Ok but how I define that this time is for the off-time. I think if i create one for monday from 9 am to 1 pm and other monday but from 2 pm to 7 pm. This will work?

ok, but sorry my firewall is down temporality but i remenber that in firewall –aliases, in this is by ip, port and url, you use url and write the no-ip direction and call by example "external", before in firewall -- rules in tag WAN create a rules for example access to dashboard web pfsense but in sources you select "host or aliases" and select the rule create in aliases call "external" and in destination select WAN address port https this is all. i'm wait you comments.

Thanks Jim, That corresponds with what I see in actual tests too. /etc/postfix-msa/master.cf: smtpd_tls_security_level=none pfSense E-Mail Notifications: Port: 587, Enable STARTTLS: No,  SMTP testing e-mail successfully sent Port: 587, Enable STARTTLS: Yes, Could not send the message to xxxxx@xxxxx.com – Error: server does not support starting TLS /etc/postfix-msa/master.cf: smtpd_tls_security_level=may pfSense E-Mail Notifications: Port: 587, Enable STARTTLS: No,  SMTP testing e-mail successfully sent Port: 587, Enable STARTTLS: Yes, SMTP testing e-mail successfully sent /etc/postfix-msa/master.cf: smtpd_tls_security_level=encrypt pfSense E-Mail Notifications: Port: 587, Enable STARTTLS: No,  Could not send the message to xxxxx@xxxxx.com -- Error: server does not require authentication, it probably requires starting TLS Port: 587, Enable STARTTLS: Yes, SMTP testing e-mail successfully sent This would seem to indicate that pfSense version 2.3.2 requires TLS, rather than falling back to plain text mode, when the E-Mail Notification option to "Enable STARTTLS" is selected.

Found my answer: https://forum.pfsense.org/index.php?topic=97554.0 Looks like I need to reboot it off a USB disk to enable it though.  Will try that tonight.

Navigate to System > Package Manager, Available Packages tab Install the System Patches package Navigate to System > Patches Click + Add New Patch Enter the Description: Chrome Bug Workaround Enter the URL/Commit ID: 83469e50681bf1ab0388e5cb756d5198b7f705f4 Click Save Click Fetch Click Apply

Navigate to System > Package Manager, Available Packages tab Install the System Patches package Navigate to System > Patches Click + Add New Patch Enter the Description: Chrome Bug Workaround Enter the URL/Commit ID: 83469e50681bf1ab0388e5cb756d5198b7f705f4 Click Save Click Fetch Click Apply

@Derelict: Does the lagg come up? I think it did but what do you exactly mean? @Derelict: Did you enable a DHCP server? Yes, it's enabled (attached). All other DHCPs are working fine though. @Derelict: Why not just assign 10.0.13.2/29 to the QNAP LACP interface? You mean instead of dynamic, assign that IP on the QNAP? I'll try that in couple of hrs. time @Derelict: Not sure why you wouldn't use a switch for this but that's probably just me. The main reason is: The storage is used buy several other devices (security camera, A/W receiver etc.) from various part of the house, connected through different switches (and from out side) and I didn't want to lose the access to the storage, in case a switch went down. If pfSense has gone down, I take it as a game over. I'm open to other suggestions though. [image: qnap_dhcp.png] [image: qnap_dhcp.png_thumb]

"What data is "interesting" to see? How to filter/sort it when there is so much?" This is a great point..  Even if you could pick it out and color code it and make it easy as pie to understand for someone with an understanding of networking.  What is your typical user going to do with it?? I don't need a "smart" gateway to see the traffic I am interested in ;)  This can already be done with the tools out there and pfsense, etc. This line drove home the guy that wrote this just doesn't really get it… "smart service providers could even leverage the data to suggest things like adding a WiFi extender for your upstairs bedroom or the basement office." Did he mean to say where another AP should be placed or how to better place the AP in your home for best coverage..  If what you want is crappy ass wifi, then sure throw up some "extenders" hehehe "Wouldn’t you like to know what kind of data is flowing into and out of your home?"  I take it he is talking about ILDP, who is going to set this up?  Your typical user?

That's the way it was designed, and how the cron job runs to check the times. It is possible to support times closer together, but there is not much of a call to do so, and depending on the speed of the hardware, size of the ruleset, and so on, it may not scale well to do faster in some cases.

While that is a work around for sure..  Something not right with your connection if your having that many problems with udp..  Is your pipe full?  is it shitty/slow ? your not blocking it outbound are you?  You prob want to get with your isp if your having problems with udp connections. As to the misdiagnosis, that is why we are here - but we need info to help ;)

well sniff and see..  your saying this 149.56.149.42 is not your IP block?  But traffic is being routed to you..  Well I would get with your ISP on why your seeing traffic to a IP this not yours.

@BlueKobold: Here in Germany we are paying hard for electric power and a small firewall with using 40 Watt is at the cost of ~35 € per year and on top of this a modem is for ~40 € each year to pay for. 1. Private or personal WLAN (WiFi) can be secured by FreeRadius Server and using certificates! 2. The guest WLAN (WiFi) can be secured by using the Captive Portal with vouchers 3. With OpenLDAP all wired or cabled devices will be able to secured inside of the LAN 4. Snort can protect the DMZ or inspect the LAN Ports for getting an alarm if something occurs 5. With squid and SquidGuard all devices in the DMZ are not really or directly connected to the Internet! So where is now the security issue to switch after 6 - 8 hours the firewall out or take it off? If you might be thinking your PC is out or off and not running and the modem alone will be taking of electric power this must be surely unable to enter in your network and entering your PC! If you are afraid of an intruder you should better turn of the  entire WiFi part in pfSense and on top of this the modem and your PC too, so someone must be entering your apartment to get in touch with your network or PC. After the first security protocol (WEP?) was cracked, I became wary of wi-fi anything. After the WPA was hacked, any remaining trust was over. Now I hear WPA2 was compromised by 'Wi-Fi Protected Setup', and a quick Google search (using search terms 'wifi wpa hack') insures I will never be using wi-fi, bluetooth, or anything similar. My thought on saving power is anything is better than nothing. Will my turning of lights, TV, or whatever when I leave a room prevent blackouts? Probably not, but I see no good reason not to….and since I been doing this my lightbulbs last about three weeks longer than before. Aside from power saving, there is the security aspect. Turning off the PC and disconnecting it from the router insures no attacks via the internet. Turning off the router, and disconnecting it from the internet guarantees it will not be attacked via the internet. Someone said that if I turn off and disconnect the router I would have to re-configure everything when I turn it on...if true, that would definitely be a good reason to leave it on! Still would want to airgap the PC though.

The NAS IP should be on a network that is 192.168.2.0/24 and be set to DHCP or a static IP in that network. The .1 address should be reserved for the interface gateway for eth2. Then do the rules to allow to access it from your LAN ips or the 192.168.1.0/24 network.

Yes, just a port-forward with LAN as the interface instead of the usual WAN.

The quoted format is for the local log, not remote logs. Syslog always assumes the hostname from the source IP address or hostname, NOT from the log message data itself. Your server should be classifying the sources by their IP address/hostname in some way, it shouldn't care about the message content identifying itself. "filterlog" is the name of the daemon that made the log message.

Any help/pointer from anyone? -S