The size of the address pool is only limited by the subnet mask. You could have a /16 on one interface if you wanted giving you 65000 addresses! I would choose to have separate subnets on each interface because it gives you far more control on who sees what. Assuming you have sufficient computing power for your needs that is. Look at the default LAN to any rule. That will allow traffic into the LAN interface as long as it is coming from an IP on the LAN subnet, pretty much all LAN traffic. It has no restriction on the destination. Traffic from the LAN subnet with destination of one of your other internal subnets will be allowed to pass. Once into the pfSense box there is no restriction on what interface it exits from so it will be routed to the correct interface for that subnet. If you have similar rules on each interface then traffic will be routed between subnets in either direction. This is a very permissive rule set though.  ;) Steve

There is no gui from freebsd packages. You will need to configure them the same way you do on freebsd. The available package with gui are listed on system -> packages

Recommendations like that may be hard to come by unless someone else in all those regions can speak up about the local carriers. In general though, OpenVPN should work fine as long as you have enough CPU on your firewall to handle encrypting at the line speed at each location (or at least the fastest possible between two sites). Even if you had a "private" link between cities I'd still be tempted to run a VPN over it. Probably better to have a mesh VPN where each site connects to each other site directly, rather than routing through a single connection back to a central hub. Both setups would work, but a hub-and-spoke setup will use more bandwidth in the long run if the two "remote" sites need to talk back and forth a lot.

@marcelloc: Are you using squid with authentication? can you see on squid logs the user? No i am not using squid with authentication. And i can see their IP addresses in squid logs

There is indeed widespread wire tapping including without warrants, of Internet and anything else, that doesn't equate to crypto back doors though, or any kind of push to make strong crypto illegal. With the amount of review of every cipher believed to be cryptographically sound, including by a whole lot of very strong cryptographers who have no ties to government and would publicly release for notoriety and the sake of crypto itself, I seriously doubt if there are any back doors. It's possible there are significant weaknesses known only to a select few, just exceptionally unlikely.

@nearones: Thanks u very much u r genius. Can u provide me more shell commands as i not that good in linux. Also can i tell me how do i clear cache log from shell? rm -rf /var/squi/cache/* The command to rebuild squid cache after removing old cache files: squid -z Aftert it finishes, restart squid.

@Nachtfalke: @nearones: Dear Sir, Can i user my pfsensr 2.0 version as a router? is it as stable as a router? Thanks Prashant You can use pfsense as a router only. You can disable NAT or disable NAT and firewall capabilities so it is just routing. Thanks for ur answer

You will need a virtual machine with freebsd8.1 install to create packages for pfsense The best way to do this is: Download 8.1 freebsd iso Install it on a virtual machine Install ports ( portsnap fetch && portsnap extract) Compile your package from ports make && make install Build package with 'make package' Copy result compressed package file to a testing pfsense Install package with pkg_add package_file. If what you want is an antispam system, take a look on postifx_forwarder package + mailscanner  ;)

@jimp: check the system log for errors, and also try Diagnostics > DNS and see if you get a valid response for mail.yahoo.com on that page. Thanks for your time, It started working. I had interchanged my DNS up and down and it worked. Thank u very much Regards, Prashant Chauhan

No you can't get 802.11n speeds with that card. 802.11n rate control does not exist in FreeBSD 8.1.  FreeBSD 9 is closer, but still needs some patches, and even then that is for some ath cards, not sure if that one (mwl) is included.