I found it!. I configured it a few weeks ago and it worked perfect. this morning I remembered that the default gateway on the 192.168.20.0 net is 192.168.20.254 while the PFsense ip is 192.168.20.1. this is where I made the mistake. When I tested the setup I had a static route facing 192.168.20.1 then I told to myself I will just add a static route on the existing firewall 192.168.20.254 and it will redirect the traffic. I rebooted the server a few time and the local route was deleted. So it's very interesting why the firewall 192.168.20.254 has created the mess. But I'm not going to investigate this.  I will replace it to Pfsense as well, and I hope that it will be ok. Many Thanks David,

Thank you! Will look into it!

@tastyratz: EDIT I am now able to pull up the page. I am unsure why I was never able to before in previous configurations or when swapping back and forth… but it now lets me. I suppose it is now a non issue. There is anecdotal evidence that some cable modems in some circumstances care about the MAC address of the downstream device. I do wonder however if its possible to block private networks on the wan port but allow a private network address exception so ONLY the modem config page can be accessed via the wan port. pfSense firewall rules apply on the input device. So on the LAN interface you could add a rule to pass traffic to the cable modem and follow it with rules to block access to appropriate private networks. (In time you might add other interfaces with private network addresses and want to route between them and LAN.)

I also dropped this stuff into an FAQ entry for future reference: http://doc.pfsense.org/index.php/Remove_F1_Boot_Prompt And the debug should really be =16, not 0x16, my memory was fuzzy on that one so I looked it up again. It worked with 0x16 but that may be why the debug messages were printing, since it wasn't quite the right mode, it had more debug info turned on.

most likely not, if i recall correctly dd-wrt doesent use rrdtool i´d  say dont bother /F

Cool. Thank you.

@rkelleyrtp: Thanks again.  Is there an easy way just to get allowed vs dropped? That should be on the summary view, but it only counts logged items. There isn't a web interface to it, but you can also check the output of: pfctl -vvsr From the console/ssh. It will show you things like this: @6 block drop in log all label "Default deny rule"   [ Evaluations: 5        Packets: 2        Bytes: 104        States: 0    ] @41 pass out all flags S/SA keep state allow-opts label "let out anything from firewall host itself"   [ Evaluations: 5        Packets: 6        Bytes: 456        States: 2    ]

Nice Jimp!! Wouldn't it be nice if that really was the protocol!  Make my life easier.

1.2.2….. We need to upgrade.

1.2.2 was based on FreeBSD 7.0, and 1.2.3 is based on FreeBSD 7.2 There could be any number of changes along the way that let it work. You'd be better off starting with a 1.2.3 NanoBSD if you need embedded.

Sorry for the confusion - we run a WiSP service for a large rural area using Motorola Canopy radios (not 802.11) - over 500 customers, many commercial gas production facilities, coal mines, etc.  The radios have MAC's starting with 0a-00-3e…  When NAT is turned on they change the first number to a 2 (2a-00-3e...). Again, I got this sorted out.  I know what the messages mean, and I use them regularly to monitor duplicate IP addresses being used, but there was an issue with our syslog server and the messages it was sending out to us (only sending the first message multiple times so it looked like same change was happening multiple times, instead and back forth between the hosts).

This is an old post, but I just wanted to update. I was working on a WAN Emulation project and I wanted to use Alix/NanoBSD as base. Since you guys have IMHO the best BSD based project I wanted to learn from you. Everything has been resolved and is working beautifully.  It even have it using the front LED's to indicate if WAN Emulation is enabled and if there is traffic on any port.  :P

Well the webgui IS the gui. How many rules are you talking about? If you use aliases appropriatly you can reduce the amount of rules drastically. IMO if you loose overview over your rules a rewrite is called for (with correct documentation).

pefect, thanks!

Threads automatically lock after a certain amount of time with no new posts, it probably just expired. I haven't seen any posts from the person who was planning on making them in quite some time.

http://doc.pfsense.org/index.php/FTP_Troubleshooting

Hi, Thanks for your response. The strange thing is I already editted that file. When I call on it directly I only see the 4 hrs graph,when I go through the menu it show all at an average of 5 minutes (300 sec) but the numbers dont' seem to add up. Strange…. Any thoughts?