Mark,
You are not displaying the good RULE interface. What you need for playing, is INCOMMING connection. What shows your DMZ tab in your FW rules are your OUTGOING trafic (pass or block).
On your WAN tab, specify an allow all rule to DMZ subnet destination. So that your DMZ play its role : being demilitarized…

I'm afraid you will have to deal with AON to... (manual NAT). Unless you struggle with port forwarding from each of your game support (Nintendo / Sony / steam...), and configure the good ports to be forwarded for each service.
Believe me, you'de better work on Manual NAT (and static ports) rather thant seeking for editor's information about port forwarding.

Well I got it figured out.. pretty easy fix..  i was using i386 when i needed amd64..  doh!

In your VIP configuration, try to specify your WAN IP considered, as a /24 and not a /32.

For instance…
Let say your ISP gave you this set of IPs :
193.204.32.1, .2, .3, .4
Let say you want your web site on the 193.204.32.3.
In your VIP configuration, spercify the VIP IP as 193.204.32.3, but force it on /24 mask (not a /32).

Chek you FW rules for WiFi interface.
Check your MTUs.

Does a PC have the same issue with Internet over WiFI ?

THanks will post there.

If you haven't already added a route (or used some routing protocol) that will definitely stop any replies reaching you. Looks like you may have found your problem.  :)

Steve

sorry about the delay but what information do you need so i can post it i need to know if i need to get a new nic or not cause the message is still showing up in the logs

Not familiar with that. In ESXi, you can pass the device from the host to the guest. Perhaps you can do something similar.

I haven't found any obvious conflict in the config file so I might try the deletion of interfaces and let you know.

Figured it out! So apparently within the Squid Allowed ports, despite Squid configuration page stating:

This is a space-separated list of "safe ports" in addition to the already defined list: 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535

I had to make the following modifications:

All good  :o

[2.1.4-RELEASE][root@pfsense]/root(1): cd /tmp

[2.1.4-RELEASE][root@pfsense]/tmp(2): wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py –no-check-certificate

[2.1.4-RELEASE][root@pfsense]/tmp(3): chmod +x speedtest-cli

[2.1.4-RELEASE][root@pfsense]/tmp(4): ./speedtest-cli
Retrieving speedtest.net configuration…
Retrieving speedtest.net server list...
Testing from Comcast Cable (24.13.xx.xx)...
Selecting best server based on latency...
Hosted by ServerCentral (Chicago, IL) [40.85 km]: 20.297 ms
Testing download speed….....................................
Download: 56.79 Mbits/s
Testing upload speed..................................................
Upload: 11.13 Mbits/s

Hi,
Looks like a L2 problem.

Did you set any Hardware offloadings under Advanced->Networking ? MOst of the time you'd better disable any off-loadings.
Did you spoof a MAC adress (Interfaces->Your_L2TP_interface ?

Squid + Squidguard.

And then, find good lists…

Start with that :
DO NOT MIX tagged and untagged VLAN on the SAME physical Interface ! So if you plan to have a "management" VLAN with no tagging on the PF : forget it unless it has a dédicated phys interface.
Use ONLY TAGGED Vlans for every VLAN attached to the same Phys interface!

Concerning the limiter, be carefull, keep in mind that limiter only applies to trafic LEAVING the (any) interface. Trafic coming in cannot be shaped. So if you flood your interface from the WAN, your limiter won't be involved : trafic leaving only.
Have a look to your Floating rules. The Wizard is sometimes tricky with rule creation. Have a check.

When dealing with Interfaces, you often need to reboot.

But YES ! Default GW is important. It defines which GW will be used by your default routing table or by the PFsense itself.

1 - Is this a PPPoE connection ? We don't face this problem with our PPPoE connection. It takes time, but the connection come back in the end. You may want to use the "Periodic reset" option in your PPPoE interface ?

2 - You should concider using this option : Advanced -> Misc -> "Load Balancing / Allow default gateway switching " (CHECKED !)

Got It !

Tiers 1 is 172.17.0.254
Tiers 2 is 172.16.0.254
And your PF default's GW is your Tiers 2 (172.16.0.254).

In your rule, you specify the kind on trafic that should be filtered : in your case "TCP" only. So it won't apply to any ICMP traffic (a trace route uses ICMP). But it will for HTTP trafic though.

So, because you don't specify ICMP kind of trafic, your default routing policy aplly : Go through the default PF's GW.

Here is your answer.

I found out that you can change the language through the WebGUI.
I wanted to customize the page.
But when I edit the error page in the corrpesdonding folder, even if I restart the box, I'm to able to see any change. The error page is still the same. Any Idea ?
Also I want to copy the german folder to an other location and point the squid.conf to this folder. It seems that I'm using the wrong file in the wrong location.
THanks !