@gjaltemba:

Glad you got it working.

Firewall->Aliases is not hard to find.

Thanks for the help!

First in AP mode there is not much seance for hw acceleration as all a dumb AP  does is  pass packets  that CPU is fast enough and also Eric (Rmerlin)  said the same thing in a    post on smallnetbuilder

just upgraded to 2.3.4 (probably my 5th or 6th time ever upgrading) and if feels like there is no way to update without losing or breaking something else…  I've spent the past 4 days practically without sleep fixing what shouldn't have been broken...

Would you please so friendly and tell us from where your were upgrading to the version 2.3.4? And on top of this perhaps
what is not running well after this upgrading procedure?

Lost FTP Client proxy have to now depend on an addon…  Why not JUST FIX FTP CLIENT???

FTP proxy and pfSense 2.2
Why not pacing a FTP, S/FTP or FTP/S Server inside of a DMZ together with 1:1 NAT?
A small Raspberry PI 3.0 (Linux based) or a small Mini TurBot (FreeBSD based)
might be also solving this problem well.

Pretty sad that a $20 walmart router can work and yet this thing can't

And here you may able to see where the competence is given on networking together with security!

Traffic Graph now looks cool, but is more useless than ever unless you are looking ONLY inside the 2 minute window.  No way of seeing a NUMBER that tells you your in/out speeds, and the graph is useless to see in speed if it's only a few kbps when out is mbp

PRTG, Incinga2 and Nagios are also really nice to manage that work, or a smaller Raspberry PI 3.0 with CATI and MRTG will
do that jo also well for your network.

I SOOOO want/need a geo blocker, but it's never worked right in the past, and I am afraid that I will go another week trying to fix things if I install it.

pfBlockerNG & DNSBL is one of the longest and actual keeping forum thread here, and why you don´t ask there for help?

pfSense is still one of the best things out there for now, but WOW is it frustrating!

What hardware are you using? What knowledge skills you can offer? Are you a beginner or mid ranged level or a professional?
I don´t want to come to near to you, but could it be that you need only a little bit more help and knowledge about the entire
pfSense and this might be fine working for you too? There are several columns here in that forum and the one or other right
pointed question about this or that problem could help you more then that thread here, I personally think.

1.Is pfsense platform that can be used for miniISP and its total free to use? Without license?

It is free of charge but to let it grow and save the future of this firewall distribution or make it done that the
development cost is able to be pay you might be free to spend each year, sometimes or often likes you want
it or you are able to do it. It on your free mind to do this and not any pressure!

To solve this you might be also able to buy hardware appliances from the pfSense shop directly matching your
criteria and workload or fits your needs and you will be also sure to get 100% compatible hardware in one act.
This might be perhaps better then fiddling your own appliance and prevent you from all problems that are pointed to this.

2.Its installed on PC like os?

Yes it is based on FreeBSD and so the best thing is to get a platform that is supported by FreeBSD for sure.

(its not windows platform)

Not no a Windows based OS or distribution, its based on FreeBSD!

and its accepted on all pc?

Not really all, but the most of them, as told above, the best is to get a platform that is supported by FreeBSD (x86_64Bit)

3.Does this platform show to users login website when they connect to wifi? (something like mikrotik)

Able to realize over the captive portal, you may also be able to set up MikroTik WiFi APs or UBNT APs as well for your
usage.

4.Does it have billing? And can i connect users between 2 3 pfsense machines?

You may able to use the Captive portal together with a voucher system and set up different groups for the Internet access.
Together with UBNT (Ubiquiti) WiFi Access Points
UCRM-Complete WISP management platform
Together with MikroTik WiFi Access Points
Handlink-ISS 7000 v2
[Handlink-HotSpot printer[]

5.And can i make vouchers?

Yes you can, together with the Captive Portal.

At moment im on Kerio Control but pfsense look very very better solution.

pfSense is a software based firewall distribution, that can be turned over a packet management into a fully featured
UTM device, acting as a load balancer, BGP router, HA solution or a pure firewall, likes you want and the hardware is
able to do.
IDS/IPS - Snort & Suricata
geoIP blocking, (Spam and Malware) - pfBlockerNG
AV Scanning - ClamAV
Proxy Server - Squid, SquidGuard & SARG
RadiusServer - FreeRadius 2.0
and many others.](https://www.handlink.com/products_WG-500P-P.php)

I am trying to implement BT (British Telecom) IPTV utilising IGMP / Multicast.

I would suggest you at first to find out what type of IGMP version you will really need. We have two versions here
in Germany and they are both different each from another. Perhaps you will ask your ISP at first about that!

