Hi Guys,Thanks for your advice !

interesting… :)

Thank you all for Answers!

But may be no need to use VLANs at all. Get the config file form the old GW and don't see any VLAN configurations there. May be ISP admins think that they have active VLAN.

First Ill tray IP configuration without VLAN.

I'm moving this thread over to here.

@Derelict:

You can't use 10.0.0.0/8 and 10.X.X.X/16. those subnets conflict.

facepalms  Doh, I knew I forgot something.  I've given the non-VLAN'd LAN 10.0.0.0/16 and left the rest as it was, and tweaked the config on the switch itself so it has the right net mask.

Anyways, weird discovery: Apparently there was a static DHCP assignment that got added for the client system and somehow THAT broke VLAN routing of information.  Either that, or dhclient decided to go and break itself.  It looks like the issue might've been related to that, because now data's being routed correctly.  shrugs

@AIMS-Informatique:

Why are you telling him to switch from trunk to general

This is due to the way some switchs understand and handle this spécific Trunk mode. And no, Trunk isn't like general, as a Trunk would assume to carry and forward all VLANs, even thoses not configured. So the behavior of a Trunk is slightly different. Generally a Trunk config will be necessary if you plan to enable GVRP.
Plus, for my point of view, it is better to know your network and set up only what needed.

It is true that ciscos switchports in trunk mode can carry all VLANs, but you can also limit them only to specific VLANs with "switchport trunk allowed vlan add XXX,YYY,ZZZ" like I described. This has the effect of making the trunkport only forward traffic for the allowed vlans and discarding any received frames tagged for unconfigured VLANs.

Yes you can. This is called Squid + SquidGuard as PF packages.

Good luck.

Mark,
You are not displaying the good RULE interface. What you need for playing, is INCOMMING connection. What shows your DMZ tab in your FW rules are your OUTGOING trafic (pass or block).
On your WAN tab, specify an allow all rule to DMZ subnet destination. So that your DMZ play its role : being demilitarized…

I'm afraid you will have to deal with AON to... (manual NAT). Unless you struggle with port forwarding from each of your game support (Nintendo / Sony / steam...), and configure the good ports to be forwarded for each service.
Believe me, you'de better work on Manual NAT (and static ports) rather thant seeking for editor's information about port forwarding.

Well I got it figured out.. pretty easy fix..  i was using i386 when i needed amd64..  doh!

In your VIP configuration, try to specify your WAN IP considered, as a /24 and not a /32.

For instance…
Let say your ISP gave you this set of IPs :
193.204.32.1, .2, .3, .4
Let say you want your web site on the 193.204.32.3.
In your VIP configuration, spercify the VIP IP as 193.204.32.3, but force it on /24 mask (not a /32).

Chek you FW rules for WiFi interface.
Check your MTUs.

Does a PC have the same issue with Internet over WiFI ?

THanks will post there.

If you haven't already added a route (or used some routing protocol) that will definitely stop any replies reaching you. Looks like you may have found your problem.  :)

Steve

sorry about the delay but what information do you need so i can post it i need to know if i need to get a new nic or not cause the message is still showing up in the logs

Not familiar with that. In ESXi, you can pass the device from the host to the guest. Perhaps you can do something similar.

I haven't found any obvious conflict in the config file so I might try the deletion of interfaces and let you know.

Figured it out! So apparently within the Squid Allowed ports, despite Squid configuration page stating:

This is a space-separated list of "safe ports" in addition to the already defined list: 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535

I had to make the following modifications:

All good  :o