Satellite yes, at least from what I've seen that's always just an Ethernet connection. Dial up, not yet. 2.0 has the ability to do dial up, it's an active work in progress at the moment.

I wonder how this will end with IPv6 and RFC4193 if there are already confusions with /8, /12, /16 subnets.
Where will this end with /48 ~ /64 subnets? :D

There is no (easy) way to manage these from the command line. These are not held in a particular file, but they are part of the main config.xml file. You may be able to edit that file and add them in, but it isn't something you'd want to regularly.

There are a few other ways to configure things from the CLI, but they are not optimal. You can use the (included) text browser links to view the web interface (links http://localhost), you could learn the PHP functions to add them via the PHP Developer shell, or you could write a program that adds them on your own.

You may be able to accomplish some of the same things by adding items to a pf table from the CLI, but you'd have to look for existing tables to use (e.g. sshlockout)

@nfsiv:

the problem is, from outside i can not ping these 4 ip address, and inside i can not ping outside, even i ping from my pfsense.

Did you create any firewall rules on the WAN, allowing ICMP to these IPs?

How did you test to "ping outside"?

Don't do what you just described.
Each VIP needs it's own VHID.
Just put another VHID for each VIP.
This doesn't affect the functionality.
The password isn't used for your setup.
This is if you want hardware-failover between multiple pfSenses.

I doubt its a dsl modem problem.
I have had a Smoothwall firewall and that modem since 2001.

@jimp:

Is there another port on the back of your DSL router that you can try?

No. There is only a single Lan and single Wan connection.

I intend to get another dsl connection and wanted a firewall that
was better suited for dual wan connections. The only problem I have
had with the smoothwall is after about 6 months, it starts to block outbound
connections its not supposed to. For instance, I cannot connect the PS3 to the
playstation network anymore. Another example, is my daughters WOW, it worked
fine for months, and now it will not connect through the smoothwall. If I were to
reinstall the smoothwall, then everything would be fine, but I am tired of having
to reinstall it every 6 months or so and spend the hours reconfiguring all the firewall
rules.  I have two boxes with smoothwall on it so when one is down, I can use the
last one until the new one is ready. I need to have a backup one ready to bring online
because I host several websites and services. That is another reason I am looking for
a more robust and secure firewall. Those websites are prone to attack by spammers
because they are used to supply evidence to registrars, LE and ISP's to get sites and IP's
shut down.

Store your pages in /conf/ <somewhere>as long as they are not too large, then add a shellcmd to the config to copy them over to the proper place if they do not yet exist (or on every boot just to be safe)</somewhere>

The book covers all that and more http://www.amazon.com/gp/product/0979034280?ie=UTF8&tag=pfsense-20&linkCode=as2&camp=1789&creative=9325&creativeASIN=0979034280

Well, port that pfsense was plugged into need to be in trunk mode. From there it was a matter of taking it step by step. Initially we couldnt get any subnet to communicate with the pfsense box. We had to actually add the subnets to the lan interface. Once we could get vlans to communicate with pfsense it was just a matter of figuring out NAT.

NOTE: Automatic NAT does not work/would not work in our situation. Has to manually do it.
        1:1 NAT also would not work had to stick with NAT port forwarding.

Things are good now, internally geting out we have noticed a 50% increase in speeds.

I'd hate to have things in perpetual beta though.  We'll probably be having the same discussion about something else when 2.0 is released.

Thank you for your reply !

This rule has a lot of option.. this is the following one, right ?

Do you can tell me more about this option ? what does it mean, implies ?

I will try as soon as possible with IPTV, thank you again.

I'm not surprised, and I'd personally discourage such development.

I just sent the customer a long list of workarounds. #0 is "fix the brokenness you see first". They complain this particular server is "finicky". No wonder.

I also could put the device into bridging mode and probably get the behavior back, since the Cisco is on the other end still terminating a T1.

Or I could setup some OpenVPN tunnels bridging.

It's gonna hurt if I have to do any of that.

I even came up with a solution to the most serious consequence (broken VPN) that only involves adding a couple more specific static routes to the more important servers.

So many workarounds  ::)

There is lagg(4) support in pfSense 2.0, which is still Alpha (but will be Beta very soon).

Ah, a voipo customer :)  I just ported my number out of them.  Not from unhappiness, but because they made a (totally understandable) business decision to not support BYOD customers, which I am an extreme example of :)  I am using the freepbx service which uses bandwidth.com.  voipo worked fine with pfsense, but the other service got confused due to the source RTP ports being rewritten, hence my need to use the static_port directive.

Oh thanks for your idea, It is realy clear to me.
Thanks again.!

I had similar checksum errors early on when I first started using voip through my pfsense box. In my case it turned out to be what I thought to be an apparent faulty nic. (Realtech-  I know I know… I see now...)   Since replacing the nic, my voip systems have been rock solid. And no more errors.

May not be related but I figured Id mention it...