Squid + Squidguard. And then, find good lists…

Start with that : DO NOT MIX tagged and untagged VLAN on the SAME physical Interface ! So if you plan to have a "management" VLAN with no tagging on the PF : forget it unless it has a dédicated phys interface. Use ONLY TAGGED Vlans for every VLAN attached to the same Phys interface! Concerning the limiter, be carefull, keep in mind that limiter only applies to trafic LEAVING the (any) interface. Trafic coming in cannot be shaped. So if you flood your interface from the WAN, your limiter won't be involved : trafic leaving only. Have a look to your Floating rules. The Wizard is sometimes tricky with rule creation. Have a check.

When dealing with Interfaces, you often need to reboot. But YES ! Default GW is important. It defines which GW will be used by your default routing table or by the PFsense itself.

1 - Is this a PPPoE connection ? We don't face this problem with our PPPoE connection. It takes time, but the connection come back in the end. You may want to use the "Periodic reset" option in your PPPoE interface ? 2 - You should concider using this option : Advanced -> Misc -> "Load Balancing / Allow default gateway switching " (CHECKED !)

Got It ! Tiers 1 is 172.17.0.254 Tiers 2 is 172.16.0.254 And your PF default's GW is your Tiers 2 (172.16.0.254). In your rule, you specify the kind on trafic that should be filtered : in your case "TCP" only. So it won't apply to any ICMP traffic (a trace route uses ICMP). But it will for HTTP trafic though. So, because you don't specify ICMP kind of trafic, your default routing policy aplly : Go through the default PF's GW. Here is your answer.

I found out that you can change the language through the WebGUI. I wanted to customize the page. But when I edit the error page in the corrpesdonding folder, even if I restart the box, I'm to able to see any change. The error page is still the same. Any Idea ? Also I want to copy the german folder to an other location and point the squid.conf to this folder. It seems that I'm using the wrong file in the wrong location. THanks !

@felesaerius: ….How do I get rid of this message? /etc/rc.filter_synchronize Line 283 ….  ;)

::) So while trying about everything i put the NAT Outbound Rule back on auto and… everything works fine....  :-[ I didn't even remembered I had changed it... Morality : check and recheck everything before complaining....

Just so the answer is somewhere, u can put a nice little script in /usr/local/etc/rc.d like #!/bin/sh ###route.sh : create route on initialisation /sbin/route add -net xxx.xxx.xxx.254/32 -iface emx /sbin/route add default xxx.xxx.xxx.254 Didnt invent it, this solution was out there already… on OVH soyoustart forums

That's great work! How quickly does that counter advance?  I  wonder how often it hits 32767 in normal traffic conditions.  In other words, why doesn't this cause links to flap more often? Thanks! Martin.

2nd Update: I'd like to announce that I've solved the issue. I couldn't get rid of the problem with VLAN tags getting stripped by my NIC (or perhaps it was VirtualBox's fault) but one way to fix this is to download Realtek's Diagnostic Utility (below). Then go to Network and Sharing Center > Change adapter settings > Realtek PCIe GBE Family Adapter (choose the one that's for your LAN!). Disable anything that has the word VirtualBox. Then open the Realtek Diagnostic Utility and create VLAN 1 as well as the additional VLAN you need. Now wait 3 minutes for each VLAN you configure as it installs the drivers into Windows. Now you may notice under Network and Sharing Center > Change adapter settings there are two new adapters called Realtek Virtual Adapter. Each of these are adapters to your VLAN. Open each of them and enable any mention of VirtualBox. Go to VirtualBox and assign each Realtek Virtual Adapter as a network card for your PfSense VM (PfSense shouldn't be running). Start your PfSense VM and configure your two new virtual NICs. Now you have two operable VLANs but they show up as ethernet interfaces in PfSense. That works too. http://www.realtek.com/Downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false This solution works but it's limited to how many network adapters VirtualBox can create. I'm eager to help anyone as I know how much pain and suffering I went to figure out this solution on my own. I'm subscribed to this thread and I'll be reading upcoming replies. Anyone who wants to do the same thing can contact me here and I'll see how I can explain it to you.

You mean this I assume: https://telex.cc It's obviously going to be very difficult to block since it's specifically designed to work around firewalls. Looks like it requires an intermediate ageng of some sort to recognise anc divert the telex encoding. Who is doing that for them? To be honest there are always going to ways around a firewall, to stop this sort of thing you need to be working at the client machine. Steve

Hi at all, I've the latest release 2.1.4-RELEASE (amd64) installed on a Ubuntu pc's and I use Virtual Box and it work fine . I use pfsense as netbalancer with 2 WAN connection and it work fine . But is for few days that I try to configure the pppoe server, but without success. With the help of mais_um are able to reach the server by changing to 25 the subnet mask, works for few seconds but disconnects. To get a little connection I add manually the outbound NAT rules, but don't resolve this problem. here are my configurations… Services: PPPoE Server: Edit Interface  LAN Subnet Mask 25 No. pppoe user 254 Server Address 1.1.1.1 Remote Range  2.2.2.2 Firewall: NAT: Outbound Interface  Wan1 Protocol    any Source      Network  Address 2.2.2.0/24 Destination any Firewall: Rules: pppoe server Action      Pass Interface pppoe vpn protocol any source  any destination any gateway  loadbalcer What's wrong or missing? I hope in a help. Bst Rgrds Christian

@ptt: https://forum.pfsense.org/index.php?topic=76848.msg418686#msg418686 Diagnostics –> Tables -->

Is your WAN interface dedicated to the VM in Hyper V (should be)? or Shared (should not be)? Check your MTUs on your interfaces (and the MTU your LAN needs), especially on the WAN. Disable every MSS Clamping values. Are youre gateway settings OK ? LAN = no gateway / WAN = 1 gateway (could be DHCP given). Are you sure pings from LAN client to 8.8.8.8 are OK ? Do not only try on the PF, you could be tricked by it's internal interface (127.0.0.1). First : Try a MTU = 1400 on your WAN side. Second : Can you browse (IE / FF / whatever) google (lightweight page) ? Can you browse MSN (heavy page) ?

I Think you are mismatching between routing ang gateway role of your PFSense. In Datacenter envireonment, we tried to manage the WAN Acces from 3 different operators. We wanted to manage the whole solution through VLAN Interfaces instead of physical interfaces. And we faced many problems, concerning routing, nating and IP Aliasing (VIP), because we wanted PF to act as a gateway role, not a simple routing role. We Believe PF loves 1 Interface = 1 physical interface when you want your PF behaving as a gateway. In a routing only configuraiton, no problem dealing with Vlans insteads of physical interfaces. If you want a gateway mode, i'd suggest you to dédicate 1 phys interface for Public side (WAN), and another phys interface for the Private side (LAN). You can still use VLANs for your LAN phys interface… Be sure of what you want to NAT beside of what you want to route. ...Or deal with AON - Manual OUtbound NAT....

Hello, Finally it solved with the help of your post. Thanks for all of your excellent support. -Vasu