maybe they stayed at a holiday inn express last night?

Either the disable of rules or uninstall of Snort fixed it temporary. Now I can test the interface at least :)

https://forum.pfsense.org/index.php?topic=110981.msg617964#msg617964 You can look at the current version: https://github.com/pfsense/FreeBSD-ports/pull/120

It looks like disabling SMP is an immediate workaround for the problem while we track down and fix the root cause. https://forum.pfsense.org/index.php?topic=110953.0

"user@user-vivid:~$ nmblookup -M local name_query failed to find name local#1d" Really???  How dense are you?? Where my local example would be the workgroup your using "all computers on one lan 192.168.0.1 to 192.168.0.50" What does that have to do with a bridge setup in pfsense??

Bacula can't pull from the server. It needs a connection from the server to Baculas storage daemon. I did create a rule, but couldn't get it to work. I forgot to move it to the top. After I did that everything is working perfectly.

Went ahead to install Squid, SquidGuard and LightSquid in that order. Seems to work ok.

@heper: you either use your client machine to handle the encryption/decryption or you let your firewall handle it. you either have 1 client machine going over the tunnel, or you can have multiple clients use the same tunnel connection simultaniously facepalm: I am so stupid. Thanks.

OK I just went ahead to install a second SATA hdd. Steps I took is: Halt pfsense (I read somewhere this is the right way to shutdown) Physically install hdd Reboot machine and use gparted to format hdd with ext4 (is this the appropriate filesystem?) Make sure BIOS recognise the hdd correctly Reboot and enter GUI I used Diagnostics SMART to retrieve below info. Looks Ok to me. Does this mean my second hdd is ready for use within pfsense? I want to use it for caching. _smartctl 6.4 2015-06-04 r4109 [FreeBSD 10.3-RELEASE amd64] (local build) Copyright (C) 2002-15, Bruce Allen, Christian Franke, www.smartmontools.org === START OF INFORMATION SECTION === Model Family:    SAMSUNG SpinPoint F1 DT Device Model:    SAMSUNG HD161GJ Serial Number:    S1VCJ9ASC08901 LU WWN Device Id: 5 0024e9 201759fa4 Firmware Version: 1AC01117 User Capacity:    160,041,885,696 bytes [160 GB] Sector Size:      512 bytes logical/physical Device is:        In smartctl database [for details use: -P show] ATA Version is:  ATA/ATAPI-7, ATA8-ACS T13/1699-D revision 3b Local Time is:    Sat Apr 30 09:37:33 2016 AEST SMART support is: Available - device has SMART capability. SMART support is: Enabled === START OF READ SMART DATA SECTION === SMART overall-health self-assessment test result: PASSED General SMART Values: Offline data collection status:  (0x00) Offline data collection activity was never started. Auto Offline Data Collection: Disabled. Self-test execution status:      (  0) The previous self-test routine completed without error or no self-test has ever been run. Total time to complete Offline data collection: ( 2017) seconds. Offline data collection capabilities: (0x7b) SMART execute Offline immediate. Auto Offline data collection on/off support. Suspend Offline collection upon new command. Offline surface scan supported. Self-test supported. Conveyance Self-test supported. Selective Self-test supported. SMART capabilities:            (0x0003) Saves SMART data before entering power-saving mode. Supports SMART auto save timer. Error logging capability:        (0x01) Error logging supported. General Purpose Logging supported. Short self-test routine recommended polling time: (  2) minutes. Extended self-test routine recommended polling time: (  34) minutes. Conveyance self-test routine recommended polling time: (  5) minutes. SCT capabilities:       (0x003f) SCT Status supported. SCT Error Recovery Control supported. SCT Feature Control supported. SCT Data Table supported. SMART Attributes Data Structure revision number: 16 Vendor Specific SMART Attributes with Thresholds: ID# ATTRIBUTE_NAME          FLAG    VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE   1 Raw_Read_Error_Rate    0x000f  100  100  051    Pre-fail  Always      -      0   3 Spin_Up_Time            0x0007  093  093  011    Pre-fail  Always      -      3130   4 Start_Stop_Count        0x0032  098  098  000    Old_age  Always      -      2140   5 Reallocated_Sector_Ct  0x0033  100  100  010    Pre-fail  Always      -      0   7 Seek_Error_Rate        0x000e  100  100  000    Old_age  Always      -      0   8 Seek_Time_Performance  0x0024  100  100  000    Old_age  Offline      -      12388   9 Power_On_Hours          0x0032  095  095  000    Old_age  Always      -      24254 10 Spin_Retry_Count        0x0032  100  100  000    Old_age  Always      -      0 11 Calibration_Retry_Count 0x0012  100  100  000    Old_age  Always      -      0 12 Power_Cycle_Count      0x0032  098  098  000    Old_age  Always      -      2137 13 Read_Soft_Error_Rate    0x000e  100  100  000    Old_age  Always      -      0 183 Runtime_Bad_Block      0x0032  100  100  000    Old_age  Always      -      0 184 End-to-End_Error        0x0033  100  100  099    Pre-fail  Always      -      0 187 Reported_Uncorrect      0x0032  100  100  000    Old_age  Always      -      0 188 Command_Timeout        0x0032  100  100  000    Old_age  Always      -      0 190 Airflow_Temperature_Cel 0x0022  076  072  000    Old_age  Always      -      24 (Min/Max 17/24) 194 Temperature_Celsius    0x0022  071  070  000    Old_age  Always      -      29 (Min/Max 17/29) 195 Hardware_ECC_Recovered  0x001a  100  100  000    Old_age  Always      -      16621 196 Reallocated_Event_Count 0x0032  100  100  000    Old_age  Always      -      0 197 Current_Pending_Sector  0x0012  100  100  000    Old_age  Always      -      0 198 Offline_Uncorrectable  0x0030  100  100  000    Old_age  Offline      -      0 199 UDMA_CRC_Error_Count    0x003e  100  100  000    Old_age  Always      -      2 200 Multi_Zone_Error_Rate  0x000a  100  100  000    Old_age  Always      -      0 201 Soft_Read_Error_Rate    0x000a  253  253  000    Old_age  Always      -      0 SMART Error Log Version: 1 No Errors Logged SMART Self-test log structure revision number 1 Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error 1  Short offline      Completed without error      00%    23981        - 2  Short offline      Completed without error      00%    23956        - 3  Short offline      Completed without error      00%        0        - SMART Selective self-test log data structure revision number 1 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS     1        0        0  Not_testing     2        0        0  Not_testing     3        0        0  Not_testing     4        0        0  Not_testing     5        0        0  Not_testing Selective self-test flags (0x0):   After scanning selected spans, do NOT read-scan remainder of disk. If Selective self-test is pending on power-up, resume after 0 minute delay._

