@podilarius: Could you post what all you have done to try to choke it? It would be nice to show what all pfSense can do. Handled an internal packet storm like a champ.

BIOS is as follows: for the slave (hdd) IDE CHANNEL 0 SLAVE = AUTO Access Mode = Auto Capacity: 60015 Cylinder: 28728 Head: 16 Precomp: 0 Landing Zone: 28727 Sector: 255 for the master (Original CF Card) IDE CHANNEL 0 Master = Auto Access Mode: CHS Cylinder: 980 Head: 16 Precomp: 0 Landing Zone: 979 Sector: 32 Sorry, I don't have what is written on the drive for it's listed specs. it's a WDC WD600UE-00KVT0 I really struggled at 1st with getting this to work until i found the ata.ata_dma=0 trick. Until i applied that setting pf would try to boot but struggled with accessing the drive. I am on day 5 of my install and no indication as of yet to any issues with the drive or file system.

OK, thanks guys! There shouldn't be anything running it, so I guess I need to check some of my systems. Case Closed

On TWC RoadRunner myself.  Setup the firewall rules and I'm seeing pfSense blocking 173.194.55.0/24 when accessing YouTube.  Stream still goes through rather nicely using 720p.  I'll keep this thread updated with my own results after even further testing. Thanks for the heads up.

We don't have a way to sign a cert in the GUI, since if you have access to the CA in the GUI it's much easier just to create the cert on the box with the CA and export it from there to be imported on the other unit.

Threads lock themselves after a certain time limit to prevent people from hijacking old irrelevant threads. The last post on that other thread is correct, it is best to separate your switch's management into its own separate VLAN so it is not on LAN. How you do that depends on your switch. It's also best to move your default user ports to a different VLAN so that VLAN1 is only internal switch traffic. You can access it on another VLAN by having pfSense's port tagged for both the user VLAN and management VLANs and have pfSense setup an interface on the other VLAN's subnet, and you can route between them. The advice on the other thread was solid, but it was apparently a different issue than you were seeing, so your solution may or may not actually be relevant to that thread.

@cmb: Looks like referer spam. http://en.wikipedia.org/wiki/Referer_spam Thanks!  Interesting that it suddenly appears so quick from so many different sources… Then it kinda rolls off after a couple of days and I won't see but one or two a week if things follow suit the same way as last time. Firewall is nowhere close to being saturated but Id like to make sure my webserver isn't infected.

Just add a firewall rule that sends all traffic with destination 'medicover.pl' via a single WAN. See attached picture for an example. I have an alias 'load balance exceptions' where I have a list of websites that don't work with multiple WAN connections. Traffic destined for those is routed only via the default WAN but you could specify which WAN to use there. Alternatively if you really want only failover, and not load balancing, then lower the priority of one WAN in the gateway group. Steve  

And another commentary with some added opinions: http://www.dslreports.com/shownews/West-Virginia-Buries-Study-on-How-They-Screwed-up-Broadband-123577

BandwidthD is an addon package. If you're not using it uninstall the package.

The simple way is to use a WLAN AP instead of a built-in WiFi card. No driver issues and easier to upgrade to newer WLAN standards. It doesn't look as nifty, though. However, it would allow you to hide the pfSense box away and just have the AP placed at the optimum location.

Hmm, it's not obvious to me what you're asking.  :- Perhaps a diagram might help. Steve

ive been running a netgear gs116 for about 4 years now.  its been solid, its quite (no fan), fast (gigabit was a requirement for me) lots of ports (16) and was super cheap.  there was a flood of refurbs on ebay at the time and i got a pretty good deal. i have a small 5 port dlink (dgs-1005d) as well, its functioned fine but is slow (despite being gigabit), but its getting pretty old now, 8 years or so.

Depending on the version of Windows (I'm assuming Windows since you didn't say) you can restrict what people can run.

You would need the captive portal to authenticate your users so that you have record of users against IPs. You can then use lightSquid to generate reports. However I've never actually had to do it so I'm not the best person to ask.  ;) There are some good posts here detailing it though I seem to remember. Steve

So why are you running the proxy like that?  If you can just bypass the proxy what security does it provide?  Normally if your going to run an explicit proxy, the only thing that is allowed out your network is the proxy. If your allowing the client to bypass, then clearly your allowing direct access - so what is the point of the proxy? What I notice in your bypass is you have bahiatursa.ba.gov.br – but are you trying to access www.bahiatursa ?  I would think you would need the . in front of bhaiatursa to include all subdomains, etc. If I was going to use an explicit proxy like that, I would prob use a pac file to at least attempt to obfuscate the details from the users, and make changes easier for another.  You would only have to make the setting in one location to have all clients use the changes vs having to change every browser setup on the local machine.

Are you getting a blue screen as soon as it boots from the flash drive, or after installing windows? What method did you use to prerp the thumb drive?