@Codeman20400: so i've changed some things about…specifically, the AP is now directly connected to the OPT1 interface with a 192.168.2.0 subnet, and clients can connect and be assigned an IP...how should i adjust to give these clients web access? and there was no bridging taking place before -edit: It lives! must have been pure luck that it worked before...i changed my AP back to the LAN, leaving OPT1 active, but disconnected...and otherwise my network has risen from its own ashes...Thanks and huzzah! anytime! Glad you got it working

I have seen someone attach three NICs to the same WAN switch to attempt this, but it did not work well over time. It may function, but it can be quirky. Only one interface in the subnet will have a link route, so traffic may enter one NIC and leave another.

Thanks Jimp. Again, I appreciate your time looking into it.

Thank you both for clarifying  !

@johnpoz: And what are these AP.. support of multiple SSIDs does not always mean they support vlan tagging of the SSID if your using what amounts to a user wifi router as AP, etc.. As to procedural help for you d-link switches.. Your going to be better off RTFM for your switch or via dlink forums, etc.  What is the make and model of these switches?  Maybe someone uses them. Here is a example drawing I did up for another user that PM about their network.. This should help as an overview. So in this example pfsense has 3 interfaces used on the "local" side of pfsense. Lan and VPN would be two layer 2 networks (vlans on the switch - not in pfsense) Where the switch would isolate this traffic but its not tagged.  While the wlan interface in this drawing has a native untagged network just like lan and vpn, it also does vlan tagging on that interface and handles your wifi tagged ssid based vlans. So in a wired network you can do tagged or untagged "vlans" with wifi your going to have to do tagging of the vlans.  This is can be confusing to new vlan users. In the example there are 2 switches, this can be expanded to as many switches as you have, etc.  The term "trunk" here reflects the cisco use of the term to man a port that carries tagged vlans.  The color coding of the ports reflects what the native vlan of that port is, etc. This is pretty good overall example of how in a very simple network how you could isolate different networks from each other some tagged and others untagged "vlans"  So in pfsense you would have setup of interface of wlan, and then on top of that physical interface you would create the "vlans" for your wifi networks. Hope that helps. In our PFSense , we just have to cards , LAN & WAN.under the LAN interface as the parent I have created a sub interface for the guest vlan, logically…. will this work or is it advisable to add one extra NIC card on the pfsense machine, and this extra NIC card i configure it to serve new Guest VLAN i intend to create

Thanks for the reply! I have used the official port off of the NUT website. It is the one that has no GUI.

There is a pre-made pfELK virtual machine you could try: https://www.reddit.com/r/PFSENSE/comments/4dymci/i_made_a_simple_bare_bones_simple_elk_vm_for/

thank you, it works ! good job :)

It sounds like I need to turn packet filtering back on and make some rules. Thanks…Jim

Somehow I missed that yesterday! Thanks. Unfortunately there are no interfaces displayed in the GUI or using ifconfig.

@tazzler: @Panja: What did you end up with? Are you living with decreased https-performance? I ended up changing the ports. I could not live with the decreased speed.

Confirmed. Bug report filed: https://redmine.pfsense.org/issues/6676 Fix pull request submitted: https://github.com/pfsense/pfsense/pull/3089 Thanks for reporting this bug.

Given what you describe, either you will need one interface per network or you will need switch with VLAN support. "home Wifi" means that you will connect your wifi access point to your home LAN, that's it… if you don't want to isolate wifi network. However, depending on your location, you should think about isolating wifi from "home LAN". Well, it depends on what you have on your home LAN but risk is higher with wifi than cable to have some unwanted connection. you could also implement WPA2-enterprise with Radius for authentication so that wifi access is under better control. Anyway, whatever solution you select, keep in mid that merging LAN and Wifi might not be a very good idea. With either VLAN or real NIC, you will isolate "server LAN" and "home LAN" with FW in the middle so yes, you can control which IP is authorized to access your "server LAN". Traffic redirection to your Apache servers is not clear to me. Do you mean internal traffic from home LAN to server LAN or traffic from internet to internal Apache servers. Are you sure you have 2 different domains here? (why not but I suspect you mix-up "domain" and fqdn In any case, pfSense DNS feature should be used only for internal devices. If you need to resolve internal services exposed to internet, do this using external (public) DNS.

Sweet and simple! Thank you :)