No, FreeBSD 8.2 was just released, and 2.0 is already going RC shortly. There is no time for 2.0 to completely switch up the underlying OS and retain any sense of ensured stability. Maybe 2.1 will, depending on the timetable there.

Without firing up a copy of the x64 BETA you can take a look at the config file for the x64 packages. These are all the current packages http://redmine.pfsense.org/projects/pfsense-packages/repository/revisions/master/entry/pkg_config.8.xml.amd64

Using System Tunables made all the difference.  Thank you.

I have just replaced my Zyxel ADSL modem/router by a Tenda D820 ADSL modem/bridge. The Tenda doesn't do ppp. Here's how I setup my pfSense 2.0 BETA 5 snapshot build: rl0 has two VLANs. OPT5 is VLAN 10 on rl0.  pppoe1 is on OPT5. The modem has static IP 192.168.1.1. I configured OPT5 with static IP 192.168.1.2/24. A ping from the LAN side of pfSense didn't elicit a response from the modem. A tcpdump on OPT5 (# tcpdump -i rl0_vlan10 host 192.168.1.1) showed the ping going to the modem but with a source IP address on the pfSense LAN subnet. Since the modem didn't have any static routes configured (there didn't seem to be any way to configure routes in the modem) the modem probably didn't know where to send the replies. Since I saw ping replies when I ping'd from pfSense, the missing route back to the LAN IP address was probably the reason I couldn't see replies to a ping from the LAN. As explained in the document I referred to earlier, enabling NAT on the OPT5 should fix the source IP address problem. In the pfSense web GUI: Firewall -> NAT I clicked on the Outbound tab, added a rule Interface=OPT5 Protocol=Any Source=LAN subnet  Destination=192.168.1.0/24     Translation Address=Interface Address     No XMLRPCSync: Unticked, clicked on button Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) then clicked Save. I don't know if it was necessary but I also went to Diagnostics -> States, clicked on the Reset States tab then the Reset button. Then I restarted the ping from the pfSense LAN subnet and it reported a response. The tcpdump on the rl0_vlan10 interface showed the ping with source address 192.168.1.2. Attempts to access the web GUI of the modem time out so I still have a problem but seem to be closer to its solution. It wasn't particularly obvious to me what the difference between the two Outbound NAT buttons ( Automatic outbound NAT rule generation (IPsec passthrough included)   Manual Outbound NAT rule generation  (AON - Advanced Outbound NAT)). They seem to mean "Disable the following mappings" and "Enable the following mappings" respectively.

Thanks the comma did the trick also I'm interested in the the dynamic update features of 2.0. I assume 2.0 is in beta because are any of you guys running 2.0 if so how stable is it?

That's exactly correct.  It pings the upstream gateway on each WAN interface and puts the resulting ping time into an RRD database.

I have it working now, the LAN interface had to be selected in order for it to work. Filtering via dns and squid guard not working real well, but with more tweaking/playing should be able to get it. Thanks for the help folks. ;)

I need to make a doc wiki entry for that I suppose. It's handy to have. The same tactic should work on VirtualBox as well.

funny, i posted a topic about the same time you did. I installed a solution using pound on my box but asking the forum if there are any security concerns. Pound is only for http/https traffic tho. http://forum.pfsense.org/index.php/topic,33566.0.html I'm not sure how to do this for mail(pop3,smtp,etc) but since they use different ports then HTTP, just setup a NAT/Firewall Rule for your mailserver IP and ports. Edit: Take a look at http://forum.pfsense.org/index.php/topic,33566.msg174126.html#msg174126 I did a quick how-to for pound

Is this to stop the machines from being on the network period, or accessing the internet? If accessing the internet, captive portal offers a lot of options, look up vouchers. If from accessing the network, then I can only suggest a rotating wireless key (weekly/monthly) that is posted on some sort of trusted intratnet/bulletin board to be given out from an employee to customer. If they have access to an ethernet jack and are determined, google will get them in. @hankjrfan00: Is there a way to black list MAC Addresses so that traffic from specific MACs would  not be passed.  I would prefer this to work on the firewall level, but if that is not possible I would settle for a solution that worked on the DHCP level. The only thing I could find was an option to use a DHCP whitelist, but this will not work in my environment.  I searched the forum and could not find a solution. Thanks in advance!

I don't see an answer to your question, the problem may be clarity. I'm not exactly sure what you're trying to achieve. To allow traffic to pass from LAN to OPT1 and OPT1 > LAN, you need to add 2 rules. Make sure your NAT: Outbound is set to automatic. [LAN]         Protocol  |  Source | Port | Destination | Port | Gateway | queue PASS * LAN net * OPT1 net * * none [OPT1]         Protocol  |  Source | Port | Destination | Port | Gateway | queue PASS * OPT1 net * LAN net * * none Hello This may be a simpel question, and thereby a easy solution, but for somehow I can't get it to work prober. I have a pfSense router on my network. Lan interface is 10.101.200.3/16 The WAN interface ain't in use. The OPT1 interface is 10.112.200.1/16 My problem is, what on the LAN interface I got a default router, with an IP: 10.101.200.2/16 How can I set this in the pfsense? Are you asking how to set the "default router" with a static IP with the DHCP Service in pfsense? I just re-read this and understood the fact you have a router on the LAN interface after your pfsense, be sure to turn it into a dumb switch and disable any NAT/Firewall features on this. Also check your pfsense logs to see if there are even any attempts from lan>opt1 coming through. My next problem is, what I will allow all traffic from LAN to OPT1 and from OPT1 to LAN. I have tried to disable firewall (no go), and tried to create a firewall rule on the LAN site, where allowing all on any source, and protocol and to any interface. The same have I tried to do on the OPT1 interface. At the moment I have created 4 static routes to allow trafic from the OPT1 interface to the LAN interface, because there is something there are blocking my network traffic. How does I setup the pfsense unit correct to allow all trafic both ways, without any problems? Any good ideas? Best Regards Munken

@cmb: Where I've seen that the most is where the NIC you're trying to ping out of has no link. That may be driver specific though (some will just time out in that case). May be that there isn't enough RAM to allocate mbufs or something to the NIC, 4501 technically isn't a supported platform as it only has 64 MB RAM, you may have trouble running reliably on it. May want to check 'top' at the console or SSH to see how much memory you have available. I've moved CF card from Soekris 4501 to Soekris 4801, and now everything works fine! Thanks!!

yes that's true that using dyndns with firewall rules is  pretty easy  and works nice …. I am suing 2.0 beta 5 and so far only noticed the problem with country blocking - even thought cron is scheduled to run every 5 min this is off :(

A related question would be are there any real time monitoring tools for pfsense? I don't need them on the box itself but perhaps via syslog for example. I'd love to see what's going on in real time, at all times, along with getting some reports, history, etc. I have three pfsense firewalls which I'd love to monitor/maintain centrally though some sort of monitoring package. I know snort is an addon but I'm not sure I have the capacity to take on anything overly complex at the moment, my head is reeling from over technology.

… and if you want to weight one connection over another, add multiple entries for the connection you want used more often.