Thanks for your help and clearing this up :)

@johnpoz: No in your host over rides in in the dns forwarder on pfsense. Much obliged, I'll try and report back. /Jim

For doing anything on a timed schedule, simply install the Cron package. Then you can use the GUI to add Cron jobs/commands to do whatever (reboot…) at the times you want. Of course, if it is another device that you want to reboot then it has to have some way to trigger a remote reboot rom a FreeBSD script running on pfSense. I suppose it would be quite possible to enhance the gateway advanced parameters so that custom actions could be invoked when a gateway alarm went off (apinger alarm). That would be a feature request - describe in more detail what things you would want to be able to do and if there are enough people who would use something similar then someone might take it on.

Not quite sure what gateway you are referring to here. The normal situation is: a) Each WAN will have a gateway, which is the upstream IP address of the ISP router (either set statically on the WAN interface settings or received from the ISP via DHCP on WAN interface). b) Each LAN will have an IP address on pfSense in a different private subnet. That IP address will be given out as the client gateway by DHCP server on the LAN to DHCP client systems that ask, and any clients on the LAN that set their IP address statically will (shoudl) also statically set the pfSense LAN IP as their gateway. A LAN on pfSense will NOT have a gateway specified on its interface configuration page.

^ exactly!!!  Right on the button perfect answer, couldn't of said it better myself ;)

A general yes, this is doable.. You will probably spend some time setting this up. So if you are easily frustrated… brace yourself :-) But after setup -  you will have a robust system. Both stabil and very secure.. Not exposing any ports etc to they outside world :-) I'm using Alix 2D13 with pfSense 2.1 myself. ... I'm digging abit for you here.. You can block web sites. Se here; http://forum.pfsense.org/index.php?topic=43837.0 DHCP with assigned MAC locking IPs is possible. Address reservation - or better, use a DHCP with IP-pool. (i.e. 192.168.1.200 - 192.168.1.240) Then use the other IPs for permanent IP-MAC reservation. Content filtering are some tips here; http://forum.pfsense.org/index.php?topic=64432.0 Hope this helps :-)

Could anyone explain why the process wasn't working via the webGUI or if I was incorrectly configuring the bridges in the webGUI ?

Can you confirm that this only affects the 'wifi' subnet and not the main subnet? If so, you might have to screenshot the floating rules, outbound NAT and interface rules for us to look at. Seems like something isn't going right somewhere.

Close the question. I AM SO NEWB. I had an old pfsense who kept rebooting by itself due to hardware issue. So I changed it but left the old one there but close. After a electricity breakdown, it went back by itself. So what I was hearing was the old one rebooting. Had to switch from nanobsd to full to realized that. While the new pfsense was shutdown, I hear the startup sound. DAH!!! Thanks for your help guys…. sorry

You sure??  I don't see your 223.134 in the trace?? 17  212.73.252.6  131.313 ms  127.157 ms  131.363 ms 18  93.176.93.105  132.265 ms  132.466 ms  130.824 ms 19  62.116.200.129  140.069 ms  139.443 ms  139.987 ms

Thanks for the replies / guidance on this.  I think it was ultimately a matter of questioning myself on a better way of doing it, although I suppose there is some pride to be taken in a well-defined ruleset.  ;)

Is the clock on your system OK? If the GUI and SSH both break the most common shared cause would be a broken clock on the system that causes cryptographic operations to break.

Troubles solved.  :) When virtualization host has heavy I/O load (due other virtual guest), pfsense on IDE virtual controller has troubles and fall into reboot or other unexpected state. After we load VirtIO drivers https://doc.pfsense.org/index.php/VirtIO_Driver_Support, pfsense is happy and we too. But don't allow all VirtIO drivers! VTNET in our case slown down net traffic after few days rapidly. Working configs virtual guest pfsense: pfSense 2.1-RELEASE-pfSense (amd64) cat /boot/loader.conf.local virtio_load="YES" virtio_pci_load="YES" #if_vtnet_load="YES" virtio_balloon_load="YES" virtio_blk_load="YES" virtualization host Ubuntu 12.04 64bit: Linux xxx 3.2.0-54-generic #82-Ubuntu SMP Tue Sep 10 20:08:42 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux qemu 1.0+noroms-0ubuntu14.11

I also did the same thing.  I installed BandwidthD around 9:30am (judging from BandwidthD's daily graph) yesterday, and around the same time RRD stopped updating any of its graphs. After reading your post, I checked the system logs for "lighttpd" entries, and saw the following: Dec 1 09:23:32 lighttpd[30518]: (mod_fastcgi.c.2543) unexpected end-of-file (perhaps the fastcgi process died): pid: 31140 socket: unix:/tmp/php-fastcgi.socket-1 Dec 1 09:23:32 lighttpd[30518]: (mod_fastcgi.c.3282) child exited, pid: 31140 status: 0 Dec 1 09:23:33 lighttpd[30518]: (mod_fastcgi.c.3329) response not received, request sent: 1394 on socket: unix:/tmp/php-fastcgi.socket-1 for /pkg_edit.php?xml=bandwidthd.xml&id=0, closing connection I was going to post a question about this earlier, but now my RRD graphs seem to be updating again.  I'm just missing a chunk between ~9:30am yesterday and ~7:30am this morning. In the future, is there something that can be done to keep the process that logs RRD data running?  Or notify me if it goes down?

SUCCESS! I manually assigned the interfaces to what they should be and its all working now! :) disabled all the other stuff in the bios too im just using 2.03 since its the one i already have, suppose i should get the up to date one before going further Thanks for the help  ;D ;D ;D ;D ;D ;D ;D

@GruensFroeschli: @vincom: @GruensFroeschli: You don't necessarily need to assign the created bridge interface. From the description in this thread it appears as if the bridge was never created in the first place. thats correct as the tuts and howto posts ive read it states to create a virtual interface first then create the bridge Creating the bridge is what creates the virtual interface. i know that now but the howto posts dont state that, they state to click the + sign to add a virtual then bridge the physical opt1 and the virtual opt2 and then reasign the lan port. @joebleed: I'm running the x86 version now and get the same + missing when all physical nics have been assigned. As for the op trying to bridge, I don't know why it would matter, but have you tried setting the wap's ip to static and see if it just works after that? Edit:  oh, just wondering, if you want the lan and wap bridged to the same network, why not just plug it into the switch on the lan?  Can you still control traffic between them once bridged? i had the extra gig nic and made a project for myself and in doing so learn more about pf

Ok, tried a new clean install except I used the x86 version this time and only used squid 2 and squid guard 1.5x  still I get the ssl cert because it's trying to go through https. reading this post:  http://forum.pfsense.org/index.php?topic=7317.0 I decided to force webconfig to http and not https.  i no longer get the https error and it goes directly to the error page as expected. Seems obvious, but i thought with out checking the "Disable webConfigurator redirect rule" i wouldn't need to do this.  I'd still only have the https web configurator port only. Any way this can be fixed?  I'm thinking about trying some of the stuff listed in this old thread, but i don't know if that will do any good.  Could/should i change the squid port to 80?  seems this may be asking for trouble if i do that.