Sorry about that i don't know all the names of things and still getting the hang of networking Here this is How you would setup a 2 segment network and using your linksys as accesspoints So Pfsense Wan dhcp = public IP from your ISP LAN1 (lan) = rl0 10.0.1.1/24 LAN2 (opt1) = rl1 10.0.2.1/24 Connected to LAN Ports of your linksys boxes, who have their dhcp servers TURNED OFF!!! linksys lan 1 10.0.1.2/24 linksys lan 2 10.0.2.2/24 Now devices on lan 1 would be say 10.0.1.42 and would point to 10.0.1.1 as gateway (pfsense IP on this network) Devices on lan 2 would be say 10.0.2.14,15,16, etc.  And point to 10.0.2.1 as gateway (pfsense IP on this network) Now you could forward what traffic you want from internet.  But if you don't allow traffic between your lan 1 and lan 2 via your firewall rules they will not be able to talk to each other. You sir hit the nail on the head, this is what i was tryin to say! (never been to good at asking for help on forums) TURNED OFF!!! Yes i know and set it to for forward to pfsense/DHCP Server so let me get the names right pfsense = WAN/gateway/firewall/LAN linksys (&/or any other device) =  accesspoint? Now you could forward what traffic you want from internet.  But if you don't allow traffic between your lan 1 and lan 2 via your firewall rules they will not be able to talk to each other. ok. So i would need to open (lets say FTP Port:21) so on lan1 open Port:21 and on lan2 Port:21 then one or more devices from lan1 can talk to a servers on lan2? –--------------------------- edit: I think I reversed the lan 1 and 2 and the ips I put in the picture.. yes you did sorry my pic was not as good next time ill make it better I just kept it simple.  Keep it simple with a easy to read and understand /24 mask. Yes that is why i did 10.1.1.1 and so on, yeah /24 mask is what i am going to do after i get this working right now this is just for testing!

The Express Card slot has a maximum bandwidth of 2Gb/second, so it won't achieve full line speed with a dual GbE NIC (like the Exsys EX-6088). "Best performance" doesn't sound like 100MBit or USB NICs are an option, so I assume that the latop in question already has a GbE NIC.

You can do layer2, and hence MAC, filtering with the captive portal. It uses ipfw instead of pf like the rest if the pfSense filtering. Steve

do you have a cable modem?

Folks - I am just now looking over all the posts and I thank you all for the valuable information. It's not likely that I will lose my job over this, as we have been shrinking though attrition for years now and all it takes is for two people to call in sick to make it hard to staff the library desks, so I am needed if for no other reason than to provide a warm body to answer patron questions like "where's the books on butterflies?" and such. If the library wants to pay me to sit and answer dumb questions, then hey - it's their dime. Customer service is important, too. The ease of which pfsense is installed and managed should be a great selling point to my supervisor when she realizes that she won't be able to make a cisco configuration change by pointing and clicking a mouse on a web page, but rather has to call up the firm that installed the Ci$co firewall to do it, then charge us for the change. Since the starting of this topic, the director of the library has seen the report on the state of our network that the consultants have concocted. He has (correctly) come to the realization that it's a sales tool first and foremost, and that we, my boss and I, get to decide what proposals we feel will work for our organization, not the consultants. That's a relief. We are doing battle with another outside firm right now over a web tool they wrote for us that is failing miserably, so it might leave management with a bad taste in it's mouth for contractors. Again - thanks to all who contributed to this conversation. It will be useful to me. LibraryMark

Yeah I would not call such low amount of traffic any sort of attack..  The torrent theory fits, does not have to be that you jut got a new IP.  If your using UPnP for your client and it changed ports on you - you going to see traffic to old port for days and days and days. If it bothers you, or fills up your logs - prob best to just create a rule to not log it. I have a clean up rule that does not log udp – there is just way to too much noise to worry about.

@Klaws: Try unckecking "block bogon networks". Perhaps your public IP address is one of the very new ones which is still regarded as bogon. I don't really remember how bogon block are applied within pfSense, but I think I remember that it might have been that they are loaded very shortly after the interface goes "up". Well - very vague, I know. That didn't work, I unchecked the block bogon networks checkbox, saved and applied the changes and I'm still not getting any ping replies from x.x.x.102 nor 8.8.8.8

Now suddenly spiegel.de works again. strange.  ???

Easy! RRD data is in /var/db/rrd Just rm the data you no longer need. e.g. [2.0.2-RELEASE][admin@pfsense.domain]/root(1): cd /var/db/rrd [2.0.2-RELEASE][admin@pfsense.domain]/var/db/rrd(2): ls GW-quality.rrd      ovpns1-traffic.rrd  system-states.rrd WAN-quality.rrd      ovpns1-vpnusers.rrd  updaterrd.sh ipsec-packets.rrd    ppp-cellular.rrd    wan-packets.rrd ipsec-traffic.rrd    system-memory.rrd    wan-traffic.rrd ovpns1-packets.rrd  system-processor.rrd [2.0.2-RELEASE][admin@pfsense.domain]/var/db/rrd(3):rm ovpns1*.rrd [2.0.2-RELEASE][admin@pfsense.domain]/var/db/rrd(4): to drop the OpenVPN interface stats

If you only give it one interface in the initial CLI setup it will be labelled WAN and it will be open for connections to the webgui. However that is a special case, as soon as you add another interface it will default back to blocking all incoming connections on WAN. Steve

I was able to fix it.  First i tried removing the prompt altogether via http://doc.pfsense.org/index.php/Remove_F1_Boot_Prompt .  I didn't really expect it to work since it wasn't defaulting incorrectly (it didn't work). I got my install disk and just reinstalled the bootloader from it.  All is well now.

might be solved now. doing testing atm. i had at one time lvl 1 at 256 and when i change to 128 / 64 and so on the cache disk still had the old dirs dont know if that was the problem. but i deleted all folder in cache and did squid -z when i have the default 16 on the lvl 1 hope that was the problem.

Thank you guys, I'll report to them.

Thanks for replying, I also had this feeling but hoped that someone might have tackled it somehow.

It doesn't work Mutual PSK + Xauth for vpnc: http://forum.pfsense.org/index.php/topic,59385.msg319238.html#msg319238 Use ike-qtgui (Shrew Soft VPN Access Manager) package.

update: last couple of days it seems to be going ok. Did not update yet to 2.0.3 prerelease, also reverted back from all previous modifications. What seems to be working: in "System\Routing\GW_WAN" under 'Advanced' I increased the value 'Down' to 60 (default was 10). This action seem to have helped for the dyndns update, I haven't had the nasty 'curl' error anymore since modification. So either it actually helped, OR I have been lucky until' now. I still sometimes see the GW as Offline, so maybe I should double it. (maybe I need some better understanding of the apinger mechanism  :-[ ) As 2nd backup mod, I installed the cron package & modified the nightly scheduled DynDns check to run every 30 minutes. It does pollute the system log a bit, but good side effect is I can check how it is working, and so far it seems I haven't needed the cron mod yet. before I forget: Tnx Tim & Phil for the given suggestions! Really appreciated…