I found a router which I had plugged back in and was using as a switch which was calling dyndns.org with updates. Because it was not going through the FW rules, it was picking up the w rong gateway and hence, IP address. Disabled it and all is well….
It's been answered plenty of times, the OP has done it correctly here. If you bridge the interfaces and move filtering from the bridge members to the bridge interface then the resulting interfaces will behave like switch. It will be much slower than even the cheapest switch (in most cases) but there are advantages. You can filter traffic between the ports for example. There are legitimate reasons to do this, buying a quad port nic just yo bridge them is not one of them.
I have 3 interfaces bridged on my home box here. It has 10 NICs, they aren't removable and I don't need 10 subnets. The box cost me £40. ;)
you could indeed block https intirely for students ….
in the schools i work, the students NEED access to dozens of https sites to be able to do their tasks, because teachers implement new educational websites that require login/passwords.
This would force me to "white list' a couple of https site's on a weekly basis. I don't have the time for that.
It looks like it can run over standard UDP just with its own payload format, in which case it would look no different to pfSense than normal UDP and wouldn't require any special handling.
There are parts of the system that write periodically. Logs, gateway status, graphs, and several other things could be getting written to the disk, though it shouldn't be completely constant.
If you run "top -aSH", press 'm' to switch to i/o view which will show you which active processes are writing/reading at the time. The normal top view is CPU only and wouldn't tell you much about the disk.
The system tracks failed logins and if there are two many (I believe it's 15 in 5 minutes) then it blocks the offending IP for a couple hours to discourage brute force attacks.
OK.
Thanks everyone for their input. It seems there does seem to be an issue with apinger….but...
the main issue seems to stem from an ip phone plugged into the network (SNOM 720). Once it was disconnected.. BAM! problem disappeared. still waiting for enough time for the RRG graphs to verify this, but this seems to be the case.
here is the graph from bandwidth (obviously from later than OP post): Traffic graphBTW.. My ISP plan with Optus Cable is 100Mbit/1.5Mbit
:(
Noones any explanation for this issue?
I just want to understand where the problem is, even if the solution is pretty obvious (that is, dont bind squid to loopback)
If someone maybe can explain to me why this problems occurs, that would help me a lot :)
I played with transparent HTTPS proxy a few months ago but I'm not running it at the moment. Yes, when I did go to HTTPS sites I didn't get any MitM warnings.