Dont know if these links are genuine. http://healthstory.co.uk/torrentr/hua/huawei-hg658b-firmware Theres not alot you can do when you consider hindsight and whats practical, but some of the things you can do is your own encryption methods which are not unlike what was used during WW2 with code books, but that has limited use in that you need to trust the other party and in the case of the web, will your favourite websites/services entertain you with your own form of encryption? There are things you can do to obfuscate you own online actvities like write a bot to access web sites, a bit like a spider crawls websites and then provides some cover as to what you might be looking at, but I'm always reminded of the fact in maths its possible to workout the unknowns in any formula, and what the spooks call quantum cryptography is just their ability to brute force crack encrypted data from decades ago that used what was back then cutting edge levels of encryption but is old hat today as our processing capabilities grow. You could also try routing your traffic around the world to countrys that dont share data with your own, introduce some random time delays to make it harder to calculate if some traffic is yours when it reenters a country that does share data. In this instance being able to deploy instructions to a bot that can act in days, weeks, months or years in advance could be useful, it depends on how far you can plan ahead in that respect. But the phrase you can run but not hide also springs to mind. You might be able to stay one step ahead of the enforcement/hackers but ultimately you will always be looking over your shoulder and thats if you have the capability to spot when you are being spied on and being played or not.  ;D Perhaps these books might be of interest to you if looking for parallels with today. http://en.wikipedia.org/wiki/Brave_New_World http://en.wikipedia.org/wiki/Nineteen_Eighty-Four http://en.wikipedia.org/wiki/Fahrenheit_451s The last one is quite interesting to note when you consider its harder to change the printed word unlike a website. Its interesting to see the changes some onlines news organisations changing stories once released.  https://www.changedetection.com/ Its also interesting to note that for many people, things dont happen unless they see it on the news and only believe what is said on the news, not someone elses narrative. An uphill struggle to remove agenda's and bias from individuals admittedly but not impossible.  ;)

well they are actually different networks so you can actually firewall between them.  Your just using specific ips inside 1 network for different things.  Buys you pretty much nothing, other than maybe ability to group ips for firewall rules to the internet currently.  Which you could do with aliases anyway. To be honest I see no point to what your doing other than making what IPs your devices get more complicated ;)  and possible breaking of your own rules when you maybe picked out wrong number of ips you wanted for specific types of devices.

@Supermule: When you max out your internet connection, then the traffic from Apinger gets in the cue. Thats why it reports GW offline. You saturate your bandwith and thats why it fails. He's not concerned about how apinger thinks the interface is offline, he's concerned how apinger thinks the interface comes back online and reports the wrong information. apinger has a known bug that gives false readings.

Check out the dashboard. Memory usage is right there.  If the % is high, memory is low.

Not really without captive portal, plus completely futile if done on blacklist instead of whitelist basis.

Hi, OK, got it working! But an upgrade will remove this on me … :-(. Here is what I did (and thanks to this post for some key help! https://forum.pfsense.org/index.php?topic=6087.0), The file I really need to change is /etc/ssh/sshd_config - but it is generated when sshd is started / restarted. The script that builds / creates /etc/ssh/sshd_config is /etc/sshd - so I modified that file, as follows,         /* Hide FreeBSD version */         $sshconf .= "VersionAddendum none\n";         $sshconf .= "SyslogFacility local4\n"; <== This is what I added, just one line ... so sshd logs to the local4 facility (the one I chose). Restarted sshd, and it worked! The log file is now the local4 facility (/var/log/portalauth.log, as noted in /etc/syslog.conf). Is it possible to make this an option (syslog facility for sshd)? Thanks!

Yep, later on you can set a password for the console from web UI. Finish your configuration first and you'll see.

"route anything 10.5.5.1/24 through 10.5.5.1 gateway" There might be some terminology misunderstandings with pass vs route.  For example, that looks a lot like the default LAN pass any any rule in pfSense: Pass IPv4 any source LAN net dest any any Note that rule would typically be on an interface with a 10.5.5.1 address. The actual route for that traffic is the default gateway setting on the hosts on 10.5.5.1/24.  And even then, the route isn't for traffic to 10.5.5.0/24, since that's the local subnet.

What firmware is the 120 on and what MRU have you got the 120 set to? 1492 is UK's, and I see there is a 1500 popping up. Coincidentally, I was supporting a now ex customer with similar setup and you would be the right timescales away to be the one's who took over from them, hence the "coincidentally" amongst other things, of course knowing what the spooks know, you could just be a spook playing me.  ;D Edit. This might also work for you. https://forum.pfsense.org/index.php?topic=86087.msg473517#msg473517

The log is already there. Help also : https://doc.pfsense.org/index.php?title=Special%3ASearch&search=captive Activate the Captive Portal on a dedicated interface … and you up. BTW: no help. A 'sys admin' should first learn how to maintain a system like pfSense. Its something you have to go through yourself.

Certainly nothing on the pfSense box. Completely wrong forum.

wifi routers being used as AP rarely support dhcp on the lan interface..  But sure if they support dhcp then he could create reservations - but they would still be outside the pool, reservations with pfsense dhcp server are always outside the pool.

Just an update on this, the password had nothing to do with it.  In fact I feel like an idiot, as the problem was a conflicting IP address.  I thought I changed the IP of the old router away from the new one, once done I changed the PfSense WAN1 IP.  Neither reported an issue, no logs on the PfSense end showed this either.  It has now been up and running for the past 4-5 hours without failing.

That's just dressing. You're vain. There 's no way to change this order at GUI. However, you can change it in the configuration file: Go to Diagnostic > Backup/Restore and backup the interfaces area. Open the xml file in your text editor and move the interfaces sections to your fit, save the file and re-import it. If you use CARP do the same on each machine!

Sigh. I'm merely suggesting proven tools designed for the purpose and providing pretty much realtime information. Javascript dashboard gimmick refreshed every X seconds is not one of them, not to mention that they - as you have already noticed - heavily affect the system resources.

@bl00d666: fyi i am on 2.2.2 but the alx module is still missing. something to do with the cut before the rc of pfsense or something. So to be clear, 2.2.2 does not detect your ar8171? alc is the proper driver for that chip, not alx. I've raised a bug in redmine asking to update alc(4), if it's not already in place for the 2.2.3 release. https://redmine.pfsense.org/issues/4725 [edit] Looks like that will not be included until 2.3, unless someone submits a patch, but r273366 should drop right in.