You might need some sort of traffic shaping because I had issues with openvpn before I put a traffic shaping limit on it, but I was running over a 1mb adsl connection then and could basically trash the vpn by trying to watch high def youtube vids to test the bandwidth capability through the vpn.

I'd go for a separate box because I've seen hacks for ESXI and other VM's so because you ultimately have little control over what can read the memory or access the disks on your main machine through a pipe for example, you best bet is a standalone independent machine like your old dell. Bear in mind no AV software can find all viruses, plus the very nature of virus definitions is its just a list of whats been found and the vendor has decided is a virus. Virus definitions updates are an automatic process where software looks for "signatures" ie just a unique set of hex inside the files and decides what variant it is, when they find a new variation of it, they update their list and punt it out. The actual task of deciding if a program is a virus can take many months of reverse engineering depending on how the programmer(s) wrote the original code, so just like it took over a year before anyone discovered and considered stuxnet a virus, so the same can happen today, ie you could get infected and not know about it for months. It also never ceases to amaze me when I plug in old hard drives to retrieve something that a new virus is often found on the drive even though it might not have been used for over a year and was not found at the time of it being in daily use.

What BT router are you using? The old 2700 HGV doesnt remember the settings if you put it into bridge mode and has a special way of working ie you need to key in some settings on one of the pages, click save before editing the rest of the settings on the same page. You might also want to get rid of your BT modem if you dont want someone external messing remotely with your system. I've cancelled my BT phoneline and business broadband because someone keeps switching on the router wifi. I have also noticed that despite only have a few ip addresses assigned to me, I get the entire block of ip addresses as I see the hack attempts coming in on ip addresses which are either side of the block of ip's I have been allocated.

I finally found a box that still showed this error on shutdown and was able to confirm that changing the loop in a similar way to ceama's example fixed the problem there. I just committed a fix.

Looking into this more I find other oddities.  Under System, Routing, Gateways, not all editable fields are sticky or have any effect.  For example the WAN1GW only works with apinger when set to all defaults.  I can change the gateway from dynamic to the real static IP but then it forces the monitor IP to be the same.  I can't monitor say 4.2.2.1 or apinger will just sit on PENDING.  The same if I try any advanced settings like setting the ping interval from 1 sec to 5 seconds, apinger chokes on this too. Is this behavior all because I have a second LAN adapter disabled and not in use that "could" be an alternate gateway?

Hmm, ok. Usually the only place you would need to add a rule would be on the new interface to get internet access from there. Steve

@Lonney: I have created a new user via System > User manager, then … just save the newly created user, and open it up again for editing. You'll find a new option: "Effective Privileges" - add "User - System - Shell account access" and save. Now this new user has SSH ans SFTP access (I tested both). No need to edit /etc/passwd manually.

Thanks a lot. Works like a charm. Sorry for being not able to find it myself. When you switch to MANUAL NAT you need to create a "default NAT" rule for your normal internet traffic.

@stephenw10: Where are you trying to access it from? By default you will only be able to connect via the LAN interface so what is em1 connected to? Which NIC is the host system using as a gateway? Steve Thank you very much for answer. It helped me. I was trying to access from WAN (my host PC, lan is internal network for VMs), but from VM with LAN address it works!

Hi! Yes, after few days of OpenLDAP expirience I understand what you're saying, I somehow underestimated the complexity (also the funcionality) of OpenLDAP. And since there seems to be a replication model for OpenLDAP, running 2 virtual machines should probably be robust enough. Thanx for the comment

I figured out the issue. I had an APN set and was following http://forum.pfsense.org/index.php/topic,56696.0.html If you follow the basic intrusions of that user and use the phone number "99**3#" you do not set an APN inside ppp.

If you put then all on the same network segment the traffic between then won't go through pfSense so you won't be able to filter it with firewall rules. Separate VLANs gets my vote. Steve

There will be a 2.1.1, I don't know about timing, we're still investigating some things like ix(4) driver issues that don't have a fix yet. One can always gitsync to RELENG_2_1 to pick up all of the 2.1.1 fixes made thus far.

IT seems your cable modem is loosing it's connection intermittently.  When the motorolla modem does not detect the coax (WAN) connection, it will unbridge the two interfaces and hand out dhcp ip's in the range of 192.168.100.x.

jimp, I installed version 1.1.1 of arpwatch but I staill get the RFC warnings and it doesn't send any email messages.  For the present time, I have disabled email notifications in arpwatch and removed email server name and email addresses in System -> Advanced -> Notifications to stop the messages in the system log. Let me know if there is something else you want me to try, just remember I'm still new to pfsense.  I like what I've seen so far and plan to stay with it.

@mattlach: So, #1 appears like it might be related to this issue with interfaces cycling.  Trying to use the fix there, but struggling with how to do it. Yep, definitely fixed my interface connectivity problem (#1) using the information in that other thread. Still can't get any WAN actioin from the LAN side though. (#2).  Any thoughts? Thanks, Matt

Upgrading to the new version could be useful. FreeBSD 2.1 It should be, I don't expect. A small risk But of course you need to configure 2.0.and 2.0.n copy to ensure income.

I dont think you need to have a bridge. If you have a pfsense box setup and routing traffic on your lan already, then you can plugin your "wireless router" to the switch, turn off dhcp, give it an ip and go. Otherwise, get wireless card, add it to you pfsense box. add the interface. https://doc.pfsense.org/smiller/add_wifi_interface/Add_WiFi_Interface.htm