Yes you could do a MITM style intercept and replace images a-la 'Upside-Down-Ternet'. You could, more easily, have the captive portal leases expire after an hour forcing users to login again and be subjected to advertising. However that still won't push anything you have to wait for the clients to pull something you can intercept. I would think there is no way to this without some client side plugin. Steve

I gonna try thanks. As i do not want to mess up anything, may i use a gmail.com account of mine to create a certificate from startssl. If not, i ve got a real domain name as well blablabla.eu Thanks for help. "It won't be an "MS Windows Logon" or a popup" I was speaking about freeradius..section 2) Why radius is so hard to implement on W7 ?

Yeap, that did it. Reenabled Squid, found and checked the "Disable X-Forward" option, and now it seems I have a cache without sharing my private IP addresses. Thank you again.

Yeah Gotta gotta have it… no matter the bandwidth... although queuing is good until is bad...

@sjim: Here is my pfSense setup. I setup a NAT so that all TCP/UDP traffic coming to any ports on the WAN interface (from port# 1 to port# 65535 except port# 443 for the pfsense webui) will be forwarded to the IP address of my NFS client. AFAIK the only difference between the secure and insecure option on NFS is that the server will only accept mount requests from the client if they come from a port less than 1024. I suspect that you may not be using 1:1 NAT and so pfSense is choosing it's own source port for the translated request from the client. One solution would be to use 1:1 NAT since you are already mapping all the ports anyway. You would need to create a special port forward if you need 443 to point to pfSense (by default it should be processed before the 1:1 NAT [1]). Another option would be to create a special case NAT rule for just the NFS client to server request using the Translation: Static-port [2] option. [1] https://doc.pfsense.org/index.php/Do_NAT_port_forwards_override_1:1_NAT [2] https://doc.pfsense.org/index.php/Static_Port

That wouldn't be a "cron" job since those are periodic. To run a shell command after bootup in a way that would work across upgrades and such, look at the shellcmd package which runs shell commands at boot time.

If the rules pass the traffic, and outbound NAT is set to NAT them out, it should work. Though there is not enough detail to say for sure. Make sure the rules pass all traffic, not only TCP. Some other things to check: Try to ping the firewall (their gateway), if they can't, then rules are probably to blame Try to ping an Internet host by hostname, such as www.google.com, if it can't translate the name to an IP address, check your DNS Try to ping an Internet host by IP address, such as 8.8.8.8, if the other parts work but that does not, it's likely outbound NAT

I second a fanless solution, something like an alix board etc.. You'll go from ~60watts to ~10watts. Spec wise you'll just want 1-2gb of ram unless you want a crap ton of firewall rules / snort rules or something of that nature.

Win!  ;D Steve

Looks like it's well covered in the thread but worth repeating in summary: Internal ADSL cards are: 1. Difficult to locate/source 2. Expensive 3. Unsupported 4. A bad idea from an electrical/surge point of view Working in PC repair years ago, I saw dozens of DSL modems fried over the years, and countless more entire PCs fried because of internal dialup modems. Replacing a DSL modem is probably on the order of $25-50, if that. Replacing your entire firewall (and the DSL card!) would be significantly more expensive. Surge protectors aren't perfect… It's not worth it.

This is an odd setup you have. What are you doing with the various machines on each side of the pfSense box? Normally to access services running on machines behind pfSense, a web server for example, you would use port forwarding. Each of the services you want to access would appear to clients on the WAN side to be running on the pfSense WAN address. If you actually want to be able to access to machines behind pfSense directly you need to have pfSense act purely as a router. You'd need to disable NAT, add firewall rules and then give the clients a route by manually adding routes to them. Steve

@twp01: This is the full script I am trying to run through CRON, it is the one the link went to, but here is it posted in its entirety. Thanks _#!/bin/sh #===================================================================== pingtest.sh, v1.0.2 Created 2009 by Bennett Lee Released to public domain (1) Attempts to ping several hosts to test connectivity.  After #    first successful ping, script exits. (2) If all pings fail, resets interface and retries all pings. (3) If all pings fail again after reset, then reboots pfSense. History 1.0.2  Added turn dhclient on for the interface. (Dice81) 1.0.1  Added delay to ensure interface resets (thx ktims). 1.0.0  Initial release. #=====================================================================_ The script is working but If it runs from pfsense Cron package, it needs the full path of the /sbin/ping executables as well, otherwise it reboots the pfsense every time.

This thread over on Broadband reports in pretty educational regarding QoS. … - Latency and QoS - ... http://www.dslreports.com/forum/remark,27252457?hilite=comcast

Thank You so much guys!!!!!!….Its a Usb keyboard,And I replaced the Removable Battery And it noticed the keyboard in which I booted into Bios and I Overwrited my Linux distro. over PFSense and all Is working as needed! PROBLEM SOLVED.

Thank you very much for your help! Fortunately after extensive troubleshooting, I found that my subnet mask on my WAN interface was wrong, because pfSense requires CIDR prefix, I just got it wrong during my initial configuration of my box. Now after this fix, the box behaves stable. I'll continue monitoring the system, but I think this was the root cause of my problem. Thanks to all of you, who take time to help me! Have a nice weekend!

It is consistent with other descriptions.  e.g. "Low and high thresholds for latency in milliseconds. Default is 200/500." Also please be sure to read the explanation and example at the bottom of the advanced section. Given those, it should become clear that it is a time, in seconds, that is being entered.

Its working now with "Enable (NAT + Proxy)" Thank you! I do now have proxy running what does that option mean? [image: edit.jpg] [image: edit.jpg_thumb]

Get my vote for the unfi stuff as well.. I recently got their AC indoor AP, and run the controller software on a linux vm..  Not saying their 3.x version of the software is perfect yet..  But they are making great progress.  Update of the controller software and firmware on the AP is simple apt-get upgrade and then click upgrade on the firmware to update your APs.. Be it you have 1 or 100 of them. For the budget minded – clearly the way to go.  This was only for my home setup - so the the $300 cost of the AP might be on the high side for some home users..  But I like to play with the current stuff - this gives me something to play with in the AC world, while picked up a pce-AC68 3x3 card for my pc to play with.. So you currently managed your 40 AP all my hand??  That would suck ;)  I would really look into the unifi stuff for the doing it in an enterprise way while on a soho budget ;)

Anyone? Please! Kind regards, Joao