Other than DHCP leases, etc, you are looking for functionality typically found in a wireless controller.

https://doc.pfsense.org/

When I said port in "port based limit", I meant switch interface.  I specifically did not mean anything like TCP port 80, or 443 or UDP 5060. Using a switch upstream of the two edge devices and limiting your ingress and egress to the two interfaces is so simple, and it does everything you want. I'm a big believer in: A) Use the right tool for the job. B) Keep it Simple, Stupid. My test, was speedtest.net.  Simple, effective, TCP 80 HTTP test.  The ISP that provides 20Mb bandwidth to my office uses the same kind of limiter, on a Catalyst switch.  I pump all kinds of TCP, UDP and who knows what else through that pipe.

This is how I setup OVH with pfsense 2.2 OVH networking setup Add a failover IP in OVH console (y.y.y.y) Create a virtual mac in OVH console for failover IP VMWare setup 3. Edit the vm guest nic settings.  On the network adapter in vmware, change it to manual and give it the virtual mac assigned from step 2 PFsense setup 4. The failover ip from step 1 is the nic ip (y.y.y.y).  The gateway is the primary OVH server IP with 254 for last Octet (x.x.x.254).  Subnet mask is 32. Pfsense will complain in command line setup of networking.  Just set this up in GUI. 5. The following lines can be added from the shell (option 8 from command prompt in Pfsense) - the first time you setup pfsense.  They are needed to make the default gateway work because it is not on the same subnet. 6. route add -host x.x.x254 -iface vmx0 (or whatever interface you have) route add default x.x.x.254 7. To add them to pfsense so it works after reboot, Install the shellcmd package for pfsense.  Add them in the same order as above.  The type is shellcmd

Dont know if these links are genuine. http://healthstory.co.uk/torrentr/hua/huawei-hg658b-firmware Theres not alot you can do when you consider hindsight and whats practical, but some of the things you can do is your own encryption methods which are not unlike what was used during WW2 with code books, but that has limited use in that you need to trust the other party and in the case of the web, will your favourite websites/services entertain you with your own form of encryption? There are things you can do to obfuscate you own online actvities like write a bot to access web sites, a bit like a spider crawls websites and then provides some cover as to what you might be looking at, but I'm always reminded of the fact in maths its possible to workout the unknowns in any formula, and what the spooks call quantum cryptography is just their ability to brute force crack encrypted data from decades ago that used what was back then cutting edge levels of encryption but is old hat today as our processing capabilities grow. You could also try routing your traffic around the world to countrys that dont share data with your own, introduce some random time delays to make it harder to calculate if some traffic is yours when it reenters a country that does share data. In this instance being able to deploy instructions to a bot that can act in days, weeks, months or years in advance could be useful, it depends on how far you can plan ahead in that respect. But the phrase you can run but not hide also springs to mind. You might be able to stay one step ahead of the enforcement/hackers but ultimately you will always be looking over your shoulder and thats if you have the capability to spot when you are being spied on and being played or not.  ;D Perhaps these books might be of interest to you if looking for parallels with today. http://en.wikipedia.org/wiki/Brave_New_World http://en.wikipedia.org/wiki/Nineteen_Eighty-Four http://en.wikipedia.org/wiki/Fahrenheit_451s The last one is quite interesting to note when you consider its harder to change the printed word unlike a website. Its interesting to see the changes some onlines news organisations changing stories once released.  https://www.changedetection.com/ Its also interesting to note that for many people, things dont happen unless they see it on the news and only believe what is said on the news, not someone elses narrative. An uphill struggle to remove agenda's and bias from individuals admittedly but not impossible.  ;)

well they are actually different networks so you can actually firewall between them.  Your just using specific ips inside 1 network for different things.  Buys you pretty much nothing, other than maybe ability to group ips for firewall rules to the internet currently.  Which you could do with aliases anyway. To be honest I see no point to what your doing other than making what IPs your devices get more complicated ;)  and possible breaking of your own rules when you maybe picked out wrong number of ips you wanted for specific types of devices.

@Supermule: When you max out your internet connection, then the traffic from Apinger gets in the cue. Thats why it reports GW offline. You saturate your bandwith and thats why it fails. He's not concerned about how apinger thinks the interface is offline, he's concerned how apinger thinks the interface comes back online and reports the wrong information. apinger has a known bug that gives false readings.

Check out the dashboard. Memory usage is right there.  If the % is high, memory is low.

Not really without captive portal, plus completely futile if done on blacklist instead of whitelist basis.

Hi, OK, got it working! But an upgrade will remove this on me … :-(. Here is what I did (and thanks to this post for some key help! https://forum.pfsense.org/index.php?topic=6087.0), The file I really need to change is /etc/ssh/sshd_config - but it is generated when sshd is started / restarted. The script that builds / creates /etc/ssh/sshd_config is /etc/sshd - so I modified that file, as follows,         /* Hide FreeBSD version */         $sshconf .= "VersionAddendum none\n";         $sshconf .= "SyslogFacility local4\n"; <== This is what I added, just one line ... so sshd logs to the local4 facility (the one I chose). Restarted sshd, and it worked! The log file is now the local4 facility (/var/log/portalauth.log, as noted in /etc/syslog.conf). Is it possible to make this an option (syslog facility for sshd)? Thanks!

Yep, later on you can set a password for the console from web UI. Finish your configuration first and you'll see.

"route anything 10.5.5.1/24 through 10.5.5.1 gateway" There might be some terminology misunderstandings with pass vs route.  For example, that looks a lot like the default LAN pass any any rule in pfSense: Pass IPv4 any source LAN net dest any any Note that rule would typically be on an interface with a 10.5.5.1 address. The actual route for that traffic is the default gateway setting on the hosts on 10.5.5.1/24.  And even then, the route isn't for traffic to 10.5.5.0/24, since that's the local subnet.

What firmware is the 120 on and what MRU have you got the 120 set to? 1492 is UK's, and I see there is a 1500 popping up. Coincidentally, I was supporting a now ex customer with similar setup and you would be the right timescales away to be the one's who took over from them, hence the "coincidentally" amongst other things, of course knowing what the spooks know, you could just be a spook playing me.  ;D Edit. This might also work for you. https://forum.pfsense.org/index.php?topic=86087.msg473517#msg473517

The log is already there. Help also : https://doc.pfsense.org/index.php?title=Special%3ASearch&search=captive Activate the Captive Portal on a dedicated interface … and you up. BTW: no help. A 'sys admin' should first learn how to maintain a system like pfSense. Its something you have to go through yourself.

Certainly nothing on the pfSense box. Completely wrong forum.