Exactly the direction I am heading. Ultimately there will be 3 routers behind the pfsense firewall. As soon as I get it basically working, that will be my next test.

Added to DNS servers and made the DMZ change and applied. No change in pings.

Is your PC directly connected to the LAN port on the PFSense box or a separate switch and not connected to your current LAN?

Restart you DD-WRT router maybe ...did you apply and save the DMZ rules?

After look at your PFSense firewall logs...what do you see relating to your test computer?

Is it blocking your PC?

If you feel confident about your PFSense configuration then just unplug the DD-WRT router and plug in the PFSense router. (Wan to satellite modem and LAN to your current switch).

Note that you cannot have to DHCP servers on the same LAN.

I do the same here for testing stuff. IE: almond router + is connected to one PFSense LAN interface. I also have buried routers on the main LAN. (TOR router, Omni Pro micro router, etc).

One more note and I will be quiet. I wanted to make sure the all know that the ports on the Qotom are not as expected and he could be connected to the wrong connection. See below:

Bob

Responses inline.

Bob, I with you on that one. I was expecting that 1 was WAN and 2 was LAN.... But no. I'm connected to igb1 which is my lan interface. It is actually 4. OPT 1 and 2 are on 2 and 3.

So in other words, from left to right, mine are igb0 igb2 igb3 igb1. I've labeled them well.

ETA: Duh, just looked closer at your post. Yours appear to be the same as mine.

OK, good. That will really mess with your head.

Bob

Wierd you PC should be able to ping fine.

Change the primary DNS on the PC to the gateway address which is the LAN port and secondary DNS to 8.8.8.8 or do 8.8.8.8 and 8.8.4.4 for your pc's DNS settings.

You can also do an PFSense fierwall auto rule by right clicking the IP of your laptop in the PFSense firewall logs. You shouldn't need to do this though.

Just googled your DNS issues relating to installing PFSense inside of your network...and found...

If inside, it's NAT reflection. System -> Advanced -> NAT/Firewall, scroll down to "NAT Reflection mode for port forwards", and set it to "Enable (pure NAT)".

Write down that you did this as you will need to undo this when you go to production mode.

[ATTACH]63158[/ATTACH]

[ATTACH]63159[/ATTACH]

Note too on your DD-WRT routers you can change them over to OpenWRT. More features are present in OpenWRT than DD-WRT these days as it is always updated.

I did change the NAT reflection parm. Went to ping google and it worked. Went to a browser and was able to refresh a yahoo window. I thought we were good to go. Then tried to ping other sites that I had not recently visited. Names could not resolve. Resolving fine on WIN 10 server on the tp-link.

BTW, on the pfsense machine no port forwards. None on the Buffalo router. Three on the tp-link (behind the Buffalo) but they are for HSTouch, BI4 and VNC. Shouldn't even be in play.

Also, over on the tp-link, my existing network has not been disturbed and is working well. HS3, HSTouch, BI4, wifi extenders, and 10 arduinos are working just fine. That's why I can't do much testing connected directly to the modem until I get it reliably passing data between WAN and LAN,OPT1,OPT2 ports. I have an old Linksys 54gs that I will add for a dedicated 2.4 wireless network for the extenders and the arduinos (actually nodeMCUs). All my IOT devices only support 2.4 so that works out well. Buffalo will become TRUSTED and tp-link will be GUEST. All under the pfSense firewall.

ETA: Just powered down and booted everything in a very logical way, top down so all is clean. Bad ping behavior still present. DMZ is still active. WAN ip address still the same as we set the DMZ for. Reflection still set to Pure Nat.

Try deleting the browser cache and rebooting the Windows 8 pc and see if that works.

Try the IP of the gateway address or DNS of the DDWRT router too.

When you do ifconfig /all

What DNS servers do you see?

Do a route print and look see there.

I rebooted everything thinking somebody had a cache of the yahoo and google ones that briefly worked. Then they no longer worked.

ipconfig /all says only my ethernet port is active which is correct and only one DNS server which is the 192.168.1.1 of the LAN port. On the win10 machine, I see the local gateway on the tp-link and also 8.8.8.8

Did a tracert to 8.8.8.8 and it is nasty. 9 hops. Ping time to 8.8.8.8 is about 700ms on both the laptop connected to pfsense and the win10 server connected to the tp-link. This is satellite. Bummer huh.

Try editing the DNS list on PFSense

Put the DNS IP of the DDWRT DNS entry and or the satelite DNS entry.

Disable the DNS service on PFSense so that it only uses the DNS entries configured.

Thinking too that HugesNet massages your internet connection through their stuff.

Use the HugesNet DNS entries. 66.82.4.8 and 66.82.4.12

Will try what you suggested.

For clarity, I am not on a HughesNet system. Used to be several years ago but it got so over subscribed that it was unbearably slow. Dropped them and moved to Exede which used to be Wild Blue. They moved to new transponders and it is pretty good. Over time, who knows.

Googled your issues. Looks like Exede blocks external DNS requests.

There is another way...

Read over here ==> Exede forum

Pete,

Golly I sure appreciate your help!! But this is getting pretty deep.

I have a fundamental logic problem.

where L = laptop, P = pfsense, and B = buffalo

L & P & B = false
L & B=true
thus
P = false

pfsense plugged into the buffalo and then my laptop plugged into pfsense, no DNS.

My laptop plugged into the same port on the buffalo and everything works fine.

Seems to me the problem only manifests itself when pfSense is between the laptop and the router.

I don't see how Excede can be the problem. Nor do I see how the Buffalo router can be the problem.

At this point, it seems we are just chasing red herrings. Lets sleep on it.

What do you think?

Indeed. I think I posted that too after I saw a reference somewhere and then confirmed by flashing the port LEDs from the Bios.

I have made some decent progress finally with my Qotom/pfSense box now in place of my FiOS router for firewall, dhcp and a (little) port forwarding. Next steps are to finish getting the FiOS CID, Remote DVR etc working by reconfiguring the FiOS router on its own network from port 2. I have the network configured for that on the pfSense box already. Then it will be time to harden things up and make use of some of those excellent sounding packages.

As Pete says - "baby steps"