[image: all-your-base-ws2445.jpg]

remove the arp cache entry and until it shows back it should show offline and be able to delete it.

Thanks, Kpa.

ssh open to the world is going to get massive amounts of traffic..  Yup going to try and bruteforce you til the sun comes up..

Those are root name servers for the gtld (Generic top-level domain) .net -> https://www.iana.org/domains/root/db/net.html

Need the 3 router setup to replace my fios router with a router with more features and better wifi and keep Caller ID and Remote DVR access on my FIOS system. The PFSense would be primary and the directly connected to the internet.  http://www.dslreports.com/faq/16858  if you want to see more about it.  Hopefully I replace the secondary router with one of the Ethernet ports on the PFSense and have control of what uses the VPN and what doesn't.

will try it. but scared its gonna go to 2.3.4

Normally that element would be removed from the configuration after you restore the configuration file. It shouldn't be in there persistently. Is there an error on the console or in the system log about it not being able to import the RRD info?

OK will upgrade later and revisit

I didn't read the linked article to find out what you are trying to accomplish but regardless I can make a recommendation. Buy a used server pull (preferably from not-China, but even that's really not important) i340-t4 off of eBay http://www.ebay.com/itm/IBM-49Y4242-I340-T4-4-Port-Gigabit-PCI-E-Server-Network-Adapter-Card-/361940630659?hash=item544557bc83:g:VSQAAOSwc-tY3XdW Something along those lines. Just use those NIC's and disregard the Realteks. The Realteks will probably work perfectly fine for 5-600Mbps throughput, might not work at all, might give you a bunch of headaches? That's why they aren't recommended, they are just a mixed bag which is not what you want for NICs on a networking device. So, since you are already planning on buying another NIC, just get a good one and use it.

https://forum.pfsense.org/index.php?topic=112335.0

Agreed..  And thanks for the info it holds my curiosity cat at bay ;) I send alerts from my pfsense box to google over 587..  Depending the server your sending to and connectivity to it, and who the sending email is saying its from and address its going to.. Its quite possible not to auth at all, etc. I have not looked too deep into how exactly pfsense is sending the alerts.  But I would think it possible to send to the server directly accepting the mail for the domain your sending too without any need to auth at all.  Only reason you would have to auth if sending to an email server that would be sending the email to where its going for you.  So sure such a mail server you would want to auth who is trying to get "me" the server to send mail for.. Making sure it really is you and not just some spammer. But sure in such a scenario it should be easier to pin or trust in pfsense a private ca or self signed cert for secure auth to your sending email server - in this I do agree..  They prob have not gotten around to it as of yet since its prob not a lot of requests for it.. Since if sending through some public email domain the certs should be signed by some common public CA.  If sending your own email server, its quite possible the server is actually internal to where pfsense sits and auth should not need to be via tls for security reasons, etc. etc. I would think if was brought enough attention there is lots of need and not just a few one offs in setups that require trusting self signed or non public ca certs in the pfsense user community it would get more attention.  If something you really want done - there is always the bounty program to have some put it together.

I had some similar issues as well, turns out I set three things: I enabled SNORT as the IDS I had Automatically checked the block systems from SNORT The SNORT IDS automatically blocked some web pages that had been flagged by innocuous http inspect errors ( BYTE BLOCK etc) Once I suppressed the false flags http inspect, I then reset (cleared) all the blocked sites and poof I could get to where I had been unable to previously. ~Zackis

IDK if this can give a clue but I'll leave it here: The last events were on last Thursday (13. April) where the connection went down several times in the afternoon. Only thing that helped was pulling the LAN cable between modem and pfsense and replugging it. Screenshot: http://imgur.com/a/XcmId Then, 14. - 17. April was Public Holiday so nobody in the office, not a single connection loss in this time. Now, back on working day, first disconnect happened around 9 AM…

@mikeisfly: No need to port forward all ports, just have the ISP assign your PfSense box a statically assigned IP address. Then put that IP address in their router's DMZ. That should forward all unsolicited traffic to your PfSense box. Thanks for an alternative approach, the install is happening today, will present the options to them.

Hi Guys, Do you guys know how to do this? Steps?  :( I'm new to PFSense and not sure if this can be done. I see this topic is  2+ years old but no solution is mentioned. Can I get some help in same situation? I have pfsense instance with 1 NIC with let's say Public IP is 1.1.1.1 I have a web server instance that not on local network and hosted somewhere else with public IP 2.2.2.2 VPN is not an option on these IPs. I'm trying to configure pfsense so all traffic arriving on ports (80,443,20,21,22) on IP 1.1.1.1 is forwarded to 2.2.2.2 on the same ports. I am able to do it with SOCAT utility using the following command socat TCP-LISTEN:80,fork TCP:2.2.2.2:80 but it's a small utility and no proper deamon/service is available for it. The only other option is IPTable  but I really like pfsense GUI and I can use it for VPN as well. Can someone please help?