I managed to get it working today by using a different pxelinux.0 program…. Don't know how I used the wrong one, but I'm glad it's sorted.

Dpinger would not appear in that service list. Couple of things you can do: 1) go to the gateway edit page (System / Routing / Gateways / Edit), scroll to the bottom and press save. See if you get any configuration errors; 2) Go to your gateway log (Status / System / Logs / System / Gateways) and check for error messages from dpinger itself.

Test ok  ;D

Yeah, that all occurred to me, yet I still turned off squid transparent proxy, even though I knew it shouldn't affect HTTPS traffic, and to be honest, I actually didn't expect moving my ethernet connection from the pfSense box to the original router to make a difference, yet it did. Anyway mystery (mostly) solved after stepping back and looking at the packet captures more closely. The PDF file is hosted on an Amazon CloudFront content delivery network. It turns out that I was downloading the PDF from different servers depending on which device I was using as a router. Not too surprising in retrospect, since different DNS resolvers could have different answers in their cache. I think what really threw me (apart from sitting at my computer for too many hours straight), was that curl always downloaded the correct content even when I was connected through my new pfSense installation. For whatever reason, curl on OS X was getting the 'good' IP consistently, while the browsers consistently used the 'bad' IP that matched what I would get when using dig against the pfSense resolver. In any case, my confidence is restored in my new installation, and I guess I'm just going to have to live with  curl vs. browser DNS resolution mystery.

Hey.. Just wanted to say thanks for the replies. What I did was nothing to our network. I did gather up all the devices and for the short term I added a password to everything that didn't. I put time and hour management on his bedroom PC for his homework and anything more he needs to ask me to authorize the extra time. I also got rid of any Minecraft books and action figures he had. This takes care of the immediate access he had. Additionally, this is his 3rd year riding a motorbike and since he was outgrowing the Yamaha TTR50 we purchased a larger TTR110 for him. Yeah he is spoiled but its not like that… much anyways.  ::) The only way he gets to ride and do martial arts, etc is if his daily chores get done and his school work remains good, which it has! What the new bike does is rejuvenates his enjoyment and takes the focus from Minecraft back to something else. Its been 3 weeks now and this past week I've heard him mention Minecraft once in the last 7 or 8 days. Another 3 to 4 weeks and the habit of Minecraft should be pretty much gone. This past weekend we started working on his very own jump and obstacle course in the backyard as well allowing him to work on new skills more often then just one the weekends. Different methods of distraction while keeping his mind and body going.  ;D

Avoid ShitTek NICs. Problem solved.

@ryanrowe: I like pfSense, but I'd be quicker using it if the web ui had integrated search: I'd like to be able to search through the settings to find which categories contain a keyword, e.g. for ntp or time or users. If you've ever used a mac, there is a feature like this for searching through menu items in the current application. Thanks. Hello, I would also like to have the search feature implemented in the pfSense web gui. I would also like to offer my help in developing it. I just need a hint on where to start. If I clone the github repository and do a pull request would it be ok? For the menu only I already see a simple solution using jquery: parse the DOM and extract the text from all elements with the class "navlnk". What do you think?

We've started from scratch with a different name (NRDM) and though we don't have any published road map, it is progressing well. Contact sales@netgate.com and someone should be able to get you a little more info.

Wanted to at least reply and thank you for the info. I am on an extended trip and will not be back home to try the suggestions out for a while. Once I do get back, I will give it a shot and post back here.

@johnpoz: Yes isolate them to their own vlans..  Limit what they can do into your other networks, limit what they can do outbound to the internet.  And most likely not allow any unsolicited inbound.. For example if you have camera's and you want to to view them while your remote.. VPN into pfsense and view them that way. You most likely will also want to log any outbound traffic they might be doing and you allow.  Or even what you are blocking - why is that camera trying to talk to an IP in china for example. You may want to create different vlans for different types of iot devices, etc..  Comes down to what exact iot devices your installing.. And what their connectivity needs are.  If you wanting say camera's to upload video to the cloud - prob want to lock that down to only allow them access to the official networks for that, etc. Pfsense is great for doing this..  But you will most likely want vlan capable switches and wifi so that you can isolate both wired devices and wifi devices to their own vlans. Thanks for the detailed response Johnpoz! Echoed a few things I had heard and read, which I will be applying. I will post an update of the set up once I get all the devices figured out. Like you pointed out it all comes down tot he exact devices being installed, so i'm going to finalize those first but my security cameras are the ones I want to pay the most attention to, especially because of some of their default plug and play features.

I assume your LTE antenna comes with a LTE modem/router which is what you referred to as 192.168.0.1, correct? And your pfSense router was issued an IP of 192.168.0.2 from DHCP from that LTE modem/router, correct? And you placed the pfSense router in the LTE modem/router's DMZ? You tried to ping from the LTE modem/router to the pfSense's WAN/192.168.0.2? Be a little more clear please.

not much feedback :/