And, for quick and dirty log searches, you can exclude multiple patterns with filters like this: !pattern1|pattern2 This works in any field such as !80|443 in destination port. And there's always clog /var/log/filter.log | grep any_regex_you_want There's a link to PCRE docs on the log filter page if you're feeling randy.

Search for "router on a stick". Basic idea is to use a VLAN capable switch and use VLANs as WAN and LAN (or even more as OPT) interfaces.

Well I waited all night because I didn't want to fiddle with an cron reboot edit via ssh and was getting late. Not something I do regularly. So had to reboot the router during AM business hours.  Had no choice.  Now I know a non-disruptive solution and what "not" to do to begin with. Thanks again…

Having nothing in the DHCP log suggests nothing is making it to the DHCP server. The packet capture shows it's making it to that box at least. Check Diag>States, filter for 255.255.255.255, and make sure you're seeing that UDP port 67 traffic there when there is a device making a DHCP request on OPT1. If it is, try restarting the DHCP Server service under Status>Services (though I can't think of any reason that'd be necessary), or reboot.

That is exactly how you do it.  You will want to make sure you have your username / password for the PPPoE account handy.  I forgot to jot it down before I reconfigured my Q1000 and had to make a call to CentruryLink.  Once I had the login info, it took less than 5 minutes to get everything up and running. I've had my Q1000 playing nice with PfSense for quite a while now.  You should be quite happy once it's setup!

"Expert" is subjective.  Depends on your needs. I agree with previous poster. You should just post your needs. Some of them them may be outside of what pfsense does - or not.

so you want users using pfsense as their dns to resolve host.example.org to 192.168.1.99 that is a simple host override in either the forwarder or resolver depending on which one your using. if you want example.org you could do that to with example being the host and org being the domain - see attached screenshot of my resolver overrides, and then my queries for them to pfsense. The higher response times are because I am via vpn connection to my home network, that has to bounce off proxy in texas, then back to chicagoland while I am in chicagoland. [image: overrides.png] [image: overrides.png_thumb]

@muswellhillbilly: @chris4916: Technical solution to your concern with proxy configuration client side is WPAD  8) Or use a proxy.pac file for the same purpose (auto client configuration). We use this at my office (230 users) and it works fine. To be more accurate: this is not WPAD or proxy.pac WPAD does nothing more than providing in a (more or less) standard way access to… proxy.pac WPAD RFC (unfortunately still draft as far as I know) describes how to push to devices information that will permit to load an use proxy.pac file

I applied the tweaks mentioned here to my Pi and it has really improved the stability of the time system on my pfSense box. I will be trying a newer version of the Pi than my very old v1 to see if that improves the USB - Ethernet delay. The left side scale (+1 to -1 ms) is showing all the items except the Disp. The Disp is on the left side (+5 to +40 ms) scale. The disp is still high enough that if it is shown on the same scale it swamps the other data. [image: ntp-chart-june-16-16.png] [image: ntp-chart-june-16-16.png_thumb]

If you're not up to the latest version, there were some past issues with no Internet connectivity and the update checking tying up all of PHP which killed the GUI.

https://blog.pfsense.org/?p=2090

sudo route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.1 works like a charm so apparently pfsense2 receives the packets returning from 192.168.1.23 and cannot send them to the pfsense1 although a lan to lan full allowing rule is in place not nice but efficient :-) also I use a config pusher so in case of more machines I can still push that rule (I guess, gonna check that out) thanks for your wonderfull support everyone

https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense Or if you prefer video tutorials: https://www.youtube.com/watch?v=28dmUzOGI50

Thank you!

yes /27 in a firewall would match those IPs..  If your network was actually a /24 and you used 10.11.193.0/27 in a firewall rule - that rule would trigger on IP .1 to 31 If you used .32/27 it would trigger on .32 to .63, etc..  Yes you can use cidr in your firewall rules and they can be subnets of your actual network..  So sure if you always set your infrastructure IPs .1 to .31 on that network then you could use x.x.x.0/27 as a firewall rule to trigger on those IPs This is very common practice to use specific IPs in a segment for specific sorts of things, which then yes makes creating firewall rules that match on those IPs easy to do with cidr..  Depends on the location but many will reserve the first part of a new IP range for static and the end as well.  And only use the middle ranges for normal dynamic clients in that segment, etc. If you break at common subnet blocks then yes it makes easy to write firewall rules based on those borders.

In 2.3 and newer versions, the update system is pkg-based, changing the available update methods. Upgrades are performed either under System > Update in the webGUI, or option 13 at the console. Manual updates are no longer available, and systems must be Internet-connected to update. https://doc.pfsense.org/index.php/Firmware_Updates#Version_2.3_and_newer

Ok well this work first enable watchdog and select the services to notifice late go to System – Advance -- Notifications and in E-Mail put your direction and this is all. done.

Thanks this work for me too.