What you're talking about sounds perfect. I don't have a development environment at home, but I'll see if this is something I can pull off. Thanks for your input.

thanks jim

I run vms at home - and I am against such a joining as well.  Don't see any reason that makes sense.  It makes more sense to just fire up a VM and use an OS/Distro geared towards being a NAS vs using my firewall to provide my storage. I just can not see a reason why anyone would do or want such a thing to be honest. If they want such a box maybe they should look to something like http://www.clearfoundation.com/Software/overview.html which is one of those Do everything Distros - acts as your gateway while also being your storage, LDAP, email server, etc.. etc.. Just because pfsense and freenas share a common core OS freebsd does not mean they need to join forces ;)

Someone was trying to run a SIP attack against you. The pf log parser gets enough data that can be parsed through tcpdump that the actual body of the packets was getting decoded. If you have a SIP server, you might want to make sure it's adequately protected in terms of rules, passwords, access, etc. If you don't have a SIP server, this may have been a random scan/attack that just happened to hit you. It's very common for such things to be seen sweeping the Internet looking for SIP servers to exploit. When they find an open one they'll burst a ton of pay calls through it. We've heard of people getting 5 and 6 digit dollar amount bills from improperly protected SIP services.

Well yeah when the sites are accessible its a given you must of been able to do a dns query for them - I would of been more interested when they were not working ;) So was snort blocking access to the site, or the dns query? Any sort of IPS/IDS is going to take loads of configuration and work to make is viable product - if you think you can just click click and install something like snort and not have to spend quite a bit of time adjusting the rules and working out false positives then no snort is not for you.

Any news on this?

I only show a 10gb hdd, cdrom drive.  Guess wipe and reload it is. $ dmesg Copyright (c) 1992-2010 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD is a registered trademark of The FreeBSD Foundation. FreeBSD 8.1-RELEASE-p6 #1: Mon Dec 12 18:18:02 EST 2011     root@FreeBSD_8.0_pfSense_2.0-snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense.8 i386 link_elf: symbol HgfsDebugPrintVattr undefined KLD file vmhgfs.ko - could not finalize loading Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel Pentium III (701.60-MHz 686-class CPU)   Origin = "GenuineIntel"  Id = 0x683  Family = 6  Model = 8  Stepping = 3   Features=0x383f9ff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,mmx,fxsr,sse>real memory  = 167772160 (160 MB) avail memory = 140472320 (133 MB) netisr_init: forcing maxthreads to 1 and bindthreads to 0 for device polling wpi: You need to read the LICENSE file in /usr/share/doc/legal/intel_wpi/. wpi: If you agree with the license, set legal.intel_wpi.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (wpi_fw, 0xc0988300, 0) error 1 ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_bss_fw, 0xc0789340, 0) error 1 ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc07893e0, 0) error 1 ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/. ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf. module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc0789480, 0) error 1 wlan: mac acl policy registered kbd1 at kbdmux0 ACPI Error: A valid RSDP was not found (20100331/tbxfroot-309) ACPI: Table initialisation failed: AE_NOT_FOUND ACPI: Try disabling either ACPI or apic support. cryptosoft0: <software crypto="">on motherboard padlock0: No ACE support. pcib0: <host to="" pci="" bridge="">pcibus 0 on motherboard pir0: <pci 9="" interrupt="" routing="" table:="" entries="">on motherboard pci0: <pci bus="">on pcib0 agp0: <via 82c691="" (apollo="" pro)="" host="" to="" pci="" bridge="">on hostb0 agp0: aperture size is 64M pcib1: <pci-pci bridge="">at device 1.0 on pci0 pci1: <pci bus="">on pcib1 vgapci0: <vga-compatible display="">port 0xc000-0xc0ff mem 0xd4000000-0xd4ffffff,0xd6000000-0xd6000fff irq 11 at device 0.0 on pci1 isab0: <pci-isa bridge="">at device 7.0 on pci0 isa0: <isa bus="">on isab0 atapci0: <via 82c596b="" udma66="" controller="">port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xd000-0xd00f at device 7.1 on pci0 ata0: <ata 0="" channel="">on atapci0 ata0: [ITHREAD] ata1: <ata 1="" channel="">on atapci0 ata1: [ITHREAD] uhci0: <via 83c572="" usb="" controller="">port 0xd400-0xd41f irq 10 at device 7.2 on pci0 uhci0: [ITHREAD] usbus0: <via 83c572="" usb="" controller="">on uhci0 pci0: <bridge, host-pci="">at device 7.3 (no driver attached) dc0: <admtek 10="" an985="" 100basetx="">port 0xd800-0xd8ff mem 0xd9000000-0xd90003ff irq 11 at device 16.0 on pci0 miibus0: <mii bus="">on dc0 ukphy0: <generic ieee="" 802.3u="" media="" interface="">PHY 1 on miibus0 ukphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc0: [ITHREAD] dc1: <admtek 10="" an985="" 100basetx="">port 0xdc00-0xdcff mem 0xd9001000-0xd90013ff irq 12 at device 17.0 on pci0 miibus1: <mii bus="">on dc1 ukphy1: <generic ieee="" 802.3u="" media="" interface="">PHY 1 on miibus1 ukphy1:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc1: [ITHREAD] dc2: <admtek 10="" an985="" 100basetx="">port 0xe000-0xe0ff mem 0xd9002000-0xd90023ff irq 5 at device 18.0 on pci0 miibus2: <mii bus="">on dc2 ukphy2: <generic ieee="" 802.3u="" media="" interface="">PHY 1 on miibus2 ukphy2:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc2: [ITHREAD] cpu0 on motherboard pmtimer0 on isa0 atrtc0: <at realtime="" clock="">at port 0x70-0x71 irq 8 pnpid PNP0b00 on isa0 atkbdc0: <keyboard controller="" (i8042)="">at port 0x60,0x64 irq 1 pnpid PNP0303 on isa0 atkbd0: <at keyboard="">irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] atkbd0: [ITHREAD] unknown: <pnp0c01>can't assign resources (memory) uart0: <16550 or compatible> at port 0x3f8-0x3ff irq 4 flags 0x10 pnpid PNP0501 on isa0 uart0: [FILTER] fdc0: <enhanced floppy="" controller="">at port 0x3f2-0x3f5,0x3f7 irq 6 drq 2 pnpid PNP0700 on isa0 fdc0: [FILTER] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 ppc0: <ecp parallel="" printer="" port="">at port 0x378-0x37f,0x778-0x77a irq 7 drq 3 pnpid PNP0401 on isa0 ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode ppc0: FIFO with 16/16/16 bytes threshold ppc0: [ITHREAD] ppbus0: <parallel port="" bus="">on ppc0 plip0: <plip network="" interface="">on ppbus0 plip0: [ITHREAD] lpt0: <printer>on ppbus0 lpt0: [ITHREAD] lpt0: Interrupt-driven port ppi0: <parallel i="" o="">on ppbus0 uart1: <16550 or compatible> at port 0x2f8-0x2ff irq 3 pnpid PNP0501 on isa0 uart1: [FILTER] orm0: <isa option="" rom="">at iomem 0xc0000-0xc7fff pnpid ORM0000 on isa0 sc0: <system console="">at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> vga0: <generic isa="" vga="">at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0 unknown: <pnp0c01>can't assign resources (memory) Timecounter "TSC" frequency 701596286 Hz quality 800 Timecounters tick every 1.000 msec IPsec: Initialized Security Association Processing. usbus0: 12Mbps Full Speed USB v1.0 ad0: 9541MB <seagate st310216a="" 3.01="">at ata0-master UDMA66 ugen0.1: <via>at usbus0 uhub0: <via 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr="">on usbus0 uhub0: 2 ports with 2 removable, self powered acd0: CDROM <cd-rom 52x="" akh="" t5a="">at ata1-slave UDMA33 Trying to mount root from ufs:/dev/ad0s1a ovpns1: link state changed to UP pflog0: promiscuous mode enabled load_dn_sched dn_sched FIFO loaded load_dn_sched dn_sched QFQ loaded load_dn_sched dn_sched RR loaded load_dn_sched dn_sched WF2Q+ loaded load_dn_sched dn_sched PRIO loaded dc0: promiscuous mode enabled WARNING: pseudo-random number generator used for IPsec processing dc0: promiscuous mode disabled dc0: promiscuous mode enabled dc2: link state changed to UP</cd-rom></via></via></seagate></pnp0c01></generic></system></isa></parallel></printer></plip></parallel></ecp></enhanced></pnp0c01></at></keyboard></at></generic></mii></admtek></generic></mii></admtek></generic></mii></admtek></bridge,></via></via></ata></ata></via></isa></pci-isa></vga-compatible></pci></pci-pci></via></pci></pci></host></software></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,sep,mtrr,pge,mca,cmov,pat,pse36,mmx,fxsr,sse> and $ ls /dev ... ad0 ad0s1 ad0s1a ad0s1b ...

