Good to know, I had no clue as you said.  ;)

So I take it you disabled local logging because you were using an external syslog server and expected that to continue to function?

Steve

Well, my WAN has been up for "1 Day 00 Hour 27 Minutes 31 Seconds". I guess this means (knock on wood) it's not a pfSense issue but rather either a bug in the USB NIC, Comcast, or a combination of the two. I suppose it could be a USB subsystem bug as well but I doubt that. I might try  freebsd-net@freebsd.org, or Bill Paul who, according to the man page, authored the axe driver to see if I can pin down exactly what's happening before I change ISPs.

Ctrl+Z

yea exactly!

@stephenw10:

Having a shared IRQ should not prevent the NICs from working. Having disabled msix for all pci devices it's likely to have more of an effect (I would have thought) but even so it shouldn't stop all traffic.
I am unsure of your network configuration from your description and I have only experimental experience with a CARP setup so I can't really tell you what would happen. Since you will be thousands of miles away getting it wrong would be very bad so I would have to advise waiting for another opinion.  :-
In the mean time giving us a network diagram would help greatly.

Steve

Thanks, Steve.
You're right, that having a shared IRQ should not lead to such results. Reading/googling further, I think next step is to exclude CARP interface from the bridge. As I stated, that is an old, inherited setup, and all 3 NICs are members of the bridge.

Exactly the gateway is the same so the routing becomes a problem. Hmm, I've seen this solved recently but I can't remember where.  ::)

Perhaps try manual outbound NAT rules rather than firewall rules.

Steve

Just wanted to post a followup.

This is a problem with reissuing a rapidssl certificate via namecheap.
If anyone else has this issue, contact namecheap and ask them to allow you to reissue the cert directly from Geotrust's interface rather than their own (they may have to enable a link for you as well).

Is this even relevant any more?  I was under the impression that all blocks had been allocated except the RFC1918 private addresses and the RFC3927 link-local addresses.

@newbieuser1234:

i setup security onion.  i was a bit confused on the setup. how can it block port scans, etc via snort if it's on the local network and not in bridge mode between the isp and the router.  jimp, do you guys just use the elsa piece of it or do you use snort with it.  I thought pfsense was far easier to configure.

I don't think we use it for snort, but for other things. I'm not 100% clear on how snort works with it in that kind of setup.

The ELSA part is of more interest than snort on there for me.

Neither did I until I stumbled across it by accident one day and was forced to think about it.
I don't think I've ever tested it on a box running Squid though so your situation may be different.

That's what I meant by VPN-over-DNS, hiding an encrypted tunnel inside dns queries. I have never looked into blocking/detecting it, mostly because last time I looked into setting it up it was not trivial. However I see that Softether supports it so maybe it will be more common: http://www.softether.org/1-features/1._Ultimate_Powerful_VPN_Connectivity#1.6.VPN_over_ICMP.2C_and_VPN_over_DNS%28Awesome!%29
I assume to do this you still need to actually own a domain though.  :-\

I'd be interested in any thoughts.

Steve

@stephenw10:

There was a similar thread recently: http://forum.pfsense.org/index.php/topic,62819.0.html

Steve

Thanks for that mate.

If anyone is interested I have built my self a small VM with 80GB hdd.
Running Centos on there and it's running rsyslog which logs all the firewall data to /var/logs/syslog/firewall.log

In turn I can grep for addresses and ports on this and have to say it works very nicely.

I have the option "show raw filter logs" enabled and this does give quite a comprehensive view of all the traffic hitting my firewall.

For now this will do me nicely but if I feel I need anything else then I'll have another look at that thread.

Yeah my network is configured in a weird way i.e my way (it aint easy!)
Yep you're abs right, it's not behind pfsense, but kinda like "dmz" configured by someone before (now have to configure dmz "properly")

we're still trying to figure what the hell it sent out!  Thanks to you i was able to pin it!
Thank you steve and Good day!  :)

@jimp:

There are many posts here on the forum about that. Search for 192.168.100.1 or the llinfo error and you'll turn up several useful discussions.

http://forum.pfsense.org/index.php?topic=54171.0
http://forum.pfsense.org/index.php?topic=56330.0
http://forum.pfsense.org/index.php?topic=62964.0
http://redmine.pfsense.org/issues/2704

Since you mentioned in this post http://forum.pfsense.org/index.php/topic,62964.0.html that with v2.1 might be better I will wait for the final version.
At least I know what its causing my issue so I know how to fix it.

Depends on switching, bandwidth throughput, ect…

Low bandwidth + managed switches = Assuming the networks are on separate vlans, a pair of interfaces and using vlan separation.
Low(100MB)/Medium(1GB) bandwidth + unmanaged switches = 7 interfaces one for each network + one to the Cisco.
1GB+ then a LAAG configuration or 10GB nics.

Why not just use pfSense as the firewall and default gateway?  ...wouldn't be the first time a 5xx/2xxx/3xxx series router was replaced by a pfSense box;)

Ah, two different interpretations of the VPN requirement.
When you said home country did you mean where your pfSense will be or somewhere else you previously lived?

Steve

there will be no problem with the amount of ip, just in case be sure have the same segment on the lan and the network mask, read about nat 1to1 or just in case that have less ip but have mores services, port forwarding

cheers