No and this has to be one of the worst security practices ideas I have heard yet.  It's a firewall, leave it be and deploy another server for this task.  No offense.

It's an easy mistake to make, from personal experience :)

you could do it by dns, by adding a entry to 127.0.0.1, se when people try to access www.eviladdress.com they will be redirected to 127.0.0.1, but no logging features support this and it's pretty easy to bypass

These things are not supported.  Have fun :)

AFAIC this is supposed to be done by the switch (if its able to do so) where's pfsense is plugged.

Regards from Rio de Janeiro.

I guess it's possible that the clock was way off to begin with and just hasn't been able to sync with a time server yet.

Usually NTP protocol don't do big jumps in time.  It has some limit to the automatic time change.  If the time shift is greater than XXX seconds / minutes, it will not update.

Have you tried to config the clock manually to the closest as possible and then asked pfsense to then, sincronize ?

Also, sometimes time settings is not change on the fly on some process.  Sometimes it is necessary to restart the service.  If it is something related to kernel, usually a reboot will make the time to be correct (if the hardware clock is correct at boot time).

Regards from Rio de Janeiro.

use the Squid package?

Enable traffic shaping then :)

Please test Your local time server (pfsense) from windows machine. Is it synchronized to upstream servers at all? Stop windows time service, install ntpdate, and do test:

ntpdate -d yourlocalpfsenseserver

I think - better way for company's local time source - to use BSD "stock" ntpd from www.ntp.org, not OpenNTPD. Configure 3-5 reliable stratum1 or stratum2 time servers and keep Your windows machines always happy.

Arnis

My personal take would be to leave the Sonicwall as a standard firewall, put the web and mail servers on non-internet IPs and forward the relevant ports only.

It works

Thanks  ;D

Find the offending device and give it a valid IP address  ;D

Seriously - you can't "fix" this at the pfSense end - you've got to deal with the source of the packet that pfSense is receiving.  The only way to do that is track down the offending box and correct the IP configuration.

Yes he did.  Please stop posting duplicates.  The next time there will be no warning, just a ban.

Locking duplicate thread.

Would PFsense 1.01 work better on the soekris with atheros cards? I'm just looking for a little platform that will push 16mbits to the wireless card. No FW rules or anything. What do you think?

@magikman:

Connect using root and not the web admin user. (same passwd)

Thank you so much.  Works like a charm.  ;D
Daxx

Nope, the console is not disabled.

Anyway, I managed to do what I needed to (install/assign another NIC) via the GUI (temporary blindness stopped me the first time) and it seems to run OK.

FYI
pfSense version 1.0.1
lightsquid 1.7.1
ntop 3.2_2
squid 2.6.5_1-p15

Cheers and thanks.