The old entertain (version 1) needs IGMP v2 (version 2) proxy or snooping
This can be solved with pfSense alone The actual entertain (version 2) needs IGMP v3 (version 3) proxy or snooping and PIM (routing)!
This can be not solved by pfSense alone, you will need PIM (routing) able to get by Raspberry PI 3.0 and Linux or a small MikroTik router

For PIM routing you will need a small Raspberry PI 3.0 or a small MikroTik router that will be able to solve your problem.

Basically looking for the following:  1 WAN and two separate physical LAN's.  1 on using the LAN port and the other using the OPT1 or OPT2 port.

WAN as it is served to you by your ISP
LAN1 with 192.xxx and DHCP range from 192.xxx.20 to192.xxx.50
OPT1 as LAN2 with 172.xxx and DHCP range from 172.xxx.20 to 172.xxx.50

What exactly was now the problem? You can realize either that with managed or unmanaged switches likes you want!

Technically after this point my router has two LAN IP's right?

Right, and both must now configured likes you want to allow or deny the traffic between them.

one for each subnet?

Yes, you got now two totally different subnets (CIDR) with private IP address ranges or pools and its own DHCP server for each.
Now you should overthink what to allow or to deny for them and their clients.

@kesawi:

I have this same issue as well since upgrading from 2.2.6 to 2.3.1 (and now 2.3.2).

Gateways are up

Happens whether monitoring is disabled or enabled.

Happens whether state killing on gateway failure is disabled or enabled

I have the same issue as above although i use the most recently stable version. I'm a newcomer of pfsense. I have to say the help docs are not good. For example, I cant even find a sample or demo to help  set up flow control of my network which is so easy in other cheap routers.  Pfsense is professional but not user friend. Who can show me how to set a rule to block MACs or bind MACs to a fixed IP?

Here are a couple of ways.

Hire a network engineer and provide necessary budget for accomplishing the task. Between the hours of 8am - 12pm and 1pm - 4pm; unplug the network.

But seriously, oh wait, that was serious.  Which social media sites?

After testin in an other environment we were able to confirm that pfSense is just working als a relais.

NTP for Clients against pfSense is only working if pfSense itself has valid connections to at least on other/ real NTP server.

Yes, exactly.

I have added the rules and it works fine now.

Thank you all for your answers.

Best regards

Kostas

@Steve_B:

You don't specify the hardware you are using, so who knows?

In general though if a "shutdown process" is performed then it probably safe. If it just disconnects power, then it may not be.

I am using

AMD Athlon™ 64 X2 Dual Core Processor 5600+
4GB Ram
Nvidia 6150SE IGPU
40GB HDD

@kpa:

Usually the power switch sends an ACPI power off event and pfSense will just do the equivalent of 'shutdown -p now' which is the correct way to shutdown the system.

Okay / Thanks … I guess I can use the power button safely then.

The first option registers them to an external DNS server (specified in the options underneath that checkbox).

The second activates special code to find hostnames in the leases DB and use them in the resolver.

My AP (temporarily) is a netgear wn3100rp.
Using my Laptop does not work either (using a usb-lan donge. Have to see if I can get something attached to it w/o a donge, but I doubt that this would change anything).

The weird thing right now is that I can no longer configure the AP after a factory reset even though it worked yesterday. So it must have worked once or I had some weird luck. Secondly, my FireTV Stick connected once while I was asleep.

Edit: Attaching my AP to the main LAN port works flawlessly.
So it has to be the port and not the AP.

well the command is as follows

tcp_outgoing_address

Ok so I eneded up putting a switch between the two,

I know that LACP  provides fault tolerance and load balancing but it will not increase my bandwidth, each link will be treated separately, if I wanted to increase bandwidth I would use a round robin scheduler on both ends.

The reason I have lacp between both pfsense boxes is to provide another link to load balance tcp connections as well as vpn traffic through.

The main reason I posted my question was to find out whether pfsense could be set to setup a LACP link between two pfsense boxes without additional hardware. I soon found out that this was not possible.

And yes a seperate IDS on each box. After adding the switch to my network design this has opened up a third location to stick an IDS

Kind Regards.

This issue can be closed

look this.  :(
Help me! haha

5b6c1a67-2beb-4bf2-8925-6c67ae66c31b.jpg
5b6c1a67-2beb-4bf2-8925-6c67ae66c31b.jpg_thumb

You guys are right! I missed it, but even with 10.2.0.1 I have the same issue :/