Not there, no, but if you make an alias with a recognizable name and document it there, then use the alias in that box, it may make more sense later.

I figured it out.

You have to login using the "root" account with the same password as the "admin" account. Then it works fine.

It's been a couple of days without incident.

So it looks like there's some incompatibility issues with the stock scsi raid in the 345s.

The 6i is working fine though.

if you create an url that returns this ip list, then you can create an url or url_table alias and apply it to a rule.

Even if you could copy the log files to Linux, you'd be missing the "clog" binary to read them. Setting up a syslog server on your LAN is a good idea, so the logs are automatically copied over the network as they happen in a standard format.

Are you running it on Internet explorer?

If so, change to a supported browser like google chrome or firefox.

If not, did you changed any gui permissions do admin user?

Unfortunatelly I have still same problem. This time WAN1 went down and I have to reboot Firewall.

I cannot post log about WAN1 failure because this happened at weekend and when I was in office logs about WAN1 failure was already "flooded away" by dhpc- & arping-logs.

Some idea?

cu Floh

Thx for answering!!

My first concern is actually with the network configuration.
Should I go with option 1 (the image above) or option 2?

In option 2, the public network is connected directly on firewall (pfSense). What would be easier to configure?
I'll use Router1 just for routing.

Option 2:

@stephenw10:

Tunable name should be: dev.cpu.0.cx_lowest

I wouldn't worry about the firewall values unless you have a specific problem.

Steve

Thanks for the clarification ;D

To reset the states for one IP…

pfctl -k x.x.x.x pfctl -k 0.0.0.0/0 -k x.x.x.x

To reset all states

pfctl -F state

And to give the GUI a full reset, which is probably what you want to do anyhow…

killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui

You need to be aware that traffic routed to a load balanced gateway cannot use the system routing table, it all goes to the gateway. This means that if you have any other interfaces, OPT1 say, you won't be able access it from lan. If you need to do that you need a rule to allow it above the default any rule.

I'm sure there are many way to acheive external DNS blocking. I'm far from an expert myself, I await any other views.  :)

Steve

i was able to get an ssh tunnel out w ssh -D 443 -f -C -q -N admin@192.168.0.50

but, "Firefox can't establish a connection to the server at 192.168.0.50."

httpd is just hanging it looks like.

netstat -a on the pfbox reveals that lighttpd is not actually listening to anything, its not listed at all where it should look like:
tcp4       0      0 *.http                 .                    LISTEN

which is the case on another pf box on the lan.

kill -HUP PID for lighttpd didnt resolve it either.
i will keep digging

at least we know a rule or snort didn't go haywire

edit
fixed it, originally i had httpd bound to port 443 to enable ssl by default. i killed the pid of lighttpd and manually edited
/var/etc/lighty-webConfigurator.conf
and changed "server.port = 443" back to "server.port = 80"
then start it back up again: /usr/local/sbin/lighttpd -f /var/etc/lighty-webConfigurator.conf

and now:
tcp4      0      0 *.http                .                    LISTEN

Why don't you just make a VLAN for your various clients and leave all your servers on the .150?  You could create a .149 or .148 and segregate your clients into those networks.  This is safer anyway, as it adds another layer of control over what type of traffic can traverse over into your server network.  In addition, your Windows clients are probably nicely flooding that network with NetBIOS traffic if your not running a WINS server, better to segregate them to their own broadcast domain anyway.

pfSense already supports a number of Dynamic DNS providers including DynDNS so the DynDNS support could probably be fairly easily replicated to support CloudFlare.
pfSense also DNS-O-matic which can issue updates to a number of different Dynamic DNS providers and their web page (http://www.dnsomatic.com) indicated they are open to support more. Why not talk with them about supporting CloudFlare Dynamic DNS?

It is a custom build of FreeBSD+extra packages. Custom kernel, lots of changes.

So it's a stand-alone distribution, it is not something that is an "add-on" to FreeBSD in that kind of sense.

Should be fixed now