@BlueToast: Alright, it works now. For anyone else that has the same or similar situation… Make sure you have the right CIDR. This fixed my problem. You don't have to add your static IP for WAN to the Virtual IPs page. You can have the two boxes at the bottom of WAN interface page (for bogon networks and private networks) checked/enabled. You don't have to add an entry to NAT 1:1 with your Static IP Subnet <-> LAN Subnet. Thanks for the update and glad to see you got it! Good Luck!

Marty, Post a couple screen shots of your static route page and your LAN firewall rules for a starting point. From what you explain the .0/LAN interface and the .1 static routed network are on two different physical switchs??They are not vlan setups through a  switch?  Do you have both of these subnets running off of one physical nic on the pfSense box? Which of the two subnets are the actual servers residing in? Sounds like you are getting 'one way communication' (randomly.?) If you enable logging on your lan firewall rules after lots of eye squinting you will probably being able to see what ports are not talking both directions. This would make sense why pings are A-OK. Barry

@nbben: To access it, I'd simply set my local PCs network settings accordingly. Details please. @nbben: However, as soon as it's plugged into the switch, all inbound/outbound traffic on the network stops. Please elaborate: All traffic from all PC's you modified but not traffic from PCs you didn't modify? All traffic from existing connections? Pings by hostname? pings by IP address? traffic originating in the pfSense box connected to the Internet? Was the pfSense box connected to the Internet still running normally? Did it report anything significant on the console or any of the logs? etc

No. You could give those static allocations in your DHCP configuration, but that's about as close as you'll get.

it depends on whom initiated the SYN

Sure- Off to a service call I go…    :)

I have just discovered this in my Belkin node (not to give it a type of network device, as I find that just A confuses you the most lol). But I came across this when using my Belkin router (as a router as it where). In connection type (ultimately what would be for the Internet right?) Usually when I go for virgin media's connection it will always be dynamic, but wouldnt it be static if it was using the dhcp server from my new gateway with pf sense controlling it? Therefore, if I go into that and set these: To enter your Static IP settings, type in your information below and click "Apply changes". More Info IP Address > . . . Subnet Mask > . . . ISP Gateway Address > What would I put in the above fields? Might just work, if I think about this logically. Just wanted to give this at least 1 more stab just to see if I can get this working, dont want to fork out extra money and find out I could have done this with what I already have, save some money so to speak. Any helps appreciated. Jeremy

@jimp: You could always install the shellcmd package and put a shellcmd in that runs the command you want, then it would happen at bootup. Not "easy", but the answer I was looking fore. Thanks

The needed libraries and binaries should be on 2.0 for handling ZFS. I haven't tried it, but the experimental web installer (for 2.1+) is on the system and can create ZFS filesystems last I heard.

@wallabybob: @jahonix: It is never a good idea to use tagged and untagged traffic on the same IF. I support this comment. I think there are a number of possible ambiguities in mixing tagged and untagged traffic on the same interface. ….... Also, the bridge man page says bridge member interfaces need to have the same MTU. I haven't looked into this, but its possible your VLAN2 interface will have an MTU 4 bytes less than the LAN interface MTU (to account for the 4 byte VLAN tag). Thanks for the link I have read the page and have a much better understanding of how pfsense bridges now. As you say it's a bad idea to mix tagged and non tagged on the same IF so as I said a few posts ago I did try adding an extra nic with the same result….. That does leave the MTU that could be the reason so I will have to research it! Thanks for the tip!

ok thanks…..then i have to wait for a stable release of pfsense 2

Thank you very much

Thank's for your posts!

My bad, it's 1.2.3. The WAN interface did indeed have an IP/netmask/gateway and DNS servers.  I found out what the problem was, though - my dad said he "didn't like" that the "numbers" (IP addresses) weren't the same as the old router, and changed the LAN and wireless interfaces to the same IP/netmask. Problem solved, password changed. ::)

I think I get what you are saying here.  So i just move the wireless routers to 192.168.2.0/24 so all of the clients that connect see that subnet.  I setup the CP for that subnet only and everyone who comes in on it gets redirected to the portal….right?  But the trusted clients I can somehow have them passthrough the firewall by MAC or IP (i'd rather do mac). Now the hard part.  i'll bumbble around and see about setting up the passthrough thing.  As for the new subnet...do I need to change the mask for EVERYONE on the whole network to 255.255.254.0 to allow for that new range? or do I go to 255.255.0.0?  As I said earlier, I'm not a network guy...sorry for the dumb question.

Sorry guys, my fault. Works fine. Next time I shouldn't be so quick to post a thread like this without testing it outside of the network itself first. ;o

Likely the RRD graphs.

This limitation should no longer be present in the pfSense 2.0 beta snapshots. Give them a try.