Well, rebuilding the pfSense box took just a bit more effort than I had hoped.

I saw where the installation was looking for 'config.xml' on the floppy, so I suppose if I had it on there, it would have found it.

I think I saw where it looked on the flash drive, and if I had the file named 'config.xml', it would have found it. But it had the backup name. So I had to wait until I could access the WebConfigurator to load it up that way.

Anyway, just reporting that the pfSense box is functional.

Sure, if it's configured to run in transparent mode, you can forward the necessary port(s) to it (as marcelloc suggests in the link that heper gave).

I was finally able to get the wireless up and running on OpenWRT is been working pretty good, the max speed for file transfers is 6MB/s which I thought was kinda low but I can deal with it.

However these connection limit emails are really starting to bug me, I don't know what is telling them to be sent out…

@kradalby:

I have been in contact with my isp, they cant help me unless i have ips i can give to them, and i have not been able to get something out of the box under the attacks because it overloads.

I presume you have firewall rules on your WAN interface to block unsolicited traffic. Enable logging on those rules.

When you are hit by a DOS attack stop the flow (for example by disconnecting or powering off your modem). Your box should soon become usable again. Dump the firewall log file to a text file, (for example pfSense shell command```

clog /var/log/filter.log > firewall-log.txt The firewall log should give you some IPs involved in the attack UNLESS you have bugs in your rules OR the attack is very specifically targeted at your open ports in which case you might be able to configure the attacked servers to log incoming connects and such logs might provide some IP addresses you could ask your ISP to block. When you have a bit more information about the nature of the attacks it might be possible to make more specific suggestions.

I created this page on the wiki to answer this common question/concern. If anyone can think of any points I missed, let me know.

http://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

@bobn:

Thanks both of you.

rjcrowder, Yea, I've noticed that is a wide difference among posters opinions about the matter of pfsense hosting wireless services.

starshooter10, are these steps in the gui, or a command line option; like is scheduler gui or cli?   Oops, I've finally found the scheduler tie in with the firewall rules…...  nm

Does the GUI firewall builder offer up enough that I don't need to learn the CLI?  If not, has anyone run across a great primer for that CLI.

I come from a cisco ios and asa background.  I dislike cisco's automagic network access they try institute in enterprise class products with their security zones freely allowing network from higher to lower security zones, I always start a new dmz vlan with an implicit deny ip any any inbound and outbound.  So I'm not unfamiliar with the SIP, DIP, DP, and masking concepts.  I just haven't actually had to work with linux type of firewall CLI, so I'm starting out at ground zero with it.

Is the web/http content filtering in this an inline filter, or explicit proxy filter?

Thanks

Probably shouldn't admit it, but I don't have much of a networking background… so I don't know much about Cisco devices.

The pfsense gui firewall rule creator is pretty nice and lets you do about anything you would want to do at layer 3. However, because it is using PF under the covers it will not let you do anything with layer 2. In order to mess with layer 2, you need to use the ipfw firewall - which is installed as part of the captive portal. Unfortuntely, there is no pfsense gui that allows you to create ipfw firewall rules - so if you need layer 2 rules you are at the command line...

From what I've seen, this is the major difference from linux based firewalls that I've played with (ipcop for example) which use iptables and let you create layer 2/3 rules.

http://doc.pfsense.org/index.php/Haproxy_package

or

varnish: http://forum.pfsense.org/index.php/topic,45496.0.html

or

squid reverse: http://forum.pfsense.org/index.php/topic,48347.0.html

Thanks for your replies guys, really helpful.

Jimp, I appreciate the company names and I appreciate the expansion into the security/update side of things, thanks.

