If you don't have an old computer handy one of the $100 refurbished ones from NewEgg.com or the like does well. You might even decide to just keep using it for your main machine.

@fraglord: Thanks for the quick reply. Actually I was more like referring to the topic in general. Unfortunately use of a proxy isn't an option for my scenario here. Would it be easier to accomplish this task by using a given IP range (like 95.211..) that is supposed to be accessed through a specific gateway? If you know the IP addresses and/or subnet ranges, then the functionality is all in the base pfSense. Make an Alias with 95.211.0.0/16 etc… Then use it in firewall rules to block, or to pass and direct to a particular gateway/gateway group or traffic shape it or apply a limiter... If you know the actual names in the subdomain then you can put all those in an Alias also: server1.example.com www.example.com mail.example.com The problem, as you are well aware, is when you do not know all the names in the subdomain.

I thought about some inbuilt notification like the "You are on the latest version." check in the dashboard.

@BBcan177: So where do I submit a bug for the "pfSense Bug Tracker" ?  ;D In Redmine's redmine. :)

Hello CMB, The problem must have been hardware related, I picked up a base computer, threw in my NIC cards and installed fresh, then restored from the backup. Been running like a champ. The processor graph had me worried (one spike), the memory one just looks like a system that is restarting. I appreciate you looking into it. Thank you all for your help.

Are you talking to me? There's a saying about only getting one chance to make a first impression. I deployed about a half-dozen engenius CPEs a few years ago.  Constant lockups. Resetting them by disabling and enabling PoE, utter lack of support.  The software in these bridges absolutely sucked. Switched them out for Ubiquiti Nano M5s and have barely touched them since.  The software in the Ubiquitis blew the enidiot crap out of the water - and at a comparable price point. Never looked back.  Maybe they got better or bought another wireless company that could write code.

No.

Nice write-up.  :) Steve

Adding them to the Host Overrides works, thanks. I want the Traffic Graph to show FQDN for hosts on my local network, instead of just the IP addresses.

Yeah wild card of dest any would include the pfsense interface..  So my guess is there was something else in the rule, but it tcp or dest or source of lan net vs opt net or opt address, etc. Change it back to any for dest and you will see..  A rule of opt address is kind of useless if you want anything on that vlan to go anywhere other than that segment.

Update: It's been about a week and my logs are still working.  Cycling the "Show log entries in reverse order (newest entries on top)" setting got my logs working again.  To be extra sure though, an hour after that, I also clicked the "Reset Log Files" button.  I don't know if that made any difference, but at least my logs are still working.

Fair enough. I see the reasons for those features, but it's not really something I need at home. Not at 2-3 times the cost. I've ordered this instead: http://www.supermicro.nl/products/system/mini-itx/sys-e200-8b.cfm

Yeah. Make changes using the GUI and save /conf/config.xml.

Go under the dansguardian service and use the log and reporting page to make your change. You cannot directly edit the files. They will be overwritten. I don't know how many times I need to say it. STOP directly editing the files!

Thank you for the response. I had already researched and saw the page at the link you provided and went through the processes there. It did not resolve the issue. I have set no-logged firewall rules both allowing and blocking the WAN interface (one at a time, not both at once) outbound access to any host, internal or external, using any protocol as well as TCP / all flags allowed, as a test. It still blocks it and logs it, telling me that the rule is not applying. I believe the issue lies with a wireless router I have. I had flashed a Linksys/Cisco wireless router with DD-WRT and used one of their guides to set it up as a "dumb" switch. I then connected it to VLAN16 (192.168.16.0/24). All communications work well to and from the wireless hosts (ping, Internet access, etc). These log entries only appear when a wireless host is connected (such as a laptop or cell phone) and 90% of the external hosts are Google servers (the are all android phones). So, I'm thinking it has something to do with the setup on the router. I'm looking further into it at DD-WRT's website. Thanks again for your response.

@neik: So if I am assigned 1.2.3.0/29 I would have the WAN as 1.2.3.6/32 and the LAN as 1.2.3.5/29, with the hosts on 1.2.3.1-1.2.3.4? That does mean that the WAN is in the LAN subnet, even though it is a /32. It's not equal though, with the WAN being only /32, it should be fine. @neik: Here in the UK we always, in my experience, just get a /29 or /28 block with one address in that block set automatically by the PPPoE connection. What would be "usual"? The typical scenario with business class DSL in the US and most other places seems to be getting an IP assigned via PPPoE, and having the static subnet routed to that dynamically-assigned PPPoE IP. Sometimes, like with my AT&T Uverse at home, the modem must do the PPPoE and then my static /29 can either be assigned LAN-side of the modem, or routed to something with a private IP on the LAN. It'd be nice to have unnumbered support at some point, not sure offhand if that's possible in mpd and FreeBSD.

My roommate works for Comcast, weve already gone through every support tool they have. It was no help.