Not only is there no point, but you'll probably find your network stops working unless you bridge the WAN and LAN interfaces on the pfSense host.

Thanks a lot. That helped.

Thanks for the input. I am not talking about the external USB ports. I am talking about the pin jack on the board. Pins like this: ….. .... It's labeled J19 USB. (my typo on r). So, I am lookin for a mood light that interfaces on the motherboard USB jack port. Thanks

They are the internal rule numbers the pf(4) filter assigns to the rules. To see the numbers run this in shell or command prompt in the webgui: pfctl -g -sr

Thanks for the responses. I was getting confused on the procurve definition of 'trunk'.  Trunk in their words means link aggregation/increase the bandwidth. My problem was that I fat-fingered one of the vlan information on the linux server, which was causing problems.  I fixed everything and everything is perfect.  :)

There are some other packages like bandwidthd that graph traffic on a per-IP basis. Some more info can be found here: http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F

Thanks all for the responses. You are correct, the "trunk" in the procurve is for link aggregation.  The tag / untagged definition related to vlan's. In the end, I got it to work.  I fat-fingered something on the server which was causing the problems.  Bottom line is that things are working great.  :) thanks!

I still have not figured this out.  Any more ideas?

Anyone can seed a pfSense iso, but there aren't any 'official' ones. I think I have seen torrents for pfSense on sites before, just be careful that the md5 matches.

You could just mirror the WAN\LAN port over to a random port on the switch and attach it to the IDS-machine then sniff. Atleast that would be my way of doing it with procurve.

I've already switched it to let the DMZ machines grab the DNS from the pfsense dns forwarder. as for the firewall rule, I didn't get a chance to look yesterday, I will be doing some more playing with firewall rules today and I will post back what I find for anybody else having the same issue as I was. –-- Easy enough, compared firewall logs with and without the allow all rule to DMZ network and found that port 53 was being blocked. Since port 53 is the DNS port using tcp/udp, i just created a rule allowing the DMZ to use port 53 tcp/udp to the DNS Forwarder. TCP/UDP Source: 192.168.5.10(Only DMZ Machine) Port: Any(because i seen it using multiple higher ports) Destination: 192.168.1.1(DNS Forwarder) Port: 53

I'm operating a CyberCafe as well (and was a consultant in this for nearly a decade) and I can safely say this.. 1)  You need to have some form of software security 2)  You need to observe your customers needs and install the software they need On point 1, there is no such thing as giving users full rights over the system (even when I experimented with disk image based management systems which reset on reboot, access to system settings were locked down). If they need admin rights for installing software then you need to have some form of lock down on the critical aspects of the system. In Windows, you can use registry hacks to: 1)  Disable right clicking on the desktop (no changing of graphics settings, wallpaper etc) 2)  Disable taskbar icons (no disabling of antivirus, changing of network settings) 3)  Disable right-clicks on Start Menu (no adding/ removing shortcuts) 4)  Disable Command Prompt (No access to what you need to secure via the command line) 5)  Disable Batch/ CMD files, VBscripts or Registry Files (choose one of the latter 2 since you need either to unlock the secured system for maintenance; I recommend disabling Registry files since it's far harder to find and download a VBscript to unlock system policies) 6)  Disable drive access and Windows Explorer (all downloaded files will hit the desktop since that is the one folder you cannot deny access to) Couple this with removing the shortcuts to Control Panel and Network settings in the Start Menu and the user won't be able to muck around with changing the Network Adapter settings for a start. In such an environment, run Deepfreeze or Windows SteadyState to reset the software installations upon a reboot. On the second point, if you start to learn what your customers need and install them, then you need not give them access rights. I have helped setup and managed CyberCafes with more than 100 applications and games per PC simply because a lockdown was required. It takes time to update and patch these but trust me, you'll lose more money and man hours if anything screws up because of a user messing around with the system.

@thunder8911: Heyas again, Yes, Not a BBU of course, i'm talking about a UPS. Usually when power is cut, they don't power on themselfes without pressing a Button or anything, because it's not true server hardware.. The Mashines themselfes are around 6 months old now. The Air condition in the room generally filters all the dust in the room and gets maintained on a regular basis. I will probably just try to put all mashines to a different power outlet. Hope this helps :) Thanks again! Hi, I don't mean that as a server feature.  It is a basic setting in the BIOS (CMOS).  Under Power Options, you should find a setting that says: Power on after power failure - Options:  On, Soft Off, Last State. This is definitely available on consumer boards.  Set this to "On".  If the machines are powered down due to power line issues, when the power comes back on, the machines will automatically boot up. However, if the machines are manually powered off - by pressing and holding the power button or via shutdown command (script or manually entered command), the machines won't come back online. This should hopefully, help you isolate the problem as to whether this is a powerline issue or script problem (or sabotage for this matter).

In this case you cannot use policy routing and you will have to create static routes for all these servers pointing to the gateway of WAN2.

Haven't tried a direct connection yet, but did have a tech out today, and he found some problems with my line.  So hopefully that was the culprit.