No bridging going on, but it looks like I might have had a breakthrough. As per my previous thread, we are replacing our linux gateways. So far the pfsense and linux gateway have been active at the same time on one particular vlan. As soon as we disable on or the other gateway, the network stabilizes. There is only one dhcp server on the troublesome vlan. I'm not quite sure what is going on, but at least I have a starting point.

Do you mean, your DHCP server is not pfSense … its on your VLAN. And clients on WIFI dont get an IP adress? You have to setup extra rules for that kind of traffic. IMHO it*s not enough to allow ANY to ANY ... Yes, you have heard right! You have to set a extra rule for this ... dont know exactly, but search for bridge and dhcp in the forum. There is a thread which is explaining the issue.

Yesterday the pfsense box went back to dropping all packets on trunk interfaces, even though the card was in promisc. The only thing we did that could have upset it was to unplug its trunk port for a while, however repeated tests do not seem to cause the problem. A reboot brought it back to full functionality. Evidently, there must be some bugs in the kernel network code - but as long as I can't figure out how to reliably reproduce the problem, there's a very low chance of it getting fixed. (Although maybe if the the network developers fixed the trunk+custom-mac+promisc problem they'd stumble across the cause of this other problem :) In any case, I'm brand new to the pfsense/bsd world. (I'm heavily familiar with networking at the packet header level and Linux, so I understand the general concepts) Does anyone have advice for me? Is this a bug that can likely be fixed by the wonderful volunteers who write BSD kernel drivers, or am I pretty much stuck, especially so long as I can't easily reproduce the problem? I really do need to use custom mac addresses and vlan interfaces together, and it certainly wouldn't do to have a router that arbitrarily stops passing traffic for an unknown reason :-) Thanks a million! ~Jesse

@Nachtfalke: If the range ist 192.168.100.100 - 192.168.100.200 then assign static addresses to 192.168.100.201+ and create a firewall rule which blocks traffic for these source IP addresses. That's both obvious, and brilliant! I really should of thought of that  :-[ Thanks for the suggestion.

Welcome to the forum!  :) Don't try to do everything at once. A lot of new users come from another firewall or router and they try to replicate all the functionality of that in one go. Then when things don't quite go to plan it can be much harder to find the problem. Start with the most basic setup you can and then, when you're happy with that, add more complex configuration one step at a time. Steve

@pf2.0nyc: Are you running multiple WAN or any type of load balance? Nope i found solution it has been problem with ADSL line and some https traffic.

Sooo… I guess I got plans for the weekend: Reinstalling pfsense! =P

Was a network card issue as far as I can tell. With new boxes - no loss, however I haven't tried with the onboard broadcom cards (which was what I was partly using before). The reason for the carp is if either of the routers falls over - plus it means we can upgrade one and have the other running happily. We do have a 2nd ISP, but no IP range with them…. it was never setup correctly in the past and I'm doubtful of it happening now - too much chance of knocking everything offline by accident.

@jimp: You'll need to grab the commits here (or make changes manually), seems there is a bit of an issue with how things were laid out. https://github.com/pfsense/pfsense/commit/54d1a165d500225547337ddba7aa10e7e5f79c98 https://github.com/pfsense/pfsense/commit/07c49a3698ab458ea7ad8c0501d394c09e48dc60 Works Perfect ! thanks

The next version of pfSense will be based on FreeBSD 9.X and hence will have those drivers. That's some way down the road however.  ::) Steve

YIPPI! After setting up WAN2 and another reboot, WAN1 works as it should! So this topic can be closed! Thanks!

fetch -o /etc/inc/auth.inc https://raw.github.com/bsdperimeter/pfsense/RELENG_2_0_0/etc/inc/auth.inc (Assuming you're on 2.0-RELEASE)

@hec: Do i need for every service like smtp, imap,… an own ip address? I don't have so much ips to waste them. No. You can have on ip for many services.

It logs some things to the system logs, and things like config changes are tracked in the configs themselves, you can see a list of those under Diagnostics > Backup/Restore, on the Config History tab.

Unless your NAS can act as a syslog server, then no. Periodic copies of logs would not be ideal for many reasons, the main one being that you can't guarantee you'd capture all events between copies because they could scroll out of the clog file.