same issue
I found many topic got no help

I'm going to answer the first question, and pretend I didn't see the second post.
To restore selected parts of the config, you must backup selected parts of the config.
e.g. Go to backup and change Backup Area from ALL to 'DHCP Server', then on the new box select Restore Area 'DHCP Server' and select your backup file.

Crap, I wish I knew this before I went ahead and bought the module I was working with… Either way. I'm not sure. Lately, I've been coming home to a down router that needs a reboot, so the issue is much worse... I'd like for someone with more experience to ask me for my logs so they can determine what the issue might be :(

I answered this for someone else here.

If you have more questions related to Squid/SquidGuard, please post a new thread in the Packages forum.

@Derelict:

I won't be able to take advantage of the Round Robin configuration.

Condition 2 sounds like a problem to be solved on the web server.  Are you using name-based virtual hosting on it?  That breaks going to the server by IP address because the server has no idea what virtual host you're really trying to access.  Put a host override in the DNS forwarder pointing at the inside IP address of the web server and use the DNS name to access it.  If you do that you don't have to worry about NAT reflection.

Thanks for weighing in. I can live with not doing Round Robin for the webserver. However, I have used DNS Forwarder that doesn't seem to work. The only I get this to work right now is by sending ALL TCP traffic from ANY source to ANY source (a rule set on LAN firewall rules). The moment I add destination in that rule as in IP of webserver things break because webserver requires DNS. I also, tried the DNS Forwarder and that failed for the same reason probably.

In order to get to the bottom of this I think I should check into firewall logs but I am not sure where to start to what to look for. Once that is clear maybe I can change rules or decide to take a patch that gives me the ability to do Round Robin for ALL other traffic but port 80 TCP to the webserver.

Any suggestions on where to find the necessary logs and what to look for?

Depends what you're trying to do… you have switch A, B, C and D are they all managed?  Which one is the netgear?

Also what kind of LAGG are you doing.... link aggregation (LACP), failover, load balancing, etc?  If you're doing LACP (802.3ad), the switch has to support it and you usually have to bounce the LAGG at both ends to bring it up.

Are you terminating your VLANs @ PFsense or on the switch?  If on PFsense, the connection to the Netgear will need to be a trunk.

If you're terminating your VLANs on the Netgear, you'll need a separate untagged VLAN on the netgear connected to PFsense configured with an IP in the same subnet.

Hi guys good news
since i have upgraded to 2.2-RC  release (more than a week) the issue is not present anymore!
i didn't understand which was the problem but now i'm happy :)

Under Firewall - Virtual IPs, create an IP Alias for your public IP address.  Then create a NAT rule and use the IP Alias as the Destination.

Be aware that any script you put in rc.d will be lost on a firmware update. As it says on that wiki page it's preferable to use Shellcmd as that is included in the config file. Especially with a single line of code like you're using.

If you do decide to use a script you might want to consider the filer package:
https://doc.pfsense.org/index.php/Filer_package
That won't work as well as shellcmd since after an update it will have to be re-installed meaning any script won't run at the first boot.

Steve

Hello,
Can you explain me please what you mean exactly ?
I have transparent Mode on squid. Do you mean that is the reason why ? If Yes, why ? as far as I know,transparent Mode only means that users do not have to enter manually the proxy server in their browsers.

@BBcan177:

I think the "z" in the name had something to do with it not being removed properly in the first place.

I doubt it; originally it didn't have a 'Z' in it. I changed the alias name to that per a thread by another member here who managed to get it away by doing that. 'tWorked for him, it didn't work for me.
_(If you want to know why the 'z' btw, I do that with most of my names in pfSense (and other systems). It's an old habit from my SAP time, where this was mandatory. The 'Y' and 'Z' were so called 'custom name spaces', only (ABAP) programs starting with that letter were allowed to be created by customers in the (huge) SAP system (and hence, these YZ-programs where only allowed certain types of access to the databases, to API's, etc. Smart engineers, over at SAP. You have to, if you want to give the management tools to the IT-departments that need to run these systems that all of the Fortune500 run).

So, the Y and Z, that way:_

It is easy to distinguish standard SAP programs from custom built modifications;

Which helps tremendously when you have to do upgrades and fixes, as the SAP upgrade will not touch these programs, but has all kinds of built in pre-upgrade analysis tools to see what custom development will be touched by what upgrade process.

(Yes, I'm the eternal noob on pfSense, but it seems I'm long past the noob-status in SAP-land  ;D )).

If you wish, I could Teamviewer in and help you clean it.

You are too kind, BB  :-*

Thank you  ;D

I wouldn't want to take this precious time for you, especially since it's a different time zone thing. But mostly, because I do not want to take any time away from the development of pfBlockerNG  :P

I think, in the end, when 2.2. is out, I will do again a completely fresh install, with your pfBlockerNG. As the old saying goes: 'it isn't eating bread' (the alias), 'so lets leave it there than.

Thanks again BB  :-*

Well I guess I'm gonna buy another access point or revert to the stock firmware on my current router and see if things change because I am still having issues.

SSH in and look at /var/squid/logs/access.log and it should tell you what it was getting at the time.

ooooooppppsssss! was trying to put the lan in the same range as my wan…....

Not the actual mac, but its a TalkTalk tv box, not even windows, but I thought I'd give the windows suggestion ago before calling TalkTalk support to see what they suggest.

I had looked on the actual draft web page earlier but couldnt see anything but wanted to double check anyway as a null for me is a 0 as in long pointers normally.