Thanks for letting me know. I was coming to this conclusion and saw the bug opened to version 2.1 for extracting user information. Keep up the great work!

Hmm, assigned the wrong NIC to opt1? Steve

I have no answers I'm afraid.  :( So you have VLANs but you're not using pfSense with them directly? I'm still not sure why you need a gateway on LAN. Steve

@jimp: Permanently? Not so easy. Temporarily, easy. echo "nameserver x.x.x.x" > /etc/resolv.conf route add default y.y.y.y Where x.x.x.x is your DNS and y.y.y.y is your gateway. Once you're in the GUI, fix up the settings properly and you're good. Perfect this is exactly what I needed.. nothing like trying to configure using GUI via super delayed remote console link ugh

@jimp: You're a GENIUS!!!!  I remember ticking that when I was setting it up.  Everything is back to normal and things are running much better with the simple unticking of that option.  You rock jimp!  Thanks for sticking it out and helping a n00b like me. ;)

On the OPT inferface (192.168.33.0/24) put a block rule to 192.168.88.0/24 network. This must go above the allow any rule. If you want to have fun. Create an alias for each network. Then create a rule in each one that allow not (192.168.88.0/24) to the internet. Then everything but that address will be allowed to pass.

That is exactly the card I have.  Too bad that didn't come up in my searches. :(  Perfect answer to my question.  Thanks!

the problem there is when you unplug the USB wireless you'd have to remove the interface assignment as well or it would drop to an interface reassignment prompt at bootup. If you move a wireless interface config to a non-wireless interface, it wouldn't retain the wireless settings.

@Nachtfalke: The Layer7 filtering for torrent isn't working on my actual pfsense 2.0 So I don't think that this is a good solution at the moment. :( It's as good as the l7filter project's signatures, which is hit and miss. It'll miss all encrypted BT traffic as you can't detect that in such a fashion. It's also extremely high overhead so it's not something I would put a ton of traffic through unless you have a significantly oversized CPU (by our normal hardware sizing standards).

@fluca1978: It seems to me this is a feature of pfsense not present in FreeBSD. Is there any good reason why not using something like newsyslog? They're kept in RAM to have consistency between embedded and full versions, can't use normal FreeBSD logging on nanobsd.

l2tp working only "manually" since described problem appeared when i returned back commented code in interfaces.inc to be able to write hostname as l2tp remote server (thx Lexvel) if (!$g['booting'] && !is_ipaddr($gateways[$pid]) && is_hostname($gateways[$pid])) {               /* XXX: Fix later */               $gateways[$pid] = gethostbyname($gateways[$pid]);               if(!is_ipaddr($gateways[$pid])) {                  log_error("Could not get a valid Gateway IP from {$port} via DNS in interfaces_ppps_configure.");                  return 0;               } it is still vital to get l2tp server via dhcp for me and some other users from my country (my ISP seems to be popular in Russia), so still hoping someone will help.

Well, thanks. I think pfSense will be my choice then. Thanks for your help. Now, I just have to learn how to play with traffic shaping option ;)

@torontob: Thanks again for the input. I will try that. But what you explained is LIMITING the bandwidth. Why limit the bandwidth? I never know what the bandwidth is exactly as it changes during the day and night. What I am looking for is DEDICATED 512kbps on one NIC PORT regardless of what all my other ports get (dynamic speed at different times of the day). Is that possible? The way you explained it I suppose I should define each port to get certain limit (I assume I can't use percentage but rather hard numbers). Yes, it can be done. It's called Realtime.  Realtime reserves the bandwidth for the queue and the other queues share whatever is left.

Hi, Welcome!  :) You can use Squid with Squidguard: http://doc.pfsense.org/index.php/SquidGuard_package (the same sofware as IPFire's URL filter) You can probably also use pfblocker to achieve this: http://forum.pfsense.org/index.php/topic,42543.0.html IPFire is a fork of IPCop with additional functionality included by default right? I came from IPCop and before that Smoothwall. Differences between that and pfSense? Hmm…. pfSense is built on FreeBSD. It is a more secure and reliable platform (though I never had any trouble with IPCop) but has a lot less hardware support so make sure anything you buy is compatible. pfSense is strictly focused on security so anything that might compromise that is not included. Packages are available to add functionality at the risk of security but some things (samba server, web server) are seen to be too higher risk. pfSense does not limit the number of interfaces you can have nor does it treat interfaces differently (red, green, blue etc). You can configure any interface to do anything you want and have as many as you can fit in the box, or far more if you use VLANs. Probably a load more things! I tried it and didn't look back. The one thing I miss is extensive logging on the box. pfSense logs only to ram, if you want complete logs you must export to a syslog server. Steve

Thanks for the info!  I think shellcmd is probably the best choice. -Brian

I removed the manually added aliases before doing the upgrade. I did the upgrade in other box and I didn't have the same problem. It seems my problem was due to problems in the boot script of pfSense solved checking the boot log and php_errors of the boot log as you could see on this post: http://forum.pfsense.org/index.php/topic,43766.msg226677.html#msg226677

What is the IP address and network mask on the pfSense WAN interface? What is the IP address and network mask on the pfSense LAN interface?

nanobsd has some limitations due read-only file-system and sd cards are not so fast. Soft updates are really good for performance. It's up to you. It will depend on packages you have installed. Read about soft-updates. I think it is better then ssd cards.

Unless you are using this as a transparent firewall you need to have you WAN and LAN interfaces in different subnets. E.g. WAN: 192.168.1.100/24 LAN: 192.168.2.1/24 Steve