Hi guys,    I made a mistake and somehow enabled pf scrubbing that caused all this problems. It is all solved and now working smoothly. I want to apologize for all these confusion. Tks and grateful for all the help Eric P.S.   How do I mark this as solved? If you can please mark as solved thank you.

The way I'm proceeding is: Have a live CD burned with the ISO of pfSense. Back up the config file via the web interface. If the machine crashes and burns, reinstall from the live CD. Then restore the settings (config file) via web interface. If you have added different NIC drivers than what is included at some point, maybe you back those up and document the steps to reinstall those.

OK, thank you very much, Best Regards,

Perhaps this will help you. http://www.pantz.org/software/tcpip/subnetchart.html

Two firewalls cannot share the same IP…..But different IP's over the same physical wire, is possible.

thanks for the reply. I am running the latest version and just loaded up squid. Tamtap

CARP would be good, but keep in mind that with CARP it expects the network interface setup to be identical on both systems. So you'd need to have an interface (or VLAN interface) on each box for each WAN and each LAN, and enough IPs on every interface for the routers and the shared CARP VIPs. (Might hard/impossible to do on each WAN depending on the connection type and ISP)

If a ticket is in "feedback" state, it is waiting for feedback. If it's in feedback state and someone confirms an issue is fixed, it can usually be closed. Often, though, the original problem description was a rare circumstance that requires feedback from someone with specific setups/traffic loads/etc so not just anyone can offer proper constructive feedback. If you see a ticket in feedback state that looks like it should be closed, you might give it another try and then post more feedback on the ticket, or let us know specific ticket numbers that look like they can be closed. Usually someone will periodically review the tickets in feedback state and close them as needed.

No reason why it wouldn't work..  Only that the traffic to LAN (vlan 10) routes back through the pfsense. A separate card plugged into the switch wouldn't need to be vlan configured and internal network traffic won't need to route through the pfsense vm (lesser load and rules to set).

Right on. Thanks for the input. Interesting note, the previous net admin at work took a quad core xeon w/ 4GB ram and purposed it as an iptables firewall/gateway.  I don't understand why, maybe he had plans to make that machine take on other duties such as backing up or something… i dunno.  Seems like I will just re-purpose  it as something else and throw together a p4 w/ 512 to take on firewall duties. Now that I think about it the other gateway is a quad core xeon with 2GB. Wtf.

pfSense is designed to be a firewall/router and that's it.  People occasionally want to install the kitchen sink on it, which is not recommended.  If you want a general purpose server, set it up separately from pfSense inside your LAN. You'll find that working with pfSense is very easy as all the functionality you'll need to access is configurable from the WebGUI.  There will be no need to do any command line work.  Also, no need to run a RAID array on your firewall.  Simply keep a copy of your config.xml some place safe and if the drive fails, slap a fresh installed pfSense drive into the box, restore your config and life will be shiny and new again.

from the lan side try to ping a system on the internet via ip address.  For example ping 8.8.8.8(this is one of googles piblic dns servers).  This will tell us whether it is a dns problem or something else.

Had to reboot the system to get my logs working. What I did stopped the logs generating for everything. Not sure what I messed up.

You have to install Squid (and ideally SquidGuard) to do that.  I use that setup and it works well.

Thank you for the replies. I did do the things you suggested. It turned out I had two firewall rules for the DMZ. One allowed all TCP traffic. Another allowed all ICMP traffic. Of course, DNS uses UDP. I added UDP to the list of allowed traffic, and DNS worked great. Then I had trouble with Windows Update (Microsoft Update). At that point, I just allowed all protocols, and now that works, too. I'm in the process of figuring out the virtual IPs, and that seems to be working. Thanks a lot!

We'd really need a lot more information.  Nothing you've posted gives any indication of malicious activity or supports your theory.  The IP you posted is a transit IP range internal to APNIC, which clouds the issues further. Exactly what makes you think your network was under attack?

I got it, they changed the IP address from what they use to have. One day a few weeks ago it stopped letting us in. Last night I did a trace route  and the IP came up as different then what I had. I put the new IP in the SNORT: white list and it works. Now everyone can stop yelling at me and I can go back to reading their email.

http://forum.m0n0.ch/index.php/topic,2199.15.html Follow this guide maybe it helps. Beaware that igmproxy isalready in pfSense and is a patched version for working better.