As far as CARP goes I'm not sure how I could utilize and granted I have not built a CARP setup before. Our setup will go;

Fiber in –> What appears to be a media converter (Provided by ISP), ethernet out --> Cisco Router (Provided by ISP) single ethernet out --> Our current/replacement pfsense firewall. I can whack a diagram together tomorrow if that makes it clearer but because the Cisco router (which acts transparently as far as I can imagine; we have the public IP presented to the WAN interface on our current firewall and only need to NAT on that existing firewall and nothing above. I don't know how they set it up I'm just making educated guesses. I'll ask the person that comes out to program the cisco router. We're with BT by the way unless anyone knows) only has a single ethernet port coming out of it I don't know what I could do in terms of failover from there apart from having a warm spare (with an interface on both for pfsync if that's how it works? I'll look though the wiki/docs/forums/book) and physically change the cable over in the case of a firewall outage?

I do also like the idea of the support being provided by people who are also the developers. It would also be nice to put some decent contributions in and fund new features. On which note I'm glad to see there's processing for credit cards, as much as I love pfSense I couldn't help feeling the uninformed I may have to pitch my choice to may not value a solution that could only process paypal, so I'm chuffed!

Anyone got any UK based companies they could suggest? I'll be doing the usual Google reccy too. It is likely however that I'll reutilise some soon to be old servers and build the box myself, all the servers are the same model which will make any possible replacements my easier.

My money's on spam.  ;)
Though you might expect the provider to have notified you.

Steve

so she could go to other internet sites?  But not yours?  Prob others that you were just not aware of.

Glad I could be of help, and that its now working.

I've found the following 0 byte files that are being written pretty often (no idea what with, or why the writes are so large)

[2.0.1-RELEASE][root@pfsense]/var/log(33): find / -type f | xargs ls -lt | head -n 2 -rw-r--r--  1 root      wheel          0 Sep 19 17:15 /tmp/tmpHOSTS -rw-r--r--  1 root      wheel          0 Sep 19 17:15 /var/db/currentipsecpinghosts [2.0.1-RELEASE][root@pfsense]/var/log(34):

How can I stop these files being written?

Cheers,

Yax

Oh wow, i feel stupid, I did change the configuration on the client… I accidentally removed "10.0.0.2  serverhostname" from the host file...

But I still get loads of these entries in the log, almost one every second... Is that normal?

So pinging to wireless clients from wired should work, but make sure your resolving the mac.  After you trying pinging a wireless client from a wired client.  Check the mac for that IP in your arp table

arp -a from a cmd prompt on the box your pinging from.

As stated quite often with wireless to wireless you could have Isolation setup so wireless clients can not talk to each other.  And depending on the wireless router, and if using say a guest wireless network.  You could be preventing wireless from talking to wired.

First thing I would do when attempting ping is verify MAC is resolved.  And that mac is correct, if correct and still not working - verify host firewall allows icmp/ping – this is common for that to be blocked on say windows default firewall settings.  If firewall is ok, and mac is ok - I would sniff on both pinger and pingee and verify your seeing the traffic go out the wire, and that the pingee is seeing the traffic.

This really is just basic network troubleshooting 101.

Perhaps my first layout picture was a bit fuzzy. I only mentioned the IPsec tunnel because I thought there's a small chance it would matter but I really don't think it will.

My lab setup has no vpn or IPsec connections whatsoever. In the live setup both the regular and the guest networks connect directly to the internet, with only the regular (corporate) network connecting to an IPsec tunnel.

Btw, I rebooted PfSense after setting up the second nic and the firewall behaviour didn't change so it's not a hiccup. But it works so I'm happy :)

We've been running production v6 networks for about a year and a half, no issues.

The full config isn't held in memory, nor any parts of the actual config.xml that are usable. Your firewall rules should be accessible in /tmp/rules.debug maybe, may have to run "pfctl -vvsr" to get the list. That's the list in PF syntax though, it'd just be a reference you could use to recreate from scratch once you're on a fixed hard drive. Other services have config files in a variety of places but mostly on disk, the configs they're running with now that the disk is gone aren't extractable. Unfortunately you're probably stuck with the exception of the firewall rules.

I have also heard of cheap, software based NIC's causing those kind of performance issues.