Adding this pointer to the FAQ since this thread comes up high in Google results. http://doc.pfsense.org/index.php/Can_I_sell_pfSense

Or setup a VPN so you have secure access to anything internal. OpenVPN, IPsec, PPTP, etc.

wallabybob, Ill give 1.2.3 a go and tell u how it goes. tnx

You probably should have the Windows Server/primary domain controller, behind the firewall, become the primary DNS server for the entire LAN. Configure the Windows DNS to get its DNS info from a valid server on the Internet. Then have your pfSense box get its DNS from that Windows Server, and no other. That way your pfSense box will have the same DNS info as the primary domain controller.

Thanks for the reply. I won't have the need to use all the 65k ports but want to give my users all the options as I assign them public IP addresses. However, yes there will be multiple HTTP servers which will have conflicting ports. I never explored 1:1 NAT. Would that disable my AON which actually makes my OpenVPN to run properly. Is NAT 1:1 for inbound only? or also effects outbound. Some general details about it would be great asset. Thanks

In order for that to happen, something has to be passing broadcast traffic between those two interfaces. The most common cause would be that both LAN and OPT1 are plugged into the same switch, or the same VLAN on managed switch(es). If both interfaces are properly segregated into different broadcast domains, DHCP traffic cannot bleed over.

Thanks for all your assistance. Much appreciated!

Hey! kern.timecounter.hardware=TSC in /etc/sysctl.conf resolved my problem. :D Thank You!!! Wikont

Watch that they're probably reporting different things.  You want high RAM usage because otherwise it's wasted.  You'll see the difference if you run the top command

Maybe your states table is getting full.  You could try increasing the size. (somewhere in system: advanced, I think)  That hardware should definitely be able to handle a lot higher than the default size.

This appears to be related to an almost 5 year old snapshot, moving off the 2.0 board. Douglas879: Upgrade.

Yes, it's definitely hardware. I replaced it with another computer (after doing a thorough RAM test on the new box), and now the first one won't even boot anymore. It looks like I got it just in time.

I'd be more worried about running 1.2-RELEASE than a zombie process. You should really be on at least 1.2.3-RELEASE.

You can install the dns server package and have the same functionality, yes, but the design philosophy of pfDNS was to be used standalone as an appliance, not a firewall/router. You could always have the same functionality (moreso on 2.0 since it can run OK with a single NIC) it was just more of a prepackaged setup.