…something to do with DNS. I will be combing through all my DNS settings in great detail within the next few days. In the meantime, a quick fix was to set my pc DNS to 8.8.8.8 as a band-aid. The source of my problem has been pin pointed and temped until further resolution. Thanks for the suggestions earlier...

@virgiliomi: I'm pretty sure that ntopng has this capability I don't think so: https://github.com/ntop/ntopng/issues/150

Have you put this rule to the top of the ruleset?

setting vswitch on esxi just allows it to pass tagged traffic..  You still have to setup the vlans you want on pfsense and your switch and your AP.. "my vm router connects into the wan port on my pfsense box" Huh??  Can you draw up your network..

Dude if your wifi are getting IPs 192.168.2 and your pfsense is 192.168.1 then its not an AP.. To use any old wifi router as just AP its very very simple..  Thought I already went over it.. Disable its dhcp server, give it an IP on your network for for example in your case 192.168.1.?  and connect it to your network via LAN port on the old wifi router… There you go that is now an AP.. What your doing I have no idea but if your saying wifi clients are on 192.168.2 then its NATTING or routing if not natting and you put in a route on pfsense to this 192.168.2 network either way its for sure not an AP.. Lets forget wifi for a minute and get your 2 wired devices working..  So again going to ask what is the WAN Ip of pfsense?? is it rfc1918 or public?? Lets connect your 2 machines to your switch.. What IPs do they get?  Can they ping pfsense lan IP?  Can they resolve outside stuff?  say ping www.google.com do they return an IP address for that?  What is it?  Or use nslookup.. so for example here is my machine. > ipconfig /all Windows IP Configuration   Host Name . . . . . . . . . . . . : i5-win   Primary Dns Suffix  . . . . . . . :   Node Type . . . . . . . . . . . . : Hybrid   IP Routing Enabled. . . . . . . . : No   WINS Proxy Enabled. . . . . . . . : No   DNS Suffix Search List. . . . . . : local.lan Ethernet adapter Local:   Connection-specific DNS Suffix  . : local.lan   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet   Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3   DHCP Enabled. . . . . . . . . . . : Yes   Autoconfiguration Enabled . . . . : Yes   IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred)   Subnet Mask . . . . . . . . . . . : 255.255.255.0   Lease Obtained. . . . . . . . . . : Thursday, July 7, 2016 6:20:34 AM   Lease Expires . . . . . . . . . . : Monday, July 11, 2016 6:20:32 AM   Default Gateway . . . . . . . . . : 192.168.9.253   DHCP Server . . . . . . . . . . . : 192.168.9.253   DNS Servers . . . . . . . . . . . : 192.168.9.253   NetBIOS over Tcpip. . . . . . . . : Enabled > ping www.google.com Pinging www.google.com [172.217.4.100] with 32 bytes of data: Reply from 172.217.4.100: bytes=32 time=11ms TTL=54 Reply from 172.217.4.100: bytes=32 time=15ms TTL=54 > nslookup www.google.com Server:  pfSense.local.lan Address:  192.168.9.253 Non-authoritative answer: Name:    www.google.com Addresses:  2607:f8b0:4009:800::2004           172.217.4.100 if they can both ping pfsense lan IP 192.168.1.1 and can resolve.. Then what is not working on the internet?  As to disable ipv6 on pfsense..  Set ipv6 to NONE on both your wan and lan.. And then go into setting advanced networking.  If your going to do that I would sugget you disable it on the client as well.  Notice how mine had no ipv6 on it..  But I can turn it on very quickly if I want it..    But for sure for your troubleshooting lets take it to basics 2 machines using ipv4 wired.. [image: turnoffivp6.jpg] [image: turnoffivp6.jpg_thumb] [image: ipv6.jpg] [image: ipv6.jpg_thumb]

setup up a host override in pfsense for server.whatever.tld your local domain is then you will be able to access http://server.whatever.tld that is if your nas uses http.  If your trying to just access a file share via unc you could still do \server.whatever.tld For example I access my storage server via \storage.local.lan [image: fqdn.jpg] [image: fqdn.jpg_thumb]

Could it be an errant .pid file that makes it think that there is a lock when there isn't really one?

No, you cannot get a report using captive portal usernames. There is no way to reliably map the IP addresses to a username over time, and it isn't logged since squid and captive portal do not directly interact. If you want to use it that way, force the users to put in proxy settings (or use WPAD, etc) and use squid authentication instead of captive portal.

That's probably just a bit rate mismatch in the config. After the boot prompt the console is being set to a different rate. The BIOS on the APU is 115200,8,n,1. pfSense (FreeBSD) is probably set to 9600 in the config. If you set your serial console to 9600 you will likely get incorrect output during POST but after that it should be sane. When you get your system up go into System > Advanced and set the serial speed to match the BIOS (115200).

I certainly wouldn't suggest a floating rule for what is presented as a very basic single interface/direction firewall case. Just my $.02

The interface assignment for that is just a stub, really. Disabling that doesn't stop it from being configured. The actual config for the interface is in the GIF settings under Interfaces > (assign), GIF tab.

I try to ping google.com from Pfsense shall and pinging failed.

@jimp: Is there a specific reason you feel that you need to add 250+ IP alias VIPs on the firewall? What problem are you attempting to solve? Odds are there is a much easier way to accomplish the same goal. That's a good point as well. Many times if you're trying to do that, you're doing it wrong.

Last 0 Firewall Log Entries. (Maximum 50) No logs to display original ipv6 is fe80::

Somehow  that rule is very confused. It has an IPv6 gateway but is passing to an IPv4 address. Looks like it's an automatic NAT rule though. I'd check the settings on the WAN interface (gateways selected), plus look at the NAT rule in question and its associated firewall rule.