If you put then all on the same network segment the traffic between then won't go through pfSense so you won't be able to filter it with firewall rules. Separate VLANs gets my vote. Steve

There will be a 2.1.1, I don't know about timing, we're still investigating some things like ix(4) driver issues that don't have a fix yet. One can always gitsync to RELENG_2_1 to pick up all of the 2.1.1 fixes made thus far.

IT seems your cable modem is loosing it's connection intermittently.  When the motorolla modem does not detect the coax (WAN) connection, it will unbridge the two interfaces and hand out dhcp ip's in the range of 192.168.100.x.

jimp, I installed version 1.1.1 of arpwatch but I staill get the RFC warnings and it doesn't send any email messages.  For the present time, I have disabled email notifications in arpwatch and removed email server name and email addresses in System -> Advanced -> Notifications to stop the messages in the system log. Let me know if there is something else you want me to try, just remember I'm still new to pfsense.  I like what I've seen so far and plan to stay with it.

@mattlach: So, #1 appears like it might be related to this issue with interfaces cycling.  Trying to use the fix there, but struggling with how to do it. Yep, definitely fixed my interface connectivity problem (#1) using the information in that other thread. Still can't get any WAN actioin from the LAN side though. (#2).  Any thoughts? Thanks, Matt

Upgrading to the new version could be useful. FreeBSD 2.1 It should be, I don't expect. A small risk But of course you need to configure 2.0.and 2.0.n copy to ensure income.

I dont think you need to have a bridge. If you have a pfsense box setup and routing traffic on your lan already, then you can plugin your "wireless router" to the switch, turn off dhcp, give it an ip and go. Otherwise, get wireless card, add it to you pfsense box. add the interface. https://doc.pfsense.org/smiller/add_wifi_interface/Add_WiFi_Interface.htm

It should work like you describe. On OPT1 does the client get the right netmask? The right default gateway? The right DNS? From a client, can you ping the pfSense OPT1 IP? traceroute 8.8.8.8 - where does the problem come? If you plug a PC directly into the OPT1 port with a cable, does it all work?

Ok, so you have two DSL modems? Two routers? You say they are both connected via a single NIC using a switch? I don't think you can do pppoe directly from the pfSense box in that setup. You can do two subnets and static ips behind routers but that's also 'unconventional'. It would be better to have 3 NICs. Steve

Switch restart and applying the correct IP settings fixed it.  Thanks people.

Thank you  podilarius I will check it….

Ok got it fixed. On the client 192.168.2.128 add this route: route add 192.168.2.0 gw 192.168.2.100 eth0 and route add 192.168.3.0 gw 192.168.2.100 eth0

When I disable the rules in the firewall for Dansguardian those files download no problem.

Hi all, I'm hoping to get this thread going again if possible? - after reading the forum rules I thought it better to try here again before creating a new thread. I'd like to create a LoadBalancer for a dev domain for exchange 2010 CAS for use with IIS is this possible? I could do with some outline steps to get me going laong the lines of: create LAN NIC with static IP in LAN address range (10.10.10.xxx) create WAN NIC with static IP of xxx.xxx.xxx.xxx add vIP on LAN interface with static IP 10.10.10.xxx create port alias for exchange port range (1-65535) add CAS01 to server pool add CAS02 to server pool etc etc (I've done most of the above and its not working - but happy to scrap all and start again if needed) thanks in advance :)

Thanks JimP, sorry for the delay getting back. I'll try your suggestion of altering the wpad. What about a transparent setup though? how can I get access if configured transparent

Thanks for pointing this out. I had seen the syn-ack packet coming directly to the client and the RST packet send by the client because of the wrong IP… but did not think to modify the packets with the outbound nat. Surely works now... To me the loss of the source IP is not a problem (until I'll need to debug stuff), as it's from a pool of  my own servers, and the load balancer is required to prevent a single point of failure :) Thanks again :)

OK, maybe it's not related :-) We're doing more testing at the moment, and hope to get some more info up on out status page about it later today. The problem isn't tunnel specific, we're sending UDP packets and can reproduce the problem of packets not getting through.