Can't wait to try ntopng. Currently using darkstat.

How it would change the issue is you would be a version that people are using, vs one that has not been in common use for well over a year and no longer supported. Not a captive portal user, but pretty sure there has been lots of changes to it in the 8 releases of pfsense that have happened since your current version.

yes

Well, it looks like my problems with PPPoE are related to the use of the USB Ethernet adapter for the PPPoE link. A) I moved the USB Ethernet to a 'charging' USB port on the Intel NUC. The 'charging' USB ports can supply up to 1.5A (or there abouts). The result of this was to significantly improve the stability of the PPPoE. However, there were still still multiple PPPoE dropouts with the 'caught signal TERM' message in the logs over the next 24 hours. B) I then moved the PPPoE traffic onto a VLAN on the main Ethernet port. I have left the USB Ethernet plugged in and attached to pfsense - however, it is not being used for anything. The result of this is that there have been no PPPoE outages due to the 'caught signal TERM', all outages have been loss of LCP echo on the link. Link uptime is significantly better. So, in summary, I have no idea of exactly where the 'problem' is with the USB Ethernet adapter, but it certainly looks like attempting to use it for a PPPoe link does not work. So my attempt to work around only having a single Ethernet port on the NUC by using a USB Ethernet for the PPPoE wasn't the best idea. Tim

Hi Steve, No, I'm not using DKIM. The problem seems to be related to TLS and to the length of the email message: the bigger the email and more probable the network problem and hence the timeout. Also the "distance" between the servers seems to have an influence, probably because more hops imply more time and more chance to lose fragments. A lot of messages come from google's servers (209.85.128.0/17, 74.125.0.0/16). I tried to decrease the MTU of the server's interface from 1500 to 1362 and this had a positive effect. I'll try to lower it more. Thanks, Stenio

I've been using Squid and Dansguardian for about 10 years (but running Ubuntu server).  I would recommend using e2guardian rather than Dansguardian.  It is a fork that has added quite a bit and is active (Dansguardian updates and support seem to be fizzling out). With e2guardian/Dansguardian you can create different filter sets and then direct them to the proper port based on ip range or subnet.  In my Ubuntu setup I'm using Shorewall as the firewall and that's how I redirect.  I'm working on coming up with the same type of setup in pfSense, but haven't quite gotten there yet. Here is a link that is specific to setting this up in Ubuntu, but it might give you some good ideas that you can use in your setup on pfSense. https://www.branchdistrictlibrary.org/professional/ubuntu_precise_dg.php The info in the link is from a gentlemen who sets this up for a library system he works for, but as I mentioned I've been using a very similar setup at home for many years.  The link also uses Dansguardian, but I don't imagine it would be much different setting up e2guardian. I'm looking at doing something similar to what you're doing with the MAC addresses, but I am hoping to put together a quick web page hosted on my box that will allow my wife to turn access off/on for specific devices (kids Kindles, XBox, etc).  In my current setup I have a similar page that will allow my wife to whitelist sites without my help and without her having to login to the administration of the server. I hope this didn't stray too far from your questions, maybe some of it will be helpful to you. I'm going to watch this topic in case you post updates on your progress.  If you do, maybe I'll post some of mine too since I'm trying to accomplish similar things as I move my environment over to pfSense.

Good to hear that it's working now.  Any time there is a funny access issue or block that doesn't make sense and Snort is involved, I always disable Snort and see if the problem goes away.  Snort cn be funny sometimes and flag legit traffic for whatever reason.