@Aaron:

Now I'm trying to determine the most efficient way to pass traffic from my static IP to the firewall that's sitting behind the pfsense IDS.

You mean you're using a pfsense box to run the Snort IDS and have another system (presumably also pfsense?) to do the packet filtering ? pfsense's main strengths are as a firewall / NAT gateway and VPN concentrator. And while I haven't yet found the time to test the Snort-pkg improvements by bmeeks, until recently pfsense's Snort-package wasn't "production-ready".

If you need/want a single-purpose machine to run IDS, then I would suggest to simply run Snort on a dedicated (typically Linux) box. Btw putting the IDS on the WAN before the fw will pick up lot of "noise".

Did you setup the port that pfsense is connected to as a trunk port?

@azeemmasghar786:

hello smith,
when we use single WAn interface then traffic going and incoming perfectly but in multiwan condition request go to the server through one wan and come back through 2nd wan.mean ip change.when ip change then account logout.

What email service are you trying to connect to?

I configured pfsense with dial on demand and idle timeout zero and it seems to be working.  The checkbox instructions are misleading.

Web.

You should be able to use the "serial memstick" image to do a full install for a serial console machine if you want, just make sure to choose the embedded kernel when installing.

Also if you really want it to stay RW at all times, on 2.1-BETA there is an option to keep the nanobsd disk RW under Diag > NanoBSD.

ah! that makes sense (pun intended)! thx! :)

I do have a Motorola cable modem, the 6121 I believe.

I haven't seen any unusual activity on the ESXI machine, but maybe I can dig through the network logs some more.

The problem has been intermittent..it went back to normal about a day after I posted this and has been working fine ever since.

Nope!
The coretemp driver only reads values from the onboard diode in Intels 'core' series CPUs or newer. To read the fan speed you need to either read values being passed though ACPI or read the SuperIO chip directly. mbmon may or may not be able to do this for you. It's quite old now so it deppends on the design age of your superIO chip.

Steve

@webdawg:

@magdiel1975:

@podilarius:

Thought you were further along than that. You might want to disconnect the wireless for now. The DHCP server on it will not allow the one on pfsense to start and would cause problems.

Nope still with the same problem..but I will try using a switch.. I think I have one laying around. I was just stuck on how to connect the modem and the router..so I think I now have an idea on how it needs to be connected.. The modem goes on the Ethernet adapter from the motherboard and the switch connects to the 2nd ethernet adapter I installed..then the wireless router connects to the switch..Am I on the right track?

It is apparent that you do not know a lot about networking.  Some things you are doing are going to work but they are not supposed to be hooked up like this.

Your internet comes in and it looks it comes into an ISP router box.  From this router box you need to connect the WAN interface of pfSense to it.  After that you need to connect the LAN interface of the pfSense computer to a switch.  This switch is where all your devices are going to be plugged into.

You WAN interface will attain an IP automatically via DHCP.  Your LAN interface should be something like 192.168.44.1/24.  This means that your router will be at 192.168.44.1 with a subnet mask of 255.255.255.0 .  Your WAN interface should not be the same as the LAN interface.  You cannot have a network that is 192.168.1.1 and have another network that is 192.168.1.2.  The third digit has to be different. (Look up subnetting if you want to know more.)

You want to make your LAN wireless?  You can connect the WAN of a router to the LAN of your network but the wireless clients will not be on the same network.  You really should have an ACCESS POINT or configure your routing device to be that.  You plug the access point into the switch.

Well.. I wouldn't say it's apparent I do not know a lot about networking…It's pretty clear.. lol - But thank you for taking the time and explaining it the way you did on your last post.. I understand it better now, I think..haha.. I will try and get back as soon as get this going...thank you all for taking the time and for all your patience

It's not rogue, it's what sends your DNS server out via the correct WAN as defined in System>General Setup.

I've been using Pfsense 2.1 Beta1 for about 3 months now.

