Thank you very much for your detailed reply. Unfortunately, I had already shutdown, re-imaged and restored.  Thankfully, I had a very recent backup. I'll get the 2.2.4-DEVELOPMENT snapshot installed tomorrow am.  Can't have any more down time today if it can be helped. Do you happen to know if 2.2.4 has any more fixes for Multi Tunnel IPSEC, I still have the same rekey issues since 2.2.1, which is why I tried 2.2.3. Thanks again. Tony

Thank to everyone taking the time to read and respond to my overly long posts. As of now everything is working great! But I always have new questions…. "The Dude" is all of a sudden picking up a node with gigabits of traffic on a node ending with *.255 (see attachment). Is this something internal to pfSense? DNS (ubound)? My actual pfSense box is 192.168.3.1. Any and all suggestions appreciated :) Simon  

ok i ll check it, thanks.  :)

@tux_dude Did you solve it out now? Did you brought up the LAGs and the VLANs straight working smooth?

Status - System Logs - Firewall.  Or install the Firewall Logs widget on the dashboard.

Hmmm.  I had to manually create the SSH keys for this host yesterday.  Today, after a reboot, the SSH keys are gone again.  It's almost like this thinks it is running a live CD, but it isn't?  Also, the thing hangs fro aobut 12 minutes during boot at "synchronizing user settings…" no idea what is going on there.

@Sensi: My pfSense 2.0.1 (multi-user) is acting strangely!! Anybody got any ideas? There's an idea. Any change you can try this on the current version?

iorx, if you're using intel e1000 physical nic's, try the solution I implemented (thanks to cmb) last friday: https://forum.pfsense.org/index.php?topic=96325.0 Until now (5 days and counting) it's going good, so I'm hopeful.

@phil.davis: You have to follow the instructions and complete the legal stuff. A few weeks ago the repo became a private one on GitHub rather than where it was before on some other machine hosted at some other pfSense name. I know the existing people signed up to the previous tools repo address all got access to the repo in the new place. I am not sure how that all links together automaticaly now for new sign-ups. After signing up, I would look first in GitHub pfSense section and see if the pfSense-tools repo appears for you. Thanks phil.davis, I can access pfsense-tools now. But It's very straight for me. I think I must install FreeBSD 10.1 (for Pfsense 2.x) and download pfsense-tools from git repo. After that, I patch all fille in pfsense-tools to FreeBSD. Is it correct? Do you have any instruction to build pfsense development enviroment?

also imagine someone is using the wifi network for some evil torrenting;  oO On your pfsense machine your traffic graph will show the WAP_ip instead of the offenders_ip as the source/destination of lots of traffic  (since you NAT everything on the WAP)

so you have a any any rule on wan?  Yeah that is not good… "Wan => (Wan Rule: Pass Any Any) PFsense => Server" If this is what you want "I want to record who ping my server" Why don't you just setup a wan block ping with logging?  Why wold you want to send it all they way to the server, just to block the servers reply?

The state table lists the states the firewall has allowed.. Its a stateful firewall!! If your having issues controlling traffic - then post up your rules and explain what your wanting to accomplish.

All 3 are Layer 2. I knew that, what i didnt know is the Lx meaning. I am learning on the go, i dont want to be rude but in any case my boss should be the one asking that.

Dunno, but "scrub rule then PF will re-package the data using an MTU of 1460 by default, thus overriding this mssdflt setting" would strongly suggest that messing with that sysctl is a total waste of time.

Hi - just to update you, I have now managed to get this all working :) Thanks for all your help.

@edfcmc: When I switch from my pfsense router to… Just don't do that.  :P

@SisterOfMercy: @SisterOfMercy: @Inperpetuammemoriam: Hey guys,Therefore, the virtual machines running all the services should be the only ones making use of the DMZ sided port in order to offer their services to the outside world. Do you mean you are only exposing non-management services on the DMZ, such as a web server, and the SSH ports are only open to the LAN? Yes, that would (have) be(en) the idea. @BlueKobold: @BlueKobold: Connect to the pfSense a DMZ and a LAN Switch Place the entire server connected to the web in a real DMZ Ok, so the better way would be to completely isolate the Server within the DMZ from the LAN. @BlueKobold: Let the DMZ servers only connect to the Internet through Squid onto the pfSense I never used squid before but from what I read about it (squid-cache.org), the main feature is a performance gain rather than a security gain. Did I miss something? @BlueKobold: Connect the servers through the IPMI port or over KVM switches placed in VLAN1 (default) I'm not using the IPMI port. It could have been useful to be able to remotely manage the server even before the OS has booted but from what I read about it I think there comes a much bigger security loss than a gain in usability with it. The risk of someone implanting low level spy/malware (which is really hard to detect) outweighs the benefits by far. @BlueKobold: Set up a DMZ and LAN radius server that only you will be able to secure connect to the servers I also never used a radius server before but wouldn't this be like taking a sledgehammer to crack a nut? From what I read, I assume there comes a big configurational and computational overhead with it but little to no gain in protection from the WAN side. Wouldn't it be better to just be very restrictive in the firewall configuration concerning traffic intended for the DMZ? (e.g. allowing the SSH access only from the LAN side and restricting WAN access to the few required ports) @BlueKobold: Set up snort sensors and servers to gain more security inside of your network Snort is already running. ;-) However, even with a not so conservative configuration I had to suppress a few alerts otherwise the internet experience would have been drastically reduced. Is this normal?