@stephenw10:

One things occurs to me here.
Did you change the sysctls that control bridge filtering? If not then the pf filtering is disabled on the bridge interface by default. That would imply any rules on your WAN interface are disabled, including the default drop rule. Of course in order to get to the WAN interface all incoming traffic has to go via the modem or server interfaces so default rules apply there. Is that what you found?

Steve

net.link.bridge.pfil_bridge Set to 1 to enable filtering on the bridge interface is set to 1.  This must be a hold over from another time I was messing.  I thought it was set default so I didn't mention it.  Im adding it to the logs above..

Thanks Steve!

@pfBug:

I don't suppose there is a way to block out going traffic on a specific port?

Sure there is. If you're using pfSense as a firewall you would just add a block rule of the LAN interface (or omit any allow rule).

However I think the source of your initial confusion here is that you have interpreted the the results of your nmap scan incorrectly. The fact that port 3389 is shown as blocked does not mean that your loacl network is preventing that traffic leaving but rather the remote network is preventing it from entering. It also does not mean that the remote network restricts outgoing traffic at all. It is showing only the restrictions on incoming traffic.

Steve

Anyone…..Anyone..........Bueller?  ;D

Glad to hear you got it working.

I guess you are referring to some of the instructions in the README file at https://github.com/individual-it/bandwidthd-pSQL-frontend
Those are simply a straight copy of the README from another distribution of that stuff. Those instructions are not specifically modified for the way it works on pfSense.

On pfSense, you send data to a database by filling out the relevant fields on the bandwidthd GUI settings page - like the attachment. No editing of conf file is needed, the package code writes that for you based on the GUI settings.

bandwidthd-settings.png
bandwidthd-settings.png_thumb

thanks KOM

Been there done that!  ;D

Just so you guys know, Netgate is the home of the pfSense project.

@iraiam:

I want to build a new "console server" for my network and lab soon. my current one is an energy hog for what it does.  It's an old XP machine with dual Moxa 8 port serial cards installed. It's a Pentium 4 3.6 GHZ, not a bad machine but wasteful for a console server.

I really want to build a rack mount machine, but I'm having trouble finding an atom motherboard that will accept 2 PCIe x1 expansion cards. I guess I could use a Celeron as well. I'll probably stick with Windows, although I could go Linux and use VNC for remote operation.
     
any Ideas?

You might be able to claim your free $15 from Intel
http://www.theregister.co.uk/2014/10/31/fifteen_whole_dollars_on_offer_for_cranky_pentiums_4_buyers/

Most people looking for numbers are doing so because they want to know if a particular combination of hardware will max out their wan bandwidth.

Since almost all the rug rats have flown the nest, that will never happen now  ;)

Thanks for the responses y'all.
It sounds as though I don't have much to worry about any more.

Since I am a hobby "builder" for the most part, I was more or less curious about other sites
that could possibly exist and do what shields up does.

I was getting kinda bored with just building windows machines and have had a blast
with my recent experiences building first a freenas server, and now a firewall router.

The members at these sites are just so helpful and generous with their time that
it makes all this possible for me and I am extending a hearty thank you to all of you.

Dave

I`m an IT guy :)
I use pfSense at home and at work.
We used to have Cisco and Juniper but I achieved exactly the same thing with pfSense but waaaaaaaaaaaa…aaay cheaper.

I alwasy have backup machine ready and steady to go if primary fails. Again $$$ can`t compare to what we had before.

I had trial 1Gb/s link at home, and NIC that handled that 1Gb/s in routing mode cost me like 20€ :)

I know what I have installed and not being tied to some vendor :)
I can always switch to Smoothwall on the same HW :)

@Fraoch:

I'm sure you're all biased ;D but does pfSense offer anything my ERL can't handle?

Anybody not using pfSense should always ditch the current machine and go for pfSense (and donate for the good cause  ;D ).

I have Ubiquity WAP's myself, and I highly recommend them, I am a fan of the brand when it comes to WAP's.

To answer your question: pfSense can do around a zillion things the ERL can't do  :P

cmb is correct actual view works. Hopes this helps someone trying to do the same thing.

It needs a high-availability-cluster uptime somewhere, then you can upgrade individual members, which hand over roles to a partner/s while rebooting. That gives long real continuous service uptime, fixing of security holes and new features.
On OpenVMS it is not that unusual to have a cluster uptime of 10 or 15 years. Of course new hardware as well as software has been introduced over that time so that actually nothing is the same as when the cluster started.