Hi ps -f | grep "proxy_monitor.sh" | awk '{print $1}' | xargs kill -9 This command is stopping autorestart squid and squidguard. i had tested.

@phospher: Who created that spy app anyway? Ever visited the smoothwall forums? and or www.imspector.org ? (currently down btw.) I believe it was one of the developers working on smoothwall express who made imspector. (aslak ?) Shouldn't this question be moved to the "packages" thread? I don't know who is the maintainer for this package, or if it even is maintained at all.

@marcelloc: Don't configure LAN and WAN on same subnet unless you are using bridge. configuring a balancer on same subnet you are will not work. The web server will receive your request via firewall and will try to respond directly to you… 192.168.0.1(you) -> 192.168.0.17(balancer) -> 192.168.0.74(server) the response will be 192.168.0.74(server) -> 192.168.0.1(you) -> reject! You asked 192.168.0.17 for a page, not 192.168.0.74. Now I configure WAN of the load balancer to 192.168.2.2 with the default gateway 192.168.2.1. However, I still get no response from 192.168.2.2 and I get the following in the states log. tcp 192.168.0.74:80 <- 192.168.2.2:80 <- 192.168.2.1:51333 CLOSED:SYN_SENT  tcp 192.168.2.1:51333 -> 192.168.0.74:80 SYN_SENT:CLOSED I check the web server (192.168.0.74), there's a connection between it and the default gateway (192.168.2.1). Any suggestion?

I'm not aware of any limits. However 802.1Q itself limits to 4093 (0x0, 0x1 and 0xFFF are reserved)

@podilarius: I know how passive ftp works. I'm connecting from a LAN side client to a WAN side passive ftp server that is listening for incoming connections on a HIGH port >1024 – NOT port 21. For this to work I'd have to open the port on which I connect to the server (e.g. 30000) + all ports >1024 for PASV data transfer on the LAN interface and thats exactly what I DON'T want to do. As mentioned FTP Helper would help with this, but since it doesnt track FTP connections on high ports (as Ermal mentioned) it's useless in this scenario. @ermal: thanks for clearing this up. Already thought that FTP helper would only work when using port 21. === My solution for now: Connecting to the FTP through a socks proxy which isn't restricted as much as the LAN side clients. === Please let me know if there's any "better" way to do this.

@michael.jesse: I tried to access the GUI through a Web interface again and it did not work. I tried to ping the gateway (192.168.1.1) and it failed. I rebooted the router and ping is successful, but still cannot access GUI. I tried to get on through HyperTerminal, but that connection failed as well, both through Winsock and SSH connections. Is there any other way to access this short of reformatting? Can you get on via keyboard and monitor? If you can, you can go into /cf/conf/config.xml and remove the errant NAT entries. Once that is complete you must reboot for it to take effect. This might allow you get in, otherwise you if you can get into console, you can set it back to factory defaults and reload from last known good backup.

If only your webmail service uses port 443 then you can get around it with HA Proxy or similar. Otherwise yes, for all services other than HTTP you need one WAN IP for each service you want to share a port.

You can report issues via the pfsense bugtracker at http://redmine.pfsense.org/ and code patches via https://github.com/bsdperimeter

@pf2.0nyc: temps in the room are 69-70* F and humidity is acceptable. That's nice but the significant temperature is the one in the CPU die. Perhaps you don't have enough air flow through your box, maybe the CPU heatsink is too small etc. There has been some discussion recently (in the hardware forum if I recall correctly) about use of the coretemp kernel module to monitor CPU temperatures. You might find some useful ideas in that discussion.

The DHCP server is on the PFSense box and clients connecting to the switch on any vlan will sometimes send 2-3 discovers to the DHCP server and the PFSense log will only see one of them or sometimes none at all. OK, for the ARP table, I think I found the problem. For some reason or another, my laptop's MAC address is the same as the PFsense box's interface. I'm going to try changing my MAC address and run some tests.

Hi, I am using the 2.0 final version and avahi is eating my CPU… any idea why?

Manual outbound nat means that you will specify how and wen pfSense will nat. If you delete all outbound nat rules, you are telling pfSense to just route outbound traffic.

Hi, same here. Do you have solved the problem?

@ozric: when i connect to the apo the notebook gets the right ip via dhcp, but there no portal. Is the pfSense OPT1 interface connected to the AP WAN interface or one of its LAN interfaces? Does the notebook get its IP address from pfSense or the AP? (Perhaps the AP has a DHCP server running.) What does the notebook use as its gateway? What does the notebook use as its DNS?

yes only serial part of putty isn't working - very odd but probably my issue. I'm not using a USB dongle - when I put hdd with XP pro in the same exact machine with same exact cable hyperterminal works fine so its something software related. I figured out a way to use hyper terminal on W7 so i'm all set… Thanks for the help & answers. Interested in trying to get that fixed but not the end of the world if it can't be fixed.

Yes you could. I had some routing problems when using bridge + routing but you can try. If you need more options, you can set all public ips at wan and Forward(or balance, or filter) the traffic To internal or dmz servers using: nat pfSense load balance apache+mod_security varnish haproxy And then apply traffic shape