@Fmslick:

still getting connect timed out!?!

You have discussed two different configurations in this topic. Which configuration has the problem?

The HAProxy-devel package can work ok with multiple certificates for different (sub-)domains. Just create multiple "shared" frontends and assign certificates to each.

I have the exact same symptoms. I would really appreciate help/comments on the issue.

It's frustrating to be booting igmpproxy all the time…

That's helpful, thank you.

Whether or not something should be found on the Internet doesn't necessarily matter. Bogon or assigned but unrouted IP space is hijacked and announced by those with nefarious intent all the time. Alternatively it could be something your ISP is assigning internally and NATing, could be that there were routes for 25./8 in the Internet routing table at some point in time (there isn't right now, at least not on our full BGP feed). It also could be any number of other things depending on specifics.

You're on the right track, seperate subnets for both LANs and the Metro-E section

So you would have
site1:
pfSense LAN: 10.0.0.1/24
pfSense WAN (Metro-E): 10.20.0.1/24

site1:
pfSense LAN: 10.10.0.1/24
pfSense WAN (Metro-E): 10.20.0.2/24

and then follow:
http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_%28Shared_Key,_2.0%29

I am in an environment where I want minimum power consumption, 12V DC operation (if possible) and so on. I looked around for a way to have the ADSL modem and telephone line connector built-in to the box I used as the pfSense router/firewall. I gave up! In the end we get various ISPs providing internet to the office/home by different means:

ADSL on telephone line, WiMax or other wireless distribution with an antenna on our roof and an ISP-provided end-point routing/connection device, cable/fiber or whatever with an ISP-provided end-point device
…

All the ISPs end up giving you an RJ45 ethernet socket with data pouring in/out of it at the speed you pay for. So it turns out to be much easier to have the pfSense router/firewall with an RJ45 ethernet as its layer 1/2 WAN.

Yes.  Turned off then back on in settings tab and that restarted it.

Would have been nice to have a notification that it wasn't running.

@vbman213:

…
Any ideas?

check MTU on WAN as well

My hardware should comfortably support a HUGE pipe.

yes, this is WAY overkill, a atom can route this easily, are you running any packages or other things on the box that you need this?

This is almost certainly a load-balanced WAN problem. I see that on some forums, dd-wrt for example.
I just created an alias with sites that can't handle multiwan and route traffic to them via a failover group rather than load balance.

Steve

That's possible with any syslog daemon that I've used. Check the man page, look for host filters.

1. Make sure the host is resolvable via REVERSE DNS, usually this means an /etc/hosts entry
2. Use something like this:

!* +* +mypfsensehostname *.*                                            /var/log/pfsense.log

Not specific to pfSense really, but Kali Linux does have plenty of tools built-in for scanning and testing such as OpenVAS. While not as accurate or detailed as Nessus, OpenVAS has similar functionality and is free, compared to $1500/yr for a Nessus feed subscription.

It all depends on what your budget is, which is the better fit.

The advantage of a distribution like Security Onion is that it's already put together and ready to use. Sure, you could take the same functions and build them into another Linux distro, but why reinvent the wheel? Why not just use both Security Onion and Kali in separate VMs?

Kali is designed with pen testing in mind, and its default setup/layout is geared toward that. Security Onion is designed for persistent monitoring/logging/etc. They both have their strengths, and trying to make one thing do both would probably end up with lackluster results.

Thanks to all. I reset pFsense to factory defaults and reconfigured the VLANs. All OK now. In answer to Wallabybob's question, yes all my switches are VLAN capable and configured.

Thanks for your reply.

I am not using any bookmarks.

When I try gmail.com / mail.com, it is going to -> https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1<mpl=default<mplcache=2          with an empty page after refresh only I will get Gmail login page.

Pfsense 2.0.3 latest version running on Hyper-V.

Dandguardian, Squid, SARG installed.

I am using 8.8.8.8 and my ISP DNS also

I checked with Firefox 20 & IE 10 browsers still same issue.

Now I just checked with transparent proxy, and I have forwarded port 80 to 8080 as per the following. Now its working fine.

Firewall>NAT
Port Forward tab click the + button
Interface: LAN
Protocol: TCP
Source: LAN subnet
Destination: any
Destination Port: HTTP to HTTP
Redirect IP: <the ip="" of="" your="" pfsense="" box="">(10.0.2.1 in my case)
Redirect Target Port: 8080

Click Save and then Apply Changes

But I couldn't receive mails from the outlook, any port forwarding is required for that? if so, could you pls explain me.

Thanks in advance.</the>