You must have a different subnet on each interface. So if your LAN is still using 192.168.1.1 (the default) you will have to change both OPT subnets to something different.

Steve

Check the Status: Interfaces: page for errors on any interface. If you do have a duplex mismatch it will show there.

Some of what you are saying is not translating well.  ;) You may get better help in the German subforum.

Steve

You do know there also a BIND package now ;)

Question for you - how many hosts on your lan.. Are you talking a handful or 1000's

What do you expect your dns to do for you other than look up google.com and your hosts?

@opjohnny:

Since when is a crossover cable needed for this?  I'm basically doing exactly what I did on the x700e

Since always.  ;)
To connect two Ethernet clients directly you need to cross the Tx and Rx pairs. This has always been the case for 10/100 Ethernet. When you connect to a switch the connectors are wired appropriately so you can use standard (non crossed) cables but they usually also provide a straight through connector so that two switches can be connected directly. More recently ethernet equipment has had auto-MDIX capability where it can sense which type of cable/connector is in use and configure itself appropriately. All Gigabit Ethernet is auto-MDIX so you may never have come across this problem unless you've been doing it for years or are working with older equipment. The X750e (I assume you typo'd X700e) is all Gigabit NICs so you can connect to it directly. See:
http://en.wikipedia.org/wiki/Medium_Dependent_Interface

@opjohnny:

I'm not sure how to move webGUI access from re1 to re5.  Am I missing something here?

Not sure if you fixed this or not.
The webgui listens on all ports so the only thing that governs access to it are the firewall rules on that interface. The LAN interface has a default rule allowing access to the webgui on port 80 or 443, dpending if you chose SSL or not. So to get access on re5 you can either add a rule to that interface allowing traffic on port 80 or you could reassign LAN to be re5. If you reassign LAN you'll likely be disconnected until you move the client to re5.

Watch for watchdog timeouts on the re interfaces in the logs.

Steve

The auto-detection is to help you when you don't know which RJ45 Ethernet socket corresponds to which FreeBSD device name. Start with the cables unplugged, get going on the auto-detect bit, then insert the cable when it tells you. pfSense will see which device just came "online" and suggest to use that for WAN, then LAN…
The cable from your ISP device connects to WAN, and the cable to your private network (switch, access point, client computers...) connects to LAN.

Hmm, google tells me your system has two SATA-150 HD controllers, but the CD is still an IDE connection, so it makes sense why a CD could work if the sata subsystem is failing or failed.

Try the drive in the other sata connection, otherwise dig through your junk pile for a IDE hard drive.

what do u mean its stops responding, you cant access the webgui and/or console, no traffic is able to pass through pfsense, etc.?
w/out further info im guessing you didnt configure the interfaces correctly most likely the lan interface

I just re-read this thread and I'm not sure how you plan to use the usd wifi card if you get one tyhat works. The thread title is 'USB WAN2' which might imply you want to connect to an access point and use it as a second WAN. However in the first post you say you want to make an access point, use the card in hostap mode. I must repeat that my Ralink 3070 card works well as an access point but doesn't work at all as a client to connect to another AP. It would not be suitable as a second WAN.  ;)

Steve

@stephenw10:

It can. At present the central pf process is limited to a single thread though. Other processes will make use of further cores to a point.

Steve

Well, almost :)
Pfsense is driven by PHP, which works on single core and if you have configuration big enough expect waiting periods of ~3-4minutes to load the Dashboard…

Figured it out…

For some odd reason Firefox does NOT like XML... Switched to Internet Explorer and it worked like nothing was ever wrong.
Installed a few packages and added my HE IPV6 tunnel and now everything is back to normal and i can even open it through firefox... WEIRD...

Anyway...
Heres the end result :
http://www.speedtest.net/my-result/3220921106

Ping had dropped considerably as well as download and upload speed are now more stable

Works fine with Virgin broadband  and also normal ADSL also :)

Looks like an AR9002 based device which will not work.
http://wikidevi.com/wiki/TP-LINK_TL-WN722N

The FreeBSD USB Atheros driver, uath(4), supports only AR5005 devices. 802.11G only.

Try one of these:
http://www.dabs.com/products/tp-link-150mbps-high-power-wireless-usb-adapter-8S25.html?refs=4294946755-4294946753-50010000-50043&src=3

I have one here, I know it works. Assuming they only made 1 version that is.  ;) I can only find reference to one though.
Some caveats: It doesn't work at N speeds. It can't do channels 12+13. It doesn't work well as a client (fine as an AP).

Steve

I think he is a newby in pfsense.

@niftywiz - you may use actually pfs as your server. The general networkmap woud be:

InternetSource > pfsense > switch > (option: wireless via antenna or wired services using)

@johnpoz:

Other than the CA private key (and other private keys and shared keys) which does not have a password - but does not need to be stored on pfsense if that is really a concern.

Is there a way to encrypt and password protect the CA private key if using the native pfSense CA?  Ideally I would have a separate physical keyserver that's 100% offline, but that's a project for another day.

And also, ideally, I would offload a lot of the logs to another log server or repository, but that's also a project for another day.

I'm still very interested in implementing GELI full-disk encryption (with manual passphrase entry every reboot) to help mitigate physical theft from some meth-head burglar breaking into my house.  I think most people are fully aware that any mounted encrypted disk, container, or partition – while running -- is transparently and fully in the clear.  I think those of us interested in full-disk encryption are merely trying to mitigate physical theft from common thieves.

The config backup is compatible. If you're going from 2.1 to 2.1 a config backup which includes RRD files should migrate OK since the RRD contents in the config.xml backup are stored in an architecture-independent format.

Worst case though, delete the RRD files if they don't work and you'll be back to normal.

@cessnas:

My setup is Modem -> Router -> pfSense computer -> main computer
Is this wrong?

Switch it to:

(Modem) -> (pfSense) -> (WiFi Router) -> (rest of LAN)

The way you have it all your WiFi devices are skipping pfSense and going straight to the WiFi router and then out to the Internet.  Put pfSense as the most "upstream" or perimeter device.  So immediately downstream from the modem.

I am unsure of this but no other replies in 5 days…

It depends on how your ISP is delivering the IP range to you. You can't bridge to a PPPoE interface but you may be able to use IP aliases and then 1:1 NAT to your DMZ.

There have been similar questions to this before that I beleive were solved. In particular I remember another user had an almost identical situation here in the UK where BT business DSL provide an IP range across PPPoE. However they may have been routing those IPs differently.

Steve

Edit: For example: http://forum.pfsense.org/index.php/topic,59573.0.html

@Jason:

@jjandrob:

Do you think the ALIX 2d2 with the 500mhz processor can handle this or should i grab the new 800mhz version?

What 800MHz version?

i suppose i miss took a model number in a quick reading as the CPU speed.

Thanks!