Today i received the Draytek Vigor 130. I will continue with that modem + pfSense + managed switch for VLANs. I am not going to put any more effort in the Experiabox V8. When i have Routed IPTV working with the Draytek + pfSense (can take a while because i am going to move to an other house soon) i will write up my config here.

Now all works perfectly Thanks  ;)

How is it complicated? It just depends on your point of view and how you work, that's all.  Both methods will work.  For me, I would never forget to secure a newly-added subnet, but I might easily forget that I blocked all of private IP space in a blockrule made potentially months or years ago. I'm glad you have it working the way you want.

still having issues with this and i have upgraded my system. Have hp nc364t quad port nic and still facing the same issue. during the evenings when the load is high it still doesn't show the correct figures on traffic graphs. I have 3 x 20mbps bandwidth from isp and when the load is high, the highest one of the wan goes is 7mbps.

@dazedman: So everything had been running fairly smooth over that past several day until today. Check out my packet loss that just happened twice today. Other then my ISP dropping what else could this be? The problem is the LCDd. It is filling the error log with the following… Jan 19 14:11:05 LCDd sock_send: socket write error All of my down times and packet loss match exactly to when LCDd is writing that into my system logs. I am going to have to try removing that from my firewall and running without it for a while. Just really like that tool so that my display is not always on and when it is it displays useful info... Really hope a 2.3.2 package for LCDd gets created so we don't have to do the crazy install process.

Thanks guys, i just enabled SSH and now ill just use my cell phone to SSH into the console when needed.

Thanks… That also helps alot!

@avvid: Yes, I was trying to see if pfsense could "safely" terminate a port that goes nowhere and respond to the TCP requests. If it goes nowhere it might as well not exist.  Thus it must be answered by something. In this case you want your firewall to answer the request. This means you want to open a port to the other server on a security device..  Bad ju ju! But you could allow their server  (and it only via a well crafted WAN firewall rule) to your pfsense WAN address GUI port.  Still a security issue but much safer than selecting "any" for source IP. WAN Rule-    Source-  their IP address  any port    Destination- "Wan Address"  Port- (your GUI port)  80??  .

@BBcan177: Use the Snort OpenAppID processor. BBcan177, could you post on how to do this, or a link? If I remember correctly there are no GUI settings to facilitate this (other than just turning on the OpenAppID processor)..

Thanks for the update.  I can't remember the last time I had a corrupted download in general.