I think that will become especially useful for IPv6 auto-config where Windows and MAC devices can get different IPs from data to day.

my config is this on older snapshot

option domain-name "domain"; option ldap-server code 95 = text; option domain-search-list code 119 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; ddns-update-style none; one-lease-per-client true; deny duplicates; ping-check true; authoritative; subnet 192.168.0.0 netmask 255.255.255.0 { pool { deny unknown-clients; range 192.168.0.55 192.168.0.100; } option routers 192.168.0.1; option domain-name-servers 192.168.0.1; default-lease-time 3000; max-lease-time 3600; } host s_lan_0 { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.2; option host-name "SipuraSPA"; } host s_lan_1 { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.11; option host-name "Bipin-PC"; } host s_lan_2 { hardware ethernet xx:xx:xx:xx:xx:xx; fixed-address 192.168.0.12; }

I personally have all my gaming devices grouped together in my DHCP leases, so all of my UPnP enabled devices are statically assigned IPs 192.168.1.17 through 192.168.1.22.  I then create the following allow rule in Services/UPnP using a mask bit of 29 to fit those 6 IPs.

allow 88-65535 192.168.1.16/29 88-65535

Now thats one line for all of my UPnP devices.  I do not statically assign any device to IPs 192.168.1.16 AND 192.168.1.23 just to avoid the confusion of the above mask's subnet ID and broadcast address.  You can use any mask you like to accommodate a bigger or smaller set of devices but the main point is to group all your UPnP enabled devices with their IP range and setup the appropriate mask.  I cheat sometimes and use the below website to help me figure out quickly the correct mask.

http://www.subnet-calculator.com/

Sweet, problem solved. Thanks much for your help!

Ok - its all working now under 2.1
Captive Portal
Squid 3
Squid guard

@avink:

VLAN_HTWAG is off by default. I checked again to be sure.

@ndre

In this thread you gave the output of your ifconfig and it clearly shows you have VLAN_HWTAGGING enabled.
How did you disable it, then?
There's no option inside pfsense to do this.
That's why I made the feature request which was rejected.

[2.1-BETA0][admin@firewall]/root(9): ifconfig -a em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500        options=5219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso>ether 00:30:18:a2:bd:13        inet6 fe80::230:18ff:fea2:bd13%em0 prefixlen 64 scopeid 0x6        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (1000baseT <full-duplex>)        status: active em0_vlan4: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500        options=103 <rxcsum,txcsum,tso4>ether 00:30:18:a2:bd:13        inet6 fe80::76f0:6dff:fe80:9448%em0_vlan4 prefixlen 64 scopeid 0x13        nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)        status: active        vlan: 4 vlanpcp: 0 parent interface: em0</full-duplex></performnud></rxcsum,txcsum,tso4></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwfilter,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast>

Thanks for all the responses.  It's been awhile since I last checked in, but I will have to run some more tests to try to figure out what the deal is.

Thanks!

Confirmed, video bug is gone using latest 2.1 snapshot

Thanx alot guys!

That is not a bad idea.

@jimp:

Do you have an LDAP server setup under System > User Manager, on the server tab perhaps?

Looking at the code the only way it would put that ldap section in there is if someone had the mobile IPsec tab setup to use a non-local source, and if that source was ldap.

Found it!  Yes, I have an LDAP server enabled for OpenVPN.  I really don't know why, because I use the Local Database for authentication… that shizz is getting turned off big time.  8)

I'll letcha know how that works out.

EDIT:  IPSec tunnel is back up!  Thanks Jim.. (aka: Super Mario)

I doubt that would ever be feasible. It's too much work and in some cases, impossible to determine. If you have a large state table, it would take far, far too many resources for very little benefit.

This is the 2.1 thread, not 2.0.1 – so are you running 2.1 or 2.0.1, I can understand where there might be a problem with the pkg on 2.1, but with the stable release it should be click done.

So please verify what version your running

@Efonne:

On a related note, it might be nice to have a page that lists listening ports (and only that) as an alternative to having to run a console command to find out.

Based on diag_routes.php I once prepared a similar output for the sockstat utility, feel free to use it if you find it useful.

diag_sockets.php.txt

fixed with last gitsync