Already been asked 1000 times.  Search.

Good to hear  :)

@hoba:

there are some hosts at your fxp1 subnet that have the same IP. This could be some teamed nics. If that is not the case you should find the conflict and resolve it.

I doubt if those are teamed NIC's in this case - usually that'll be two NIC's from the same vendor. These are two different vendors:
00:13:8f - Asiarock Incorporation
00:14:c2 - HP

Gintaras: I would look into this and see why you're seeing that IP switching between MAC's.

@Juve:

I started working on that type of addon few month ago, it is not yet "usable" but I hope I will finish it asap and release it to our great pfsense community. It's a windows service with a frontend GUI that stores all information about multiple boxes (securely stores password for automatic logons), makes full backup of every box everyday (with tunable history list), detects whether or not a node of a cluster has fail over (triggers mail alert). I would like to add some other features as well….like managing a whole box through the GUI (I'm looking at the xmlrpc interface instead of building my own HTTP requests and parsing the replies (that's what I do now for box backup for example)...). At the moment I have not enough time to go through it quickly...this may change soon.
;-)

Nothing else roxxx as pfsense do!

Nice! Can't wait to see this  ;D

If you have another device plugged in, your ISP may only allow you to get one lease. If you're changing out an existing device, you may have to power cycle your modem before it'll let a different machine online.

Try firefox.

I would also very much like to use SNORT to block P2P traffic.  SNORT does an excellent job of detecting P2P no mater what port is being used.  I have SNORT running on the WAN interface set to block any one who generates a snort aleart.  However with P2P traffic it is always my own public IP that is detected as "generating" the alert.  Since my own IP is in the whitelist all that is acomplished is that I am alearted to the use of the programs.  I would run SNORT on the LAN side but I have about 25 other smaller firewalls behind PFsense with each of them connecting 5-20 individual clients. So if I blocked any one ip on my LAN interface I will cut off internet to several people. If it were possible to run SNORT on the WAN interface and set it to block BOTH ip addressees associated with a SNORT alert.  I believe that this would solve my problem and effectively stop the P2P. (And help keep my little wisp from getting sued by the RIAA)  ;)

(1) when using an incoming ftp server you would be best to disable the ftp helper on the interface in question.
(2) pure ftpd can use passive ftp where you set a port range 3000-3500 and you forward those ports along with port 21 on to the server.
(3) most ftp servers allow you to work with nat by allowing a field to enter the public ip address in the ftp server startup script to allow for better translation.
(4) first thing to do is get your ftp server working correctly without nat then add the nat specific stuff into ftp server configuration and firewall after the thing is working.

good luck

its nothing fancy.. just some oldass compaq deskpro i picked up for like $50. no raid or anything like that.. i'll check what kind of motherboard/NIC its got.. thanks

If the squid package supports AUTH then require people to authenticate to the proxy.  That'll make it fairly trivial to track who visited where (assuming you enable logging of the authenticated user).

This may break some things that perform web updates, so you may have to spend some time adding ACL rules that'll bypass the auth for certain destinations.

The shellcmd options in the config.xml get backed up with the config.xml. I prefer this attempt as it lets you easier restore a system.

Wow, this is great info to know about FiOS.  I had no idea!  :o

In my area of the Left Coast, we don't have Verizon FiOS, but we have Paxio FTTH (fiber to the home).  I opted for the 100M/100M service, although less expensive plans are available (http://www.paxio.com).  My biggest problem has been building a router that will support the full bandwidth of the connection!  Right now I'm on a mini-ITX platform with an Intel dual-NIC card and it's doing pretty well:

I don't think that this will work at all. From what the tech's have told me, and what I've read about the MoCA technology is that it uses unprovisioned bandwidth from the ONT using the MoCA protocol in order to provide video services to your motorola boxes. Otherwise, you'd be sharing your 5 mbit or 15 mbit or 30 mbit connection with 2-10 mbit of video, and that wouldn't work very well at ALL.

As far as I know the only way to get verizon FiOS TV is through the MoCA trash Actiontec. There's a reason I had them install via ethernet, and why I still have DirecTV HD. I pole-mounted a DirecTV slimline 5 LNB dish outside my house so if at some point in the future verizon decides to get rid of the crappy MoCA actiontec non-sense I can switch over. But until they do, the actiontec router is a deal breaker. I refuse to use it, it's just plain crappy in 500 different ways. It locks up, has a small state table, is slow, and unreliable.

Besides, DirecTV has more HD's anyways, and is about to pwn't the HD cable/sat industry once their next 2 birds go live. (excuse the shameless plug)

I'm currently running with a cisco router for my house internet, but trying to get pfSense to work. Apparently the DHCP client portion of pfSense is either currently broken, or the mac address cloning in combination with DHCP doesn't work.

Thanks, i'll try that.

At firewall>lan create a rule like this:

pass, protocol tcp, source lan subnet, destination any, port 25, logging checked, gateway default.

Make sure this rule applies before other rules allowing port 25 out like the default lan to any rule. You'll now see green pass icons in your systemlogs at status>systemlogs, firewall tab. If you want to see more than only the last few items set up a remote syslogserver so you can browse through the past few days/weeks or whatever is needed.

here is the EXACT arp statement as it is on the existing router, this is what i need to put into pfsense to replace that existing router.
–--------------------------------
IP Address/Bitmask
A.A.A.A/32

On Interface
LAN

Proxy on Interface
WAN

On the existing router there is no mention whatsoever of either A.A.A.A or B.B.B.B in the NAT area. I hope this helps clear things up, and thank you so much for your help so far.

I also noticed that /etc/rc.d/ntpd start | stop | restart | status | poll – none of the options, do anything.  I haven't looked much at it either, but again, probably my lack of understanding here.  Just seems to work a lot differently then I would expect.

Thanks, again, for any insight!