ok man thanks for all of your help i really mean that you have got me further that anyone else on the other forums i really appreciate you i will read that link and hopefuly i get it thank you cheers

@johnpoz: you should be able to ping pfsense vlan20 address.  You allow ipv4 any any which would include icmp.. So if your not pinging something is wrong. You really can combine your block and allow rule and just make it allow ! rfc1918. So if I add your ICMP example (at the top?) and combine the last two rules I'm better off? I sure do appreciate you taking the time to help.  Not only do I want the rules but want to understand what's going on as well and you're helping with that.

@phil123456: ok I added a core and put 2gb instead of 512mb of ram, and now it seem to work fine jee snort is such a resource hog Yes, all IDS/IPS systems are resource hogs because of what they have to do.  If you start to run a full Snort or Suricata rule set, you may find even 2 GB of RAM can get a bit tight.  4 GB is a good RAM number for either Snort or Suricata in my view.  I suggest at least 2 cores for CPU, and 4 is even better. Bill

You can't negate table entries inside of a table. Create the table you want, then negate it in the rule where you're using it.

cu works great! Thanks

Build a firewall rule on your WAN with your PBX address as the source and your Linksys ATA LAN address as the destination. Make the ports whatever you use for SIP.  Generally 5060 on both sides. See if that helps.  Don't bother with port forwarding.

I have the US-150W-8 switch. I'll have a read through the links you posted.

Hi jimp, Thanks for the ultrafast reply :-) Yes indeed, it's the check_mk package. We're monitoring with it the firewalls and then we have all 5 minutes a login to the firewall via ssh from the monitoring host. I know check_mk can be used over a tcp-port but our development here decided to use it strictly over ssh, even when problems like this arise. (Which I don't understand why over ssh). On my private installation I'm using Zabbix as the monitoring, much more advanced, also encrypted direct agent/proxy communication and also great it is supported as a package by pfSense ;-) No problems with the Zabbix Agent there.

If it's in the FreeBSD base system dhclient you should file a PR against FreeBSD directly. At least from the description it sounds as though it may be a bug.

pfBlockerNG's DNSBL does this

At the moment we do not have a portal for that functionality. You can download any backup from any other firewall also running AutoConfigBackup, however, so it hasn't been a critical need. It is something that has been on our radar for a while, however we do not have an ETA on when it might be available.

I was wondering about this as well. ROOTer Firmware (http://ofmodemsandmen.com/) supports this with no issue on pretty much any Android phone that supports the standard NDIS USB Ethernet Tethering. Really worked well for getting me out of a pinch where the ISP messed up a transfer and left us high and dry for a week. The only other way I can think to achieve this using PFSense is to have it going into a basic TP-Link router and then expose that to a WAN port on a PFsense router as a failover.

dear, please can you more specific where to add"::" at line 125

@porcomaster: Hi guys I just purchased an h81i-plus, Pentium g3285 and 8 GB ram for a FreeNAS machine, but after some advice, I decided to buy a better suit hardware to my FreeNAS machine with ECC and hookers, but I do have now a real nice hardware at hands that I could just sell it and lose some money or transform it to a router, my router is already on its end of the lifespan , I know that this CPU would be too overkill, and it will consume a lot more power than a router, but it looks better than sell it, my actual router is a wdr4300, and it's already my third router with OpenWRT, my questions are, pfsense is a good choice for this? , H81i-plus just have one LAN card and one pcix16, so how is the best option to connect to my FreeNAS machine?  (I may buy a switch, for this one,  I do have an IPTV at home too) Which wifi card do you guys would recommend me? it's any wifi card that would be able to do 2,4 and 5 GHz? any advice? regardless I do ask sorry for any grammar mistake as I am not a native speaker, and I do ask sorry if this information is at any place, it's hard to find information about this matter I would think of your new hardware not as overkill, but as headroom. Pfsense can be configured as anything from a simple no frills router, up to a full fledged UTM type device providing deep security and a wide range of services. Naturally, the resources to power that activity scale up as well. Concur with stan re wifi. If you do on board, you take on the limitations of whatever the upstream FreeBSD sources provide, and no use case for that springs to mind. I use Cisco AP's myself, as we were already using them at work when I took us off the Cisco routing path and moved to pfsense. If you haven't purchased a switch yet- you may want to consider the Cisco 300 small biz series. They cost a bit more than I would like, and rarely hit the used market at much under retail, but they are a supported switch for PacketFence should you choose to go that route. Quad port nics are widely available on the secondary market for less than you'd pay for a new single port. You can do everything with a single nic and vlans, but it can make your brain hurt at times. 3G/4G is another story - if you have a need for out of band remote management, on board can be a good option, as the external devices aren't all that great - but you need to check the HCL carefully.

Glad you got it figured out. Probably some mangled data in one or more RRD files leftover from the power outage.

If this can help I found out that each time there is a degradation in the connection on the system logs there are this lines: Jul  9 17:12:59 magneton check_reload_status: updating dyndns WAN_PPPOE Jul  9 17:12:59 magneton check_reload_status: Restarting ipsec tunnels Jul  9 17:12:59 magneton check_reload_status: Restarting OpenVPN tunnels/interfaces Jul  9 17:12:59 magneton check_reload_status: Reloading filter Not sure if it is a consequence or cause – edit: BTW: I do not have any ipsec tunnel defined ...

@dennypage: To my knowledge, there isn't a way to do this directly with pfSense. However, you might be able to use an external agent to collect and store the data. Something like a Zabbix or other SNMP based monitor. Yeah you'll need something like that, since as Denny noted, RRD doesn't have all the fine-grained long term data.