Ok thanks that seems to have worked.  Its showing me that theres a constant stream of UDP requests from an ip address to the sip port (5060). If i stop my sip proxy then the outbound traffic goes away, but the inbound traffic doesnt stop. Also despite me putting reject or block rules against that IP address, when i restart the sip proxy, the outbound traffic starts back up again, suggesting that the firewall isnt blocking the traffic for some reason. A packet capture shows that the incoming traffic is a SIP packet "REGISTER sip: SIP/2.0" and the outbound replies when the proxy is enabled are "Status-Line: SIP/2.0 407 Proxy Authentication Required" Does this indicate a brute force attack of some kind ? or am i missing something obvious here? The IP in question doesnt appear to be related to my SIP provider, so i dont think its them, but thats my next port of call.

The run driver is already included in the 2.0 BETA snapshot builds. You will find most of what you are looking for if your search the 2.0 BETA TEsting forum for the string "runfw". As Efonne suggested in your other post, you should use the GUI for your configuration.

Hi, Thanks for replying. Yes I have resd those doc, in fact I have just realized that I was no waiting enought when I loose the network because pf reconfiguring for a while and I tought that pf was dead and then reinstalled them each time… Ok but I still have this MAJOR issue: http://forum.pfsense.org/index.php/topic,30264.msg156674.html

@wallabybob: On my home network al the systems get their IP address from DHCP. If that doesn't apply to your network a different solution will be required. Wow…them all being static is what it was.  When I changed them to DHCP it worked like a charm.  I then noticed the difference is that when static the ipconfig would not show the dns suffix and when I typed that in walla...  Thank you!

I have 2 Failover IP's and i was told i could configure it if i do the following /etc/network/interfaces auto lo eth0 iface lo inet loopback iface eth0 inet static address IP Failover netmask 255.255.255.255 broadcast IP Failover post-up route add Dedicated Server IP but end in .254 dev eth0 post-up route add default gw Dedicated Server IP but end in .254 post-down route del Dedicated Server IP but end in .254 dev eth0 post-down route del default gw Dedicated Server IP but end in .254 /etc/resolv.conf nameserver 123.123.123.13 – Im not sure how i could do this in pfSense, tried to find the /network/interface file but cant locate it to add the post up and down routes. Could i do this using the GUI?

Leave the gateway field blank, you do not enter a gateway for an internal interface.

You can't, no certification program exists for pfSense and there is a great amount of debate as to whether or not a pfSense certification is even meaningful or worth the effort.

I had the same infection on a computer yesterday. Kaspersky didn't detect it. I manually added it to quarantine. I had tried to disinfect it the previous day. That's when the mouse started moving weirdly all by itself until I unplugged the network cable.

Thank you…

Just do: killall -9 openvpn That should terminate any running OpenVPN process and, I believe it should also remove the routes.

Depending on your shell scripting ability, you could take a tcpdump on your WAN interface of (say) 20 packets with output redirected to a file, sleep 5 minutes, repeat using an incremented file name (with leading zeroes so the names sort usefully). The RRD graph will show you which files are of interest. The tcpdump output will give you source IP for the traffic. The port numbers may give you an idea what the traffic is attempting to do. to help reduce the number of files your script might watch the wan interface statistics from netstat and only log after an interval of high traffic. (# netstat -I em0 -b will give you bytes sent and received on em0. The FreeBSD man pages at http://www.freebsd.org/cgi/man.cgi will give more detailed information on tcpdump and netstat. Good hunting.

I could only find a few settings in the Config.xml. I will look into the pfssh.php examples

follow those directions and enter your cable modems gateway (or any IP) as the monitor IP, I entered my cable modems gateway (Private LAN IP at first, that didnt help, then I did the Public IP and it worked)

For states that is true, but last I knew you couldn't have two connections sharing the same outgoing port number. (Ermal would know for sure). pf may be smarter than I'm giving it credit for.

I'm using two pfsense boxes. too. WAN1 –            --- pfSense1 - LAN -172.16.0.0/16 - WAN - pfSense2 - LAN - 172.17.0.0/16 WAN2 --/ pfSense1 is using LoadBalancing pfSense2 is using SQUID + Lightsquid it ist NOT necessary to double NAT on pfSense1 and pfSense2. I do NAT on pfSense1 to the internet, but I use pfSense2 as a router/firewall WITHOUT NAT. To disable NAT, you can google or find information in the pfSense docs ( http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F. It works for me fine. But you need to configure Static Routes on pfSense1.

It's not a problem on 2.0… Just tried it again, selected shared key, unchecked the auto generate box, and the form field came up and was editable. If it's on 1.2.3, I haven't seen that happen there at all either, it's been working for years.