@jimp: You're a GENIUS!!!!  I remember ticking that when I was setting it up.  Everything is back to normal and things are running much better with the simple unticking of that option.  You rock jimp!  Thanks for sticking it out and helping a n00b like me. ;)

On the OPT inferface (192.168.33.0/24) put a block rule to 192.168.88.0/24 network. This must go above the allow any rule. If you want to have fun. Create an alias for each network. Then create a rule in each one that allow not (192.168.88.0/24) to the internet. Then everything but that address will be allowed to pass.

That is exactly the card I have.  Too bad that didn't come up in my searches. :(  Perfect answer to my question.  Thanks!

the problem there is when you unplug the USB wireless you'd have to remove the interface assignment as well or it would drop to an interface reassignment prompt at bootup. If you move a wireless interface config to a non-wireless interface, it wouldn't retain the wireless settings.

@Nachtfalke: The Layer7 filtering for torrent isn't working on my actual pfsense 2.0 So I don't think that this is a good solution at the moment. :( It's as good as the l7filter project's signatures, which is hit and miss. It'll miss all encrypted BT traffic as you can't detect that in such a fashion. It's also extremely high overhead so it's not something I would put a ton of traffic through unless you have a significantly oversized CPU (by our normal hardware sizing standards).

@fluca1978: It seems to me this is a feature of pfsense not present in FreeBSD. Is there any good reason why not using something like newsyslog? They're kept in RAM to have consistency between embedded and full versions, can't use normal FreeBSD logging on nanobsd.

l2tp working only "manually" since described problem appeared when i returned back commented code in interfaces.inc to be able to write hostname as l2tp remote server (thx Lexvel) if (!$g['booting'] && !is_ipaddr($gateways[$pid]) && is_hostname($gateways[$pid])) {               /* XXX: Fix later */               $gateways[$pid] = gethostbyname($gateways[$pid]);               if(!is_ipaddr($gateways[$pid])) {                  log_error("Could not get a valid Gateway IP from {$port} via DNS in interfaces_ppps_configure.");                  return 0;               } it is still vital to get l2tp server via dhcp for me and some other users from my country (my ISP seems to be popular in Russia), so still hoping someone will help.

Well, thanks. I think pfSense will be my choice then. Thanks for your help. Now, I just have to learn how to play with traffic shaping option ;)

@torontob: Thanks again for the input. I will try that. But what you explained is LIMITING the bandwidth. Why limit the bandwidth? I never know what the bandwidth is exactly as it changes during the day and night. What I am looking for is DEDICATED 512kbps on one NIC PORT regardless of what all my other ports get (dynamic speed at different times of the day). Is that possible? The way you explained it I suppose I should define each port to get certain limit (I assume I can't use percentage but rather hard numbers). Yes, it can be done. It's called Realtime.  Realtime reserves the bandwidth for the queue and the other queues share whatever is left.

Hi, Welcome!  :) You can use Squid with Squidguard: http://doc.pfsense.org/index.php/SquidGuard_package (the same sofware as IPFire's URL filter) You can probably also use pfblocker to achieve this: http://forum.pfsense.org/index.php/topic,42543.0.html IPFire is a fork of IPCop with additional functionality included by default right? I came from IPCop and before that Smoothwall. Differences between that and pfSense? Hmm…. pfSense is built on FreeBSD. It is a more secure and reliable platform (though I never had any trouble with IPCop) but has a lot less hardware support so make sure anything you buy is compatible. pfSense is strictly focused on security so anything that might compromise that is not included. Packages are available to add functionality at the risk of security but some things (samba server, web server) are seen to be too higher risk. pfSense does not limit the number of interfaces you can have nor does it treat interfaces differently (red, green, blue etc). You can configure any interface to do anything you want and have as many as you can fit in the box, or far more if you use VLANs. Probably a load more things! I tried it and didn't look back. The one thing I miss is extensive logging on the box. pfSense logs only to ram, if you want complete logs you must export to a syslog server. Steve

Thanks for the info!  I think shellcmd is probably the best choice. -Brian

I removed the manually added aliases before doing the upgrade. I did the upgrade in other box and I didn't have the same problem. It seems my problem was due to problems in the boot script of pfSense solved checking the boot log and php_errors of the boot log as you could see on this post: http://forum.pfsense.org/index.php/topic,43766.msg226677.html#msg226677

What is the IP address and network mask on the pfSense WAN interface? What is the IP address and network mask on the pfSense LAN interface?

nanobsd has some limitations due read-only file-system and sd cards are not so fast. Soft updates are really good for performance. It's up to you. It will depend on packages you have installed. Read about soft-updates. I think it is better then ssd cards.

Unless you are using this as a transparent firewall you need to have you WAN and LAN interfaces in different subnets. E.g. WAN: 192.168.1.100/24 LAN: 192.168.2.1/24 Steve

Ok, I can understand that.  :) So I would do this in three steps. 1. Record the MAC of each of your clients routers either directly from the device or by looking at the DHCP lease table and then configure each one to static lease. 2. Add alias IPs to your WAN interface for each of your public IPs. Configure 1:1 NAT with each of the aliases to a clients private IP. Good video tutorial for this step here: http://www.youtube.com/watch?v=zrBr0N0WrTY 3. Create limiters for each client and configure firewall rules to direct traffic through them. If you want to hand public IP addresses to your clients boxes directly you can do that by disabling NAT entirely but that's beyond my experience. http://doc.pfsense.org/index.php/How_can_I_use_public_IP%27s_on_the_LAN%3F Steve

This post has helped: http://forum.pfsense.org/index.php/topic,43983.msg228156.html#msg228156 I still don't have it working but I think I'm really close. I swapped OPT and LAN with each other.  They now have different roles. I now have interfaces: OPT type=none (no IP) WAN type=none (no IP) BRIDGE type=none (no IP) LAN_ADMIN type=static.  IP 192.168.0.100 OPT and WAN are bridged LAN_ADMIN is working and its used to access the pfSense webGUI. I have no gateway defined. I have rules set to pass everything on WAN and OPT. This is similar to how I've configured transparently bridged OpenBSD firewalls in the past.  The two interfaces and the bridge didn't need IPs.

Well after searching I've ran across this thread about how to setup FTP on 2.0, just needing some help. I've setup a NAT: Port Forward on 20-21 to my internal ftp server 20-21 I've setup Filezilla in Active mode, I've tried passive as well but no luck. Under Advanced -> Firewall/Nat -> I have only the first 2 boxes checked, i've tried mutiple options here as well. I've also tried changing the system tunables to 1 like the above posts. Anyways I'm lost, can anyone offer any suggestions on what else to try? Thanks!

I could see RRD data files getting that large for that kind of deployment. If you want to graph that kind of data, you can enable the SNMP service and then use an external poller such as Cacti or Zabbix to graph.