Or keep it the way you have it now. Unless you are doing some type of storage service on pfSense, you will never use up the 128GB. What I recommend for other folks is; get a smaller hard drive, like 16GB or 32GB, heck 8GB will do fine if you are doing basic firewall filter. As a basic user, using128GB, most of your 100GB disk space is sitting doing nothing.

In case it is relevant, Disable hardware checksum offload Disable hardware TCP segmentation offload Disable hardware large receive offload are all ticked in System > Advanced > Networking.

It seems like the built in one is sufficient other than time ranges.  Is it really so difficult to allow this to be customized?

Other than the OP I don't think anyone else thinks its uploading anything Harvy66 ;) With you here - is noise, and unless there is something wrong with it and its spewing such packets at some crazy rate its going to be minuscule amount of traffic that would go nowhere beyond the layer 2 its currently on.

bump … .any help please!

IGMP Proxy could be your pitfall. Which version IGMP do you need, and something special like v3 with SSM or so? That's what you need for German Telekom's IP-TV (T-Entertain) which pfSense fails to deliver, considering it a niche only.

That would of been a source nat anyway since you were natting to the opt interface and not your actual wan (internet) interface.. What exactly where you trying to test?

Figured it out.  I just needed to make it a server cert, not a user cert.  Chrome is happy now.

You can add specific DHCP options using the 'Additional BOOTP/DHCP Options' in the DHCP config page (Services/DHCP Server/LAN). To specify TFTP servers by MAC addresses you can create a static mapping for that MAC in DHCP and use the Advanced field in the TFTP heading.

The point was just that the speed between wan, pfsense, ap and wireless client was good.

If you do not want an IP in the same network as another IP talking to each other. If you don't want 192.168.101.20 to talk to 192.168.101.21 then put a firewall on .21 and block .20 Or run private vlans on your switches.  Or as mention break out these devices to different vlans and firewall at pfsense.  As mentioned already by NogBadTheBad pfsense has nothing to do with devices on the same network taking to each other.

you said it ;)  I wouldn't go freaking near that domain even if you did manage to resolve it to something.. Clearly they do not have clue one..  Why would you hide your name behind a privacy domain if your such a big company?  Make's zero sense - be like google.com being behind a privacy domain, or microsoft, yahoo, etc.

thx, for your quick reply, I will try out your suggestion and see if it actually works.

