Thank you for the reply! I'll see what I can do from the GUI then.

Regards,

Nick

seriously… i am a dumbass so... I will go sort that out... thanks a lot

You'll need to assign one of the VLANs as LAN, assign an IP to it, and then do the config from there in the web interface. There isn't a way to assign a gateway at the console.

Obviously doing this you could easily break something etc etc.  ::)

Edit the file: /usr/local/pkg/lcdproc.inc
Towards the end of the file the rc script is generated. Change the line

$start .= "\t/usr/bin/nice -20 /usr/local/bin/php -f /usr/local/pkg/lcdproc_client.php &\n";

to

$start .= "\t/usr/bin/nice -20 /usr/local//bin/lcdproc C T U &\n";

Change C T U for whatever screens you want. Re-sync the package or reboot the box.

Steve

@cmb:

Just use an external AP, you can generally place it in a more optimal location for coverage that way, and the cost is generally no different.

The thing is I need it to be a mini switch, as well.  But the good news is I found this nice used appliance, with everything preloaded for $70.  It should be a fine pfBlocker box, and I can use use my wireless router to do the rest.

So I'm a happy camper.  :)  Thanks!

After the fact, you can't narrow it down that much with what's in the RRD graphs. You need either an add on package like bandwidthd or similar, or export Netflow to a collector, for detailed historical data like that.

To update, there hasn't been another instance of this since I changed my machine name the other day.

I love my pfSense firewall. :)

@wallabybob:

@jigglywiggly:

i configured a lan rule so that 192.168.100.1 goes to the modem connected to the usbnic
this works, i can see the page and I know it's the right modem.

I'm not sure what you mean by "lan rule" - "firewall rule on LAN interface" perhaps. It is not clear this is necessary. Normal defaults for firewall rules on LAN anllow any traffic to anywhere and normal routing would direct traffic to the subnet of the USB NIC through the USB NIC. (The modem would normally be on the same subnet as the USB NIC.)

@jigglywiggly:

however, when I make a firewall rule so what whatismyip.org goes through the usb nic it times out

It is not clear in this case who is doing NAT or supposed to do NAT? If the modem is a router then it is almost certainly doing NAT but the conversation won't get established if pfSense is not doing NAT and the modem/router doesn't have a route to your LAN subnet.

@jigglywiggly:

EDIT: GOT ITZ
I had to go to nat > outbound > and create a rule with static port all the other settings were on any

If the access to whatismyip.org was web access it is not clear to me why Static Port on the NAT rule would have been required - that is, I suspect a "Static Port=NO" rule would also have worked.

i added the lan rule so i could see if traffic was able to get past the nic
by lan rule yes i mean firewall rule

to clarify, all traffic was not working. I had to enable static port for any traffic to work.

@Supermule:

Is that enough to bring down the firewall??

No, it will make the web interface non-responsive, but has no impact on everything else.

Yes the other machines should simply connect as normal. You use the server on pfSense simply to setup a tunnel to your Netgear router. It may be easier/better to use pptp or l2tp, I'm not sure as I've never tried this as I said.
You need the Netgear router to send all it's traffic via the tunnel, if you use pppoe it will see that as a normal WAN connection and should do that.

Steve

Thanks for a definitive answer JIMP

that decision is usually up to the syslog daemon itself, if the messages are far enough apart, even if they are repeated, it still prints them.

From a quick glance at the man page, there is a way to disable this message compression but not a way to expand it.

Running wireshark on both sides (client and Web Server), I can see the client sending packets to the Load Balancer Address and I can see the Web Server Receiving packets from the WAN address of the PFSense box which it then tries to respond to but the client never receives them.

Additional info: Client: 192.168.1.50 sends to Virtual Server (192.168.1.20). Web Server (192.168.1.30) sees packets coming from 192.168.1.1 (Load Balancer box WAN interface, not Virtual Server IP). Web Server sends packets back to 192.168.1.1, PFSense does not pass them on to client.

What do I have configured wrong?

I had thought that the standard unix host template in Cacti would get it, but I looked in the Cacti setup I used last and I only had interface graphs so I may not have actually tried to use that.

First, make sure you have all of the boxes checked on the SNMP screen so the modules are loaded to give the info.

If it helps, we use bsnmpd, and copies of the MIBs can be found here:
http://files.chi.pfsense.org/jimp/BEGEMOT-PF-MIB.txt
http://files.chi.pfsense.org/jimp/BEGEMOT-HOSTRES-MIB.txt

Yes.  :)

Exactly like you say the traffic between clients never reaches the firewall so rules would have no effect.
In a wifi network you are able to stop this traffic by not checking the 'allow intra-BSS communication' option. In a wired network you do not have that option.

Steve

Thank you very much!

@johnpoz:

If your just running 2 different networks on the same wire (not really a desired setup) - ie switch is just dumb switch without vlan support.  Why don't you just run everything on 1 network?

This. Why people steal other people's public IP space like it's RFC1918 is beyond me, can't believe how much I see that. Don't do it, it'll break your ability to connect to the part of the Internet that's really assigned that IP space, and is just wrong. It's also pointless to put those devices on a different subnet in that scenario.

Cool, i'll do it that way i think. Thanks for that.  I'll report back if it doesnt work out :)

Right as I hit post for this I just found what seems to do it.

"Disable writing log files to the local RAM disk"  If that is checked then clog no longer works and the syslogd.conf file is turned into that listed at the beginning of the post and hence nothing will log to any place any longer. I recommend that setting be renamed to "Disables all logging."