Yeah, the underlying software supports it, we just don't have any code in the GUI to do that. I thought there was a ticket in redmine marked "future" for that but now I don't see it at the moment.

I thought someone did some work on it recently to make it work, though I haven't tried it myself.

Not easily, but you can get the same effect, more securely, by using a VPN. Setup OpenVPN, route your traffic for that site through the VPN tunnel, and you should be able to access it from the firewall's IP that way since you'll get NAT applied outbound. (Should be fairly automatic on 2.0) PPTP would also work for the same effect.

Hi , I am new to pfSense and I am having some trouble setting up my box. I have 2 link ADSL 1.0 Mbps with dynamic IP and SDSL 1.5 Mbps with static IP. Plan to setup in load balancing mode so that I can get total speed of 2.0 / 2.5 Mbps . The ADSL link is successfully setup and can pass traffic. The problem is I can't get the SDSL to work. If I connect my PC directly to the SDSL modem router I can access Internet with full speed (1.5 Mbps upload/download) but when I connect it to the WAN 2 port it cannot pass any traffic. try to ping from WAN to to Internet also not success. Have tried google but still cannot get it to work Any idea on how to setup in this situation or maybe Kinder could u please show me how to setup since I think your setup and mine are more or less similar? Any help is appreciated TQ

The problem has been solved. Thank you,

Because it logged that packet - and there was apparently enough information in the packet that tcpdump decoded it when it was blocked/passed/whatever. You'll also see that sometimes with SMB traffic.

As I've moved things around I want to name them just for clarification. Router A = Original, working, slightly faster router. Router B = Newer, slightly slower router that drops WAN. I haven't considered faulty hardware.  The main reason I haven't is all the components are known working outside of this configuration.  Both Intel NIC's were functioning properly in Router A.  Router B's mobo and HDD were previously running FreeNAS with no noticeable problems. As the constant loss of connection was driving me crazy, I moved Router A back in place. I changed Router B's LAN IP's to a different subnet (Not sure if that's the correct terminology, but I changed from a 192 address to a 10. address) and connected Router B's WAN to Router A's LAN.  I also setup a test machine under Router B so I could see if the WAN connection gets dropped. It's been running for a few hours now and not a single dropped WAN message from Router A or B.  There were a few other strange messages in Router B.  Ones that I don't see under Router A, but I accidentally cleared the log.  Stupid me.  It seems that I've narrowed it down to being a problem with Router B and my cable modem now working correctly?  I'm using a SB6120 with Comcast.  Assuming the strange messages show back up in Router B, I will definitely post them in the morning. Thanks again for everyone's suggestions. Edit: Logs Added Jul 24 22:50:32 apinger: Starting Alarm Pinger, apinger(36545) Jul 24 22:57:27 dhclient: RENEW Jul 24 22:57:27 dhclient: Creating resolv.conf Jul 24 23:57:27 dhclient: RENEW Jul 24 23:57:27 dhclient: Creating resolv.conf Jul 25 00:57:27 dhclient: RENEW Jul 25 00:57:27 dhclient: Creating resolv.conf Jul 25 01:57:27 dhclient: RENEW Jul 25 01:57:27 dhclient: Creating resolv.conf Jul 25 02:57:27 dhclient: RENEW Jul 25 02:57:27 dhclient: Creating resolv.conf Jul 25 03:57:27 dhclient: RENEW Jul 25 03:57:27 dhclient: Creating resolv.conf Jul 25 04:57:27 dhclient: RENEW Jul 25 04:57:27 dhclient: Creating resolv.conf Jul 25 05:57:27 dhclient: RENEW Jul 25 05:57:27 dhclient: Creating resolv.conf

Yes with 2.0 a redirector was installed.

Just since this comes up in search results - 2.0 logs this.

If you have hundreds of rules on any firewall, you're most likely not doing things optimally. I have seen some so complex and wide ranging that hundreds or more rules are required, but it's very rare, maybe one in every 500 systems I'm on. Lots of good coverage on the usage of aliases and in general keeping your rules as manageable as possible in http://pfsense.org/book

thanks works great!  ;D

OMG… I really, really, really feel stupid now.  :o My apologies for wasting your time. I completely under-estimated the pfsense-team. Issue resolved. Thank you very much

I dont think there is a package that will do everything that you want but what I use is darkstat and bandwidthd. Darkstat description: darkstat is a network statistics gatherer. It's a packet sniffer that runs as a background process on a cable/DSL router, gathers all sorts of statistics about network usage, and serves them over HTTP. This will tell you when it last saw a certain IP. bandwidthD description: BandwidthD tracks usage of TCP/IP network subnets and builds html files with graphs to display utilization. Charts are built by individual IPs, and by default display utilization over 2 day, 8 day, 40 day, and 400 day periods. Furthermore, each ip address's utilization can be logged out at intervals of 3.3 minutes, 10 minutes, 1 hour or 12 hours in cdf format, or to a backend database server. HTTP, TCP, UDP, ICMP, VPN, and P2P traffic are color coded. It will tell you the users that are on daily, and how much data they are using. Hope this helps.

Ok so my wifi network is configured as followed. It is not bridged with LAN, it does have DHCP server activated and gived out IP's in the C address range (24 bit address class). The wifi clients see the wireless network just fine and they are also able to connect and access the internet. The wifi clients also get the proper IP address and subnet mask as well as Gateway information provided by pfsense. I also have a firewall rule allowing WIFI subnet to access everything (*). I have the newest 2.0 version of pfsense. The problem i am having is complete access (Ping,NFS connections, RDP etc…). When i try communicating through ping it gives me host/destination not reachable. This only happens between wifi clients, LAN to LAN doesnt have this problem. I enven fired up wireshark on both computers i am trying to get to communicate and when i use computer A to ping computer B with wireshark running on computer B it shows no ARP request or ping protocol in capture file. I also tried capturing WIFI traffic on PFsense and i dont get any ARP or Ping traffic at all. Now with all this written up i want to share the solution to this problem for anyone else who has a stupid moment like mine. The cause for these problems are due to the fact that under my WIFI interface options for wireless AP Mode, i did not check the box "Allow intra-BSS communication" which caused all the previous posted problems. It's been almost a year since i installed a pfsense box and so i forgot that i needed this option for client to client communication. I hope this proves useful for others. Thank you wallabybob for all your help.

One more question: Later in production use I want to run pfSense on old IBM Server hardware (Xeon CPU, 2 GB RAM, GBit NICs). What is more recommended a) installing pfSense on hard disk, which could become damaged or b) to install the nanoBSD version on USB memory stick? Thanks!

Thank you. I used your solution of port forwarding and it does work. I will just have to make a list of what port corresponds to which machine so I remember.