@jonathanduane: justing a dell optiplex i will check now for errors, thanks Can you tell us what model of Optiplex?  They range all the way from first generation Pentiums through current i7's, some with 3Com, Broadcom, or Intel NICs onboard; the model will tell us a lot about what we're looking at.  It'll also be helpful to tell us about any secondary NICs you may have installed and are using.

Thank you sir….

@neteffectcafe: I am blocked because i am an Internet cafe. Bizarre. Do they give a reason for doing this? Steve

NAT reflection is ugly as a general practice (why loop things through the firewall when you don't have to), and you lose the real source IP out of necessity since the replies have to go back via the firewall. Nothing wrong with using it though if that's the best option in your specific scenario.

You cannot. The platform file needs the exact words it has. It can only be pfSense, nanobsd, livecd, and so on. That does not control the name of the system as displayed on the GUI, console, etc. There is another place to set that. Leave the platform file alone. It is for internal use only.

Dear Steve, This same issue i was also facing in my wan network. According to your solution by enabling Nat Reflection. i won't get pfsense admin login page again but my web respective page was not shown. but by checking the below option. I am able to view my require web pages. "Automatically create outbound NAT rules which assist inbound NAT rules that direct traffic back out to the same subnet it originated from" Thanks a lot for your solution.

Some server software includes a "mini firewall". Server configuration requires specification of which interface(s) the server will access requests from and/or which IP addresses the server will accept requests from. Perhaps the server is rejecting the requests you have logged because the server is not configured to accept those requests. There might be a server log giving more details. That tip resolved it. I was under the impression that I had the "mini" firewall on the webserver disabled for my tests - but I must have been wrong. "Problem" went away when I uninstalled the local/mini firewall that is no longer necessary.  We were using an application that sits on top of iptables - and I assumed incorrectly that shutting down iptables would disable the local firewall application.  This local/mini firewall must have additional filtering outside of iptables as well. Now - I have a separate question - how to setup load balancer to work across https connections. Will look around for info, and if needed post it separately.

thank you! I was looking all over

Was able to get this figured out. Looks like the file system was not formatted.  Ran "newfs" on it, and all is good in the world again.

Due to needing to setup this in urgency, I had tried using Endian Firewall Comunity and it works with VLAN500 tagging. However, I prefer pfsense actually. I will try to test it one more time using livecd and then post the logs here. Will have to wait until when no one is around in my office. And that is tough since we even have people coming in to work during weekends.

There is the content of my syslog.conf. Is there something wrong? Im not use to those.. normally more on fedora. [2.0.2-RELEASE][admin@pfsense.home.lan]/var/etc(5): cat syslog.conf !ntp,ntpd,ntpdate !ppp !pptps !poes !l2tps !racoon !openvpn !apinger !relayd !hostapd !-ntpd,racoon,openvpn,pptps,poes,l2tps,relayd,hostapd

I may have remebered incorrectly about the errors, I can't now find a example of it. However: http://forum.pfsense.org/index.php/topic,35895.0.html Steve

Now i got it friends :) Many thanks stephenw10 and jason litka kalu

Welcome  :) As "new" to anything (pfSense in this case), is good idea to check the DOCs / FAQ before ask ;) http://doc.pfsense.org/index.php/Main_Page http://doc.pfsense.org/index.php/Category:FAQ http://doc.pfsense.org/index.php/Can_I_sell_pfSense

1. It's not something I've ever tried. I can't really see what advantage it would be. If the WAN is up and you have convectivity to to other end then why switch to a different tunnel? If your first tunnel goes down, for whatever reason, then why switch to a second tunnel rather than bring the first tunnel back up? If you have both tunnels up simultaneously then you could run some failover/redundancy between them. However it's likely both tunnels will be using the same route such that if one goes down both will. You may get a better answer to this in the vpn subforum.  ;) 2. Not sure quite what you're asking here. Do you mean remotely access the webgui on a pfSense box? If so you can do that already. The server that provides the webgui listens on all interfaces you just need to add firewall rules to allow it. It isn't recommended though to have the webgui accessible from the internet. Steve

That should definitely be enough for 1 Gbps wire speed throughput.