"wireshark and portsniffers" require "proximity".  In order to capture packets (wireshark) of what is coming out of  your WAN port, he'd need to know the assigned IP address.  If you are behind a cable modem, he'd need to know the IP address assigned to it.  Depending on the infrastructure of your ISP, he may not be able to get to it.  Port sniffers, pretty much the same thing. Is it possible that he also installed something on equipment in your home network to provide access/data?  Yes, that's the way malware/virus/ransomware do a lot of things. Sending logs elsewhere:  Yes, it's possible. The default pfSense install is: Everything originating from LAN side is allowed out WAN Everything originating from WAN side is blocked UNLESS it is a response to LAN traffic. The second point only matters if you are running a service you want accessible from the public internet (web server, ftp server, etc). A simple thing to do would be to post screenshots of the rules that are configured on your WAN, LAN interfaces, any floating rules.  A list of installed packages would also help. If he's busting chops to make sure you learn and understand that's good, just don't let trust overrule common sense.

This worked, thank you!! No clue what was wrong here. -flo-

For future reference, the Cache/Proxy forum is dedicated to Squid, squidguard and other proxy stuff like this.

One possibility would be to enhance the RRD Summary package to be more real time (you'd have to use the minute by minute data for the past hour) and add a feature to tear down an interface once the limit has been reached. There is no 'off the shelf' functionality in pfSense to limit usage of an interface.

remember to enable trim

Anyone ? Need to Monitor and have access to the WebGui for the Pf-sense firewall on the 3rd Built in NIC as I am running Dual Nics for the Firewall without a whisper of me being between the PF-Sense firewall and the first Linksys E1200 v2 Running DD-WRT Mega, if I log into this E1200 Named FIrewall even with Kali Linux 2.o GUFW running I just get bombed, Who am I, A Man who Believes in the Constitution. my config works so each router is in a different location, Basically the routers don't talk to each other execpt for the OPENVPN TUNNEL, there not going to with Firewall Magic and ip tables, if I thought this was I firewall issue i would have been in there, if i am not on my openvpns, its not worth being on the internet, I know PFsense is Good, and Tinkered with is Powerful, but is like butter for the Workers…but Encryption Works, I am running 64bit, the Latest Version Snort and PFblockerNG and More, going to move to suricata in 3 days, I Don't need help with that but someone must Know......How to Access from the OPT1

It's not removing the old hostname from the old logs, that only applies to the current hostname. It never shows the current hostname there.

WTF does what connected behind your router have to do with their network not giving you the speed you paid for?? The implication being that my own router is causing the problem, so get it out of series and test directly between PC and cablemodem. The person tell you to do that is some level 1 reading off a script. And that's exactly what I expect when dealing with a consumer service.

why did it work in 2.1, because 2.1 had a helper for ftp that changed IPs in the commands and opened up firewall rules.. As to why the package wouldn't work - pretty sure that is for clients to talk to a active ftp server, not for the active ftp server behind pfsense. There really should not be an issue with pfsense active ftp server behind it..  in that mode the client says hey ftp server come talk to me on IP:port from your source port 20.. So your server is the one making the data connection..  So unless you have rules on your segment your ftp server is on that blocks traffic?  I would just sniff the traffic and see what the client is actually sending you for data channel, you sure client is wanting to do a active connection where the server talks to the IP and port given by the client..  You sure its not a passive connection??  That would be broken since pfsense would have to forward ports into the server, which the helper use to do which is now gone. First step is actually understanding how active/passive differ - this I find is normally #1 reason its not working because they don't really know what is being used active or passive and don't understand the difference anyway. This is a GREAT write up on active vs passive http://slacksite.com/other/ftp.html Once you understand how the protocol works, then creating the proper firewall rules is really straight forward..

@Sher: Suggest, do i need improvements in this? Yes. Change your WAN and/or LAN address ranges so that they aren't on the same network. (eg: try 192.168.0.x/24 on the WAN and 172.16.0.x/16 on your LAN). As has been mentioned twice already. Then perhaps you can explain how the routers (modems?) are set up - are they set to route traffic from different internal networks? Are they meant for load-balancing? Or is only one of them being used for your internal clients?

I suspect there is a problem with the cisco router. 1 - I connect the router directly to my PC to edit the settings like 'router mode' 'dhcp off' 'wifi password'. 2 - I then connect it to the pfsense server and I try to connect to it but am never able to do so. 3 - I remove the router from the pfsense server and try connecting directly to my PC again and am unable to do so.  Even after unplugging for 1 minute+  and restarting my computer.  I have to reset the router with a needle in the back and then all the settings are erased and I can connect again. [image: PB052260.JPG] [image: PB052260.JPG_thumb]

I have no idea what's PABX in the first place. If it's supposed to hang on WAN, then it needs to plugged in front of your pfSense.

If you're willing to go round and install certs on all devices, why not just set their proxy settings instead and run squid in explicit mode?  If you implement WPAD, you wouldn't even have to do that much for the most part.  WPAD is a simple standard that allows most devices to auto-detect the proxy on their own.  You can then process their HTTPS traffic without MitM warnings.  Pretty much everything either supports WPAD or manual proxy.  Android specifically does NOT support WPAD for some bizarre reason, but you can set the proxy per hotspot.  I really don't see any reason to use a commercial service when you could achieve similar results with squid, squidguard and a blacklist.  Another layer would be to configure their DNS to use OpenDNS Family Shield or Norton ConnectSafe.

No, I'm not missing the problem. Any PBI clusterfuck is unusable for similar tasks. (Why are you writing bash-specific scripts for system that has no bash by default still goes beyond me.)