WOW, thanks a lot guys really helpfull, will install at the weekend and keep you all posted, thanks again.

Steve

see this

http://blogs.msdn.com/b/virtual_pc_guy/archive/2010/11/19/time-synchronization-in-hyper-v.aspx

try to look out more info, like the interface went down or lost conn with some other if, and post it here! cheers!

sorry bro! i was outsite town on some "Vacations trip" so not laptop allowed o any smartphone xD, ok if you gonna treat like a switch you does not have to have any special config, just trunk, trunk and ready to roll on the layer 2 sw, if it gonna be a firewall/router, you should prepare ir like a dhcp relay agent to work, this is gonna be in almost case the setup PFSENSEBOX –->> MikroTikBox(as firewall or router with dhcp relay included) --->> layer 2 sw, please check out this document of mikrotik, http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Relay and related, with a mikrotik cheap? more than pfsense? lol i love the product even in some case have failed me

Thanks for continues respons

If i don't use the pf sense ( pf sense dismantle )my gmail,ym and yahoo be OK,i can access internet with normally.

for disable squid i will try later and i will share the resul with you,

Thanks and regards

You will have no problem accessing the outer box from behind the inner box. I'm typing this to you from behind two pfSense boxes right now.

The default setup there would be both boxes NATing the connection which is considered bad but almost everything will work just fine.

Steve

Was wondering about this. Have got 24 PPPoE ADSL's that i would like to load balance. Gateways would unfortunately be the same for all from service provider. Would be a problem to find 24 different ip's to monitor. The other problem is the gateway ip is the ip that would be pinged to test latency. Saw a lot of times people say set up PPPoE on modem, but this will break fail over. If PPPoE on modem is down, PF Sense will se the ip to the modem and you cant use ping because of above mentioned ping problem. So sad, to bad. :-)

Good to know, I had no clue as you said.  ;)

So I take it you disabled local logging because you were using an external syslog server and expected that to continue to function?

Steve

Well, my WAN has been up for "1 Day 00 Hour 27 Minutes 31 Seconds". I guess this means (knock on wood) it's not a pfSense issue but rather either a bug in the USB NIC, Comcast, or a combination of the two. I suppose it could be a USB subsystem bug as well but I doubt that. I might try  freebsd-net@freebsd.org, or Bill Paul who, according to the man page, authored the axe driver to see if I can pin down exactly what's happening before I change ISPs.

Ctrl+Z

yea exactly!

@stephenw10:

Having a shared IRQ should not prevent the NICs from working. Having disabled msix for all pci devices it's likely to have more of an effect (I would have thought) but even so it shouldn't stop all traffic.
I am unsure of your network configuration from your description and I have only experimental experience with a CARP setup so I can't really tell you what would happen. Since you will be thousands of miles away getting it wrong would be very bad so I would have to advise waiting for another opinion.  :-
In the mean time giving us a network diagram would help greatly.

Steve

Thanks, Steve.
You're right, that having a shared IRQ should not lead to such results. Reading/googling further, I think next step is to exclude CARP interface from the bridge. As I stated, that is an old, inherited setup, and all 3 NICs are members of the bridge.

Exactly the gateway is the same so the routing becomes a problem. Hmm, I've seen this solved recently but I can't remember where.  ::)

Perhaps try manual outbound NAT rules rather than firewall rules.

Steve

Just wanted to post a followup.

This is a problem with reissuing a rapidssl certificate via namecheap.
If anyone else has this issue, contact namecheap and ask them to allow you to reissue the cert directly from Geotrust's interface rather than their own (they may have to enable a link for you as well).

Is this even relevant any more?  I was under the impression that all blocks had been allocated except the RFC1918 private addresses and the RFC3927 link-local addresses.

@newbieuser1234:

i setup security onion.  i was a bit confused on the setup. how can it block port scans, etc via snort if it's on the local network and not in bridge mode between the isp and the router.  jimp, do you guys just use the elsa piece of it or do you use snort with it.  I thought pfsense was far easier to configure.

I don't think we use it for snort, but for other things. I'm not 100% clear on how snort works with it in that kind of setup.

The ELSA part is of more interest than snort on there for me.

Neither did I until I stumbled across it by accident one day and was forced to think about it.
I don't think I've ever tested it on a box running Squid though so your situation may be different.

That's what I meant by VPN-over-DNS, hiding an encrypted tunnel inside dns queries. I have never looked into blocking/detecting it, mostly because last time I looked into setting it up it was not trivial. However I see that Softether supports it so maybe it will be more common: http://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#1.6.VPN_over_ICMP.2C_and_VPN_over_DNS%28Awesome!%29
I assume to do this you still need to actually own a domain though.  :-\

I'd be interested in any thoughts.

Steve