Have you looked at the 2.1 version of pfSense? If you are making a new module it might be worth doing your work against it instead of 2.0.x.

2.1 forum: http://forum.pfsense.org/index.php/board,53.0.html

The logs would be approximately the same as pf on OpenBSD, since we use pf as the packet filter in pfSense.

They would probably find more references looking for that.

Thanks

Yes.
You will need to add a VLAN interface on the pfSense box with the correct vlan tag number and add a dhcp server instance on that interface. Then add appropriate firewall rules to allow traffic on that interface to go out to the internet.

Steve

The file appears to be here: http://people.freebsd.org/~thompsa/rancid-compat
However since the blog is down I cannot compare it with the originally linked version. It is dated 30th Aug. 2012 though.
Steve

http://forum.pfsense.org/index.php/topic,60510.0.html

pfSense appears to always insists on "wrapper mode"
http://forum.pfsense.org/index.php/topic,60517.0.html

Should be able to use the port of your choosing so long as it is configured for "wrapper mode".

The queues can be modified and added to. IF you add a new queue, remember to add a floating rule or rules to put traffic into that queue.

i find it a good specs here so my other problem is there another STOREURL.PL code…

Did you ever resolve this issue? I'm having the same problem with a Postfix server.

http://forum.pfsense.org/index.php/topic,60874.0.html

lol easy enough, thank you very much :)

You can use HAVP for virus scanning but it will only scan http traffic.

Incoming bots? Not quite sure what you mean. Snort probably.

Web filtering can be done with Squid and either squidguard or dansgurdian (or just using ACLs in squid directly).

Steve

I have had the webgui stop responding several times but it has turned out to be my own doing. On each occasion it was caused by a rogue php process. Mostly this was some experimental code in a package but can also be caused by running a command, in the gui command prompt box, that never finishes.  You can usually recover from that via the console with 'killall php'.

Steve

Packet capture on your WAN filtering on that 75. IP and do it again, then stop the capture. I suspect your next hop router responds with source IP 192.168.1.1 on its TTL expired in transit messages. The response time shows it's likely coming from your upstream gateway.

I would think that would be ideal. Having an opt1 interface on the LAN with the router/gateway as the rest of your LAN. Since that will be doing the NATing, pfSense should allow that to pass as an outbound connection. It should be the same as all the other traffic originating from the LAN side.

locking this as duplicate of:
http://forum.pfsense.org/index.php/topic,58475.msg313363.html#msg313363

Please don't post the same thing twice.

Issue resolved by reinstalling the server with 32bit version.. seems to me that 64bit version of pfsense have driver issues with some network cards… or something like that.

Thank you for all of your help.

Bit of a note, webconfig still dies once in a while.. a 5 or 10 min. cronjob to restart the webconfig fixes that.

*/5 * * * * /scripts/fixwebconfig.sh >/dev/null

By the way, we think the problem is just a cabling issue. I remember wanting a couple more inches of cable when I hooked it up…three weeks ago.

Yes, DNS servers are added under general setup. Try using whatever dns servers your ISP was handing to you under DHCP since you know that works. Otherwise Google's DNS servers, 8.8.8.8 and 8.8.4.4, are reliable and reachable from almost anywhere. It doesn't matter if you allow DHCP override because you're no longer using DHCP.
What gateway are you adding? Use whatever gateway your ISP gave you under DHCP.

Any reason you are switching to static IP?

Steve

After modifying the VIPs masks and isolating the LAN and WAN interfaces in separate VLANs, the CARP behaviour is now the expected one.

Since the firewalls are in a production environment, I couldn't test as much as I wanted because I had to reduce service downtime, so I'm not sure which change fixed my issue.