I could only find a few settings in the Config.xml. I will look into the pfssh.php examples

follow those directions and enter your cable modems gateway (or any IP) as the monitor IP, I entered my cable modems gateway (Private LAN IP at first, that didnt help, then I did the Public IP and it worked)

For states that is true, but last I knew you couldn't have two connections sharing the same outgoing port number. (Ermal would know for sure). pf may be smarter than I'm giving it credit for.

I'm using two pfsense boxes. too. WAN1 –            --- pfSense1 - LAN -172.16.0.0/16 - WAN - pfSense2 - LAN - 172.17.0.0/16 WAN2 --/ pfSense1 is using LoadBalancing pfSense2 is using SQUID + Lightsquid it ist NOT necessary to double NAT on pfSense1 and pfSense2. I do NAT on pfSense1 to the internet, but I use pfSense2 as a router/firewall WITHOUT NAT. To disable NAT, you can google or find information in the pfSense docs ( http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F. It works for me fine. But you need to configure Static Routes on pfSense1.

It's not a problem on 2.0… Just tried it again, selected shared key, unchecked the auto generate box, and the form field came up and was editable. If it's on 1.2.3, I haven't seen that happen there at all either, it's been working for years.

@dreamslacker: Try adding a rule to put ICMP traffic into qacks and try again. I am a noob and have just been experimenting abit with pfsense so i have no idea how to add that kinda rule i checked in firewall > rules but cant find any "qacks" i checked all things in the firewall menu and cound not find any like that sorry its probly easy but as i am noobish can some one maybe point me to a guide or howto that explain this? Or just give me a hint where to find it? :)

To build on what Efonne said, be sure that the block rule goes at the top of the list - above the pass all rule.

http://redmine.pfsense.org/issues/900 is not about traffic shaping or VLANs. Sure the ID was 900 and not something else?

Either use multiple rules or create an alias with the multiple addresses or subnets.

@tubaguy50035: Wow.  I also discovered that if I turn of UPnP, the connections drop a lot. Yes.  uPNP is an easy way to punch through the NAT for torrenting if you don't have access to the router or don't know how to configure port forwarding for torrenting.

OK so the only way is to upgrade to 2.0  but is it enough stable? 1.2.3 still has some bughs but it is pretty stable like for small or mid size componies. Thank You

Hi, It's solved. I just copied the binary from a freeBSD 8.1 to my pfSense. It works…  ;) It's a nice tool... In 5 minutes I duplicate a Good slice to a second one. So I can continue testing without any stress, I will always be able to start my firewall.

Keep in mind at least around here Comcast provides a "gateway" device to its Commercial customers. This is a router device and will usually respond to pings… If your a residential customer then would depend on the modem you use... Good Luck!

Thanks, yes, you are right. I will try that tonight and post back. Would it be possible to provide LAN-1 as discussed with the /27 public IP address and LAN-2 (interface vr2 on Alix board) with DHCP from private IP pool (RFC1918)? I will look into buying a managed switch which can do vLAN so certain ports will be used for the /27 public IP and certain ports to be used for private local IPs on the switch. Do you think that is possible? Budget switch Linksys SLM2024 (anything better you have in mind for the switch?) info: Manageable:  Yes Management:  DHCP IEEE 802.1p QoS IEEE 802.1Q Tag-Based VLAN Built-in Web UI for easy browser-based configuration (HTTP) Thanks

Thanks for the information, Jim. One of my failures here was in not understanding that the forum search limits the results to the section being browsed.  Before I posted and while viewing this topic, I copied 'pfflowd' and pasted it into the search field – I found only the posts in this thread.  After I read your information, I did the same search while viewing the main page of the forum -- this time I found all of the threads on pfflowd.  Another lesson learned.

@Cry: You may want to review this thread which is discussing a similar setup. Thanks much.  Slowly–maybe too slowly!--I'm picking up this new app.  FWIW, it turns out (according to my pal) that I have to have active the IP's that I want to use.  ...Still scratching my head, but understand a bit more. gary_kline [[ AKA: chaos  ]]