@cmb: though unless you're changing your config around a lot you won't see it much. I am running 2.0.1-RELEASE (i386) built on Mon Dec 12 17:53:52 EST 2011 FreeBSD 8.1-RELEASE-p6 my system has been up a bit under 11 hours and the system log is littered with these messages: [2.0.1-RELEASE][admin@pfsense.example.org]/root(15): clog /var/log/system.log | grep "Bump sched" | wc -l     326 [2.0.1-RELEASE][admin@pfsense.example.org]/root(16): About 30 times an hour seems excessive! Is there a sysctl that could be tweaked to significantly reduce the frequency?

Does anyone know if pfSense NTP passes the local timezone or does it pass UTC time? NTP only deals with UTC.  Hosts are responsible for adapting it to their own timezone/ You should never use a VM to set the time on a ESXi.   Either have ESXi sync the time on the VMs through VMware Tools or have ESXi and each of the VMs sync themselves to an external time source. The HP 1810G (J9449 at least) has a pretty crappy implementation of SNTP and so does the Netgear GS108T.   They poll the NTP server too frequently and eventually get a Kiss of Death.  Luckily, switches don't really provide much that's worth logging anyway.  If you're not logging, accurate timestamps are a bit pointless. EDIT:  You really should not use a Stratum 1 server as a reference unless you own it or it's part of pool.ntp.org

It depends how it's connected. I would expect it to be some sort of USB connected adapter in which case it would appear as /dev/da* Steve

@jimp: See the last line of my last post. I didn't know what gitsync meant  :-[ I did the gitsync that also fix the ntp server timeout … great tool  ;D Thanks for all

There are no build/compile tools in pfSense. To install all the required components is a complex task that will likely break something. If you want to compile something to use in pfSense do it on an appropriate FreeBSD install and move it across. See: http://doc.pfsense.org/index.php/Can_I_compile_software_on_pfSense Steve

Thanks Exolon

Thanks stive all are working fine thanks for your valuable suggestion

reachrishikh you can set up pfsense with help of youtube .search how to in youtube ,if trouble occurs post in forum

@jimp: entered things correctly, would be the user's name. I'm not that familiar with BSD/Linux codes  :'(. I've seen/downloaded samples but with not the use of PFSense i also need a detailed one. I'm still working with my examples yet i don't know how to apply it and that i might failed and crash the network. I also found that you can edit this from PFSense the question is how? /usr/local/etc/lightsquid/realname.cfg I used GUI on my laptop and the server/router is the PFSense. Would you mind setting an example i would really appreciate your help. And sorry for my english. Thanks

his new thread for those curious: http://forum.pfsense.org/index.php/topic,61616.msg332302.html#msg332302

well i have a problem with the same, i have bridged lan to wifi on pfsense and static mac id/ip pairs set with static arp and deny unknown client ticked, i use a tp link TL-WA850RE wifi range entender and wifi clients get the proper ip but with staic arp wifi clients r not able to surf at all untill i untick that, any solution to this

I think you're going to have to define those two concepts before anyone can comment on that in any detail. I don't imagine any firewall specific code is deliberately designed to be anything other than as secure as it can be. You could say that because Astaro is offering a wide range of services it offers a wider attack surface to potential hackers. Steve

@rakeshvijayan; i appreciate your reply but the "ouapapaladam" is asking about allowing the facebook for about 5mins. Assuming ouapapaladam has already blocked  it using squid either using a proxy mode or manual ip list in squid! In my case I am not able to block https with proxy .ouapapaladam did you check in your client side with https facebook . Hi  srk3461  you point a good knowledge to me also I will try it on my virtual machine for testing purpose thanks

Glad to see your reply. I can't understand your explain,but… I add my local domain in here,the dns is answered correct. Services -> DNS forwarder -> Domain overrides Thanks so much. YOU DONT NEED TO ADD ANY SETTING OVER THERE YOU HAVE TO INSERT THE CORRECT DNS ENTRY OVER THE GENERAL SET UP SELECT THE CORRECT GATE WAY FOR THE DNS . OR TRY TO INSERT GOOGLE DSN FOR CHECKING 8.8.8.8 AND SELECT GATE WAY YOU WISH ,THEN TRY TO PING TO GOOGLE FORM THE DIAGNOSITC TAB ,BY THAT YOU CAN REALIZE IF IT IS DNS PROBLEM OR NOT  .Services -> DNS forwarder -> PAGE YOU HAVE ONLY PUT A TICK MARK ON (ENABLE DNS FORWARDING TAB)

Communications between LAN machines that are connected together via a switch go across that switch. They never reach pfsense even though it's also on the same switch. There is nothing for pfsense to log because it never sees that traffic. That is how you are setup, right?

old topic..anyway.. I'm facing the same problem. you can't set that second rule via web gui but I put it in "by hand": I added the rule in /tmp/rules.debug and then pfctl -f /tmp/rules.debug so the rules I have now are : rdr on bridge0 inet proto tcp from any to any port = http -> 127.0.0.1 port 3128 pass in log quick on bridge0 route-to lo0 inet proto tcp from any to 127.0.0.1 port = 3128 flags S/SA keep state but it's not working! bridge0 = (em1, em2) client is on em1 side I can see IP clientip.3002 > 127.0.0.1.3128: Flags SYN on the other side of the bridge member em2. no traffic on lo0 interface. so route-to lo0 dosn't work. or better.. it's the rest of the rule that doesn't work, if I place the (wrong and temporary) rules like: this one: pass in log quick on bridge0 route-to lo0 or even: pass in log quick on bridge0 route-to lo0 inet proto udp then I can see traffic on lo0. I tested on 2.0.3 and 2.1 beta1. it's been reported here long time ago : pfSense bug #1620 http://redmine.pfsense.org/issues/1620 there's on FreeBSD 9.1 it works fine.