Carla Schroder is the author of The Book of Audacity, Linux Cookbook, Linux Networking Cookbook, and hundreds of Linux how-to articles. She's the former managing editor of Linux Planet and Linux Today. I think that says volumes as to why there's no mention of pfSense in her article.

+1 to that! Cheers, Keith

[oblig ref="So I Married an Axe Murder"] Excuse me, miss? There seems to be a mistake. I believe I ordered the large cappuccino. [/oblig]

You just need to enable captive portal, setup your firewall rules accordingly, and ensure layer 2 isolation. To separate the guest network from the hotel's internal network, most commonly use VLANs, or in larger hotels, completely separate physical networks (and at times a separate firewall entirely on the hotel internal network, though that's not strictly necessary, some hotels require running that way as policy). Detailed info in http://pfsense.org/book on captive portal and VLANs in general. We're very experienced with these kinds of networks (several hotel Internet providers use a rebranded pfSense for their captive portal), would be glad to assist via commercial support, link in my signature. No, our captive portal section has no relation to Untangle. :P They're late to that game, we've had that capability for many years longer and I'd estimate we have nearly as many installs running captive portal as they have total installs.

95-98,7% is not good enough if charged 179$…............ IMHO! You can get unlimited backup for only 5$ a month on backblaze...... @countryipblocks: There are a few other "free services" available, but you might have to settle for 30-60% accuracy instead of 95-98.7%.

I like Peter, we've met in person a number of times at BSD conferences. But his portrayal of port knocking in general there isn't accurate because none of the worthwhile implementations actually work the way he describes. My full 2 cents is on that post in the blog comments, first comment.

If your ISP limits to 1434, set both MTU and MSS to 1434 on that WAN.

They can if you were under the influence of the cake (cake is evil), but as long as you were eating pie when you did 10k then you're good  8) :o It's OVER 10,000!!! WHAT, 10,000?!? :o

Please post a complete list of your firewall rules. However I would say the only thing that could be causing this difference between XP and Win7 is either some Layer 7 filtering or Win7 clients are receiving/handling dhcp information differently. Though from the rules I can see in your screenshot (in a spreadsheet) if Win7 uses different source ports it could explain it. Why are you blocking so many source ports? Steve

Yeah, this is no easy undertaking. I'd say you could only block typical torrent traffic using L7 - but it would be easy for someone knowledgeable to get around it.

No this is pretty much the wrong way of doing things for what you are trying to do. Let's say for example you have 5 static IPs: One WAN IP out of the 5 will be assigned to the WAN interface of the router private IP scheme assigned to LAN interface. For example: 192.168.1.1 Additional IPs for the WAN can either be assigned by adding them as an additional WAN interface on the router or using different routers and plugging them into the same modem in an available port or by using a switch. From what it sounded like you were doing was you were giving internal workstations/servers public IPs.. why bother even using a router then? All internal devices should have private IP addressing such as.. 10.x.x.x 172.x.x.x 192.x.x.x

@nearones: @cmb: The Dan's Guardian package is the only way of doing that I'm aware of. I have no idea how stable or unstable it is, there is a thread on the packages board on it. Thanks all for your efforts for explaining, but my requirement is different and I am using squidguard. This topic went to Dans Guardian, which is different squid server, which i need to configure completely from scratch. I requirement was to block the users when the users is just typing the search catogory, which should get blocked at the sametime when is has pressed enter. And it seems it does not works with a squidguard, it just works with Dans Guardian. Is there any way that I can use both at the same time? I suppose you could use both, but I'm not sure why you would want to. Dansguardian will also do blacklist based blocking (like Squidguard). I think the only thing Squidguard would give you over DG is the ability to do ACL based time restrictions.

I just tried again and it's working now! Looking at the "System Logs", I see the following line for about 60 times spanned over about 2 minutes. ntop[32105]: WARNING RRD: rrd_update(/var/db/ntop/rrd/interfaces/re1/throughput.rrd) error: illegal attempt to update using time 1337163807 when last update time is 1337163923 (minimum one second step) The following line also appears for about 15 times in the same log: php: : The command '/usr/bin/nice -n20 /usr/local/bin/rrdtool update /var/db/rrd/system-memory.rrd N:U:U:U:U:U' returned exit code '1', the output was 'ERROR: illegal attempt to update using time 1337163734 when last update time is 1337163897 (minimum one second step)' Anyone has any idea whether these 2 issues could be the cause of the problem? Thanks

Yeah, will need either manual outbound, or 1:1, to ensure that server goes out on the correct IP.

Take the gig port and put a limiter on it or similar.

It's controlled by the AnyConnect client, there is nothing you can do. It changes the network stack on that host to enforce the policies pushed by the device it's connecting to.