Reading docs and FAQs has never been a good substitute for hands-on, IMO.  From what I have seen in these forums, not very many people use all or most of the features, so not many people other than pfSense staff are going to know the answers to all of your questions.  pfSense is built on FreeBSD, and while it has a GUI, it isn't for the faint of heart or network noobs in general. 1. Bandwidth rules and traffic shaping are not easy topics in pfSense.  Easy start but quickly can get complex. 2. Too vague, what do you mean specifically? 3. There are several real/near-time views, depending on what you're looking for 4. This is easy using the Traffic Shaping wizard 5. Lots of logging, some reporting 6. It can be confusing here too 7. HAVP antivirus available but rudimentary, no password bypass that I am aware of 8. No spam detection or email handling in any way 9. Yes 10. Not that I;m aware of 11. If HAVP doesn't catch it, tough luck.  Use client protection. Install it and play with it for an hour.  You'll likely end up knowing more than an hour worth of abstract web searches would give you.

Pretty much.  All your LAN clients would use your AD controllers for DNS & DHCP, and your pfSense box as the gateway.  That's it.

Has anyone managed to get the OwnCloud Client to run in pfSense? I'm thinking I could use it to backup our configuration files automatically.

It's probably 128 characters: "Its total length must be less than _PASSWORD_LEN (currently 128 characters)." http://www.freebsd.org/cgi/man.cgi?query=passwd&apropos=0&sektion=0&manpath=FreeBSD+8.3-RELEASE&arch=default&format=html

As the saying goes: Patches accepted. I don't see anyone here going through the trouble, but if the code shows up…

Odd that you added the card months ago by the problems only showed up in the last few weeks. I suspect you have worked around the problem rather than repaired it. By removing the Atheros card you will have switched up the system resources, possibly freeing some RAM etc. You will have reduced the power draw on certain components. Most likely you opened the case to remove the card moved everything slightly, cables, connectors etc. Anyway, glad you're not suffering lockups any more!  ;) Steve

@DaReaLDeviL: Jun 3 08:21:25 miniupnpd[98076]: SSDP packet sender 192.168.1.199:64391 not from a LAN, ignoring Jun 3 08:21:25 miniupnpd[98076]: SSDP packet sender 192.168.1.199:64391 not from a LAN, ignoring You appear to be using a routing daemon of some kind, are you running RIP? Without knowing your exact routing setup, I'm just guessing, but you could probably prevent these log entries with a firewall rule on your LAN interface since they are all from the same IP and port… but if you are actually using UPnP on your network then filtering it out of your router could break things. (I suspect it won't, but what do I know?) I'd try a rule like this: ID  Proto  Source        Port    Destination  Port      Gateway      Queue        Schedule block *  IPv4  192.168.1.199  64391    LAN Address  *        *            * @DaReaLDeviL: Jun 3 08:20:20 dnsmasq[12752]: read /etc/hosts - 32 addresses Jun 3 08:09:07 dnsmasq[12752]: read /etc/hosts - 32 addresses This one I can't help with other than to suggest you double-check all your dnsmasq settings? Maybe reboot the router to see if it clears up?

@kpa: Remove the LAN gateway in the LAN interface settings. It is an error to have a gateway for the LAN network because there's no other way out of the LAN network than the pfSense router itself. AWESOME! This was the issue. Looking back, the 192.168.1.1 gateway was set to default … I removed the bogus gateway and bam were up and running! thanks a lot!

Would I have to bridge the connection/how do i set it up that way?

Have this issue from time to time with Firefox (latest versions, both for Linux and for Windows). Closing the browser (which clears cache, cookies, offline website stuff and so on and so on) and starting a new session resolves the problem every time…

Aha! Yes that is a step forward. It's showing as 'pass' because it's matching the pass rule you setup to allow the forwarded traffic. Ok, so that confirms that the box is reiving the traffic on the virtual IP, NATing it to the internal address and allowing it to pass through the WAN firewall. Yet you aren't seeing it at the server? Could you have some asemetric routing issue? Perhaps the returning traffic is not matching the open firewall state? Do you have a rule to allow the return traffic if it isn't? Anything in the firewall logs to show that? Edit: What is you current WAN firewall rule? Reading back I see that your original rule was for IPv4/TCP only which won't allow ICMP (ping). Steve

Please don't double-post questions: https://forum.pfsense.org/index.php?topic=77730.0

@pfissedoff: Good morning, I am having trouble with configuring this scenario… I have squid + dansguardian authenticating users with LDAP, what i would like to do is implement different levels of filtering depending on what group they are a member of, but the documentation is scarce, i have set up dansguardian with the ACLS that i need to apply to a user depending on what group (eg student, staff etc) they are in. Please could somebody point me in the right direction? or documentation? Thankyou for your time! BUMP Running PFSense 2.1 Squid 2.7.9 Dansguardian 2.12.0.3 Would like to implement multiple groups (Default and one extra group) to apply a stricter set of ACLs to one group Need documentation or step by step tutorial… I have created ACL's but when i create the group based on my LDAP group it does not populate users and DG service fails to start again until the group is removed.

@trads: Question is:  If buying PFsense installed on an EMBEDDED device with 4 LAN holes and 1 or 2 for WAN -  instead of using a PC - are the access to the PFSense firewall and its data then completely physically separate from the LAN ports? No. PfSense running on embedded hardware is not much different to a standard PC. It's still X86 hardware. If the attack you are describing was at the BIOS level I imagine it via some out-of-band management facility. If that is the case then it's a config issue. IPFire is a mature firewall, i'd be surprised to find they had some huge security hole. Steve

Yep, did not know that. Thanks.  :) Ready for eeconfig though! Steve

You could try the 'memstick' image. That is identical to the install CD but written for running from a USB stick. It will not attempt to write to the USB stick. You could attempt to run it with the config file on a separate drive like the original m0n0wall install used to, though I think that used a floppy drive. I think I remeber reading it's no longer a supported install type but that doesn't mean it's not possible. Steve

If the IPs are in a file in the right format you can just copy and paste them into an alias. The pf-blocker package can import an alias from a file directly. Steve