Well for example a minimum set of rules to allow clients on OPT1 to have web access: Source OPT1 subnet, port any, destination any, port 80. This will allow traffic out to port 80, HTTP. You also need to allow access to the pfSense DNS forwarder: Source. Opt1 signet, port any, destination OPT1 address, port 53. Steve

matguy, My hardware is not so good as you describe. I have a pentium 3 800 MHz processor and 198MB of RAM. I think i will not be abble to run several v-machines at the same time.

If you could get your ISP to do MLPPP for you then you could bond 4 dsl lines and get your 3mbps up.

I would guess no it's not possible. You can only enable dhcp servers on static interfaces. In a bridge configuration usually only the bridge interface is static so you would have to use only one instance of DHCP for the whole subnet. There is no way of filtering leases by source interface, that I know of. Alternatively you could have all the interfaces static, 192.168.1.1 2.1 3.1 etc, and still bridge them. If you had open firewall rules traffic could go between them. However you would run into some sort of subnet clash. You would want each dhcp server to hand out a subnet mask that included all the interfaces but you can only hand out the mask of the parent interface. Thus you would have to set the subnet masks of each interface to overlap all the interfaces. I don't know if pfSense will allow you to do that, I've always tried to avoid it  ;) Even if it does I would imagine routing problems. Perhaps it might work - hypothetically! Steve

@marcelloc: if you have php skill, take a look on sarg package(sarg_reports.php and sarg_frame.php), I've limited it's access to pfsense users permissions. Thanks. I'll give it a shot. Edit: Where in the file structure could I find those files?

Poster above has only posted 3 times. All identical posts linking to his blog. I don't wish to put anyone off contributing but this seems a little suspicious.  ;) If I'm wrong then I apologise. Steve

@ptt: @sreerajuv: U can find Multi wan configuration in followink link http://linuxhotcoffee.blogspot.in/2012/09/pfsense-201-dual-wan-configuration.html Having "WAN1" on Tier 1 & "WAN2" on Tier 2 and using "Member Down" as trigger level you are NOT Doing "Load Balance" you are doing "Fail Over". Please review your "Blog" post, then come back with accurate info. You can check the info from the pfSense Docs: http://doc.pfsense.org/index.php/Multi-WAN_2.0#Gateway_Groups If any two gateways are on the same tier, they will load balance. If they are on different tiers, they will do failover preferring the lower tier. If the tier is set to "Never" then the gateway is not considered part of this group. Also, I think this was more of a hardware question, of how to get 5 physical ports accessible with his hardware than how to configure them (although, I wouldn't wager against that being the next step/need/question.)

You may want to try the 2.1 snapshots which will likely have better SATA support. Of course if you're happy with CF then I'd stick with that. Steve

We got up this morning to even worse connectivity. It would be up for 30 seconds and then down for 5 minutes. I ran to the store and bought a new modem and the problem went right away. I'll keep an eye on it but the only other thing I can think would do it would be the hard drive failing in my pfSense box, though SMART data is not showing any issues.

@Rasco: I am looking for a script that can ping hosts on the LAN and WLAN and when there are no host left, then pfSense router can halt the system. The reason is that my network 70% of the day doing nothing. Why not do it the other way around? Configure your router to use wake on lan (WOL) and if there IS traffic, it boots up and stays up. Sounds dangerous to allow a script to shut down the system. How ever a quick and dirty shell or perl script that checks the output of, for example tcpdump on an interface and a loop and a counter to check if nothing happened for X amount of minutes etc. OT: If electricity cost is the issue, why not switch to less power hungry components such as Intel Atom or similar, the power consumption on these while idling is almost none and probably switches, UPS, etc consumes more power than the router itself during these times your network users are busy IRL? Cheers E

Should just be a matter of importing it via the certificates manager: http://doc.pfsense.org/index.php/Certificate_Management Steve

Hi! OK I went to: Diagnostics: Packet Capture and start to capture my gateway IP. In log now I have ping echo request and ping echo reply every second. So I should monitor this and when link disconnected I stop to capture and see if there is a gap in log file. Correct? Regards, m

Actually in many configurations, pfSense 2.0.x is much faster than 1.2.3 with interfaces. Especially with large numbers of VLANs. There are quite a few factors that can go into it though. It really depends on the specific action you're taking that you believe feels slow.