I did a LOT of experimenting for the first 2 weeks. I must have done 7 or 8 clean installs with different package installs in each instance testing various configurations. When things went south they tend to stay south. I believe some of the problems is simply error handling not being at 100%. Maybe its Pfsense or could be the package or a combination of both. I guess if your a Unix Guru and Pfsense did spit out a valid log you would have a hint of where things went south. If no logical error was generated than theirs no way of finding the problem other than jumping into the code it self to hunt it down.

My solution and the easiest in most cases, is to perform a fresh reinstall and try not to reproduce the error again if possible.

I would not expect error handling to be at 100% as it is a very time consuming task and hey, its open source after all…....Great firewall, would love to contribute, but I have no knowledge of Unix.

You can try it here, but only for one VLAN
http://forum.pfsense.org/index.php/topic,58331.0.html

Your network topology? Interfaces setting ?

Don't forget "rehash" between the pkg_add and running the command.

Also, the general method of installing packages like that is covered here on the doc wiki:
http://doc.pfsense.org/index.php/Installing_FreeBSD_Packages

ah. ok

thx not that 20Gb is that much but still wasted space

Usually that ends up being an MTU issue. Try lowering the MTU to be <= 1492 and/or MSS to be <= 1452.

May take some trial and error, might end up being inthe 1480's somewhere.

The shellcmd package only manages shellcmd tags, it doesn't actually add support for running those commands, that's already baked into pfSense, we just don't offer a GUI to do it out of the box.

There are several types of shellcmd, and you can use an earlyshellcmd to make sure something runs early in the boot process so it's set sooner.

Or you can set that in /boot/loader.conf.local or system tunables (System > Advanced, Tunables tab) which also get set at bootup.

Not sure how much that might help though, but it's worth trying.

I'm guessing he's talking about this from the Status: Interfaces: page.

WAN interface (pppoe0) Status up PPPoE up   Uptime 436:38:06 MAC address 00:00:00:00:00:00 IP address xxx.xxx.xxx.xxx   Subnet mask 255.255.255.255 Gateway 195.166.128.194 ISP DNS servers 127.0.0.1 8.8.8.8 8.8.4.4 In/out packets 14654088/14590085 (13.48 GB/1.55 GB) In/out packets (pass) 14590084/11209042 (13.48 GB/1.55 GB) In/out packets (block) 64004/1 (8.30 MB/98 bytes) In/out errors 0/0 Collisions 0

I think those stats are only kept as long as the interface remains up. Hence they are lost on reboot.

I'm surprised that bandwidthd does that though. Are you running Nano?

Maybe try one of the other suggestions here: http://doc.pfsense.org/index.php/How_can_I_monitor_bandwidth_usage%3F

Steve

Interesting results, thanks for sharing.  :)
I would point out though that the biggest gains using Powerd are when your CPU has some sort of dynamic cpu frequency/voltage control that has a freebsd driver, Enhanced Intel Speedstep or AMDs powernow for example. The D2500 does not have speedstep. The Pentium-M does and it showed an overall reduction of system power of 5W (15%) in my testing at idle. I agree though that the lowest power state is in the higher 'C states' and if you have that enabled in the bios, and your ACPI table is complete and correct then you are probably already running at least power. Speedstep 'P states' become important if your CPU is running at a moderate load continuously when there is not much time to use C states. http://www.overclock.net/t/1058894/intel-acpi-guide-c-g-s-p-states-and-ocs
It worth noting that the Pentium-M is a special case here because the frequency/voltage values are hard coded into the est(4) driver and hence cpufreq can use them even if the ACPI table does not play nicely with FreeBSD (many, many bioses!).

I have a box in which I replaced the CPU, a P4 2.8GHz, to save power. I didn't need that much processing power. You can save quite a bit by simply using a lower speed P4. I then used a P4-M, which is pin compatible, and saved some more. The P4-M has speedstep though it is very crude, only two steps, but my own board doesn't support it. You are using a laptop though so I would investigate that.

Steve