Why don't you just make a VLAN for your various clients and leave all your servers on the .150?  You could create a .149 or .148 and segregate your clients into those networks.  This is safer anyway, as it adds another layer of control over what type of traffic can traverse over into your server network.  In addition, your Windows clients are probably nicely flooding that network with NetBIOS traffic if your not running a WINS server, better to segregate them to their own broadcast domain anyway.

pfSense already supports a number of Dynamic DNS providers including DynDNS so the DynDNS support could probably be fairly easily replicated to support CloudFlare.
pfSense also DNS-O-matic which can issue updates to a number of different Dynamic DNS providers and their web page (http://www.dnsomatic.com) indicated they are open to support more. Why not talk with them about supporting CloudFlare Dynamic DNS?

It is a custom build of FreeBSD+extra packages. Custom kernel, lots of changes.

So it's a stand-alone distribution, it is not something that is an "add-on" to FreeBSD in that kind of sense.

Should be fixed now

Hello;

I had my host header set to the external IP address.

Once I setup a host header for my internal lan address, the site loaded fine.

So thanks for the help its all working now.

If you have those wifi APs setup just as access points you won't see them since they are layer 2 devices (like a switch).

Is it possible that the restriction you are seeing is due to the wifi connection and just happens to be around the same speed as your WAN? Remember that the actual throughput across a wifi link is far slower than the claimed connection speed.

Steve

Due to the system log 500 kbyte limit and there was one reboot so there is nothing in the logs anymore. The config history has nothing stored before the issue. I think it is too late for troubleshooting. Next time i will check these things asap. Thanks anyway!

@pethead:

I just got the pfsense book for version 1.2.3 haven't seen anyone for 2.0?

There is not yet a book for pfSense 2.0

@marcelloc:

you will need to nat ports 80,443, and 21 on wan interface to dmz ip.

See Section 7.2 (page 130) of pfSense book for a lengthier discussion of Port Forwards and how to create appropriate rules.

@wallabybob:

@w00t:

However, wouldn't it be possible to write a startupscript that put the interface in promisc mode on startup? :)

Yes. However I expect it would be rather quicker for me to configure a bridge as suggested, check the interface is in promiscuous mode, reboot, check the interface is in promiscuous mode than it would be to write the script, work out how to invoke it safely, reboot, check it gets invoked correctly and not too early in the startup, check it won't get overwritten by a firmware upgrade etc.  Hence I would try the bridge idea first and have the startup script as a fall back. Also the bridge idea gets backed up with the configuration file, the startup script probably doesn't.

Good point.

http://forum.pfsense.org/index.php/topic,42039.0.html

thanks for that.

Regarding the other points would it be best if I used a secondary machine to handle
Freeradius and daloradius as the AAA interface ?

@stephenw10.
SOLVED.
VLAN190 Subnet…. not address.
THanks.

For the client export, + will probably break it as it's handled in JS. It probably needs some extra code to escape or encode the whole thing. I thought it was already doing that, but I may have been thinking of a different field.

I tried the extra interface method last night. Rather than messing with rules, I just added the vigor as the default gateway for that extra NIC and it worked fine.

The config backup/restore functionality (Diagnostics->Backup/Restore) lets you backup and restore only certain aspects of the configuration.
Hope that helps.

An extra physical interface is definitely the right way to do it.  :)
I wasn't referring to VLANs though.

Steve

Thanks very much for the link and I'm sorry to ask stupid questions:

I found the patches but not the script to apply all of them. Also found this file, which looks like the config:

pfsense-tools / builder_scripts / conf / pfSense.8

…but I'm not sure if the config is split into several files as there are more files containing device and options lines. acpi is not included in that particular file so in that case it looks like the problem code is not compiled in but is a module after all. I did see the "device acpi" line in the pfsense_wrap.8.i386 file, but that's for embedded, right?

Can someone quickly go through the procedure to patch the 8.1 generic source and apply the complete config before building?

Many thanks

@chenZ:

Dear all, can i use my netgear router as wireless interface?

Do you mean as an accesspoint?
@chenZ:

Or hw can i use my router to boardcast the wifi signal n use pdsense to do session management.

Thx, in the mean time, let me try to add a wifi interface in VMware.

This part i didn't understand

Think of a VLAN as a physical LAN without extra cable.
So what you're saying is exactly right, create lan1 & lan2 using separate physical media or virtualize it. Then add firewall rules for connection, as traffic between separate lan:s need to go through a router.

The benefits of VLAN:s are several, to mention a few:

You don't have to get extra equipment for every lan - a vlan-capable switch can handle multiple lan:s. You can add clients to a specific vlan in several ways, for instance: Ports 1-4 on switch are vlan2, ports 5,8 & 12 are vlan3 etc. Create a vlan based on clients mac-adress You can have a VLAN with clients in Rome, New York, Berlin whereever