Or I use the option virtual ips?
http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F

Like this? http://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

Steve

@wallabybob:

This is the sort of symptom you would see if mbufs (kernel network buffers) are (nearly) exhausted. pfSense shell command```
netstat -m

reports mbuf statistics. It could be worth running a shell script on the console to loop giving a timestamp, reporting the statistics and sleeping for an hour. You could also run that in a SSH session to capture history while the console run will (hopefully) give you statistics after you lose network access.

I wish mbuf counts were on an rrd graph in pfsense.  It is such an important thing to keep an eye out for.  It would be great to see the history of that over time.

Thinking about it… It would be great if we could get a consensus on some very important things to monitor like this and get a script going to send an email alert when the values are approaching the maximum values.

Sounds like you somehow created open proxy…

Hi,

just for information, my provider has changed is radius configuration. I obtain tha gateway and the dns.

thanks for all

What does the pfsense status say about all of your interfaces on the main page?

UP? down? Red?  Green?

Also, in the drop down menu, for MAC addresses in your interfaces > assign, for the OPT1, what is the MAC?  How many choices for MACS are there?  If you count all the possible MACS is it , less, the same, more than interfaces on your system?  Are the macs you assigned to each interface different?  (not even sure if its possible to assign 1 MAC to 2 interfaces, but I'm wondering)

And is 255.255.0.0 a typo?

Try use different IP on different Server from any router

Thanks for that - I'll remember to log out from now on!

The reset button is only probed during boot. If you press and hold the reset button while it's booting, it will reset to factory defaults.

As doktornotor mentioned you can hijack that to replace the default config with your own, but then you could never actually do a true factory reset again (until you do a firmware upgrade and that default config goes back to a stock version)

Thanks wallabybob…

Shows different than acd0 in VMWare but makes sense, will be trying that, will let you know how it works.

Thanks for everyones responses!!!

Dansguardian will probably serve you well andf you will get AV scanning to boot.

http://forum.pfsense.org/index.php?topic=42664.0
pay attention to the section on HTTPS and forwarding to 8080
This is a more recent write up:
http://thegeekninja.wordpress.com/2013/07/02/pfsense-squid3-and-dansguardian-a-better-alternative-to-squidguard/
I would stick with the stable release of squid rather than use the squid3 beta.

Dansguardian is a package now so you can add it directly from package and no listing of commands is needed.

Go into the ACL (access control list)
Disable all the filters you don't want
Make sure URL list is enabled.
Edit the regexp in the banned section just adding the url of things you don't want people to see.

like youtube.com
      facebook.com
      whyisuckattyping.com    or whatever.

It will be easier to make a firewall rule for you if you make an alias including all the machines you wish to filter.

For me, I disable all the filters except url and antivirus scan.

Scheduled rules go under a label in pf for that schedule. When the time comes, only states labeled for that schedule are killed.

mysql server not run, so you can't connect. My problem is same, if open shell in pfsense and write this in console "service mysql-server onestart" if you install mysql-serverxxx packet it will start and connect.

Check the Interfaces tab, how does lit look like ?

http://pfsense/interfaces_assign.php

We've discussed that and want to add it, but we need to get moved to SMF 2.x first. That has been a challenge to get done (we tried once and had to back it out, even after getting it to work on a test clone of the forum).

Once we're on there, a few other things will be enabled like that. That's a topic for a different thread, though. :-)

@jimp:

On 2.1 I added a checkbox to the system log settings to disable the logs from lighttpd. So you won't need to edit the code directly once you move to 2.1, just (un)check the box.

It says under your nick that you are a 'Hero member': I can now understand why  ;D ;D

Thank you for all you are doing  :P

Thats a good way.  Fairly convenient.  Never thought of that one.