These are all owned (/22,/23,/24,/26) network blocks and a pair of Cisco routers are going BGP in front of the HA Pix. The end result is to replace the aging HA Pix with a pair of CARP pfsense and migrate the Pix rules into pfsense. I know how to setup CARP and pretty much everything with the pfsense…except question is how to convert some of the NAT rules. I have already started on a lot of the aliases and rules, because of the number of networks and ip addresses involved, setting up single 1-1 rules is not ideal, hence the question about entire network block 1-1 NAT.

One problem per thread.  This thread was about Enforce Google Safesearch.  Since you have solved that problem, move on to a new thread with a new title that reflects your problem.

Hey, could you share your rules with me? I've been trying over and over but I cant get this to work.

https://doc.pfsense.org/index.php/2.3_Removed_Packages Sarg - deprecated in favor of lightsquid

Well what is your budget or what is your needs?  Go with the PRO, if your needing to pinch pennies go for the Lite.  I am assuming you would go AC, if not they do have cheaper N models still. https://www.ubnt.com/unifi/unifi-ap-ac-pro/ If you have money burning a hole in your pocket, and budget is not really a concern I would prob go with something from aerohive to be honest.. http://www.aerohive.com/products/access-points/ap550.html But it retails for $1400 vs the unifi ac-pro you can get for $130 ;)

What are the settings you are using in System / Advanced / Notifications / E-Mail?

PFsense CP with pass-through is another solution but flexibility of cumulative time usage the issue.

Assuming you're talking about OpenVPN. Sure. It would take some config to get the policy routing right but you could have clients of OpenVPN Remote Access server one use OpenVPN service 1 and clients of OpenVPN Remote Access server 2 use OpenVPN service 2.

@kpa: How is the DLNA service supposed to be advertised, mDNS or something else? If it's not using mDNS the Avahi package is not going to help. Yes, using mDNS, with these settings: [image: index.php?action=dlattach;topic=120158.0;attach=89718;image] I'm happy to provide and specific info if you wanna know more. I just don't know where else to look. -San [image: mDns.jpg] [image: mDns.jpg_thumb]

HAproxy can also do this…...not sure which is better/more suited to this task (Squid vs HAproxy)

@KOM: Anything in /var/log/nginx-error.log? tail /var/log/nginx-error.log produced this: I noticed that I can still use the webconfig as long as I dont visit the dashboard. I think I broke the widgets haha 2016/10/29 05:24:14 [error] 59307#100175: *106 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.103, server: , request: "GET /getstats.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "http://192.168.0.1/" 2016/10/29 12:31:23 [error] 59541#100285: *243 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.79, server: , request: "GET / HTTP/1.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket" 2016/10/29 13:22:58 [error] 59541#100285: *245 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.103, server: , request: "GET /widgets/widgets/thermal_sensors.widget.php?getThermalSensorsData=11477707597287 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "http://192.168.0.1/" 2016/10/29 13:22:58 [error] 59541#100285: *247 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.103, server: , request: "GET /getstats.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "http://192.168.0.1/" 2016/10/29 13:22:58 [error] 59541#100285: *249 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.103, server: , request: "GET /widgets/widgets/ntp_status.widget.php?updateme=yes HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "http://192.168.0.1/" 2016/10/29 13:22:58 [error] 59541#100285: *251 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.103, server: , request: "GET /widgets/widgets/log.widget.php?lastsawtime=1477676679 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "http://192.168.0.1/" 2016/10/29 13:22:58 [error] 59541#100285: *253 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.103, server: , request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "http://192.168.0.1/" 2016/10/29 13:22:58 [error] 59541#100285: *255 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.103, server: , request: "GET /ifstats.php?if=em0 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket", host: "192.168.0.1", referrer: "http://192.168.0.1/graph.php?ifnum=opt1&ifname=AP&timeint=2&initdelay=6" 2016/10/29 13:39:39 [error] 59541#100285: *271 upstream timed out (60: Operation timed out) while reading response header from upstream, client: 192.168.0.79, server: , request: "GET / HTTP/1.0", upstream: "fastcgi://unix:/var/run/php-fpm.socket" 2016/10/29 15:43:14 [crit] 46634#100346: *1 connect() to unix:/var/run/php-fpm.socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.0.3, server: , request: "GET /system_advanced_admin.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm.socket:", host: "192.168.0.1" Cheers.

.: Update #2 - SOLVED :. Ok, after running the packet capture I found that I was dropping my tcp packets for some reason. Googling lead me to this; https://doc.pfsense.org/index.php/Lost_Traffic_/_Packets_Disappear I do in fact have a Realtek card I am routing this through. After making these changes… Internet worked as it should.

I have a 2220 in my home setting, just between a DSL-cable modem/router and a D-link 24p managed switch. (modem just as a modem, double NAT until I bridge my modem…) Now 1.5 years, and not a single problem. For me it was a starter-thing just to experiment and learn with, whitch was, and still is. And it only consumes less than 10 W. Verry happy with it. But if you've got a high wan-bandwith >200 Mbps (fiber e.g.), maybe you've better look for an more sophisticated version.

@gibbers82: … i don't have time to migrate everything... Have you considered using the professional services offered from pfSense/Netgate? https://www.pfsense.org/our-services/#professional-services They are there for you, for exactly these reasons. To get you started ASAP.

Pretty much by having a backup of the config ready to go. Other than that it seems like you managed pretty well.