"Those of us who work in the depths of high technology are not immune to the age-old adage of the shoemaker’s children having no shoes. We probably have the most technologically advanced homes of anyone we know, but we also tend to leave various items alone if they’re not causing problems. After all, that’s what we deal with at work. Who needs to saddle themselves with network upgrade projects at home when nothing’s broken?" Stopped reading right there. And it's the first paragraph. If you don't love your work to the point of LIVING your work, then you aren't fit to give others advice on it. Yes it's 03:16am here. Unless your chair transforms to a bed, you are doing it wrong. The ones that needed to get it, got it. The rest move along, nothing to see here.  ;)

case closed, i got error on firewall filter in mikrotik and now it's done. thanks to all for the support  ;D

Yep. Hope everyone is enjoying the holiday (if you get one!)  :). Steve

@KOM: It's a bigger topic than I'm willing to explain here now.  Use the forum's Search feature and you will find a couple of megathreads that go into detail. You have to install the version of SquidGuard that is for Squid3 like it says in the Description column of the Packages page.  Try 1.4_4 pkg v.1.9.5 that says it's for Squid 3.x. Hi, I had now blocked Facebook via firewall with the help of its IP address. But now want to block youtube too, and there are many more sites like twitter.com that works with https. So is there any other way to block it. I had configured Aliases and configured in firewall, but that does not helps me for blocking this sites, please see that attachment [image: 1.jpg] [image: 1.jpg_thumb] [image: 2.jpg] [image: 2.jpg_thumb]

@Harvy66: Anyone who wants to be a politician is not fit to be one. In other words, anyone smart enough to be a useful politician, would be too smart to become one in the first place. Three years ago I was asked to become member of parliament, for a so called 'right wing, business oriented', political party. I looked him into his eyes, said 'I'm a system's thinker, if the system sucks, no use'. He looked glazed, didn't have a clue what I was talking about  ;D

I also have this board in my home router.  Running completely fanless for over a year in this configuration:  https://www.youtube.com/watch?v=saL5b7d7mjI I like this board a lot.  It has no problems running DHCP and OpenVPN for me.  I still think it's the best choice for a mini itx board for pfSense.

Ha!  Good question…..Oregon.  :D

You can, but the site is not online at the moment. When it is, it will be at https://translate.pfsense.org/

rm -r /var/squid/cache/* it's work thanks bro

Well, my VPNs in the USA are mostly on fiber so they are not a problem. Very speedy.  Locally here in Manila, internet can turn to mush pretty fast, so every little trick helps. I'll be glad if HULU emulates netflix in the future.  Besides the ease of networking and IPv6 compatibility, Netflix HTML5 is much less processor intensive than hulu Flash.  Lower processor load=lower wattage = lower power bill.  Here electric is almost 3x the usa price.

Well, given I can't find anymore info on this, I decided to 'take the dive'. I've ordered 160 Cable, and will use this to swap my VDSL to be the backup, and cable the primary one. Total costs stays the same, so let's hope this helps fixing my ISP-crap. Thank you all for commenting  ;D

Thanks I think i will stick with copper cable.

We use GTA firewalls "http://www.gta.com/", I contacted the supplier and indeed. He told us we used a bug to make it work with our firewall. I am going to put the servers behind a router now to fix this issue. Thank you for the info !

Made a new thread regarding this issue in the openVPN forum https://forum.pfsense.org/index.php?topic=84748.0

@stephenw10: One things occurs to me here. Did you change the sysctls that control bridge filtering? If not then the pf filtering is disabled on the bridge interface by default. That would imply any rules on your WAN interface are disabled, including the default drop rule. Of course in order to get to the WAN interface all incoming traffic has to go via the modem or server interfaces so default rules apply there. Is that what you found? Steve net.link.bridge.pfil_bridge Set to 1 to enable filtering on the bridge interface is set to 1.  This must be a hold over from another time I was messing.  I thought it was set default so I didn't mention it.  Im adding it to the logs above.. Thanks Steve!

@pfBug: I don't suppose there is a way to block out going traffic on a specific port? Sure there is. If you're using pfSense as a firewall you would just add a block rule of the LAN interface (or omit any allow rule). However I think the source of your initial confusion here is that you have interpreted the the results of your nmap scan incorrectly. The fact that port 3389 is shown as blocked does not mean that your loacl network is preventing that traffic leaving but rather the remote network is preventing it from entering. It also does not mean that the remote network restricts outgoing traffic at all. It is showing only the restrictions on incoming traffic. Steve