Wow… that's very interesting. Yes both were on 2.0 RC3. I tried again just now and it still doesn't work. Maybe it's a bad install? Anyway, thanks for the replies. I'm going to re-download, re-md5, and re-install, to see if I got a bad install. I can always just reload my config... or can I... O.o If it doesn't work, is there a way I can decrypt it outside of pfsense and then send it? Because loading config works just fine as long as it's not encrypted. EDIT: After a full reinstall I still have the same problem. I think I'll just start over from scratch (ugh). Thanks for the help.

Great suggestions wallybybob. Thanks for the help. @wallabybob: Your laptop is using the wrong default gateway? (Perhaps you have another DHCP server on your network and the laptop got a lease from it.) Negative. My laptop IP is manually set. I can ping both the VLAN102 and the VLAN101 interface from my laptop though. Synology is on VLAN101, laptop is on VLAN102. macbook-pro-15$ ping 192.168.101.1 PING 192.168.101.1 (192.168.101.1): 56 data bytes 64 bytes from 192.168.101.1: icmp_seq=0 ttl=64 time=0.058 ms 64 bytes from 192.168.101.1: icmp_seq=1 ttl=64 time=0.092 ms 64 bytes from 192.168.101.1: icmp_seq=2 ttl=64 time=0.096 ms @wallabybob: Your packet capture specified the wrong parameter values? Don't think so. I tried both synology IP of 192.168.101.2 and my IP of 192.168.102.6 with not specifying any ports. I can see 192.168.102.6 traffic, but nothing related 192.168.101.2 @wallabybob: Your access attempt begins with a host name which gets translated to the wrong IP address? Negative there also. I use https://192.168.101.2:5001 to access the synology device. @wallabybob: On the laptop try to tracert (Windows command prompt) or traceroute (Unix shell) the synology to verify path. On the laptop set up a ping to corresponding pfSense IP address for a few hundred packets or so and tweak the packet capture until you can see the ping. Or use tcpdump on the pfSense console as the packet capture. macbook-pro-15$ traceroute 192.168.101.2 traceroute to 192.168.101.2 (192.168.101.2), 64 hops max, 40 byte packets 1  * * * 2  * *traceroute: sendto: No route to host traceroute: wrote 192.168.101.2 40 chars, ret=-1 * Can't see ping traffic on packet capture or ping the Synology device, however, I can ping the interface the Synology is plugged into.

You need to use username root http://doc.pfsense.org/index.php/HOWTO:_Access_pfSense_filesystems_remotely_with_scp // rancor

thank you. so my assumption was correct.

Tried raising it to 1600, followed the recommendation I could find on mysql's forum. Non of them worked.

understanding that is not nessessary as this is just a function of how a virtual network works; virtual nics follow the same rules an actual nic follows. you'll want to chat a different forum for specifics on that issue if you must know all about vmware et all. all you need to know is what comes first and when. dont confuse 'multiple gateways', with simultaneous outbound gateways (a routing function) as opposed to a succession of gateways (a hierarchy). let us know when you have implemented this setup and we can help you more, as i think you'll have a better understanding of the basics involved here and we wont be rehashing the same content over and over. i dont want to sound rude at all, but i think if you made out a diagram it would help considerably.

your best bet is to read up on Squid, and install the package from within the pf webUI. simply blocking sites based on IP via the firewall is possible but will end up taking a ton of time to enter, and maintain (ip's can and will change especially with a large list of hosts like you seem to have)

simply adding the snort package to pf is free, and snort also offers a free rules package; but the rules are 1-2 months old i believe. if you upgrade your rules package from the snort site; you get up to date rules and a few other perks if i remember correctly. here are the prices: http://www.snort.org/store

Thanks you very much!

I added that one to the GUI as well. If someone wants to go through and test all that out and recommend a good sane default, the docs can be changed.

Personally I just keep the raw logs and if I want something, I grep for it (or zgrep, or bzgrep, if the logs have been rotated/archived) :-) I realize that's not ideal for most people, but I rarely have to go back to old logs, it's just nice to have them handy. To do some of what you want requires a system like Splunk that would put the logs into a database and give you a nice GUI to wrap them up in. If others have suggestions for similar (hopefully free) products it would be nice to know. We are working on a central management system for pfSense that will include central logging functions, but that will not be a free product when it happens

I would prefer to use bridging if that was an option so you can leave natting and anything else to device which handles those very well. and ofcourse loadbalancing+failover when you have several lines to use.

I was using a WRT310n with DDWRT mini. Sometimes DD got frozen and I have to reboot it manually. This makes a lot trouble for me. [image: M.png] Now I switch to Pfsense because my ISP is going to provide the fibre-optical connection. It's much faster than before(it was 2M/4M, Now it's 10M/20M/100M).. DD may also work with this fast speed network but I am sure that a ROS system like Pfsense will be a better choice. Since I am running a small personal server at home. I just installed the Pfsense as a virtual machine within Vmware. WRT310n will be  a Access Point and HUB which connect to the Pfsense. [image: M.png] It takes some time for setting up Pfsense, but it still worths a shot.

thank you sir for your answer. Yes i understand. but the picture i submit here. it was when i just check with one computer on my network. but when all workstation goes full it goes way high 100/500. :( if i speed test from direct modem i gets 12/13 MBPS from my each modem. but when i speedtest from pfsense with load blance i only gets 19/20 mbps. Is it ok? On mY other shop we are not facing this kind of problem…. and about 2.0 pfsense actually i could't configure. Loadblance setup. I already spoke with one of pfsense commercial team member for for help. But i know its charge high for me at this moment. i asked him for documention for this kind of setup. i will pay for this. he told me to ask on the forum. so it will be great help if some one do this for me. i will pay for this. but not 600 dollar. thank you...

Add the iftop program.