No reason why it wouldn't work..  Only that the traffic to LAN (vlan 10) routes back through the pfsense. A separate card plugged into the switch wouldn't need to be vlan configured and internal network traffic won't need to route through the pfsense vm (lesser load and rules to set).

Right on. Thanks for the input. Interesting note, the previous net admin at work took a quad core xeon w/ 4GB ram and purposed it as an iptables firewall/gateway.  I don't understand why, maybe he had plans to make that machine take on other duties such as backing up or something… i dunno.  Seems like I will just re-purpose  it as something else and throw together a p4 w/ 512 to take on firewall duties. Now that I think about it the other gateway is a quad core xeon with 2GB. Wtf.

pfSense is designed to be a firewall/router and that's it.  People occasionally want to install the kitchen sink on it, which is not recommended.  If you want a general purpose server, set it up separately from pfSense inside your LAN. You'll find that working with pfSense is very easy as all the functionality you'll need to access is configurable from the WebGUI.  There will be no need to do any command line work.  Also, no need to run a RAID array on your firewall.  Simply keep a copy of your config.xml some place safe and if the drive fails, slap a fresh installed pfSense drive into the box, restore your config and life will be shiny and new again.

from the lan side try to ping a system on the internet via ip address.  For example ping 8.8.8.8(this is one of googles piblic dns servers).  This will tell us whether it is a dns problem or something else.

Had to reboot the system to get my logs working. What I did stopped the logs generating for everything. Not sure what I messed up.

You have to install Squid (and ideally SquidGuard) to do that.  I use that setup and it works well.

Thank you for the replies. I did do the things you suggested. It turned out I had two firewall rules for the DMZ. One allowed all TCP traffic. Another allowed all ICMP traffic. Of course, DNS uses UDP. I added UDP to the list of allowed traffic, and DNS worked great. Then I had trouble with Windows Update (Microsoft Update). At that point, I just allowed all protocols, and now that works, too. I'm in the process of figuring out the virtual IPs, and that seems to be working. Thanks a lot!

We'd really need a lot more information.  Nothing you've posted gives any indication of malicious activity or supports your theory.  The IP you posted is a transit IP range internal to APNIC, which clouds the issues further. Exactly what makes you think your network was under attack?

I got it, they changed the IP address from what they use to have. One day a few weeks ago it stopped letting us in. Last night I did a trace route  and the IP came up as different then what I had. I put the new IP in the SNORT: white list and it works. Now everyone can stop yelling at me and I can go back to reading their email.

http://forum.m0n0.ch/index.php/topic,2199.15.html Follow this guide maybe it helps. Beaware that igmproxy isalready in pfSense and is a patched version for working better.

ok, What I forgot to mention is, I'm anticipating the change of our internet line, and might need a decent firewall instead of routers installed now. And I like the package approach of pfsense. is it possible to use pfsense now as squid/squidgard, and after use is a firewall/router ? My main problem is that I cannot setup pfsense as a NATrouter for the moment, but I'd like to force traffic from workstations to go through pfsense to filter/av/monitor what's going on my network. is that possible ? Any hint from where to start ?

jimp, thanks, that is all I was looking for, a simple estimate or basic idea other than when its ready. I must say, this must be a big deal. I don't ever remember at anytime pfsense has not had at least some sort of new beta or RC every other month, so pushing into over a year must mean this new version is going to be somewhat different. I personally have not looked at the 2.0 betas or anything, but if we see an RC by the end of the year that would be awsome. Maybe the RC can be the 2010 Christmas present such as 2.0 going into beta in 2009 ;) Thanks again for your reply.

I can't really say how to fix your ISP issue, it may be a DNS issue, use Google's DNS instead, 8.8.8.8 / 8.8.4.4. Disabling bogons may also help.