I have finally tracked down a Draytek Vigor 120 which has the pppoa to pppoe bridge.  Pfsense now connects directly to my isp using the modem in "dumb modem" mode.

The TPLink will be getting auctioned at the earliest convenience!

You can check the whole thread at

http://lists.freebsd.org/pipermail/freebsd-stable/2012-June/thread.html#68110

Great to hear.

You can edit first post and add to subject [SOLVED]

Carla Schroder is the author of The Book of Audacity, Linux Cookbook, Linux Networking Cookbook, and hundreds of Linux how-to articles. She's the former managing editor of Linux Planet and Linux Today.

I think that says volumes as to why there's no mention of pfSense in her article.

+1 to that!

Cheers,

Keith

[oblig ref="So I Married an Axe Murder"]
Excuse me, miss? There seems to be a mistake. I believe I ordered the large cappuccino.
[/oblig]

You just need to enable captive portal, setup your firewall rules accordingly, and ensure layer 2 isolation. To separate the guest network from the hotel's internal network, most commonly use VLANs, or in larger hotels, completely separate physical networks (and at times a separate firewall entirely on the hotel internal network, though that's not strictly necessary, some hotels require running that way as policy).

Detailed info in http://pfsense.org/book on captive portal and VLANs in general.

We're very experienced with these kinds of networks (several hotel Internet providers use a rebranded pfSense for their captive portal), would be glad to assist via commercial support, link in my signature.

No, our captive portal section has no relation to Untangle. :P They're late to that game, we've had that capability for many years longer and I'd estimate we have nearly as many installs running captive portal as they have total installs.

95-98,7% is not good enough if charged 179$…............

IMHO!

You can get unlimited backup for only 5$ a month on backblaze......

@countryipblocks:

There are a few other "free services" available, but you might have to settle for 30-60% accuracy instead of 95-98.7%.

I like Peter, we've met in person a number of times at BSD conferences. But his portrayal of port knocking in general there isn't accurate because none of the worthwhile implementations actually work the way he describes. My full 2 cents is on that post in the blog comments, first comment.

If your ISP limits to 1434, set both MTU and MSS to 1434 on that WAN.

They can if you were under the influence of the cake (cake is evil), but as long as you were eating pie when you did 10k then you're good  8)

:o It's OVER 10,000!!! WHAT, 10,000?!? :o

Please post a complete list of your firewall rules.

However I would say the only thing that could be causing this difference between XP and Win7 is either some Layer 7 filtering or Win7 clients are receiving/handling dhcp information differently.

Though from the rules I can see in your screenshot (in a spreadsheet) if Win7 uses different source ports it could explain it. Why are you blocking so many source ports?

Steve

Yeah, this is no easy undertaking. I'd say you could only block typical torrent traffic using L7 - but it would be easy for someone knowledgeable to get around it.

No this is pretty much the wrong way of doing things for what you are trying to do. Let's say for example you have 5 static IPs:

One WAN IP out of the 5 will be assigned to the WAN interface of the router private IP scheme assigned to LAN interface. For example: 192.168.1.1 Additional IPs for the WAN can either be assigned by adding them as an additional WAN interface on the router or using different routers and plugging them into the same modem in an available port or by using a switch.

From what it sounded like you were doing was you were giving internal workstations/servers public IPs.. why bother even using a router then? All internal devices should have private IP addressing such as..

10.x.x.x
172.x.x.x
192.x.x.x

@nearones:

@cmb:

The Dan's Guardian package is the only way of doing that I'm aware of. I have no idea how stable or unstable it is, there is a thread on the packages board on it.

Thanks all for your efforts for explaining, but my requirement is different and I am using squidguard. This topic went to Dans Guardian, which is different squid server, which i need to configure completely from scratch. I requirement was to block the users when the users is just typing the search catogory, which should get blocked at the sametime when is has pressed enter. And it seems it does not works with a squidguard, it just works with Dans Guardian.
Is there any way that I can use both at the same time?

I suppose you could use both, but I'm not sure why you would want to. Dansguardian will also do blacklist based blocking (like Squidguard). I think the only thing Squidguard would give you over DG is the ability to do ACL based time restrictions.