sure you can add nics to your pc..  Then sure use those as network segments - you can put in as many nics as your pc will handle.  I have currently 4 assigned to my vm of pfsense.  wan, lan, wlan and dmz. I just run an AP off my wlan segment..  Just never saw the point of using a wireless card in the router as your AP.  Just use a normal AP or wireless router as AP and connect it to that network segment.  Pfsense and wireless not a good fit of as of yet from everything read on the forums. wireless cards normally don't make good AccessPoints anyway.

Those instructions look good. To let some systems "out" to use another external DNS server/s: Add an alias "ExternalDNSallowed" (or some such name). Add all the LAN IP addresses of systems that are allowed to use an external DNS directly. Add an alias "PermittedDNSservers" (or some such name). Add the IP addresses of external DNS servers you allow to be used (e.g. 8.8.8.8 and 8.8.4.4) Add a firewall rule on LAN permitting IPv4, TCP+UDP, source "ExternalDNSallowed", destination "PermittedDNSservers", port 53. Move the rule up before the wildcard rule that blocks everything to port 53.

Hello again, After thinking a bit more (should have done that before), I found the solution: I added an outbound NAT mapping to NAT source IP network 10.60.0.0/16 to the public virtual IP. The reason is that when I ping 8.8.8.8 using the WAN1 interface, pfSense uses the WAN1 private IP as its source IP. However, there was no NAT mapping this IP to the public IP. So, I understand that the pfSense box (always?) uses the WAN interface when accessing the internet. I wrongly assumed that all traffic originating from the pfSense box would use the localhost 127.0.0.1 IP address as its source IP, which would then be NATted to the specified public IP address. Thanks for all help.

Not had time to look at this project recently, been playing with the pfsense webconfiguration instead. Anyway here is an updated apk > https://dl.dropboxusercontent.com/u/12367642/Pfsense.apk (you will have to uninstall the previous verion if you have it) Changelog: Added Arp page Added Authentication page Added Table page Finished the Status > Interfaces page (untested) Improved UI of the services page Added validation to the wake on lan page

@tadleymansions: I certainly have learned an awful lot over the last few days and am resolved to learn more about pfsense. Not all bad then.  ;) Thanks for signing off. Steve

As you have discovered, RAID protects against failure of the drives. A RAID controller failure brings down the whole thing! To avoid that you need dual-channel disks that can connect to multiple controllers and software that knows how to handle the multiple paths to disks… Then if the multiple RAID controllers are on the same system bus, failure of that bus brings it all down... You need multiple hosts, each with fibre-channel (or whatever) controllers to dual-ported disks, and clustering ability... The numbering of disk allocation in RAID will depend on the particular firmware implementation. e.g. a 4 disk RAID10 set might have disk 1+3 mirrored (set A) and 2+4 mirrored (set B). Then the logical blocks are striped across set A and set B. In that case you can lose 1 disk from set A  and 1 disk from set B and users don't notice. But if you lose 2 disks from set A, or 2 disks from set B, you are dead. So, you can't lose just any 2 drives. The other hassle with RAID is that the firmware usually writes some custom stuff at the start of the disks, and the ordinary boot block is not where it would be on an ordinary disk. So, even if you are just doing RAID1 (mirrored pair), and the RAID controller has died, you can't just plug 1 of the disks into an ordinary disk controller and have it boot - this can be VERY annoying when trying to get something up and running temporarily.

I would highly recommend going with the fiber run.  I have done installs with even shorter runs using fiber.  I would agree with a larger pipe, that way if you need to pull additional fiber, you have the room to do that.  Make sure they put a pull string in that conduit. As far as the rooms go, I truly feel that wired is a better solution.  I have wireless in the house, which is great for some basic thing.  However, when you start streaming HD/Blue Ray movies across wireless, you will have buffering issues.  I've also tried the Ethernet over Power adapters, which work some, but again when you get to the HD videos you start to buffer. My wife and I are planning on building a house in the next couple of years.  I'm planning on running a minimum of two runs to each room, some with 4-6 runs.  I won't be running any coax in the house.  You may be asking why so many runs.  My family has no traditional TV in our house, which means we stream everything.  Then I also run a VOIP systems.  The next house will be automated along with Video Cameras for the security system.  Don't get me wrong, I am not your average computer person in the home.

Maybe your provider wants to add their own VLan tag to your traffic and but leave your Ethernet frame in tact. This is called QinQ. Sounds like they are dividing your traffic up for you so that you can have CoS. We do this at Comcast for our Metro Ethernet Service.

I doubt we'll be changing things just to change them. A GUI refresh isn't entirely out of the question, but if that happens it would probably be a part of some other major GUI-impacting change (we may suddenly decide to move from PHP to Python for some reason, or move to some sort of MVC framework), and not just because we felt like redesigning the GUI. We like to focus on making things work properly, and we try not to break things unless they're actually broken/unusable. Opinions on that vary, but it's mostly a bikeshed discussion. Getting volunteers to code the GUI changes isn't quite that simple. In an ideal world, sure, but in the real world, you may have plenty of volunteers and very little follow-through, or people will disappear leaving code abandoned. If something of that scale is to be done, it would have to be closely handled/managed by the core team with assistance from the community in places. Any of those kinds of changes would likely be a couple versions out though. We have some other significant work to do in the meantime, but in a version or two we'll be looking for more things to change/implement as the major tasks like updating the base OS, wireless updates, and IPv6 and such are completed.

That is some serious equipment  :P

Server is back again… I am able to install packages now... Thanks for doing magic.  ;D

Thanks to everyone. I look Adrian Chadd about this in he's blog and is not possible make this function. In AP mode is possible just one channel at time. Best Regards

The mail reports package can run any custom command you want and the output is included in the e-mail inline as text, however it can only e-mail to one address (the one configured to receive notifications) That's not to say it someone couldn't use that code as a base to do what you're after. All the functionality is there to e-mail anywhere there's just not an option in the GUI to set that up. (to e-mail people, not to generate the user reports) If someone can come up with a way to make the reports per-user using a command line script, then the mail reports package could do what you're after with some modifications.

If I get audited, I'm giving them a link to this post.  :)

I don't think you'll find anyone here who will advocate running pfSense as a web or mail server. It is a cut-down install of FreeBSD, many of the components you would need are not present and would require installing. By the time you have installed all the software you need to do this you will likely have broken pfSense in some fundamental way or at the very least reduced it's security below what is acceptable for a firewall. People have done it in the past however and there are some long complex threads about it here. IMHO, it would be far better to use an OS designed to offer all-in-one, like Zentyal or SME Server, or install FreeBSD and configure it to your liking. A good compromise, if you want to run pfSense and I'm in favour of that  ;), would be to run the box as a VM host with pfSense and your servers as VMs. There are many users running that setup. Steve

2.0, 2.0.1,2.0.2 all of the Video object from youtube did not cache in memory or in disk, but another object like image are cache very well in memory and or disk. what sould I'do to solve this problem's