@gelcom:

Thanks for the reply!

I believe it's easy to get SFP specs to match ONT's specs.

From an educational point of view how is it possible to configure pfSense to act like this (or any other) ONT?

As I mentioned, that ONT is very likely the demarcation point between you and the ISP.  It will have functions such as status monitoring, configuration and more that your ISP expects to be there.  You can't replicate that with pfSense or anything else.  It's part of the ISPs network and you just can't remove it.  Also, in many areas, regulations require a demark point, so you're not allowed to remove it.  In my work, I have set up many customers on fibre.  There was always a piece of equipment, owned by the carrier or ISP that was the demark.  There were even 2, where one carrier was providing service for another.  There might also be VLANs or MPLS involved.  That box is an essential part of your connection.  Don't remove it.

stuff on the same lan doesn't pass your router/firewall ….
if you put your nas on a different interface & run a reverse proxy, you could work around your "issue"

personally i'd just create a bookmark/favorite .... but thats just me

I am looking at the Qotom Q3554G4 or the SUPERMICRO MBD-X11SBA-LN4F-O to start with.

If you will be getting your hands on the Supermicro hardware, 2 points from me above that will be nice to know;

It is also able as a bare bone from Supermicro SuperServer E200-9B only RAM and mSATA must be installed. Long thread about the board, but worth the time reading it

My router has a WiFi and Guest WiFi. Can I use the Guest WiFi from the AP and have it isolated from my private internal network?

Three things must be given to realize that;

pfSense must support VLANs (by default) the WLAN AP must be supporting multi-SSIDs (more then one SSID) WLAN AP must be capable and supporting of Multi-VLANs too (more then one VLAN)

I am planning on connecting the AP to a switch.

the network switch must or should be supporting VLANs too

Modem –> pfSense --> Switch -- > AP (internal Wifi)
                                                          (Guest WiFi)

Set up two SSIDs likes private and guest Set up two VLANs on all devices, pfSense, switch and the WiFi AP put each SSID in its own VLAN in At the WiFi AP the VLANs must be set as tagged too due to the circumstance of using more then one VLAN there!

It works with PPPoE. 192.168.2.1 is Fiber Modem (Hub 3000) provided by ISP Bell. It connected to Bell's Fiber network via a SFP (ONT).

Seems to me that some core files like
/usr/local/lib/php/20131226/rrd.so
/usr/local/lib/php/20131226/curl.so
are missing or - worse - present but not in their 'good' state (due to disk errors ?).

Do a clean re install - and to be sure : test your disk.

@johnpoz:

You don't use dns internally? Wow??  That is just plain nuts…  Shoot even MS got on board with dns server back in the NT 3.51 Days.. mid 90's  So your over 20 years for sure...

Good luck with IPv6 without using names ;) hehehe

Ha! True story. Just in my own playpen, never even thought of it. Go ahead shame me into it, lol

It's a client-side problem, so there wouldn't be any difference on 2.4. Use IKEv2.

Check your group privileges. You probably accidentally selected everything without checking the list. If you selected "User - Config: Deny Config Write" then it will do what you described. The user cannot make changes to the configuration, so it appears what they do has no effect.

One of our Cisco switche's ports were both giveing Tx errors out (bad packets), Annoyingly simply reconnecting seemed to fix this…

Do you have any reasons to believe that your iptv is broadcasting to your box via http? Because squid only filters http protocol based material. IPTV usually uses unicast or multicast with RTP and/or RTSP.
I suspect that squid and iptv coexist nicely without you have to do anything whatsoever, but maybe I am missing something here…

I appreciate the help.  I will try to get another pfsense installation in GNS3 without using the appliance and see if that makes a difference.

I would agree good idea to isolate such devices from the rest of your network.

Either via physical different network or sure vlan switch can isolate them.. Your prob going to to want to adjust the firewall rules on your dmz interface so that the dmz can not talk to your other networks (lan) unless the lan has started the conversation..

Or you could pinhole some things into your other networks.  For example if you want to be able to print stuff from these server you might allow that..

Fantastic that worked. Thankyou very much

I rebooted my entire network setup, waited 30 seconds, and now everything is working fine. Must have been something in the Network hanging or something.

pfBlockerNG - Sure is coming up a lot in the "please help" category.