This just keeps getting better and better! Appreciated again, redoing all of my monitoring systems and this will become my primary FW for a month or 2 so i need to see the kind of connections we are putting through it, box is total over kill, but still, nice to see what is going on! [image: ilGPhGx.png]

@bendrum: Electric Sheep Fencing LLC. is a commercial company located in the US. Austin, Texas. which supports pfSense.   If the NSA asks this small company to introduce backdoors into pfSense, do you believe one minute it could refuse? Yes.  Like a mother-fucking riot. You obviously don't know me well.

There is nothing special configured with the interfaces. They are single link gigabit interfaces. The only place it shows above 1 gig is on the graphs as well as showing the spikes/drop offs.

The shell is tcsh, which differs from /bin/sh And if you're used to some other OS, /bin/sh there might even be something like bash Check the FreeBSD man pages for sh and tcsh to see what syntax works in each.

As detailed here: https://doc.pfsense.org/index.php/Remote_Config_Backup The authentication system is different so you need to do a little more. Steve

Hi I also have this problem with 2.1 64-bit version on ESXi (both on 5.1 and 5.5). Really sad when the graphs get ruined. Same as you I also get it on IPv6 which I dont even use. [image: status_rrd_graph_img.png] [image: status_rrd_graph_img.png_thumb]

There should be no good reason why you can't access the pfSense webgui from your laptop connected via wifi. Here's what I would do. Connect the pfSense WAN interface to one of the switch ports on the WRT54. Set the pfSense WAN to use DHCP, it will then receive an IP from the WRT54. Set a firewall rule on the pfSense WAN interface to allow access to the webgui on WAN, so: source any, destination WAN address, port 443 (or 80 if your using http). Done, you should now be able to access it via a wifi connection to the WRT54. It sounds like you're trying something more complex, is there some reason for that? As you say it's good experience to try some thing new. Steve

You may need to upgrade the BIOS of the Dell.  I recently added memory to a Dell and couldn't get two dissimilar memory sticks to coexist until I upgraded the BIOS. If you try it, I would recommend upgrading the BIOS with just the original stick installed in case an issue with the new stick causes the BIOS update to fail and potentially brick the computer.