Hi JimPhreak, I have a very similar problem: I switched the VLans from my OPT Port to the LAN Port and DHCP stopped broadcasting. Do you remember how you fixed that problem? To specify what I did: I have 4 Ports that were working just fine before I made the changes. Before: sk0 (WAN): Default Wan Port sk1 (Opt1): Used for my first Backup WAN. sk2 (Opt2): Connecting to my managed switch to connect my APs that have 3 VLans (Appx (10), Mobiles (20), Guests(99)). sk3 (Lan): Backdoor for recovery. After: sk0 (WAN): -no changes- sk1 (Opt1): -no changes- sk2 (Opt2): Now a WAN Port for my Backup UMTS. sk3 (LAN): Now Lan + the 3 VLans. After I made the changes the Backup UMTS works, and every Client that hat an IP before also worked. Users that had not connected in a while or renewed their lease could not get an IP from the DHCP. What I tested: DHCPd Server is running and was restarted (aswell as the whole box). Deactivated the LAN Interface so only the 3 VLans would be on the sk3 Port. Plugged in a cable from a PC directly in LAN and a Port of the Switch that worked before. Any ideas what else to test? Here is my Interfaces config with a few comments: <interfaces><wan><enable><if>sk0</if> <blockpriv><blockbogons><ipaddr>dhcp</ipaddr> <dhcphostname><alias-address><alias-subnet>32</alias-subnet> <dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path><spoofmac></spoofmac></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></alias-address></dhcphostname></blockbogons></blockpriv></enable></wan> <lan><if>sk3</if> <alias-address>192.168.178.197</alias-address> <alias-subnet>32</alias-subnet> <spoofmac><enable><ipaddr>10.0.1.254</ipaddr> <subnet>24</subnet></enable></spoofmac></lan> <opt1><if>sk3_vlan20</if> <enable><spoofmac><ipaddr>10.0.20.254</ipaddr> <subnet>24</subnet></spoofmac></enable></opt1> <opt2><if>sk3_vlan99</if> <enable><ipaddr>10.0.99.254</ipaddr> <subnet>24</subnet> <spoofmac></spoofmac></enable></opt2> <opt3><if>ovpnc1</if> <spoofmac><enable><blockpriv><blockbogons><alias-address><alias-subnet>32</alias-subnet></alias-address></blockbogons></blockpriv></enable></spoofmac></opt3> <opt4><if>sk3_vlan10</if> <enable><ipaddr>10.0.10.254</ipaddr> <subnet>24</subnet> <spoofmac></spoofmac></enable></opt4> <opt5><if>sk2</if> <enable><spoofmac><blockpriv><blockbogons><ipaddr>dhcp</ipaddr> <dhcphostname><alias-address><alias-subnet>32</alias-subnet> <dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></alias-address></dhcphostname></blockbogons></blockpriv></spoofmac></enable></opt5> <opt6><if>sk1</if> <enable><alias-address>10.0.30.58</alias-address> <alias-subnet>24</alias-subnet> <spoofmac><ipaddr>dhcp</ipaddr> <dhcphostname><dhcprejectfrom><adv_dhcp_pt_timeout><adv_dhcp_pt_retry><adv_dhcp_pt_select_timeout><adv_dhcp_pt_reboot><adv_dhcp_pt_backoff_cutoff><adv_dhcp_pt_initial_interval><adv_dhcp_pt_values>SavedCfg</adv_dhcp_pt_values> <adv_dhcp_send_options><adv_dhcp_request_options><adv_dhcp_required_options><adv_dhcp_option_modifiers><adv_dhcp_config_advanced><adv_dhcp_config_file_override><adv_dhcp_config_file_override_path></adv_dhcp_config_file_override_path></adv_dhcp_config_file_override></adv_dhcp_config_advanced></adv_dhcp_option_modifiers></adv_dhcp_required_options></adv_dhcp_request_options></adv_dhcp_send_options></adv_dhcp_pt_initial_interval></adv_dhcp_pt_backoff_cutoff></adv_dhcp_pt_reboot></adv_dhcp_pt_select_timeout></adv_dhcp_pt_retry></adv_dhcp_pt_timeout></dhcprejectfrom></dhcphostname></spoofmac></enable></opt6></interfaces> DHCP Config <dhcpd><opt1><range><from>10.0.20.1</from> <to>10.0.20.253</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt1> <opt2><range><from>10.0.99.1</from> <to>10.0.99.250</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt2> <opt4><range><from>10.0.10.20</from> <to>10.0.10.250</to></range> <enable><failover_peerip><defaultleasetime><maxleasetime><netmask><gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></netmask></maxleasetime></defaultleasetime></failover_peerip></enable></opt4> <lan><range><from>10.0.1.10</from> <to>10.0.1.250</to></range> <failover_peerip><defaultleasetime><maxleasetime><netmask></netmask> <gateway><domain>appx</domain> <domainsearchlist><ddnsdomain><ddnsdomainprimary><ddnsdomainkeyname><ddnsdomainkey><mac_allow><mac_deny><tftp><ldap><nextserver><filename><filename32><filename64><rootpath><numberoptions><dhcpleaseinlocaltime></dhcpleaseinlocaltime> <enable></enable></numberoptions></rootpath></filename64></filename32></filename></nextserver></ldap></tftp></mac_deny></mac_allow></ddnsdomainkey></ddnsdomainkeyname></ddnsdomainprimary></ddnsdomain></domainsearchlist></gateway></maxleasetime></defaultleasetime></failover_peerip></lan></dhcpd>

Could be as simple as this : most 'real' NAS have "apps". My Synology disk-station has one : it's swallowing the "syslog" records from my pfSense just fine.

Definitely not in the attic. Put it in the utility room or on a shelf in the closet if you must. Install pfSense. Set a port as WAN and one as LAN on the pfSense box. Connect your switch to pfSense LAN port. Then connect your RT-66N to the switch so it is an extension of the same LAN. You will plug your cable into a LAN port on the RT-66N and turn off the DHCP server on the RT-66N. The pfSense box will be the only DHCP server for your install issuing an ip to all clients connected via cable to the switch or via WIFI through the RT-66N. See: https://doc.pfsense.org/index.php/Use_an_existing_wireless_router_with_pfSense Plug the NAS into the switch with all your other clients. To set up PIA VPN see: https://www.privateinternetaccess.com/pages/client-support/pfsense That should get in the ballpark.

Thank you so much!