What exactly does bridging do?

if you set it to "bridge" it basically creates a Layer 2(data link) type connection. however, i know you can create filtered bridges also… (someone please correct me if i am wrong here...)  i've always thought of bridges as switches with fewer ports or in your case, one port.

Does it just allow two interfaces to see each other?

it allows them to act as if they are connected to the same switch.

For example, without bridging my laptop (wireless) and desktop (LAN) couldn't ping each other.  However, with it enabled then they could?

makes sense… you either needed firewall rules or you had a routing issue. prolly firewall...

Also, I had to enable a bridge between Wireless and LAN so that my wireless could use the LAN DHCP server.  I guess that makes sense but is that a common way to set it up?

if i understand you correctly, it sounds like you have a wireless access point or router connected to an interface on your pfsense firewall. personally i would not set it up that way. (assuming this SOHO WAP)for security reasons, disable bridge, keep the wireless access point on a seperate interface (i think this is how you have it now), disable the dhcp server on your WAP, set a static IP for the LAN on your WAP, then move your ethernet cord so that it's on a switch port and not the WAN port.  this way your WAP should act like a switch with wireless enabled. then set dhcp server on your firewall accordingly and your wireless hosts should pick up the dhcp from pfsense.  be careful the order at which you do this or you'll lock yourself out of your WAP.  set the LAN static IP first. then disable the dhcp server on the wap.

once you have that all working and have enabled dhcp on pfsense for your WAP then configure firewall rules accordingly to permit access into your LAN. if your only using the subnets which reside on the pfsense interfaces then you shouldn't have to mess with NAT either..

hope this helps…

Great! Thanks, brah.  :)

Captive Portal

You'll find a forum on the subject further down.

Weird! seems to be symantec endpoint protection talking to a bunch of FTP sites… 69.22.137.48 is what i gather to be a symantec ip. Very strange as we are all locally managed for symantec updates.

Thanks for the help.  I appreciate it.

You might try to enable the traffic shaper, and set your upload bandwidth to something slightly less than your DSL sync speed (You can lost up to 13% due to various overheads). You can also try adjusting your ACK queues and such until it works better.

I'm using PPPoE on an ALIX and uploaded a bunch of files to one of my websites last night and it went at full speed without any issues. I have a WRAP for testing but I haven't tried it as my actual home router yet. I've got them both running 1.2.3-RC3 images though, not 1.2.2.

The logs are stored in a binary circular log format, and are found in /var/log

You can view them (and search some of them) via the GUI under Status > System Logs

The logs are reset at boot time, or when you manually clear them.

You can set how many lines are displayed in the GUI, but there is no easy way to control exactly how large each log file can be (it's hardcoded in the source, this should be fixed in 2.0 eventually)

Rather than posting to a months old thread, how about starting a fresh one in the correct sub-forum for the VPN you're trying to use (IPsec, PPTP or OpenVPN).

Take a look at posts in the Captive Portal forum.  The answer will depend significantly on the version of pfSense, the nature of the traffic and what you mean by "very good server" (since your definition won't be anything like mine, which probably won't be anything like other's).

@noi:

how to fix this problem…
"acpi_tz0: _TMP value is absurd, ignored (-247.7C)"

This is caused by a BIOS bug, best fix is to get the BIOS fixed. If you have a board from Hacom, some of those exhibited this problem, but there is a BIOS update available that fixes it.

@luiscloss:

It will work.

I wish I had the same level of confidence… ;D

wow working like a charm now

really apreciated your help

thanks a alot

hadi57

@wallabybob:

If by "default DNS" you mean the DNS your ISP assigns then the most effective way (assuming your WAN link gets an IP address by DHCP) is to check the box.

If your WAN link doesn't get its IP address by DHCP and you want your ISP's DNS server then contact the ISP to get the DNS servers address(es) (may be in ISP configuration help page) and then specify the DNS server(s) by System -> General Setup DNS Servers.

If you are asking how to set this when you only have WAN access to pfSense and can't ssh in, then sorry, I don't know.

You haven't specified if you want LAN systems to use the pfSense DNS forwarder (I presume you do) or you want the "default" DNS to be propagated to the LAN clients.

Yeah default dns I mean the one my ISP assigns. And yes I use the DNS forwarder. And yeah I only have lan access to the web gui.

@Cry:

You can only have a single default gateway, and that's always going to be on your external interface.  What you want to do is to configure static routes to your internal networks.

k - what i ended up doing was giving the wan interface an ip and set the gateway on that to the one i wanted to set lan interface to.

If you mean access to the web interface, it's been covered (lots) before, but…
Add a firewall rule destination WAN address port 443 (you have switched to https, right?)
Better still is to limit the source to an alias containing all the ips/networks you connect from.

@kamil.maciejewski:

Yes, I know this all, but the problem is, that this is a production area, it needs to work all the time and, what's even worse - I'm only part time working in this company, so i need to be able to change the settings remote. I'll separate the networks when it will work without any problems. For now I can only create new subnet and start moving IP's there. If it only fix the network lost problem

I'm not quite sure you get it: What you are doing is wrong and will not work properly. Nothing anyone can tell you will make it work properly other than correctly wiring the network to separate switches.

Edit: Locked thread.

wrong forum.

Hello,
Yes, the system is pfsense 1.2.2
the rule for smtp was added to the wan interface (em1).
pfctl -vvs rules reports this

@62 block drop in log quick on em1 from bogons:50to any label "block bogon networks from wan"                    
 [ Evaluations: 369980    Packets: 557       Bytes: 27864       States: 0     ]                                    
 [ Inserted: uid 0 pid 48699 ]

running /etc/rc.update_bogons.sh seems to solve the issue (outdated bogons definitions)

thanks

giuliano</bogons:50>

Sorted my problem, had to set MTU to 1400!