Thanks for the information.

Hello, I had similar problems, the solution on my system was to define the pasv_address in your vsftp.conf. It is mendatory, that this address is your WAN-IP. I found a script which put my WAN address in to this config file once a day. Every night at 2a.m. my PFSense is restarting the wan connection and five munutes later a cron job will run this script. #!/bin/sh #vsftpd.conf IP update vsftpd_conf=/usr/local/etc/vsftpd.conf vsftpd_log=/var/log/vsftpd.log my_ip=`host your-dyndns-address | cut -f4 -d" "` vsftpd_ip=`grep pasv_address $vsftpd_conf | cut -f2 -d=` if [ "$my_ip" != "$vsftpd_ip" ] ; then ( echo ",s/$vsftpd_ip/$my_ip/g" && echo w ) | ed - $vsftpd_conf echo `date` "$vsftpd_conf updated with $my_ip IP address" >> $vsftpd_log /etc/rc.d/inetd restart >> $vsftpd_log fi

Take a look at the traffic shaper features.

http://doc.pfsense.org/index.php/Accessing_modem_from_inside_firewall

Ok thanks that seems to have worked.  Its showing me that theres a constant stream of UDP requests from an ip address to the sip port (5060). If i stop my sip proxy then the outbound traffic goes away, but the inbound traffic doesnt stop. Also despite me putting reject or block rules against that IP address, when i restart the sip proxy, the outbound traffic starts back up again, suggesting that the firewall isnt blocking the traffic for some reason. A packet capture shows that the incoming traffic is a SIP packet "REGISTER sip: SIP/2.0" and the outbound replies when the proxy is enabled are "Status-Line: SIP/2.0 407 Proxy Authentication Required" Does this indicate a brute force attack of some kind ? or am i missing something obvious here? The IP in question doesnt appear to be related to my SIP provider, so i dont think its them, but thats my next port of call.

The run driver is already included in the 2.0 BETA snapshot builds. You will find most of what you are looking for if your search the 2.0 BETA TEsting forum for the string "runfw". As Efonne suggested in your other post, you should use the GUI for your configuration.

Hi, Thanks for replying. Yes I have resd those doc, in fact I have just realized that I was no waiting enought when I loose the network because pf reconfiguring for a while and I tought that pf was dead and then reinstalled them each time… Ok but I still have this MAJOR issue: http://forum.pfsense.org/index.php/topic,30264.msg156674.html

@wallabybob: On my home network al the systems get their IP address from DHCP. If that doesn't apply to your network a different solution will be required. Wow…them all being static is what it was.  When I changed them to DHCP it worked like a charm.  I then noticed the difference is that when static the ipconfig would not show the dns suffix and when I typed that in walla...  Thank you!

I have 2 Failover IP's and i was told i could configure it if i do the following /etc/network/interfaces auto lo eth0 iface lo inet loopback iface eth0 inet static address IP Failover netmask 255.255.255.255 broadcast IP Failover post-up route add Dedicated Server IP but end in .254 dev eth0 post-up route add default gw Dedicated Server IP but end in .254 post-down route del Dedicated Server IP but end in .254 dev eth0 post-down route del default gw Dedicated Server IP but end in .254 /etc/resolv.conf nameserver 123.123.123.13 – Im not sure how i could do this in pfSense, tried to find the /network/interface file but cant locate it to add the post up and down routes. Could i do this using the GUI?

Leave the gateway field blank, you do not enter a gateway for an internal interface.

You can't, no certification program exists for pfSense and there is a great amount of debate as to whether or not a pfSense certification is even meaningful or worth the effort.

I had the same infection on a computer yesterday. Kaspersky didn't detect it. I manually added it to quarantine. I had tried to disinfect it the previous day. That's when the mouse started moving weirdly all by itself until I unplugged the network cable.

Thank you…

Just do: killall -9 openvpn That should terminate any running OpenVPN process and, I believe it should also remove the routes.

Depending on your shell scripting ability, you could take a tcpdump on your WAN interface of (say) 20 packets with output redirected to a file, sleep 5 minutes, repeat using an incremented file name (with leading zeroes so the names sort usefully). The RRD graph will show you which files are of interest. The tcpdump output will give you source IP for the traffic. The port numbers may give you an idea what the traffic is attempting to do. to help reduce the number of files your script might watch the wan interface statistics from netstat and only log after an interval of high traffic. (# netstat -I em0 -b will give you bytes sent and received on em0. The FreeBSD man pages at http://www.freebsd.org/cgi/man.cgi will give more detailed information on tcpdump and netstat. Good hunting.