The config backup/restore functionality (Diagnostics->Backup/Restore) lets you backup and restore only certain aspects of the configuration.
Hope that helps.

An extra physical interface is definitely the right way to do it.  :)
I wasn't referring to VLANs though.

Steve

Thanks very much for the link and I'm sorry to ask stupid questions:

I found the patches but not the script to apply all of them. Also found this file, which looks like the config:

pfsense-tools / builder_scripts / conf / pfSense.8

…but I'm not sure if the config is split into several files as there are more files containing device and options lines. acpi is not included in that particular file so in that case it looks like the problem code is not compiled in but is a module after all. I did see the "device acpi" line in the pfsense_wrap.8.i386 file, but that's for embedded, right?

Can someone quickly go through the procedure to patch the 8.1 generic source and apply the complete config before building?

Many thanks

@chenZ:

Dear all, can i use my netgear router as wireless interface?

Do you mean as an accesspoint?
@chenZ:

Or hw can i use my router to boardcast the wifi signal n use pdsense to do session management.

Thx, in the mean time, let me try to add a wifi interface in VMware.

This part i didn't understand

Think of a VLAN as a physical LAN without extra cable.
So what you're saying is exactly right, create lan1 & lan2 using separate physical media or virtualize it. Then add firewall rules for connection, as traffic between separate lan:s need to go through a router.

The benefits of VLAN:s are several, to mention a few:

You don't have to get extra equipment for every lan - a vlan-capable switch can handle multiple lan:s. You can add clients to a specific vlan in several ways, for instance: Ports 1-4 on switch are vlan2, ports 5,8 & 12 are vlan3 etc. Create a vlan based on clients mac-adress You can have a VLAN with clients in Rome, New York, Berlin whereever

It doesn't have to be a marathon, or even much effort at all for something along these lines. Diagnostics>Packet capture, pick the affected WAN, filter on the IP you're pinging from, start the capture. Run the ping until you get duplicates and stop the capture. Then just a glance through the output will show echo request, echo reply, repeatedly. If you don't see more than one echo reply for each request, you know it's not coming from the firewall itself.

One being a wireless ISP, that's almost certainly where it's being duplicated. It's probably indicative of excessive buffering or another problem within their network, I would contact the ISP about it.

@luke240778:

Yeah, was just thinking that i would do that.  How come on the easy install it would have created the partition as only 4gb?  shouldnt it use the entire disk available?

It wouldn't unless the entire disk was only 4 GB (sure it's 100 GB? maybe misrepresented to the OS, check the system log after boot to see what the hypervisor tells the VM it has available) or it was manually partitioned.

Interesting story! But anyway - as i understand, the problem is in the DHCP Server of Windows which is normally not capable to deploy the DomainSearchList …

... but I'm using DHCP Server of pfSense with Windows Clients! My Problem is, that if i use the DomainSearchList option inside the DHCP config, the client doesn't inherit the settings made there.

Did you defined any gateway as default on system -> routing?

Enabling this, you can see that no interfaces requires a gateway(of course you can set if you want).

I could not see any info on how to get pppoa wan pppoe client working in the manual, also could not see any other instances of it working on the net.

However  :) I seem to be up and running using the pptp relay! Wan is getting public ip and internet is accessible. tfg.

@wallabybob:

The Windows update was still downloading on the first box when you started it on the second box?

no, it was the next day… the updates took several hours to download, and the box was rebooted in between (we cannot leave it on overnight, as the centre is closed, and power is so erratic)

I'm out on my bike now in town, but will post up the output from the box when I get back up the mountain :)

From your description it sounds exactly like the situation described in the docs.
pfSense 2 (you are using 2 right?) is NATing traffic across the PTP link, that is the default behaviour when using an interface with a gateway so all traffic appears to be coming from one IP. You setup the first call and that uses source port 5060 which works fine. You try to make a second call and pfSense re-writes the source port as 5060 is already in use. Your VoIP equipment can't deal with re-written source ports.

Two solutions as I see it.
1. Use the siproxd package as suggested in the docs.
2. Disable NAT across the link and just route traffic. See: http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F Obviously you would still require rules to keep NAT on your WAN interface.

Disabling NAT may also help other stuff that doesn't like NAT and it's quick and easy to do. That's what I'd try first but I'm coming from almost no VoIP experience!  ;)

Steve

I've tried from different machines from LAN to DMZ. (FTP-client of Win XP, Vista and 7)
On the server I've tried ProFTPD and vsFTPd.
LAN-LAN and DMZ-DMZ FTP-connections all goes well.

I did a packet-capture on the DMZ (OPTx) interface of the pfSense-box.
Just tested on the LAN-interface of the pfSense-box…
The communication on the LAN-interface looks also comming thru

09:09:56.737775 IP 192.168.2.12.52820 > 192.168.3.13.21: tcp 27
09:09:56.738208 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 0
09:09:56.738441 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 51
09:09:56.746785 IP 192.168.2.12.52820 > 192.168.3.13.21: tcp 6
09:09:56.747982 IP 192.168.3.13.20 > 192.168.2.12.52938: tcp 0
09:09:56.786254 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 0

On the client…

331 Please specify the password.
Wachtwoord:
230 Login successful.
ftp> dir
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.

You can wait, wait… wait... nothing seems to happen. (even waiting for more then 30 min.)

any-2-any rules are made on LAN as well on the DMZ interface. (just to eliminate blocking issues)

Hmmm... Just tried also to do an FTP from pfSense to the server...

[2.0.1-RELEASE][admin@fw1.[i]<mydomain>.local]/root(1): ftp server
Connected to server.<mydomain></mydomain>.local.
220 (vsFTPd 2.2.2)
Name (server:admin):<my_username></my_username>
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
229 Entering Extended Passive Mode (|||26882|).
150 Here comes the directory listing.
drwx–----    5 504      504          4096 Jan 21 17:40 Maildir
drwxr-xr-x    2 504      504          4096 Jan 21 16:47 awstats
drwxr-x---    2 504      504          4096 Jan 21 16:47 cgi-bin
drwxr-xr-x    3 504      504          4096 Jan 21 16:47 etc
drwxr-xr-x    2 504      504          4096 Jan 21 16:47 fcgi-bin
drwxr-xr-x    2 504      504          4096 Jan 21 16:47 homes
drwxr-x---    2 504      504          4096 Jan 21 16:47 logs
drwxr-x---    6 504      504          4096 Jan 22 10:16 public_html
drwxr-x---    2 504      504          4096 Jan 25 16:57 tmp
-rw-r--r--    1 504      504            0 Jan 25 16:37 training.docx
226 Directory send OK.
ftp></mydomain>

Just found another article on google… "The DOS box FTP in Windows does NOT do passive"  >:(
(and I was trying, trying and trying with the DOS box FTP)

I've downloaded the latest version of FileZilla and put it on my own PC… AND IT WORKS!!!

follow this topic with same issue

http://forum.pfsense.org/index.php/topic,45520.0.html

@greybeard:

Q1.Is there any gui option to select the auth type?
Q2. An I unique or does anyone else require this?

1. No
2. I don't want it at present BUT it would be useful if I ever want to use Virgin mobile broadband as a backup to ADSL. Ubuntu since at least 10.04 has allowed selection of PPP authentication options