@miles267:

Thanks - that worked.  Is a pass phrase necessary for the key?

Well, technically it's not required, but it's a good practice security-wise to keep keys password protected.

If you do a lot of logins/logouts throughout the day, then you could use Pagent (in case of putty).

macraig you can see in console or system.log Watchdog timeouts on network interfaces ? I have a similar problem using Intel PRO 1000 MT Dual port PCI after minutes system hang

Stephen, thanks SO much for your patience and help.  In the end, I was able to restore libgcrypt from the FreeBSD archive site and install the appropriate version of freeipmi.  This restored both my bmc-watchdog functionality as well as added the ipmi-sensors function.  I too was able to add the IPMI Sensor entry to pfsense Diagnostics drop-down so I can access from within the web UI.  Much appreciated.

I have just tried this and It works, thanks to everyone who contributed.

I set this up on my BT UK service. I have a business account and have used the supplied username and password they email when you sign up. I think the following is default for domestic installs on BT, homehub@btinternet.com as the username and no password (set to 1234).

I should add this is a FTTC install and I replaced the BThub3 with my pfsense box

remember that some ISP's block ports under 1024 to "SCREW" their customers ….

Fixed that for ya!    ;D

On my LAN all nodes have public, fixed IP addresses, so as far as each computer's built-in firewall and/or the pfSense box allows, each one can access any other one regardless where it's located by a fixed IP address or FQDN.

This of course falls apart, as soon as a machine leaves the LAN, and that I try to prevent.

The one big thing that the Internet still has that's rather outdated is the geo-IP stuff, when in fact global roaming of any given IP address should be possible (just like a moble phone can be anywhere in the world and still be reachable by the same number).

So the goal is, to destroy the geo-location dependence of in practice a few, conceptually of all, my computers' IP addresses while retaining the ability to reach all of them by the same fixed IP address from any public network, regardless where they are located.

I'd like to end up with a logical environment that's largely independent from the physical location. e.g. an rsync script shouldn't have to know where a computer is. It should only need to know its public IP address and/or FQDN, and start working, as long as the host is reachable (if the laptop is sleeping in an airplane, it won't be reachable, but it shouldn't matter if it's set up in a hotel in Nairobi, a coffee shop half a mail away from the office, or in orbit on a space station: if there's internet connectivity, it should be reachable by the same address and FQDN.

Due to the boneheadedness of Verizon, I was already forced to virtualize my entire LAN by routing the public IP addresses over a VPN link to where I am, which means theoretically I could go traveling around the world with the entire LAN, IP addresses and FQDN's remaining invariant. So now I'd like to extend that concept to individual machines.

Bridging would be just fine, if somehow I could filter the broadcast traffic…

On a fast internet connection, the amount of broadcast traffic wouldn't be an issue, because there are not that many machines involved, and the net is generally fairly quiet, but traveling one doesn't always have a fast connection, and then broadcast traffic can quickly get deadly... (think GPRS link to the internet...)

Thank you for the reply! I'll see what I can do from the GUI then.

Regards,

Nick

seriously… i am a dumbass so... I will go sort that out... thanks a lot

You'll need to assign one of the VLANs as LAN, assign an IP to it, and then do the config from there in the web interface. There isn't a way to assign a gateway at the console.

Obviously doing this you could easily break something etc etc.  ::)

Edit the file: /usr/local/pkg/lcdproc.inc
Towards the end of the file the rc script is generated. Change the line

$start .= "\t/usr/bin/nice -20 /usr/local/bin/php -f /usr/local/pkg/lcdproc_client.php &\n";

to

$start .= "\t/usr/bin/nice -20 /usr/local//bin/lcdproc C T U &\n";

Change C T U for whatever screens you want. Re-sync the package or reboot the box.

Steve

@cmb:

Just use an external AP, you can generally place it in a more optimal location for coverage that way, and the cost is generally no different.

The thing is I need it to be a mini switch, as well.  But the good news is I found this nice used appliance, with everything preloaded for $70.  It should be a fine pfBlocker box, and I can use use my wireless router to do the rest.

So I'm a happy camper.  :)  Thanks!

After the fact, you can't narrow it down that much with what's in the RRD graphs. You need either an add on package like bandwidthd or similar, or export Netflow to a collector, for detailed historical data like that.

To update, there hasn't been another instance of this since I changed my machine name the other day.

I love my pfSense firewall. :)

@wallabybob:

@jigglywiggly:

i configured a lan rule so that 192.168.100.1 goes to the modem connected to the usbnic
this works, i can see the page and I know it's the right modem.

I'm not sure what you mean by "lan rule" - "firewall rule on LAN interface" perhaps. It is not clear this is necessary. Normal defaults for firewall rules on LAN anllow any traffic to anywhere and normal routing would direct traffic to the subnet of the USB NIC through the USB NIC. (The modem would normally be on the same subnet as the USB NIC.)

@jigglywiggly:

however, when I make a firewall rule so what whatismyip.org goes through the usb nic it times out

It is not clear in this case who is doing NAT or supposed to do NAT? If the modem is a router then it is almost certainly doing NAT but the conversation won't get established if pfSense is not doing NAT and the modem/router doesn't have a route to your LAN subnet.

@jigglywiggly:

EDIT: GOT ITZ
I had to go to nat > outbound > and create a rule with static port all the other settings were on any

If the access to whatismyip.org was web access it is not clear to me why Static Port on the NAT rule would have been required - that is, I suspect a "Static Port=NO" rule would also have worked.

i added the lan rule so i could see if traffic was able to get past the nic
by lan rule yes i mean firewall rule

to clarify, all traffic was not working. I had to enable static port for any traffic to work.

@Supermule:

Is that enough to bring down the firewall??

No, it will make the web interface non-responsive, but has no impact on everything else.

Yes the other machines should simply connect as normal. You use the server on pfSense simply to setup a tunnel to your Netgear router. It may be easier/better to use pptp or l2tp, I'm not sure as I've never tried this as I said.
You need the Netgear router to send all it's traffic via the tunnel, if you use pppoe it will see that as a normal WAN connection and should do that.

Steve

Thanks for a definitive answer JIMP

that decision is usually up to the syslog daemon itself, if the messages are far enough apart, even if they are repeated, it still prints them.

From a quick glance at the man page, there is a way to disable this message compression but not a way to expand it.

Running wireshark on both sides (client and Web Server), I can see the client sending packets to the Load Balancer Address and I can see the Web Server Receiving packets from the WAN address of the PFSense box which it then tries to respond to but the client never receives them.

Additional info: Client: 192.168.1.50 sends to Virtual Server (192.168.1.20). Web Server (192.168.1.30) sees packets coming from 192.168.1.1 (Load Balancer box WAN interface, not Virtual Server IP). Web Server sends packets back to 192.168.1.1, PFSense does not pass them on to client.

What do I have configured wrong?