Thank you, I added that now. Where would you place the script to load it propery? In here? /usr/local/etc/rc.d/

That's basically idle. Any loss is likely attributable to a problem on your Internet connection. The processes you see coming and going are from updaterrd's stats gathering.

There was a problem earlier, fixed this morning.

@Harvy66: I hate SMS based 2FA. It requires wireless connectivity and SMS has been shown to be easy to snoop on for people in the know. The US National Institute of Standards and Technology (NIST) has released the latest draft version of the Digital Authentication Guideline that contains language hinting at a future ban on SMS-based Two-Factor Authentication (2FA): http://news.softpedia.com/news/nist-prepares-to-ban-sms-based-two-factor-authentication-506617.shtml

@virgiliomi: No, you would need a special interface card that Asterisk would communicate with for the purpose of making/receiving phone calls on that line. There are two different kinds of ports that can be found on analog cards… FXO (line) and FXS (station). You want a card with FXO ports to be able to use the analog phone line. If you had analog phones that you were using through your Asterisk system, those would use FXS ports. FXS ports need to provide a bit of electrical power for the analog phones attached to them, while FXO ports don't. By any chance are there any FXS port adaptors for USB that pfsense(or FreeBSD) recognizes properly OOB? @AndrewZ: @ultimateon: I have a modem it has a phone number ,etc… You need to figure out how this voice part of your modem is configured. Generally there are 2 common options - this internal VoIP GW may use either Internet VLAN or it's own 'voice' VLAN. In the 1st case you will just need SIP credentials extracted from your modem, in a second - you will also need to bring your voice VLAN to pfSense and route it further to your Asterisk. Forget about the jacks ;) Unfortunately the modem doesn't come with VoIP and it keeps it SIP gateway closed up although (The ISP doesn't actually provide VoIP directly but provides services using it, complicated stuff) So ill have to go ask Jack if he's willing to phone PFsense.

you should be fine at close to gigabit speeds, depending on the number of firewall rules, NAT, and packages (snort, pfBlockerNG, etc) I would check your system interrupts at high load/transfer speeds to see if you need to make any OS tweaks: systat -vmstat

@cmb: That's the TFTP proxy, not bittorrent. Thanks, that puts my mind at ease.  Given that I have no need for TFTP, and I occasionally will use bittorrent, can I easily turn TFTP off, and will doing so cause any problems other than not being able to network boot devices from pfSense? Thanks.

@guardian: @KOM: Try this.  It's DNS-specific but the concepts should still apply. https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense Thanks… I gave this a try, and... since I want to do the same thing with DNS, so I tried to do exactly what it said in the directions, and all DNS is blocked by the default deny - so for some reason this rule isn't getting triggered. Or am I missing something (or did I find a bug)? Hi, I also using the redirect all DNS request to OpenDNS servers for my LAN_2 users This is my firewall rule for my LAN_2 users.  By this I prevent them for using another DNS, Only OpenDNS in this case.  

2.3.2 is released now, you should be upgrading to the stable release not a snapshot (what this board is for). Post in https://forum.pfsense.org/index.php?board=4.0 if you have question about upgrading to 2.3.2-RELEASE

https://forum.pfsense.org/index.php?topic=115396.msg640607#msg640607 https://forum.pfsense.org/index.php?topic=114877.msg638304#msg638304 use the search function maybe?

Well, after the update to 2.3.2 works perfectly

Just find the bug ticket: https://redmine.pfsense.org/issues/6634 Great!

Yes, I only show the rules on the floating and interface group called Internet. The floating rule show a rule that say ICPM from any, any port, to this firewall accept. Why you say that my floating rule is for deny all my other addresses? If when you put THIS FIREWALL on the destination option it apply for ALL THE INTERFACES. If you see the rules (some ones that are not in use) it show also for each interfaces the same rule. I tested all the variants. I use the same rules in a firewall that have 3 WANs with static IP address and works fine. I  use the same rules in a firewall that have 4 WANs with 2 static IP address and 2 DHCP address, and if I put as default gateway one of the DHCP WAN, i can ping to 3 of 4 WANs, if I put as default Gateway one of the 2 static WAN i just can ping to the 2 static WANs. The order to apply the rules if Im not wrong is from UP to Down (on the screen, pfSense do not show a rule number order) and first apply the floating rules, then the interface groups and then the interfaces. I tested too to delete the rules on the floating, and the interface groups, delete the interface group, and apply the rules in each WAN interfaces, same thing, I only can ping and attend request on a interface that is the default gateway (when it has a DHCP ip address) i doing it in a virtual LAB and is the same thing). What other information is needed to perform an analysis? John Poz if you want i can give you access to the virtual lab to put hand on. Regards and thanks for you invaluable time John [image: interface_group.png] [image: interface_group.png_thumb] [image: interface_inet-telecentro.png] [image: interface_inet-telecentro.png_thumb] [image: interface_inet-fibertel.png] [image: interface_inet-fibertel.png_thumb] [image: interface_inet-free.png] [image: interface_inet-free.png_thumb] [image: interface_inet-vpnht.png] [image: interface_inet-vpnht.png_thumb]

@Derelict: Bonjour is multicast DNS (mDNS). It needs to be forwarded between network segments by something. Thank you man Have the package installed and everything is running now,