I've tried from different machines from LAN to DMZ. (FTP-client of Win XP, Vista and 7) On the server I've tried ProFTPD and vsFTPd. LAN-LAN and DMZ-DMZ FTP-connections all goes well. I did a packet-capture on the DMZ (OPTx) interface of the pfSense-box. Just tested on the LAN-interface of the pfSense-box… The communication on the LAN-interface looks also comming thru 09:09:56.737775 IP 192.168.2.12.52820 > 192.168.3.13.21: tcp 27 09:09:56.738208 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 0 09:09:56.738441 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 51 09:09:56.746785 IP 192.168.2.12.52820 > 192.168.3.13.21: tcp 6 09:09:56.747982 IP 192.168.3.13.20 > 192.168.2.12.52938: tcp 0 09:09:56.786254 IP 192.168.3.13.21 > 192.168.2.12.52820: tcp 0 On the client… 331 Please specify the password. Wachtwoord: 230 Login successful. ftp> dir 200 PORT command successful. Consider using PASV. 150 Here comes the directory listing. You can wait, wait… wait... nothing seems to happen. (even waiting for more then 30 min.) any-2-any rules are made on LAN as well on the DMZ interface. (just to eliminate blocking issues) Hmmm... Just tried also to do an FTP from pfSense to the server... [2.0.1-RELEASE][admin@fw1.[i]<mydomain>.local]/root(1): ftp server Connected to server.<mydomain></mydomain>.local. 220 (vsFTPd 2.2.2) Name (server:admin):<my_username></my_username> 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 229 Entering Extended Passive Mode (|||26882|). 150 Here comes the directory listing. drwx–----    5 504      504          4096 Jan 21 17:40 Maildir drwxr-xr-x    2 504      504          4096 Jan 21 16:47 awstats drwxr-x---    2 504      504          4096 Jan 21 16:47 cgi-bin drwxr-xr-x    3 504      504          4096 Jan 21 16:47 etc drwxr-xr-x    2 504      504          4096 Jan 21 16:47 fcgi-bin drwxr-xr-x    2 504      504          4096 Jan 21 16:47 homes drwxr-x---    2 504      504          4096 Jan 21 16:47 logs drwxr-x---    6 504      504          4096 Jan 22 10:16 public_html drwxr-x---    2 504      504          4096 Jan 25 16:57 tmp -rw-r--r--    1 504      504            0 Jan 25 16:37 training.docx 226 Directory send OK. ftp></mydomain> Just found another article on google… "The DOS box FTP in Windows does NOT do passive"  >:( (and I was trying, trying and trying with the DOS box FTP) I've downloaded the latest version of FileZilla and put it on my own PC… AND IT WORKS!!!

follow this topic with same issue http://forum.pfsense.org/index.php/topic,45520.0.html

@greybeard: Q1.Is there any gui option to select the auth type? Q2. An I unique or does anyone else require this? 1. No 2. I don't want it at present BUT it would be useful if I ever want to use Virgin mobile broadband as a backup to ADSL. Ubuntu since at least 10.04 has allowed selection of PPP authentication options

SOLVED (kind of)… It would appear I still had some pfBlocker configuration settings in my backed up xml file. Those were causing the issue. I still see the multicast message so as suspected its unrelated. Manual removal of all pfBlocker references in the xml and restore seems to have worked.

Then you need the rule I mentioned by negate the policy routing for the modem IPs, you're forcing traffic to the modems out the gateway group.

Check if configured dns is working on your pfsense and if you can browse files.pfsense.org.

http://www.freebsd.org/cgi/man.cgi?query=pfctl&apropos=0&sektion=0&manpath=FreeBSD+8.1-RELEASE&arch=default&format=html

@luke240778: The last one i got in the US for $179, here it will cost around $700. Ouch!  :o Steve

As far as passing packets, the two are comparable. Our web interface will be a bit slower on hardware of that spec, just a lot more things going on, we have protections from attacks against the web interface that m0n0wall doesn't have, amongst other differences. If you have a busy dashboard, it'll really hammer a box that slow, especially if you show the traffic graphs on the dashboard. Everything else is much less difference. Unless it's something you're constantly in making changes, it wouldn't be a big enough difference for that to be a factor.

When the DNS forwarder is enabled, it puts 127.0.0.1 in there automatically so name resolution from the firewall itself uses the performance benefits and local caching of the DNS forwarder. You can check the box under System>General Setup if you don't want it to do that, but you usually want the improved performance of the DNS forwarder (127.0.0.1).

Thanks for the direction. I think I put it in the right place.

Try to set this on the command line: sysctl hw.acpi.handle_reboot=0 Then see if it can reboot. If that works, you can add that as a system tunable under System > Advanced on the Tunables tab. These kind of issues are almost always ACPI issues as others have mentioned. Update BIOS, toggle ACPI options in the BIOS, etc, to see if you can find a config that works.

you should use a vpn connection, start vpn from vpn->pptp , create a user list, on client with xp instead ppoe yo should create vpn connection when is asking for ip you need to enter exteriour ip form your pfsense (or can be made with dns if is dinamyc) after enter user and pasw , create new rule from firewall on pfsense to start internet sharing trough vpn or other other options,i've done this and is working fine, good luck

does your modem support pptp passthrough? is it enabled?

Any answer ? Regards

At 4 Km, with a signal level between -60dBm / -65dBm and a Noise floor arround -90dbm your link must work OK Using MCS15, with a 20Mhz Channel width, you get 130mbps, so for your 20mbps pipe it must perform OK. I have done some tests using MCS10 at 20Mhz channel width (39mbps), with Nanobridge, and it can pass 20mps without problem. http://dl.ubnt.com/UBNT-MIMO_Data_Rates_2.pdf

Yes, you will need to create a bridge between both pfsense to simulate a local config scenario carp checks and sync transfers a lot of packages between firewalls, make some tests to see if this setup will not fill up your link between pfsenses. If you are using vmware, this post may be usefull http://forum.pfsense.org/index.php/topic,45093.0.html

The new speedtouch modem don't seem to be working that well with pfsense config. What you could try with the speedtouch en pfsense is the following. (not a very nice solution but probably works!) Example settings! 1. Make the speedtouch your WAN connection just as it would normally do. WAN has public / LAN is fixed 192.168.1.1 2. Add an exposed host in your speedtouch: 192.168.1.254 3. At the WAN of the pfsense enter a static IP 192.168.1.254 /24 with gateway 192.168.1.1 If the speedtouch has no exposed host search for NAT or DMZ and make sure all traffic is forwarded to 192.168.1.254 This way your pfsense should be able to handle all firewall settings but be aware that due to the NAT in the speedtouch not all incomming traffic to the pfsense will work without problems. I mean when entering a NAT rule in the pfsense.