Navigate to System > Package Manager, Available Packages tab Install the System Patches package Navigate to System > Patches Click + Add New Patch Enter the Description: Chrome Bug Workaround Enter the URL/Commit ID: 83469e50681bf1ab0388e5cb756d5198b7f705f4 Click Save Click Fetch Click Apply

Navigate to System > Package Manager, Available Packages tab Install the System Patches package Navigate to System > Patches Click + Add New Patch Enter the Description: Chrome Bug Workaround Enter the URL/Commit ID: 83469e50681bf1ab0388e5cb756d5198b7f705f4 Click Save Click Fetch Click Apply

@Derelict: Does the lagg come up? I think it did but what do you exactly mean? @Derelict: Did you enable a DHCP server? Yes, it's enabled (attached). All other DHCPs are working fine though. @Derelict: Why not just assign 10.0.13.2/29 to the QNAP LACP interface? You mean instead of dynamic, assign that IP on the QNAP? I'll try that in couple of hrs. time @Derelict: Not sure why you wouldn't use a switch for this but that's probably just me. The main reason is: The storage is used buy several other devices (security camera, A/W receiver etc.) from various part of the house, connected through different switches (and from out side) and I didn't want to lose the access to the storage, in case a switch went down. If pfSense has gone down, I take it as a game over. I'm open to other suggestions though. [image: qnap_dhcp.png] [image: qnap_dhcp.png_thumb]

"What data is "interesting" to see? How to filter/sort it when there is so much?" This is a great point..  Even if you could pick it out and color code it and make it easy as pie to understand for someone with an understanding of networking.  What is your typical user going to do with it?? I don't need a "smart" gateway to see the traffic I am interested in ;)  This can already be done with the tools out there and pfsense, etc. This line drove home the guy that wrote this just doesn't really get it… "smart service providers could even leverage the data to suggest things like adding a WiFi extender for your upstairs bedroom or the basement office." Did he mean to say where another AP should be placed or how to better place the AP in your home for best coverage..  If what you want is crappy ass wifi, then sure throw up some "extenders" hehehe "Wouldn’t you like to know what kind of data is flowing into and out of your home?"  I take it he is talking about ILDP, who is going to set this up?  Your typical user?

That's the way it was designed, and how the cron job runs to check the times. It is possible to support times closer together, but there is not much of a call to do so, and depending on the speed of the hardware, size of the ruleset, and so on, it may not scale well to do faster in some cases.

While that is a work around for sure..  Something not right with your connection if your having that many problems with udp..  Is your pipe full?  is it shitty/slow ? your not blocking it outbound are you?  You prob want to get with your isp if your having problems with udp connections. As to the misdiagnosis, that is why we are here - but we need info to help ;)

well sniff and see..  your saying this 149.56.149.42 is not your IP block?  But traffic is being routed to you..  Well I would get with your ISP on why your seeing traffic to a IP this not yours.

@BlueKobold: Here in Germany we are paying hard for electric power and a small firewall with using 40 Watt is at the cost of ~35 € per year and on top of this a modem is for ~40 € each year to pay for. 1. Private or personal WLAN (WiFi) can be secured by FreeRadius Server and using certificates! 2. The guest WLAN (WiFi) can be secured by using the Captive Portal with vouchers 3. With OpenLDAP all wired or cabled devices will be able to secured inside of the LAN 4. Snort can protect the DMZ or inspect the LAN Ports for getting an alarm if something occurs 5. With squid and SquidGuard all devices in the DMZ are not really or directly connected to the Internet! So where is now the security issue to switch after 6 - 8 hours the firewall out or take it off? If you might be thinking your PC is out or off and not running and the modem alone will be taking of electric power this must be surely unable to enter in your network and entering your PC! If you are afraid of an intruder you should better turn of the  entire WiFi part in pfSense and on top of this the modem and your PC too, so someone must be entering your apartment to get in touch with your network or PC. After the first security protocol (WEP?) was cracked, I became wary of wi-fi anything. After the WPA was hacked, any remaining trust was over. Now I hear WPA2 was compromised by 'Wi-Fi Protected Setup', and a quick Google search (using search terms 'wifi wpa hack') insures I will never be using wi-fi, bluetooth, or anything similar. My thought on saving power is anything is better than nothing. Will my turning of lights, TV, or whatever when I leave a room prevent blackouts? Probably not, but I see no good reason not to….and since I been doing this my lightbulbs last about three weeks longer than before. Aside from power saving, there is the security aspect. Turning off the PC and disconnecting it from the router insures no attacks via the internet. Turning off the router, and disconnecting it from the internet guarantees it will not be attacked via the internet. Someone said that if I turn off and disconnect the router I would have to re-configure everything when I turn it on...if true, that would definitely be a good reason to leave it on! Still would want to airgap the PC though.

The NAS IP should be on a network that is 192.168.2.0/24 and be set to DHCP or a static IP in that network. The .1 address should be reserved for the interface gateway for eth2. Then do the rules to allow to access it from your LAN ips or the 192.168.1.0/24 network.

Yes, just a port-forward with LAN as the interface instead of the usual WAN.

The quoted format is for the local log, not remote logs. Syslog always assumes the hostname from the source IP address or hostname, NOT from the log message data itself. Your server should be classifying the sources by their IP address/hostname in some way, it shouldn't care about the message content identifying itself. "filterlog" is the name of the daemon that made the log message.

Any help/pointer from anyone? -S

pound - a great reverse proxy. On pfSense it needs to be installed manually, from freeBSD repos. It has no dependencies and the binary is also vers small.

Enable client isolation on access point.

Thanks for your reply! @BrightEyesDavid: 2. I'm thinking wifi access point 2 would be for guest internet access, where they can only get internet access and not access any of the other devices on wifi access point 1 or the switch; is this possible? Alternatively, would it be possible to achieve the same effective result with only one access point, where only certain devices would be allowed to send/receive from other devices on the home network but all devices would have internet access? Edit: I just remembered the SG-2220 has wireless options; could I achieve the same result using its own wifi? @mauroman33: 2. Yes, if the switch supports VLANs. Regarding using VLANs for isolation, I think I heard that VLAN-based separation/isolation is not as secure as using separate interfaces because the VLAN tag on the end of each packet can potentially be faked. Is that right, or is a VLAN means of separating groups of devices reliable in this situation? Does the SG-2440 have four separate interfaces (one for WAN, other three for LANs in my case), or are all/some of the ports on the same interface? @BrightEyesDavid: 3. I'd like to run a couple of internet-accessible services on a home computer (webserver and mumble server). I only want the associated ports to be reachable on that particular computer - not other devices. Can I configure pfSense so that all incoming traffic on certain ports (80, 443, etc.,) only get routed to a certain computer attached to the switch (which is attached to the SG-2220), whether using IPv4/NAT or IPv6/no NAT? 4. Also, can I effectively isolate this internet-accessible computer from my other computers (in case of compromise via website software, for example), perhaps with the exception of port 22 for SSH access from one or two of my other computers? (And is this a fairly safe/sensible approach? The SG-2220 has just the one LAN interface.) @mauroman33: I think there will be no problems about number 3 and 4, although it's better to wait for someone more experienced. Okay, thanks. I would have thought that 3 in particular is something basic for pfSense as it seems similar to what a typical NAT router does when it forwards ports. By the way, I've started watching this Comprehensive Guide To pfSense 2.3 video series which seems helpful, and I think I'm going to learn a lot and hopefully find out more about things related to my questions.

fixed. thx