To add to this… yes it is definitely a public IP subnet (PI space issued by RIPE).

As far as i can tell 1.3 allows to do all this on a single box, it would be nice if you can give it a try and report if all went well!

Remember that to loadbalance squid on 1.3 you have to add on the Floating Tab rules with out direction and selecting the quick option and selecting a gateway as you do for other loadbalancing.

Okay great, thanks for the check.  Now I will get busy on figuring out how to get it working!

Thanks again…

cheers  ;)

If you are using port forwarding and you are trying to access your servers from the inside using the external IP address, you will need to enable NAT reflection. Go to System>Advanced and clear the checkbox that says disable NAT reflection.

ok. Thanks for the help
cconk01

@GruensFroeschli:

Only if you want the subnet behind your second router NATed (which you probably want).
http://forum.pfsense.org/index.php/topic,7001.0.html

Not even in that case. All locally connected subnets, whether locally attached or configured via static route automatically have outbound NAT rules created for every WAN interface. This is true in 1.2 RC versions and newer at least, probably some 1.2 beta releases prior to RC. I don't recall exactly when it was added but it's been that way for a while. You only need AON if you require static port or have some complex NAT needs requiring you to disable the aforementioned automatic behavior.

I updated the linked page to reflect this.

PPPoE is typical terminated by a small (home use) router.
I don't know if it is possible by windows itself

that's great info, thanks.

Antivirus as a whole is exceptionally overrated, and its effectiveness today is very poor. People put far too much weight into the value of antivirus in any role. Malware changes too quickly today for it to be effective. Back in the days when email virii were the biggest concern it was effective - the executables didn't change as they were spread by infected machines. Now that the most common means of distribution is the spamming of URLs where you download infected files it's nearly useless because those who are spreading this stuff will change the file as soon as most AV is detecting it. AV vendors can't put definitions out quickly enough to stay ahead. I frequently download the exe's from virus spammed links and run them through virustotal.com. After doing that on 100+ occasions, virtually all of them are detected by fewer than 10% of the AV engines and the few if any that detect it will vary greatly from one piece of malware to another so no vendor is always protecting you.

Would I mind seeing it in pfSense? Not at all. I wouldn't use it though. One it's not effective, two it's a significant performance hit, look at Untangle's hardware requirements. For a network of 50 users they recommend the same class of hardware that people run 1000+ users on with pfSense.

On the networks I run I force outbound connections through a proxy and block executable downloads from all but a very few trusted users. Vastly more effective than antivirus, and significantly faster.

To sum up a comparison between Untangle and pfSense, Stoutman put it best - they are both good, at different things.

No worries Ermal.  I'm glad you looked at it, and maybe if things get changed with FreeBSD, this can be made possible in the future.

–[ cable modem ] –  [hub] – [ pfsense ] –-[ lan switch ]
                                 |           /           
                              [ linksys ] /

get a hub or switch, plug your cable modem into it, along with pfsense WAN interface, and a linksys or other router.

this way pfsense would pull a DHCP address from the cable modem, and so would the soho router which would then NAT it to a static internal ip for pfsense to use via opt1

then policy route VOIP to opt1

1: For only 3 sites i would instal 3 PSK tunnels.
One between each location.

You basically add what subnet lies on the other side of the tunnel in the config, and OpenVPN does the rest for you automatically behind the scene.
If you configure correctly you wont have to worry about correct routing.

2: I'm used to OpenVPN so naturally i say use OpenVPN ;)
I'm not sure about IPSEC.
But i think it doesnt make much of a difference.

3: Can you ask more specific questions?

PS: Can you post the link to your original thread?

alright i'll wait until RC1 gets released and then i'll try a fresh install. i'll update once i try this.

@familyguy:

@fredde:

install and start ntop , should tell you what´s hogging the line

/F

Do you mean installing ntop on the pfsense box?

Yes, system -> packages -> ntop
that´s asumed you dont run embedded version

/f