I am not sure if mortified is the correct word but basically I did not Auto fill from NAT and my firewall rule was pointing to incorrect IP address ….. It works like a charm when it is set correctly !! ;D

Routing between the three LANs will happen automatically if this router is the gateway for each network. You can setup those firewall rules you describe with minimal effort. The other actions would be handled by the load balancing tutorial, with maybe the exception of FTP. If you need to use the FTP proxy, the interface for the FTP traffic must be WAN. The FTP proxy in 1.2.x isn't really compatible with Multi-WAN.

What does this configuration look like? Do you mean you plug a system directly into the WAN interface of your pfSense? If so, depending on the NICs, you may need a cross over cable rather than a straight through cable. In the case with the allegedly "bad" MAC address, do both ends of the link see it as in the "running" state? No, over switch.

No. To get such a log you'd have to use a proxy, or manually process every port 80 packet and try to parse out the URLs, which would be very CPU-intensive. There may be some other software daemon out there which can do this, but if so, I haven't seen it.

That isn't a proper empty tag, so you're making it an invalid XML file. Either delete the tags entirely, or use <media>and <mediaopt>. Deleting them is better.</mediaopt></media>

They happen constantly. Either one every day, or more often if there are commits to the code which trigger the builder.

OK, thank you very much sir… You'd enlightened me... Anyways, i've got another question. Is it advisable to activate load balance if i have to different speed DSL (2.2mbps assigned in WAN1 and 1.3mbps assigned in OPT1)? I had activated my dual-wan connection, but not sure if i going to create load balance? I had read some threads saying that they don't prefer to load balance... Will load balancing help improve internet connections? Thanks!

THANKS!

Hmmm, could be, but whether it is fragmentation or TCP segments spanning packet boundaries, that is TCP and the postage meter is broken if it can't cope with this (although I have run into more than one application that was broken that way…)

In the past i used syslog on a linux box and have splunk pick up the logs so its in a nice and clean readable, so i didnt have to pay for splunk and have a few systems write to the syslog server. try splunk

I tried to install 1.2.3 onto an old Pentium 4 1.6 but when it got to the part where it was attempting to FDISK the drive the bios was sending the correct head count and it kept saying the only valid number is from 5 - 1024 but free bsd wanted the number to be 5003. Changing this number did nothing it still failed with the same error. I skipped this part but without a format the boot-loader did not load. Using the original HP machine I did a clean install (I even chose the single processor option this time). No packages. I have the exact same result. Unfortunately right now I do not have another machine to install on. Since both machines have the same motherboard and different NIC cards, it comes down to this specific motherboard. It is the HP XW4300 using Intel 955X chipset dual core Intel Pentium D 840. I think I have checked the different hardware possibilities sufficient with these 2 separate computers to say either the software is not working (not likely) or the drivers are not playing nice with this motherboard. I do not know enough about Free BSD to install different drivers and try to make it work.

Depending on the details of your requirements, pfSense for the router/firewall and OpenDNS (http://www.opendns.com) might be satisfactory for the content filtering. For this combination you would configure OpenDNS as your name servers, then a name to IP address for a site hosting "unsuitable" content would return the IP address of an OpenDNS server that displays a message that access to the site is blocked and the category for which it is blocked.

you could also backup your config and reinstall, but choose the developer's kernel. That way it won't automatically reboot on a panic, it will wait at a debugger prompt and you can get a picture of what it shows (and type "bt" at the prompt for more info, too)

Great choice! I read that book.  Recommended.

The particular attack that presentation is covering, amongst others, isn't specific to any product and isn't a vulnerability in the listed products. You need to take care with any device. Use strong passwords, don't use the same browser for management and general web surfing. Other recommendations from a while back that are still applicable here: http://blog.pfsense.org/?p=232

@cmb: Some things won't pick up a timezone update until they're restarted, or you reboot the system. We don't recommend the GMT offset zones, pick a named zone or one of them like EST5EDT or similar for DST, depending on where you are in the world. All the problems are solved after time zone was set as "Asia/Hong Kong" and rebooted the system. Thank you so much, cmb.

@calebjk: What speed would you recommend? "It depends". Ultimately just adding bandwidth isn't going to fix anything, 800 college students will find a way to peg anything you can afford to throw at them, from my experience with many similar setups to that one. Throttle the P2P, and ensure you have enough bandwidth to meet general web needs. Probably will want to limit each user to a particular speed as well. Probably going to want to use 2.0 for that setup, for the best options for bandwidth control. I've done a few setups similar to that on 2.0 that are working nicely.

There's nothing to it other than checking the enable box. Look at the system log to see why your attempts are failing.