I don't think you can do this with pfsense,

but you should try binding services to wan 1/2 , e.g. http to wan1 and smtp to wan2

you would have to create rules and setup gateways.

thanks senser,

Actually I think I am not going to continue until a more reliable builtin functionality is provided by pfsense, it would be great to have the openvpn AS's simplicity but with current pfsense I think it would create more problems than solutions.

thanks Jimp,

yea I guess that would be risky, even with secure website its basically down to user auth at the headend,

even if they are unable to break into, they would certainly put the system in the crapper with the traffic.

The log extracts you posted show pfSense reporting the clients decided to release their DHCP leases. You will have to look to the clients for an explanation. I expect getting an explanation for that from a Nintendo might be a challenge - does it have an event log you can examine?

Yes you will be good to go. Just make sure that the SLM2008 are Tagged ports with all vlan members needed to the 3rd floor. Also not sure how far apart the Access points are but remember the only channels that don't interfere with each other are 1, 6, and 11 @ 2.4 GHz. If your switch is not MDI-X capable then you will need a cross-over cable from switchport to switchport.

Thanks you got my point.

I have 5 lives IP pool, one is assigned to pfsense wan port and I have not yet assigned any live IP to Asterisknow server. I also get your point that it good to use VPN service to connect IP phone.

Actually I need know what steps should I have taken to connect my IP phones through internet.

I have taken the -s9999 from the chaosreader script. It uses -s9999 when run in standalone mode. It seems to work fine, though -s0 seems more optimal.

Are you using multiwan?
Any other details of your configuration that might help?
Why are you still using 2.0.1?

Steve

The DHCP leases "online" vs "offline" designation comes from whether or not the system in question is in the firewall's ARP table.

A system can be up and not in the ARP table, it just means they haven't tried to communication to/through the firewall in a while.

We don't have any automated way to do it, but you could check the sha256 of the ISO you used to install from, or the last firmware upgrade file, and then you could take the files from there and compare them against the ones on the installed filesystem to see if they match.

/etc/pfSense_md5.txt can also help but you'd need to get a copy from the verified installation source and not the one on the live HDD.

The ability to look at raw radio signal data is not required by the vast majority of users. Normally it is handled by the wifi hardware such that only relevant data is exposed to the OS/driver. To get raw data requires some new mode for the wifi hardware and that requires new firmware and that introduces more cost which either reduces profit or product affordability. Hence most do not.
Some however do especially older models where hardware was less integrated.  There are plenty of opensource wifi software projects that have a lot of this stuff detailed. A lot of it focuses on various security stuff such as encryption and breaking it though!  ;) The ability to make a wifi card do things it's not supposed to requires low level access to the radio hardware.

Steve

Ohhhh.  Thats nice.  I'll be glad when its standard squid package.  I like it.

Another thing,

Isn't the purpose of a DMZ to keep that traffic segregated from the rest of your network? You should create a rule on your DMZ to block all traffic going to any LAN IP and make sure its before that allow any any rule.

When is pfsense team planning to release the central management application?

I'm interested in this solution

My approach (also in a home environment) is to judiciously hand-select individual rules. I find the ET ruleset quite useful.

@kejianshi:

Well the total RAM, HDD and CPU in the VM Host should be equal to what would be required by each machine if it were running on separate hardware.  You can oversubscribe all of those (Except HDD) some what, assuming that all the machines would not be maxing out its resources at the same time.
The more OSes you pile onto a single drive, the laggier things will get.  Better to have seperate drives if lots of demand will be placed on them.

Basically, you will need to install the VMs and monitor their resource usage to get a clear idea which ones need more and which ones can use less to balance it.  I've found that Windows on hardware is a resource pig, but when I installed it as a VM and limited its RAM/CPU/Memory it runs just fine.  Weird.  My Centos VM, which holds chat server, SIP etc required more than advertised…  Just have to add/subtract til you strike a balance.

Thanks! Okay now I really get it ;D

@doktornotor:

http://technet.microsoft.com/en-US/library/cc770315(v=ws.10).aspx

Brilliant! Thank you mate that's worked a treat!

You have to do the following first:

On pfsense (in your screenshot LAN) is always VLAN1 and untagged
On pfsense all additional VLANS (in your screenshot VLAN19 and VLAN20) is always tagged

So what you have to do on the HP switch is:
Use one port which is:

TAGGED for VLAN19 and VLAN20 UNtagged for VLAN1 (which is your LAN)
Then connect this port with your pfsense.

This is what you have to do at least. Without that there will never be a correct connection between pfsense and the switch.

If you really want to use dynamic VLANs then you need something which tells the switch in which VLAN the switch should move the computer/MAC-Address. There are probably two possibilities:

an external RADIUS server like freeradius (package for pfsense) or Windows RADIUS Server or any other external RADIUS server GVRP which will be probably configured on your switch itself

You should search for 802.1X and dynamic VLAN assignment.