AsterisksNow = Simplicity…

The new one comes with fail2ban running already - which is nice.

you could use a distro like http://pbxinaflash.net/ or http://www.freepbx.org/freepbx-distro and create blacklists to block unwanted calls.  Both are excellent choices but I prefer piaf a little bit more.  if you run into issues the piaf forum is an excellent resource.

As for cards I prefer Rhino http://rhinoequipment.com/analog.aspx  but they may be overkill/priced for a home environment.

For home use something like the obi 110 should be a good solution  http://www.obihai.com/product-primer

Everything works great! Thank you so much for all your help!

Sorry about the delay, I was away for a few days with only a tablet to write with.
Ok, so you want to have an additional interface that will host a wireless access point. You want want clients on that interface to have access to the internet but not to any machines on the LAN interface. Do you want wireless clients to be able to access the pfSense webgui? I will assume you do not.

Two ways of achieving this you can allow access to everything and then block access to what you don't want or you can allow only access to what you want. I choose the latter because it involves less rules (faster processing) and is more logical to me.
So, by default pfSense will block all new connections coming into an interface so without adding any rules to OPT1 wireless clients will not be able to connect to anything. We need to add rules to allow only connections to the internet. I have an almost identical setup on my home box, the difference being I have a lot more internal interfaces. I first setup an alias that contains all my local subnets Firewall: Aliases:.
My alias is called LOCAL and for simplicity it's set as 192.168.0.0/16.
Now set a firewall rule on OPT1
Protocol: IPV4
Source: OPT1 net
Port: *
Destination: !LOCAL    (the ! indicates NOT here)
Port: *                              (you could limit this further by using a limited range of ports here)
Gateway: *

Thus only connection to addresses outside your local subnets will be allowed. This works fine BUT if your using the pfSense DNS forwarder (which you probably are) then you need to also allow access to that. Add another rule to OPT1
Protocol: IPV4
Source: OPT1 net
Port: *
Destination: OPT1 address
Port: 53    (DNS)
Gateway: *

And you should be good. If you test you will find that clients on OPT1 can still access the webgui on the WAN address because the web server listens on all interfaces. If you don't want that add a specific block rule at the top of the list to block it.
Attached is a screen shot of the rules I have on my wifi interface. All the additional rules allow access to further services but only the two I described above are necessary for internet access.

Steve

Hmm still can't attach files so here's a linked image:

@stilez:

I had stuff here that was causing similar issues a couple of years ago, with pfsense 2.0.x.  The advice above matches what I found in the end. Some more things to try:

Check the system RRD graphs, especially quality. A big issue for me was that dropped packets rose from 0.2% to 35-40% under heavy load, if the config didn't allow enough resources.  Worth checking if that's part of your issue.

I got frustrated with this and ended up turning the esxi box off (and pfsense along with it). I set it up about a month ago because I had an assignment for uni where I need to build a test domain environment.

Anyway I got pfsense running again with clients all using pfsense. I still had the torrenting issue. But I noticed the ram usage was high, even though I gave it I think 4GB of RAM. I decided to turn RRD graphs off.

Problem solved! For whatever reason, the RRD graphs were killing my browsing for clients, as well as killing the reverse proxy (squid would just stop, service would NOT restart).

Hopefully this might help people in the future!

Done!…..  :D :D :D :D...... Thanks so much Pfsense friends!

The base system on its own would not use that much but if you have installed packages or if the other admin had made changes to something in the code or otherwise by hand, something else could have filled up the disk.

First check for packages, especially squid.

From the console or ssh, you can run :

cd /; du -k -d 1

That will show you how much each directory under there uses, find the largest one(s), cd into them and repeat the du command until you find the culprit.

Something is connecting to the GUI and then getting cut off (or lots of somethings), could also be captive portal if you have it active.

You can disable the lighttpd logging on the Settings tab of system logs.

@theMikeD:

I'm running it on a mid-2010 mac mini, so the USB NIC is require for two.

Since I posted this I've googled this and evidently the USB NIC support isn't great in BSD. Is this a system that sits on top of BSD and could therefore sit on top of Linux too? Or is it too tightly connected to BSD?

pfSense isn't a package that can sit on top of any OS.  You could try a 2.2 snapshot (based on FreeBSD 10 rather than 8.3) and see if that works any better, but in truth, you really should just try and get rid of the USB NIC.  If your bandwidth needs aren't ridiculous then you can use VLANs and an appropriate switch and then you'd only need a single port.

You're probably looking at either bad ram or a compatibility issue.

I ended up formatting the CF Card and reinstalling 2.1.5 fresh and only restoring certain sets of the config that I absolutely needed (firewall rules, aliases and such) and then I reconfigured DHCP and Snort manually. It seems to be running smooth for the last couple days, but I may shut it down and dd the CF card for a good bare-metal backup and still order a new CF card (or made a HDD??? so many choices!!)

Perhaps you could create an OpenVPN connection to an external site, such as your home.

A pfSense OpenVPN Client, configured to use your companies SOCKS proxy if they have one, that connects to an external pfSense OpenVPN Server, at say your home.

Hey,

I really appreciate all of your feedbacks.

So I believe the issue is the fact that the office network is behind a proxy so even if I let the DHCP assign a IP and gateway/DNS to the WAN, it wouldn't let me connect to the internet through the pfsense box.

Is anyone aware of a way around if you are behind a proxy so that the WAN can access the internet?

Thanks

Regards
Ehsan

Sadly i'm stuck with my cable providers "all-in-one" box that performs it's own NATing. The pfSense box is directly connected via Ethernet as a reserved DHCP client with address of "192.168.200.2", while my internal network (LAN side) has 192.168.2.1

[Internet]  <-> 64.233.xxx.xxx [Cable Box] 192.168.200.1 <-> 192.168.200.2 [pfSense] 192.168.2.1  <-> 192.168.2.46 [Workstation]

Yup.  That's a pretty sad config.