If you wish, and if you understand the security concerns as raised by Derek Zeanah then you can have the configuration you want. All you have to do is to add rules into the PFSense firewall configuration to allow the ports you need through the server. Just make sure you add them in both directions. As Derek Zeanah said however, you should really have a firewall or other security appliance on the outer edge of your network, even if the server is supposed to be internet accessible.

pfSense uses pings to monitor the gateway for connection quality. The actual volume of traffic is very small. You can set it to monitor a different address on that interface, the modem for example, from the web interface: System>>Routing>>Gateways. Click the edit button next to WAN gateway and enter an alternative IP. You could try entering the WAN interface IP, I don't know what would happen though! Steve Edit: @cmb: It's for monitoring and quality graph. No way to disable it at this time short of hacking the source yourself.

You still need serial console access to the router to switch slices (or KVM on a full install) so it doesn't buy you all that much. If you have access via something like DRAC/ilo you can probably even reinstall remotely using an iso image.

If you also restrict by IP range then it may be sufficient. If your HTTPS port is open to the world, people can still see your pfSense login screen, which is undesirable. If you have packages installed, some package files are not protected by the pfSense login process so you could be exposing information you don't intend to be public. Using a VPN is always the best way.

questing bump, anyone?

Indeed it is. blush I thought I checked all those options the first time around. Thankyou.

You can run the nanobsd version from USB flash, assuming the machine's BIOS supports booting from USB.

Sounds like you have two gateways on the printer's network, which is likely causing asymmetric routing or possibly other issues, likely the cause of your problems.

Thank you all, working straight away after putting the modem interface to /24

Solved it; strange IP conflict with a Cisco wireless access point elsewhere in the building.

Sounds like a flaky NIC or driver. If you are on 1.2.3, you could either swap the NIC or try 2.0 instead. If you're already on 2.0, try a different NIC.

Hi, Looks like you're learning already!  ;) I have limited experience with VPNs so I can't really advise you on the details. One thing I will say is that you won't max out a 35/35Mbps connection using VPN traffic with an Atom. However as you say you have a much smaller pipe at the other end it shouldn't be a problem. Read this post for some detailed test results. Is all of this possible without pulling my hair out? You'll probably loose some hair.  ::) It is possible. There are plenty of people using Realtek NICs with no problems at all. Test it and see. Do you know which realtek chipset it is? Does your Atom board have a mini-pci or mini-pci express slot? Many do. You could use it as an access point directly, assuming it's located somewhere centrally. From what I’m gathering, it seems that VLANs are basically the same thing as what I want to do with these virtual interfaces, just on a very small scale.  Is that accurate? You can use Vlans to get extra virtual interfaces no problem. Yes. I've never used the RB250GS but VLANs are surprisingly straight forward. It sounds to me like you are asking all the right questions and have a good idea of what you're getting into. I would try using the Reatek NIC first (you'll probably have no trouble) and get a managed switch if you need it. Remember to go one step at a time testing as you go. A lot of people run into trouble when they swap their current router for pfSense and try to match the previous configuration setting up every feature in one go. Have fun!  :) Steve

See: http://doc.pfsense.org/index.php/HOWTO_Install_pfSense The NanoBSD images are designed for flash media like Compact Flash. The standard install for a hard drive is from the bootable CD. http://snapshots.pfsense.org/FreeBSD_RELENG_8_1/i386/pfSense_HEAD/livecd_installer/pfSense-2.0-RC1-i386-20110512-1729.iso.gz Steve

I think if it's possible on your frame relay router change it's lan address too match the Detroit lan 192.168.2.xx and add the third card to the pfsense box with a .2.x address. Then create a static route from the new Opt1 card too the lan with open all ports firewall rule. Should work, (I'm not as advanced as other users here)

Jimp brought up a good point.  While we DO use the cable company for our connectivity for both voice and bandwidth, we have fiber to the building which falls under a different SLA and MTTR than the coax network.  We have a 25/5 cable modem we negotiated as a backup (it happens to be free so please save the "it's not a separate path" comments) but the SLA is horrible, you're basically at their mercy and have no remedies if the system is down.

That makes sense now.. Many Thanks