Actually BSD-based systems are descendents of UNIX and not really "UNIX-like" the same way that Linux is, but in general that is correct. BSD systems evolved from older/existing UNIX code, whereas Linux was coded to be "like" UNIX from the start. Po-tay-to, po-tah-to, six of one half a dozen of the other, etc. :-) There's a Wikipedia doc explaining all the nuances of the term for the curious. As for the passwd accounts, root and admin are tied together by us. The toor account is locked out by default can't be used, though it does exist we don't make use of it. Like many of the other accounts in that list, there are reasons in the underlying OS that they remain there. Various bits of FreeBSD docs would cover that part.

http://doc.pfsense.org/index.php/Known_Working_3G-4G_Modems ;) Steve

first i tried with FreeBSD 8.1 got same error then now trying in  FreeBSD 8.3 .For pfsense version I've selected  first form ./menu.sh RELENG_2_0 FreeBSD 8.1 + RELENG_2_0 It succeded but at point ./build_iso.sh it got stuck. I've read on forums that RELENG_2_1 should work so tried Option RELENG_2_1 FreeBSD 8.3 + RELENG_2_1  from ./menu.sh in both FreeBSD 8.1 and 8.3 but same occurred at time of build_iso.sh as it goes into loop that libtool is already built on this run .skipping same for gettext,pkgconf,gmake etc…  (in between it builds some packages like perl,cpustatus ,libevent etc..and some of failed to build like p5-Locale-gettext,automake,help2man ..) may be should i wait to finish?how long?Ia m doing this in virtual box .could that be an issue?So i can arrange separate machine for that. can you advice which version of FreeBSD and which version of pfsense are stable and can be used to build? Thanks in advance.

There have been IPsec+L2TP patches around for a long time, the problem is they require allowing anonymous PSKs, which is a bit of a security risk. I haven't looked at this guy's code yet though, for some reason the list archive isn't loading for me right now.

thank you very much..that would really help..

I am not sure what you are trying to do.  I realize from reading your post that English is probably not your first language so what you said is not very clear, but let me try to anticipate what you're asking. I think that you have some computers that are allowed access to the Internet through a pfSense firewall based on their static IP address.  The problem you are having is when you move a computer to a branch office they no longer can use that static IP and therefore lose access to the Internet. I don't know how your network is set up, but let me just say here how useful DHCP is.  You can use DHCP to assign a reserved IP address to a particular MAC address.  This means that a computer will always have a known IP address every time it connects to the network.  At your main office, it might be 192.168.1.200.  At a branch office, it might be 192.168.2.200.  You just assign a reservation at the DHCP server for each office for that particular MAC address.  Then in the firewall you allow all the IPs that are reserved for that computer and MAC address access to the internet. If this doesn't help, I hope at least it has given you a good idea or two!  Good luck.

@pf2.0nyc: The problem with the older stuff is it's SATA 1 or 2 at best and the power consumption is crazy. I go in on drives with a friend and we buy in BULK so my price is closer to $100 per drive… maybe a slight bit more but we buy a lot of these drives. That's my real challenge, it needs to be SATA2 or ideally 3 so the older stuff is out. <$400 is a goal... <$500 is not terrible... You know how these things go, set a target price and before long you are at $1000 a box. I just need something cheap and easy. The HP DC7700's are SATA 2.  Also, being Core 2 Duo, their power consumption is pretty decent, actually, probably about 60 watts at 10-40% cpu with 2 standard hard drives. For new stuff, maybe look at cheap Home Theater PC setups: http://www.newegg.com/Product/Product.aspx?Item=N82E16856115047 "Mini" system with full height PCI Express for $165 (after shipping) http://www.newegg.com/Product/Product.aspx?Item=N82E16819116410 Celeron G440 for $40 (free shipping, also you can go to Dual Core Celeron for $10 more) http://www.newegg.com/Product/Product.aspx?Item=N82E16820313102 4GB DDR3 for $22 (more free shipping, double it if you want 8GB, it's got 4 slots.) $230 after shipping for the bulk machine, if hard drives are $100 each, that's $430 total.

No problem.  :) Steve

Thanks ,Its working fine… ;D ;D ;D

Thanks ,its work for me.

Thanks Podilarius!

nice… i think i'm going to pull the tigger on the Infinity here shortly... I may get the Nexus for my wife tho.. She's been hinting for her own Kindle(she uses mine) and this would be a better upgrade then the Kindle Fire

Hand out DHCP from each NIC.  In the DHCP Configuration, specify the DNS server you want each segement to use.

The design you showed would work, but I always try to remember KISS - Keep It Simple, Steve!  ;D There's no real need for segmenting your LAN into VLANs.  VLANs should be used to segment network traffic.  If you have a small office, with ten or fewer PCs and a server or two, then you don't need to use VLANs.  VOIP phones would be another matter but I don't see any of those on your drawing. Instead of what you drew, I would connect the firewall, all the PCs, the server and the wireless configuration manager (if it is NOT also a WAP) into the Cisco.  Don't bother to set up VLANs, just let everything connect on the default VLAN (NOTE: if your office is bigger than it appears from your drawing, there is an arguement to be made about setting up a VLAN and letting the default VLAN alone, unconfigured, so that no one can connect a device to your network without you configuring the port, but if this is a small office and you control access to the patch panel/switch, that is not an issue).  This has the advantage that you don't have to configure anything and if the switch loses its configuration you don't have to reload from a backup. The wireless access points (and by extension, the devices that connect to them) I would put in an umanaged switch that connects back to an OPT interface on the pfSense firewall that serves as your DMZ.  This protects your network a little more than connecting your wireless devices directly to your internal LAN. Run DHCP from the firewall.  Everything routes out through there and it routes everything not directly connected to the Internet. Here is a diagram of how I would do it: [image: Drawing1.jpg] [image: Drawing1.jpg_thumb]

If you have GW's already created, then this should do Create 2 aliases where you have bunch of hosts like hosts1 : 192.168.1.10-192.168.1.30 hosts2 : 192.168.1.31 - 192.168.1.60 and create firewall rules: pass * from hosts1 any to any any with gw1 (advanced option you can find it) pass * from hosts2 any to any any with gw2 This configuration has no failover at all.

Happy SysAdmin Day !!!  :D

If you use search, you'll find some answers. but here is shorten outcome: use separate boxes as best security practices says so. Look freenas if you like mediaserver

At least ISP should be blocking private ip-areas and they should have protected dhcp services. Nevertheless that is always bad idea, unless you're having a router connected to public ip-area.