Thank you :) That is what I needed to know. So I will be ordering the 1.2.3 book & will purchase the 2.0 book when it comes out :) Thanks for all your hard work on this stuff! It's much appreciated… My CEO just wanted an automatic WAN failover. When I was able to build one that did that, plus replace our old router/firewall, as well as do load balancing, traffic graphs, and all the other great stuff by using old hardware we already had, and not even having to pay for the software... Needless to say it got me some brownie points with my CEO for adding way more features than the requirements called for as well for doing it at a grand total cost of $0.00. So much appreciation and will try to show some love back by purchasing the official books written by members of the project.

OK, fixed. Thanks Jimp!! I left the firewall rule to handle things other than port 80. For Squid: As Jimp implied, leave "General tab -> Bypass proxy for these source IPs" blank. Place the IP in "Access Control tab -> Banned host addresses" and that should take care of port 80.

ok - tnx :: i did try out that 'reset button' with several limit of time, without                 success - so i made a 'null-modem'

I figured it out just a bit ago. I'm not sure what was going on, and I'll have to investigate because there were NO other computers on, but there was a network device on 192.168.0.11. I'm guessing something was going on with IP conflicts at .10 perhaps. Sorry for the confusion.

@luke240778: Are you saying that it is not a good idea to have upnp enabled? I would say, not if you don't need it. You seem to have a clear need for it though. Just be aware that it effectively allows any client behind your firewall to open ports and setup port forwards. Since you are a WISP this is perhaps more of a risk than for other users who can control what is behind their firewall. Steve

Meant the default timeouts. Such as: set timeout tcp.first 2 set timeout tcp.established 3600 set timeout tcp.closing 2 set timeout tcp.closed 600 set timeout udp.first 2 set timeout udp.multiple 3600 set timeout icmp.first 2 set timeout other.first 2 set timeout other.multiple 3600 set timeout adaptive.start 20000 set timeout adaptive.end 220000 I am playing with 2.0, looks pretty good. Took a patch from FreeBSD mainline to support my 8 port serial card. Had to recompile the kernel with puc enabled for it to work, but it works like a charm. Overloading dumps excess entries into a table, which can be used for later processing. For example, I have different uplinks wrapped in different 802.1Q tags. When something passes reverse path verification (something else I can't yet locate), and exceeds 90 syns/min, it dumps the IP into the synflood table. 5 minutes later, it's removed. I live in the CLI. However, the guy that pays my bills does not, and most of the people on my team are specialized in a specific talent. This means a GUI is needed. pfSense has impressed me, and once I become familiar with its source, I do plan on submitted many a patch.

You'll never get a proper environment for compiling on the firewall, not without a lot of headaches and mess that really aren't worth it. Setup a FreeBSD 8.1 box or VM, compile there, and move things over. Much simpler that way, and it doesn't reduce the security of the firewall (unless you're installing a program that does :-)

A /31 isn't generally considered a valid mask as it doesn't contain any routable addresses. FYI- 255.255.255.252 is /30, not /31.

Do you have a screenshot of what this looks like? If it's just the question mark by the cursor, I get that on all of them and that's normal, it's just the style of the cursor that shows with the overlay for the alias popup.

Thanks guys for your replies. Actually power outage is exactly what happened. I also figured out that "promiscuous mode" had nothing to do with the file system. After a proper restart the system log is clear of warnings. Thanks again.

@stephenw10: I'm not sure I understand the question. Do you mean would it be better to use the switch for port mirroring? If so then yes, if your switch supports it, as it won't load your pfSense box. Steve Hi Steve, yes that was my question. I will use a switch then.

Anything bigger is fine.

Thanks for the replies Fellas… Found out what was happening.... I originally tried pfSense followed by M0n0wall and some others. I was experiencing the same issues. I did try to connect to by using an IP address but it would just lay there and look at me. I dug deeper by looking into the firewall logs of one of the servers providing shares and found that it was complaining about connection attempts from ports 137-139 (Old Windows 2000 and XP PCs) and also port 445 from the Win 7 boxes.  445?    I had to look that one up.  It seems that this port (Discovery Server Port) is the replacement for the old NetBIOS ports 137-139. I allowed port 445 on the file server and I was able to connect a share by name. Cool.... But not finished. Now when you try to connect to a share you cannot see the rest of the network. You have to go into: Control_panel --> Network and Sharing Center --> Change Advanced sharing settings and enable "Turn on Network Discovery". This allowed me to see all of the other members of my group. The Firewall is working well. I upgraded all of the Win 7 boxes to Service Pack 1 to give the firewall/gateway a workout and it was not even sweating (2.8GHz, 512MB, 80GB, w/2 100mb links). I have a 22Mb/s down and 5Mb/s up Comcast link so everything went real fast. One other note.... If any of you are reading this and still have trouble with XP and 2000 connecting then go to the PC that is providing the share and go into that PC's firewall software and tell it to specifically allow your PC (by IP Address) to use ports 137-139. I did this with McAfee and it worked. Why all of this broke when I put pfsense online still baffles me. I was still on the same LAN so pfsense should have not been involved. When pfsense was disconnected everything worked without any modifications. Most peculiar. Thanks again for your help!!!! Darius

It might get a bit tedious repeatedly connecting to the pfSense GUI and entering the details so another option would be be to (for example) create a shell script on the pfSense box in the office to issue the appropriate wol command and then invoke it by ssh from home. (Might need to do this under a user other than admin.) On the pfSense box you could add static arp entries by shell command but they will disappear on pfSense reboot. I believe the pfSense config file can include shell commands to be executed at startup (see the Shellcmd package and the discussion in, for example http://forum.pfsense.org/index.php/topic,34391.0.html ).

Also, your source port will not be 443, that's your destination port.

Have you tried reading the documentation and searching the forum? Much of what you ask is trivially found with even just a cursory review of the documentation.