I try to ping google.com from Pfsense shall and pinging failed.

@jimp: Is there a specific reason you feel that you need to add 250+ IP alias VIPs on the firewall? What problem are you attempting to solve? Odds are there is a much easier way to accomplish the same goal. That's a good point as well. Many times if you're trying to do that, you're doing it wrong.

Last 0 Firewall Log Entries. (Maximum 50) No logs to display original ipv6 is fe80::

Somehow  that rule is very confused. It has an IPv6 gateway but is passing to an IPv4 address. Looks like it's an automatic NAT rule though. I'd check the settings on the WAN interface (gateways selected), plus look at the NAT rule in question and its associated firewall rule.

System>Packages, uninstall it.

Because your WAN's reconnecting or renewing every 10 minutes. "IP change or dynamic WAN reconnection" Guessing you probably have a DHCP WAN with a 20 minute lease time. If that's the case it's not anything to worry about.

Okay, thanks.

So, this is my LAN firewall rules and these are my Outbound NAT rules. I set DNS servers for each gateway under System>General settings. However, when I put them in place and disable the default LAN to all rules I get no connectivity on both the file server (101) and my PC which should fall under the next rule, correct? Edit: This was the guide I used.

The block the support guys use is out of Austin (shared between our office and Austin colocation), the updates and much of the other file hosting is out of NYI in NJ. So no, the same netblock can't be used for both. Point taken on support access though, it's something we've talked about making a package or similar to help accommodate. That may be something that comes in the future.

Use an alias that contains all the possible IPs. Shouldn't be a big deal.

As to running multiple ssid with different vlans.  While this might be possible with something like openwrt or dd-wrt on your old router yours going to use as just AP.  If I recall the vlan support on these devices were dependent on the chipset and not all of the routers that run wrt support the vlans. If you really want to run vlans for your wifi I would suggest you go with real AP with this support, the unifi stuff is quite home budget friendly and support up to 4 different ssids per radio and very easy to setup for vlans on your different ssids.  The new AC lite model is only $89 while the pro model is only $149..  I have 3 of these in my house, the lite, the lr and the pro of the new AC line.  I run 3 different ssids all on diffferent networks.  My normal wifi which is eap-tls for auth (my devices like laptops, ipads, phones all use this), my psk network for devices that do not support eap-tls like my nest thermostat, my harmony hub, nest protect, rokustick, etc.  And then your typical other psk authed network that is for my guests. The unifi AP bring to the table band steering to put your devices on either 2.4 or 5 with the same ssid, they also support Air Time fairness and just recently enabled the DFS channels for 5ghz band so lots and lots of channels available depending on your clients support for these networks.  The free controller software you can run also brings lots of insight into your wifi network, what clients are connected to what AP, what speeds they are connected at, errors, bandwidth used, etc. etc. These wifi networks are all firewalled via pfsense and have varied access into my other networks. As to blocking ads, yeah pfblocker package makes this pretty simple to do. As to openvpn, yeah this is few clicks of the wizard to setup on pfsense, I vpn into my home network pretty much every day from work.  And yup there is a openvpn app for both ios and android devices that is clickity clickity to use.

https://forum.pfsense.org/index.php?topic=113750.0

And in post https://forum.pfsense.org/index.php?topic=114205.0 everything works in 2.3.1

@dyox: Hi, guys My question is: How PFSense "knows" my Internet speed? For example, I have a 50MBps Internet link, which is attached to my PFSense on a 1GBps Lan Port. How it "knows" that the link is 50MB and not 1GB? Did I have to set it, if so, where? This question is related to Load Balance. This is the Link Priority explanation: "The priority selected here defines in what order failover and balancing of links will be done. Multiple links of the same priority will balance connections until all links in the priority will be exhausted. If all links in a priority level are exhausted then the next available link(s) in the next priority level will be used." If PFSense don't figure it out that the link is 50MB, it'll never be exhausted and the Load Balance will not work. It doesn't know Load Balancing When two gateways are on the same tier, they will load balance. This means that on a per-connection basis, connections are routed over each WAN in a round-robin manner. If any gateway on the same tier goes down, it is removed from use and the other gateways on the tier continue to operate normally.

Dude how did it the drawing you create do it by default??  Yes I understand the switch sets those as excluded my point was that there is no point in showing that on your drawing because it is a GIVEN!!!  That all other vlans are excluded. As to harm, I don't know do you count a performance hit as harm? File sharing your talking about p2p? Torrents? So your putting in proxy and blocking all other access to the internet that does not go through the proxy?  Just installing squid doesn't stop all the other access.. [image: drawingexcluded.jpg] [image: drawingexcluded.jpg_thumb]