I'm checking this out more. As we have the export option in the certmanager but it seems that pfsense shows all certificates when you bound the Certificates Page as provilege to the user. It would be nice if you can add the certs to the user and show only these in the certmanager. Anyone some extra information ?

@cluelessvictory: I have ipv6 disabled on pfsense. It doesn't disable anything. Read the checkbox description. The only thing is does is blocking IPv6. If you don''t want the logs spammed, then either allow it, or create a rule to block it without logging.

@malcmail: I presume that still allows the LAN clients to access anything on OPT1? Sure, you always filter what is coming IN on a specific interface. What's coming from your LAN is OUT on Opt1 interface. If you wanted to filter that it would be on the LAN rules tab. @malcmail: If I want to open one item (a printer) to OPT1 users I presume I canset up an allow rule before the deny rule to allow OPT1 net to access 192.168.1.{printer] (clearly with a number instead). Exactly.

Thanks that seems to work description xxx.xxx.xxx.xxx/x description 2 xxx.xxx.xxx.xxx/x xxx.xxx.xxx.xxx/x

Its easy to see quickly your rules if on their own interfaces.  To be honest easier to setup as well for source and destination. Floating rules make sense if you need to do outbound rules.  Or you need some rule that is common that applies to all interfaces sure, floating rules apply before rules on the interface. And with you using aliases and not posting the details of those it makes it very difficult to make heads or tails of your rules.

I managed to get it working today by using a different pxelinux.0 program…. Don't know how I used the wrong one, but I'm glad it's sorted.

Dpinger would not appear in that service list. Couple of things you can do: 1) go to the gateway edit page (System / Routing / Gateways / Edit), scroll to the bottom and press save. See if you get any configuration errors; 2) Go to your gateway log (Status / System / Logs / System / Gateways) and check for error messages from dpinger itself.

Test ok  ;D

Yeah, that all occurred to me, yet I still turned off squid transparent proxy, even though I knew it shouldn't affect HTTPS traffic, and to be honest, I actually didn't expect moving my ethernet connection from the pfSense box to the original router to make a difference, yet it did. Anyway mystery (mostly) solved after stepping back and looking at the packet captures more closely. The PDF file is hosted on an Amazon CloudFront content delivery network. It turns out that I was downloading the PDF from different servers depending on which device I was using as a router. Not too surprising in retrospect, since different DNS resolvers could have different answers in their cache. I think what really threw me (apart from sitting at my computer for too many hours straight), was that curl always downloaded the correct content even when I was connected through my new pfSense installation. For whatever reason, curl on OS X was getting the 'good' IP consistently, while the browsers consistently used the 'bad' IP that matched what I would get when using dig against the pfSense resolver. In any case, my confidence is restored in my new installation, and I guess I'm just going to have to live with  curl vs. browser DNS resolution mystery.

Hey.. Just wanted to say thanks for the replies. What I did was nothing to our network. I did gather up all the devices and for the short term I added a password to everything that didn't. I put time and hour management on his bedroom PC for his homework and anything more he needs to ask me to authorize the extra time. I also got rid of any Minecraft books and action figures he had. This takes care of the immediate access he had. Additionally, this is his 3rd year riding a motorbike and since he was outgrowing the Yamaha TTR50 we purchased a larger TTR110 for him. Yeah he is spoiled but its not like that… much anyways.  ::) The only way he gets to ride and do martial arts, etc is if his daily chores get done and his school work remains good, which it has! What the new bike does is rejuvenates his enjoyment and takes the focus from Minecraft back to something else. Its been 3 weeks now and this past week I've heard him mention Minecraft once in the last 7 or 8 days. Another 3 to 4 weeks and the habit of Minecraft should be pretty much gone. This past weekend we started working on his very own jump and obstacle course in the backyard as well allowing him to work on new skills more often then just one the weekends. Different methods of distraction while keeping his mind and body going.  ;D

Avoid ShitTek NICs. Problem solved.