Mine does through certain package(s), Squid and LightSquid you can look at how much bandwidth per IP address and see what sites each IP address went to.

Sorry, I misunderstood.  I’ll try it again maybe I didn’t get it right – the connection was still dropped just before midnight when I tested it.

Certainly worth another try – thanks for your help!

I'm at work again and unable to test but this may be of use of on pfSense 2 or above - http://www.unix.com/man-page/FreeBSD/8/ppp/

You have a misconfigured squid. Check squid options, change netmask network ranges to cidrs and try again.

On pfSense 2.0.1 and earlier, the log files were always wiped/reset at bootup.

On pfSense 2.0.2 and later, on a full install the logs are kept at bootup.

On NanoBSD, the logs are kept in RAM and would be wiped after each reboot no matter what.

If you need to keep logs indefinitely, setup a syslog server and have pfSense send its logs there.

@rabbyweb:

It's showing it's block our IP.

What is showing this? Where?

It's unlikely you will have multiple public IPs. You would have to have paid for these from your ISP.

Steve

@cmb:

Judging by this (I have no 10G equipment at all), the Intel 10G driver in FreeBSD 8.1 must be somehow broken with VLANs. I would try 8.3-based 2.1 from snapshots.pfsense.org.

I had severe problems with VLAN with Intel 1 Gb (Intel® Pro 1000 network, em0 & em1) NIC's also. Upgrading to FreeBSD snapshot solved the issue.

BR, Tommi

The llinfo error means that it's trying to send a packet to that IP (typically that's your gateway IP) but it can't be located on that interface. That can happen if the interface IP changes via DHCP on WAN, or if you manually change it, and there are still states referring to the old/previous gateway.

The apinger error can be ignored - it's meaningless.

The hotplug event means what it says. lan was unplugged and plugged back in, but since lan has a static IP, nothing was done.

You can set a domain override for facebook.com pointing to a non-sense IP.
(I usually set it the an unused ip in the local subnet when i "block" a domain like this).

However with such a setup it's not possible to change the behaviour for one/multiple specific IPs.

You might want to look into a "proper" solution to block domains.
(eg. squid guard).

@stephenw10:

Hmm interesting question. There are a few ISPs using MPoA in the UK, perhaps most notably SKY are switching users to it and require a special dhcp option.
Adding a virtual static IP in the modem signet seems like the way to go. As you suggested.

Steve

Thanks again Steve :)

If we carry on this way instead of a beer I'm gonna have to buy you a holiday in Madagascar ;)

Ok!

Thanks for ur answers Steve, i hope this thread may help some other lost soul in the future.

Yes, i copy my lcdexec.conf from some guy which i dont remember the name, but im able to reboot, shutdown, reset webgui, interfaces, etc.

When im done with my box ill post pictures of the case.

Well if your going to want to isolate more of your network in the future - then I would suggest moving towards smart/managed switches.

But switches that support vlan on both sides of your wireless bridge and you shouldn't have any issues - your wireless bridge just passes all info it sees right.  So this would contain your vlan tagging.  Can you just bridge your trunked connection as another way to put it.

Wireless bridge does not seem like a great way to connect buildings to me - what is the speed of this connection?  Users in the other building all sharing wireless link sounds slow to me for internet access.  And then now your going to have users coming the other way for file access?

@thepccentre:

so the allowed ip is the ip of the destination, i thought this was the clients ip address and it by passed the portal for that client.

The Allowed IP addresses tab discusses TO IP addresses ("flows"  TO those addresses bypass the portal) and FROM IP addresses ("flows"  FROM those IP addresses bypass the portal).

Did you tried to reload script on Firefox config screen? Close and reopen the browser?

It is possible!
How complex it might be to do it is another thing.  ;)
I've never used WHS so I can't speak from personal experience but I would start by seeing what sort of settings are in uTorrent/eDonkey for doing this.

You first want to change the VPN connection settings so that it doesn't become the default route when connected. Then maybe try running a socks proxy setup to send traffic via the VPN and set your application to use it (if they support proxies).

There's probably many ways to achieve this.

Steve

Edit: Looks like in emule you can just use the BindAddr option to make it use the VPN interface as linked to by Dreamslacker above: http://forum.emule-project.net/index.php?showtopic=143867&view=&hl=BindAddr&fromsearch=1

Hello I can't believe that nobody nows that

there is no pppoe in the path. the router ends a synchron leased line and the pfSense
connected to the router's lan interface. I really do not know what the problem can be.

my LANs are various tenants, and most of the traffic is tenant to tenant. For lan routing i can use my a L3 core switch, but what I'm looking for regulating traffic between lans.
I also have multiple wans in my setup, so my choice is to separate wan part from lan part.
Today I tested the vpn part and with openvpn is workin as expected (vpn machine is behind nat). Once tested ipsec I'll start deploying stuff on esxi environment in production.