And you could do all that with a nat as well..

That crash appears to be in ZFS disk i/o. It could be a filesystem problem or it could be a disk/hardware issue

All that done, it works now, but I may have configured wrong. Regarding NAT configuration (Firewall > NAT > Outbound), mine was set to "Automatic outbound NAT rule generation (IPsec passthrough included)". This was its default configuration, I had never touched it. All what it did had been generated automatically. It contained three pairs of rules (total 6 rules), related respectively to the 127.0.0.0 /8 source (whatever that may be) and my two VLANS. Then, the instruction was to add a new outbound NAT rule. Specifically: (1) switch to "Manual outbound NAT" ; (2) create the ModemAccess new outbound NAT rule ; (3) save. Now, my Firewall > NAT > Outbound configuration is set to "Manual Outbound NAT rule generation (AON - Advanced Outbound NAT)". The screen shot below shows that I have now my original 6 automated rules plus the one that I manually added. I still do not know the role of the initial 6 automated rules and would be perfectly unable to determine when this set of rules would need to be changed. For that reason, it seems to me I would be better off switching now to "Hybrid Outbound NAT rule generation (Automatic Outbound NAT + rules below)", thus preserving the one manual rule that I created, the former 6 automated rules that were formerly generated automatically, plus any additions (or changes) to my initial 6 automated rules. To which extent is my thinking wrong ? Any advice on this would be welcome. TIA. [image: 2018-02-22_OutboundNATrules.png] [image: 2018-02-22_OutboundNATrules.png_thumb]

https://forum.pfsense.org/index.php?board=60.0

I personally have been using the dns resolver/forwarder blackholeing in combination with a dns NAT rule to force all DNS requests to be resolved locally.

Helo all I've found the Problem. It wasn't on the pfsense. It was a DOS-Prevention on a Zyxel Switch. admins

@johnpoz: Now once your device always is 192.168.1.X you can setup a firewall rule per a schedule that allows them to only use the internet when you want.  You will need to make sure the states are reset when you do this or any current connections they have open would continue to work until that state expired on its own or they closed the connection.. Can show an example of this if need be… Many thanks. Yes, an example of how-to, including resetting the states, would be highly appreciated!

Great, guess I'll try my hand at shell scripts.

The laptop will connect when it's on the lan and the ras server lan ip is used, this is what leads me to believe it's PFsense.

To see the configuration of the kernel your firewall is running, use this command: sysctl kern.conftxt

No.  WOL requires a specific Ethernet frame, not IP packet.  So, it will not pass through an IPSec VPN.  The best you could do is use the smart phone to trigger something on the network to send that frame. https://en.wikipedia.org/wiki/Wake-on-LAN

What you want, can only be achieved with a proxy. To make it less complicated, configure your web server to (also) listen to http://xyz.com. Then set the host override with "xyz.com" in the Host box and only "192.168.100.76" in the IP Address field.

Thanks for the reply, but how to do this?

Thanks, Derelict, I will have a look at their service offerings

Squid/squidguard forum. Go there and post your current config, any error messages, etc.

Thank you Derelict. I will search there and other online sellers. Doug

And again: https://doc.pfsense.org/index.php/PPTP_VPN What are you not understanding that PPTP is broken, insecure, should not be used, and there are limitations in the pf firewall that prevent multiple connections from the inside to the same address on the outside? If PPTP is what you require, you should probably use another firewall.