You can just assign those machines the open dns ip addresses the rest could reach another dns server, skipping the policy's. Ok its not the best professional option, but it would still work?

@stephenw10:

It's in the drop down menu on the updater settings tab. Probably safest to just select it from there but they are, for current release:
For 32bit

Steve

OK, now I feel like an idiot…  of course thats where they are.  Duly noted, changed and backed up.
Thanks again,
Rick

Cheers Steve!

If you want to retain em0's original address but still use spoofing for PPPoE, I guess a workaround would be to create a bridge interface first with the desired MAC address and then create a new PPPoE connection over that (if pfSense allows it).

Otherwise just changing em0's address works.

@riversr54:

The one thing that has me stumped though is why I can't even ping it…does that make sense for the default configuration for the second LAN default settings?

That's normal. By default everything is blocked. That includes ICMP. The only exception to this is DHCP traffic if you have it enabled on the interface.

Steve

It is not a vulnerability, it's a limitation in the user manager. If you don't want someone to change another user's password, don't give them the ability to manage users.

Lol what Steve said

I could be wrong! And correct me someone please. But personally the easiest way to do what your doing is introducing Ldap so users can auth to active directly and change their passwords in there own windows environment

Sorry if iv miss read. Are you using VMware workstation? What version? Id personally say its something to do with the virtual machine. Can you try maybe installing open vm tools as a 3rd party package? Just an idea….

Can i also add pfsense works amazing on VMware. And as a virtual machine you can chop the 1tb down and its amazing!

Squid and Squid Guard are amazing! But the easiest stress free option is to use OpenDNS.com! Go on that! your love it!

You should have your DD-wrt box setup as an access point only so:
Disable DHCP on the dd-wrt box.
Enable DHCP on the pfSense OPT1 interface.
Set the dd-wrt box to a static IP in the OPT1 subnet so you can access it later.
Connect the ethernet cable from the pfSense OPT1 interface to one of the dd-wrt LAN ports.
Add firewall rules to the pfSense OPT1 interface to allow traffic from the wireless clients to your server.

Steve

resolved by doing the following, create vlan, and then adds the vlan vlan physical interface that was craiada, eg RE0, re0_vlan1 a bridge, then asymp interface creates another interface, opt2 eg, ai the interface will be connected to interface bridge0 eg, there went all the normal traffic.


That actually lands you in a special table. The place you'd need to clear is under Diagnostics > Tables, "virusprot" I believe.

Remove the record from that table and you should be able to send packets again, or just wait for the entry to timeout (takes a couple hours)

Thank-You very much Jimp for the very prompt reply. You relieved a lot of stress. Briefly I built a server and mail system mostly for my children on the East Coast and I was using a WRT54G router with DD-WRT and a pgm called WallWatcher to monitor port probes and the like. Someone turned me on to pfSense and I am just starting to learn this stuff for an old man in my mid 60's.
    Again, thanks an awful lot for the help.

QinQ sounds interesting, can't clearly tell if it will work.

I'm running Supermicro X7SPA-HF in a M350 chassis,
I haven't see a compatible riser card / IO Panel so a third nic isn't in the cards.
Currently have em0/em1 dedicated to the modems and LAN via a USB adapter which is very dirty.

wallabybob's #2 looks to be the only solid option at this point.