Right now it's only an opt-in trial so I'm not too worried. Plusnet are by far the best ISP I've ever dealt with, their customer service is quite frankly astounding. So I'd be very surprised if they started forcing CG-NAT on their users. http://community.plus.net/forum/index.php/topic,110652.0.html Steve

Sorry for the late followup on this. Finally resolved the issue. The DNS was open to public, closed that and after a week it all went back to normal. Thanks everyone for the input and help. Learning as I go. ~ Tom

Your picture looks nice but the link is to a thumbnail so it's hard to appreciate it fully.  ;) 1: Is there any particular reason you are using the wifi APs for DHCP? In my opinion it would be much better to use pfSense for DHCP on each interface. Doing that makes it much easier to keep track of the leases or to hand out static addresses for filtering purposes. All your admin can be done in the one place rather than having to log in to each AP to change things. 2: Normally you would not bridge them. pfSense will route traffic between them if you have firewall rules in place to allow that so that you can access, say, the AP in zone 2 from a computer in zone 1. The only reason you would bridge the interfaces would be in you had software that needed to see machines in the same subnet. Many media player programs will only look for servers in the same subnet for example. By default all traffic from the additional interfaces will be blocked so you will need to add firewall rules to allow traffic that you want. Only the LAN interface has a default allow rule. 3: You can add a rule to allow traffic from Zone 2 to the printer but no other address. Better, you can restrict that rule to allow access only from specific clients in zone 2 if you have all static dhcp leases. 4: Squid with Squidguard is a lot more mature (in pfSense at least) but Dansguardian has more/better filtering options. 5: You could use VLANs to get more interfaces in pfSense without having to add further NICs however I don't believe you will need to. Do your switches support VLANs? Do your APs? Steve

We fixed m0n0wall's CSRF issues over 2 years ago with csrfmagic, same thing they implemented recently. 2.0.2 fixed a couple that were found more recently.

At (very long) last: http://www.freebsd.org/releases/9.1R/announce.html http://www.freebsd.org/releases/9.1R/relnotes-detailed.html

Thanks :-) Happy/Merry/Joyous $winter_solstice_holiday

You are currently running Double NAT, which is a very undesireable setup. See if you can get your modem/router to be in bridge mode so the real wan address goes to the pfsense box.

Thanks it worked, I wish you a Merry Christmas

Pffft i probably wont shut up as i mess everything up LOL its not live as i havent received my Intel dual nic, I have been messing around with the settings on the box with nothing but the realtec and an add on 10/100 old intel

Yes, I tried WebGUI, and indeed, when the cover is closed on the CPU load is less than when open. WiFi there is little used, and the load is too small. With him there is no such problem. No, I do not use QoS and Traffic Shaper.

rm is really the only way to do it, or using something else to pass data to rm (like find /somewhere -name "foo" -type f | xargs rm). If the system is blocking on I/O there may not be much you can do. If you can open multiple terminals, running 2+ rm's can sometimes be faster then one alone, but it's still bound by I/O limits on the drive.