Sorry Scott, You're right. Vladimir is member of our team who is also desperately trying to find solution for this problem. I guess he had to read all my posts before posting his.

Can each of your servers at LAN and OPT1 ping the gateway IPs? How is your OPT1 configured?

It looks like config file got corrupt.  I ended up rebuilding server and fixed the conf manually. RC

You might want to look into using a squid proxy.  You are using a flame-thrower when you should be using a screw-driver.

I am using nmap By default the WAN interface is firewalled, I did not diasable it. Perhaps I am not connected to the right box as dyndns may not be working.

Thanks a lot! That did the trick! -Pat

It's highly unlikely that it's Cisco related. I'm sure your provider doesn't know better and hard codes all the interfaces 100/full. It's a common misconception that it's good to do that, in reality no networking vendor including Cisco recommends doing this. I'm sure if their side was set to auto it would work fine. 100/full connecting to auto == duplex mismatch. With the media and mediaopt in your config, you're set. It won't ever get overwritten or anything, it's a fully supported option, it's just that since so many people don't understand autonegotiation we hide it to prevent people creating performance problems by forcing when they should leave everything to auto in virtually every circumstance.

embeddeds have the local console on com1 once they start booting. Check the serial console if you get some output there.

Ah yes, the grown up approach.  Explain it to them.  Now to find me some grown ups. i.e. You'd think that fair use really would be the appropriate method.  A management solution to a management issue.  But alas… But perhaps this is an great excuse for me to finally roll up my sleeves and start Snorting. Thanks for the info, guys.

Please note thet DNS can be udp and tcp. Make sure your forward covers udp as well.

Ahh it was something simple then, thanks :D Cheers again, Dave PS. Thanks for the prompt and knowledgable replies you lot =)

a bit off topic :) A enhancement could be when you add a user in CP there would be a alias option flow would be like this user logs in -> alias gets updated with current ip

cmb: Actually, I don't need leases at all. I just want to monitor the DHCP traffic and record it with DHCP Force or a similar tool. I think you are right though, setting up an OPT interface and bridging it is the only option.

Thanks for the info. I'm getting some behavior that doesn't seem to be fitting that description, but fortunately this is just a test box so I'm going to start disabling rules to make sure none of them are blocking the traffic. If I'm still having problems I'll post a more detailed breakdown of my rules and the traffic that isn't working. Thanks

Hi, there is a "shadow" rule who block all trafic from lan to wan. So when there are no rules created, the lan can't access to wan except ftp  ??? ??? In fact, he passed. So i have to create some rules to access from lan to wan except ftp… Other problem: I bridged my wlan with the lan. The wlan can't access ftp even if i create a rule for ftp??? but others rules (http,pop3...) are OK. Any idea? Thanks a lot,

OK, I'll write it up with one rule per port

Eh, found that having "Static-only ARP entries" enabled caused this.  Even when it's off, it appears to be working sporadically (e.g. pinging the gateway will illicit responses from both the host machine and the gateway).  This is probably an issue with VMWare fusion, not pfsense.