As I asked on the other thread but never saw an answer for: Why are you using tcpdump on pflog directly? That isn't how you watch for log messages on 2.2 or 2.3.

One of two things Blocked traffic Squid

At the moment we don't have any better way to accomplish that goal. What is it that you need to fetch with cURL that needs a custom CA?

Old thread but I've bought from both and thought I'd add my opinion for the record. I'm in the GTA.  Xagyl had been pretty good but stock had been on/off for a while.  In 2012 or so, I discovered corpshadow.  Xagyl was in Ottawa.  Corpshadow is in the GTA and offers an after hours pick up at an Oakville address close to the GO station.  Stock always seems to be plentiful when I want to buy.

Hi Derelict, if i want each one group of users of "marketing" download to 150Kb, as it could do?

https://forum.pfsense.org/index.php?topic=115934.0

Why not just install actual ntp client on your windows machines vs using their hodgepodge of what they call a time client.. You can grab windows port here. https://www.meinbergglobal.com/english/sw/ntp.htm#ntp_stable If you don't want to compile yourself..  you can normally grab stable and the dev version here. http://www.satsignal.eu/ntp/x86/index.html That site is a well of information on ntp… David does a fantastic job!!!

The complement each other / work in tandem. You can forward the port but without the firewall rule no traffic will pass. You can add the firewall rule but without the port forward there will be no inbound traffic for the destination address (usually an RFC1918 address).

@NOYB: Install pfSense on the micro-box and use VLANs.  Only one NIC and a smart/managed switch required for VLANs. Good idea. Thanks!

I've updated squid but not pfsense - I think that's the next option as it still won't stop resurrecting itself. No service watchdog installed.

@Balanga: @pan_2: This is again depends on placing - you could not wire a 100 meter cable, attenuation will be to big. Also - you need to find a compatible PCIe LTE modem, this could be troublesome in some places, depending on your location  (don't forget different bands!) I would be very much interested in building such a box, but don't know where to start… I guess I first need to find a PCIe LTE modem that works with pfSense - apparently there is quite a choice, but I'm not sure what  you mean by 'compatible'. Compatible with what? Also I need a box and a motherboard. I was thinking of some sort of NUC but haven't come across one which has an opening for an antenna. Having acquired a 4G/LTE USB modem, I've abandoned the idea of using a PCIe LTE modem. I have it working under Windows because it comes with its own software which it installs. It's called Mobile Partner which is provided by Huawei and is described as Open Source Software, so I guess it could be built on FreeBSD. Maybe a FreeBSD version already exists….

Once you disable the any/any rules they'd be separated by the firewall and you'd have to add pass rules for any traffic that needs to go between them.

Firewall > Virtual IPs You cannot have multiple interfaces on the same subnet.

@bradtn: @guardian: @bradtn: @guardian: Make sure that you don't have Block Private Networks enabled (or a pfBlocker/Suricata/Snort) rule that trips when it sees a 192.168.x.x packet.  I've been trying to get up to speed on setting up pfSense and for now have to run behind a similar NAT… box has been up for about 3 weeks no sweat, so unless the modem is going down, you should be fine. Where Do I find said settings? Look under    Interfaces / WAN or    Interfaces / LAN - at the bottom under Reserved Networks (If you are using the new 2.3.1 or 2.3.2 interface) are you using any of  these: pfBlocker/Suricata/Snort?  If so, then you need to check the rules/blocklists - Firewall log should give you a hint if you are seeing stuff blocked. Its a fresh install so I do not believe so? If I recall correctly they are CHECKED BY DEFAULT