I have it working now, the LAN interface had to be selected in order for it to work. Filtering via dns and squid guard not working real well, but with more tweaking/playing should be able to get it. Thanks for the help folks. ;)

I need to make a doc wiki entry for that I suppose. It's handy to have. The same tactic should work on VirtualBox as well.

funny, i posted a topic about the same time you did. I installed a solution using pound on my box but asking the forum if there are any security concerns. Pound is only for http/https traffic tho. http://forum.pfsense.org/index.php/topic,33566.0.html I'm not sure how to do this for mail(pop3,smtp,etc) but since they use different ports then HTTP, just setup a NAT/Firewall Rule for your mailserver IP and ports. Edit: Take a look at http://forum.pfsense.org/index.php/topic,33566.msg174126.html#msg174126 I did a quick how-to for pound

Is this to stop the machines from being on the network period, or accessing the internet? If accessing the internet, captive portal offers a lot of options, look up vouchers. If from accessing the network, then I can only suggest a rotating wireless key (weekly/monthly) that is posted on some sort of trusted intratnet/bulletin board to be given out from an employee to customer. If they have access to an ethernet jack and are determined, google will get them in. @hankjrfan00: Is there a way to black list MAC Addresses so that traffic from specific MACs would  not be passed.  I would prefer this to work on the firewall level, but if that is not possible I would settle for a solution that worked on the DHCP level. The only thing I could find was an option to use a DHCP whitelist, but this will not work in my environment.  I searched the forum and could not find a solution. Thanks in advance!

I don't see an answer to your question, the problem may be clarity. I'm not exactly sure what you're trying to achieve. To allow traffic to pass from LAN to OPT1 and OPT1 > LAN, you need to add 2 rules. Make sure your NAT: Outbound is set to automatic. [LAN]         Protocol  |  Source | Port | Destination | Port | Gateway | queue PASS * LAN net * OPT1 net * * none [OPT1]         Protocol  |  Source | Port | Destination | Port | Gateway | queue PASS * OPT1 net * LAN net * * none Hello This may be a simpel question, and thereby a easy solution, but for somehow I can't get it to work prober. I have a pfSense router on my network. Lan interface is 10.101.200.3/16 The WAN interface ain't in use. The OPT1 interface is 10.112.200.1/16 My problem is, what on the LAN interface I got a default router, with an IP: 10.101.200.2/16 How can I set this in the pfsense? Are you asking how to set the "default router" with a static IP with the DHCP Service in pfsense? I just re-read this and understood the fact you have a router on the LAN interface after your pfsense, be sure to turn it into a dumb switch and disable any NAT/Firewall features on this. Also check your pfsense logs to see if there are even any attempts from lan>opt1 coming through. My next problem is, what I will allow all traffic from LAN to OPT1 and from OPT1 to LAN. I have tried to disable firewall (no go), and tried to create a firewall rule on the LAN site, where allowing all on any source, and protocol and to any interface. The same have I tried to do on the OPT1 interface. At the moment I have created 4 static routes to allow trafic from the OPT1 interface to the LAN interface, because there is something there are blocking my network traffic. How does I setup the pfsense unit correct to allow all trafic both ways, without any problems? Any good ideas? Best Regards Munken

@cmb: Where I've seen that the most is where the NIC you're trying to ping out of has no link. That may be driver specific though (some will just time out in that case). May be that there isn't enough RAM to allocate mbufs or something to the NIC, 4501 technically isn't a supported platform as it only has 64 MB RAM, you may have trouble running reliably on it. May want to check 'top' at the console or SSH to see how much memory you have available. I've moved CF card from Soekris 4501 to Soekris 4801, and now everything works fine! Thanks!!

yes that's true that using dyndns with firewall rules is  pretty easy  and works nice …. I am suing 2.0 beta 5 and so far only noticed the problem with country blocking - even thought cron is scheduled to run every 5 min this is off :(

A related question would be are there any real time monitoring tools for pfsense? I don't need them on the box itself but perhaps via syslog for example. I'd love to see what's going on in real time, at all times, along with getting some reports, history, etc. I have three pfsense firewalls which I'd love to monitor/maintain centrally though some sort of monitoring package. I know snort is an addon but I'm not sure I have the capacity to take on anything overly complex at the moment, my head is reeling from over technology.

… and if you want to weight one connection over another, add multiple entries for the connection you want used more often.

FYI, I'm running 2.0 and the process listed in the wiki didn't work for me (dsl in bridge mode with pfsense doing the pppoe). I could ping the modem (192.168.0.1) from the pfsense box, but nothing else on the LAN could. What I did was add the OPT interface, set its IP to 192.168.0.2, and instead of leaving the gateway blank, added a gateway that points to itself (192.168.0.2). I then added a route to the 192.168.0.0 subnet with the OPT int as the gateway. Didn't have to add an outbound NAT entry. EDIT: I did need to add a NAT entry for it to work right.

Thanks; this looks like some pretty complicated stuff though: http://freeradius.org/ ??? Besides for IPCOP do you know if any of these have a feature that can do it? http://www.techradar.com/news/software/applications/7-of-the-best-linux-firewalls-697177?artc_pg=1 ::)

On 2.0 you can use ranges in an alias, but what it really does is translate that alias into an equivalent set of CIDR masked proper subnets. On 1.2.3 you can get this functionality by installing the package for IP Ranges in aliases.

Known issue: http://redmine.pfsense.org/issues/1243 Still needs some work.

Before what i am doing with the pfsense pc i just follow how the router were configured, i am using PPPOe settings from pfsense pc configuration and does give me internet access for all the users passing thru the pfsense, now i am really not sure what settings or configuration should i be set on the pfsense pc. If anyone could give me an idea what configuration should i be setting on the pfsense to follow or to coordinate with my ISP provider router to coordinate and not to everytime disconnecting the router. i am newbie with pfsense but i found it really useful and very reliable firewall

hi, did you fix the problem?! i have the same here and no solution  :(