try to delete the last 2 lines: "?>" and the empty line afterwards.

if there is any strange character after "?>" e.g. space or something that is not displayed probably it is send as output and this error can occur.

The application will NAT the traffic from the back-end network it creates, so that it all gets a source IP address of the laptop's normal LAN IP. You can only firewall it based on the same rules you have in place for the laptop itself.

Sorry, to be clear:
I added a new interface by assigning it - the NIC was already in the box.
I enabled it, added IP info, enabled dhcp and added an allow all firewall rule.
Then I connected a client and had internet access.

However I am prepared to believe that doing that in a different order or applying changes half way through could introduce a state that needs resetting.

Steve

Looks like there's no FreeBSD port, it was abandoned last year, which would make this a lot more difficult.

Steve

This is still a problem for me on a WAN PPPoE interface. wallabybob's posted issue seems to not be my issue. Any other feedback is much appreciated.

Thanks,

Yes, just like you say.

Steve

The Cox Cable tech support folks position is that they are within the RFC 1918 rules with these addresses as they stay on the private Cox Cable system and are not passed to the Internet. There is some discussion of this use of 1918 addresses by Cox but Cox Cable isn't interested in buying a pile of v4 addresses to move the huge number of systems they have set up this way, maybe holding out for IPv6 to make it all go away. It would be a big help if they would at least publish the ranges they are currently using and ones they plan on expanding to so you could pick a safe range for your local network but they don't.

Cox Cable's 1918 use topic: http://www.dslreports.com/forum/r28510902-LA-Cox-routing-class-C-over-the-internet-

Inbound does work but Cox Cable gets really cranky if you use it for anything server related (www, ftp and other protocols) but so far haven't gotten unhappy about VNC. I can get a static IPv4 address for an rather steep additional price, just not worth it for my needs.

IPv6 is promised someday but is still in testing, has been at this stage for a couple years now. They are listing older IPv4 only modems as unsupported now although so that may either indicate some IPv6 progress or just be related to the DOCSIS 2 to 3 cable modem transition.

For now I use dyndns to get to my system from outside but with their new rules on activation being such a pain I'm about ready to just stuff my current IP into my personal domain's DNS and hope my home IP doesn't change at an unfortunate time. In four years it has changed once and that was when I moved from a DOCSIS 2 to 3 modem so next time I miss a dyndns activation I'm going to risk it.

Just to give a little feedback to my posting by myself..

I started to install it few Hours ago and it is already installed on my router hardware and works like a charm.
Very impressive and nice peace of software!

Markus

Also, there's like getting cut off of a machine couple hundred kms/miles away by doing a simple mistake, which could have been fixed easily before applying.

This is a horrible idea, forget it.

great thanks!

I think i was just getting confused with having 2 LAN's.

cheers

If both servers and clients are on the same network, you will have problems.

For that you need to use a load balancer that proxies (e.h. HAproxy) or you must switch to manual outbound NAT and add rules to translate the traffic from client->server on LAN so that it appears to come from the firewall.

Otherwise the server tries to reply directly to the client and breaks the connection

Remove the 'default lan to any' rule. Everything will now be blocked except access to the webgui via the antilockout rule.
Add rules to allow the services you want.
There is no need to add a rule for DHCP, it's added automatically but not shown when you enable DHCP in the LAN.

Steve

I did what you said
There are several modes to use memory
For me it was set to AC-STD
I changed it to LOWMEM

So far, so good

Thanks

i left 6.4 downloading in the office.. download pfsense too…. hoping to find a hard drive somehwere in the office so i can install both and test them ..and see who wins out

For anyone who comes across this in the future, my solution requires me to set the OpenVPN service to automatic in services.msc.  After doing so, the OpenVPN service attempts to connect to any configuration in the folder specified by the affiliated registry entry, and it does not need the use of the GUI.  Adding "auth-user-pass passwordfile.txt" to the configuration, and creating passwordfile.txt with the user name on the first line and password on the second line allows it to connect.  This can be a security vulnerability if you do not restrict what the VPN clients are allowed to access and is not suggested for most applications of VPN.

I haven't tried it, but I'm fairly sure the GUI won't work after setting the service to automatic.  It doesn't bother me much, and it just means we will have to use IPsec on the computers which need a VPN connection to access our internal network.

Yes, I agree.
If it's just the printer and USB/serial ports you're trying to use it will probably be much easier to serve those things directly rather than use some generic USB virtualiser. IMHO.

Steve

What build of pfSense are you running?

I'm running

2.1-RC1 (i386)
built on Thu Aug 29 16:33:12 EDT 2013
FreeBSD 8.3-RELEASE-p10

and my system's configuration file has empty username and password on a ppp interface on a serial port and there is no complaint about that in the system log or the ppp log.

So you're not using pfSense for DNS then?
Have you flushed any DNS cache, locally or at the server?
If you ping the web server by URL what address does it try to ping?

Steve