which need NAT applied.

Unless you are assigning those DNS servers directly to clients in those subnets with DHCP, it can't be done in that way. The DNS forwarder can't pick and choose which upstream server to use for clients in that way.

Thank you :)

Complexity is also the enemy of security (and reliability). If the guy needs a file server, why should he be forced to use three OSes (bare metal and two VMs), a hypervisor, some virtualised networking between the VMs, and beefier (and therefore hotter) hardware to do it, when he could just use a puny box, one OS, and the firewall and file server directly within it? I guess someone thought that about FreeSWITCH (great feature!) at some point, too. Just pointing out that there are two sides to the coin, and sometimes different answers for different needs.

Aha, you have a logical point. I will try setting OpenDNS on the DHCPd server as the DNS servers and see what happens …

So how do I modify or add a custom dhcp config?

see this post for a patched apinger, version 1.2.3 apinger not working: exit in log, no apinger process with "ps -A", and status for load-balancer without any change (marked down) but connection (both wan and vpn) working. My question now would be: How can I check for apinger periodicallly and have it restart if necessary, or even force kill and restart ? (any shellcmd or similar to insert in the configuration?) pfSense is going to be used in branch office for double wan, and double openvpn between main and branch office (16M ADSL on main office, 2 x 6M ADSL on branch office). Present setup is using 2 NAT routers to split my poor and only 1M ADSL in order to have 2 WANs for pfSense. During testing apinger exits from time to time, one example: Dec 23 09:39:46 kernel: pid 2031 (apinger), uid 65534: exited on signal 6 Dec 23 09:39:46 apinger: Target "10.2.1.2": Received packets buffer: ########################.......................### #################### Dec 23 09:39:46 apinger: Target "10.2.1.2": Lost packet count mismatch (6(recently_lost) != 23(really_lost))!

@torontob: No interest for anyone to take the project for $4000 or because people who committed were not willing to wait longer? Thanks A little of column A and a little of column B.  Doing this project even remotely correctly would involve several thousand hours worth of effort at least and I doubt many developers with the requisite skill set would want to go to all that effort and then try to chase down money from all those different people.  Ultimately, the bounty was retired due to non interest as per the rules of the bounty forum.

Ya, I ask my friend he also do it the same, just act it like server he said. About ping, let's forget it =.=

For the d-link, you are double natting, which I dont like as it can and does break things. I would recommend disabling the DHCP server on the d-link and plug the pfsense cable that was going into the dlinks wan into its lan, after setting a static LAN IP on the router thats in the same subnet as the interface its plugging into. For the rules, I would make the opt rule the same as the LAN rule (if its not working) Otherwise it looks fine to me.

well, i dont know whats causing it but the graphs on the home page are correct, but the rrd graphs are incorrect. The WAN graph is graphing everything (VPN, WAN traffic etc) while the respective graph is empty. Is there a way to fix it without doing a reinstall?