Well i don't know what was the problem, but i re-establish the whole "/etc/" from the pfsense install CD. and it worked…
:o

@Nachtfalke:

Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ?

Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ?

Maybe not a good idea to post the rules here?

But I don't have any rule on my WebGUI port.

@tim.mcmanus:

Silly question:  Are you testing it from inside your LAN?  I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN.  Took me about an hour to figure it out.  I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion).

I was testing from a proxy. Confirmed now on 3G I can't access it.

Solved.

Turns out Ooma was spoofing my PC's address.  I'm not a networks expert, but it doesn't seem right to me to have this setting be the default.

When changing out network cables, Ooma was disconnected from power for over 12hrs, I'm thinking the device reset itself to factory configuration.

Thanks all for your comments.

To heavy1metal, I thought it would be possible to force via Group Policy something that gives LAN connections priority over WiFi connections when a cable is connected, however I do not see where this is, can you point me in the right direction please?  I have 2008 R2 DC's.

By the way, no users are admins, so they cannot change settings to their NIC's without the admin login, so setting up a bridge etc is very unlikely.

Related to this, let's say, your office is in range of a completely separate, unsecured WiFi network, let's say a cafe or a shop.  Your users connect their laptops to this.  They also connect the the LAN by cable.  Surely this presents a problem then?  There must be a way around this scenario.

Resolved by installing i386 version.

Perfect, I just figured this out. The system plays the startup chime, so I know when it's booted.

Press #2 (Set Interface(s) IP Address)

Press #2 (LAN)

Type 192.168.1.2

Press ENTER

Type 24 (CIDR)

Press ENTER

Press n (Do you want to enable the DHCP Server on LAN? y|n)

press n (Do you want to revert to HTTP as the webConfigurator protocol? y|n)

Press ENTER to confirm

Should be back at main menu.

VPNs / tunnels would create more hassle then solve, you'd end up getting calls from parents on what's wrong and you end up providing at home support.

If you setup a proxy, I'd personally suggest having a separate box / virtual machine to handle it, since it can be compromised / attacked / overloaded. But a proxy would be the easiest solution.

Apple has an enterprise utility where you can create profiles for iDevices, you'd then just email or create a website for you or the kids to click and install the profile. Within the profile you can set and lock in proxy settings.

I'm sure you have an iPad (to support it, gotta have one), hopefully you have some time to sandbox it and iron out any issues.

Yeah, I have seen others with this issue involving captive portal, but as I stated above I only have lusca-cache, squidguard, and the widescreen packages installed.
I've never even used captive portal. If there is nothing to worry about that is fine, I just wasn't sure if this was a side effect of the upgrade to 2.0.3 or if there was
something else going on malware related, or something similar on the network.

Thanks for the ideas.

I may format my pfsense box and start from scratch, I have a few other tests I can try.

Not sure if you can have a VLAN on the interface outside of the LAGG, that's probably up to the switch more than anything.

You can have VLANs on LAGG interfaces just like any other interface, just add them under Interfaces > (assign) on the VLANs tab. Once you have the LAGG interface defined, it shows up as a choice for a VLAN parent.

Hrm… must be a problem with my chrome then. I'm not going to stress over it as my Fire Fox works fine. Just thought maybe it was a bug.

It did cost me some time troubleshooting thinking it was pfsense's fault, or a problem with the hardware in the pfsense box.

2.1 development has been significantly longer than some because of the introduction of IPv6. A massive task! Although 1.2.3 - 2.0 was not quick.  ;)

Steve

@stephenw10:

Probably something at BT's end. If you are on their entry level tier (option 1) they may have switched you to CGN (carrier grade NAT) which could have caused some issues somewhere.
http://www.thinkbroadband.com/news/5818-bt-retail-in-carrier-grade-nat-pilot.html

Steve

Thanks mate but I highly doubt it was something to do with BT.

I am on their business service with a static IP and for them to compromise their service that they provide to me would be a pretty big mistrust issue.

I think it was something to do with how the firewall was treating packets and the fact that the firewall had just been running for a couple of hours.

Thanks! I will just wait for the next snapshot then. :)

"But I have explicit rules to allow pfSense:22 and it works fine -"

on your vlan2?  Again without seeing your rules I can not even guess to what your issue(s) are or are not.