Just so the answer is somewhere, u can put a nice little script in /usr/local/etc/rc.d like

#!/bin/sh ###route.sh : create route on initialisation /sbin/route add -net xxx.xxx.xxx.254/32 -iface emx /sbin/route add default xxx.xxx.xxx.254

Didnt invent it, this solution was out there already… on OVH soyoustart forums

That's great work!

How quickly does that counter advance?  I  wonder how often it hits 32767 in normal traffic conditions.  In other words, why doesn't this cause links to flap more often?

Thanks!

Martin.

2nd Update:

I'd like to announce that I've solved the issue. I couldn't get rid of the problem with VLAN tags getting stripped by my NIC (or perhaps it was VirtualBox's fault) but one way to fix this is to download Realtek's Diagnostic Utility (below). Then go to Network and Sharing Center > Change adapter settings > Realtek PCIe GBE Family Adapter (choose the one that's for your LAN!). Disable anything that has the word VirtualBox. Then open the Realtek Diagnostic Utility and create VLAN 1 as well as the additional VLAN you need. Now wait 3 minutes for each VLAN you configure as it installs the drivers into Windows. Now you may notice under Network and Sharing Center > Change adapter settings there are two new adapters called Realtek Virtual Adapter. Each of these are adapters to your VLAN. Open each of them and enable any mention of VirtualBox. Go to VirtualBox and assign each Realtek Virtual Adapter as a network card for your PfSense VM (PfSense shouldn't be running). Start your PfSense VM and configure your two new virtual NICs. Now you have two operable VLANs but they show up as ethernet interfaces in PfSense. That works too.

http://www.realtek.com/Downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false

This solution works but it's limited to how many network adapters VirtualBox can create. I'm eager to help anyone as I know how much pain and suffering I went to figure out this solution on my own. I'm subscribed to this thread and I'll be reading upcoming replies. Anyone who wants to do the same thing can contact me here and I'll see how I can explain it to you.

You mean this I assume: https://telex.cc
It's obviously going to be very difficult to block since it's specifically designed to work around firewalls.
Looks like it requires an intermediate ageng of some sort to recognise anc divert the telex encoding. Who is doing that for them?
To be honest there are always going to ways around a firewall, to stop this sort of thing you need to be working at the client machine.

Steve

Hi at all,

I've the latest release 2.1.4-RELEASE (amd64) installed on a Ubuntu pc's and I use Virtual Box and it work fine .
I use pfsense as netbalancer with 2 WAN connection and it work fine .

But is for few days that I try to configure the pppoe server, but without success.

With the help of mais_um are able to reach the server by changing to 25 the subnet mask, works for few seconds but disconnects.
To get a little connection I add manually the outbound NAT rules, but don't resolve this problem.
here are my configurations…

Services: PPPoE Server: Edit Interface  LAN Subnet Mask 25 No. pppoe user 254 Server Address 1.1.1.1 Remote Range  2.2.2.2 Firewall: NAT: Outbound Interface  Wan1 Protocol    any Source      Network  Address 2.2.2.0/24 Destination any Firewall: Rules: pppoe server Action      Pass Interface pppoe vpn protocol any source  any destination any gateway  loadbalcer

What's wrong or missing?

I hope in a help. Bst Rgrds Christian

@ptt:

https://forum.pfsense.org/index.php?topic=76848.msg418686#msg418686

Diagnostics –> Tables -->

Is your WAN interface dedicated to the VM in Hyper V (should be)? or Shared (should not be)?

Check your MTUs on your interfaces (and the MTU your LAN needs), especially on the WAN. Disable every MSS Clamping values.
Are youre gateway settings OK ? LAN = no gateway / WAN = 1 gateway (could be DHCP given).
Are you sure pings from LAN client to 8.8.8.8 are OK ? Do not only try on the PF, you could be tricked by it's internal interface (127.0.0.1).

First : Try a MTU = 1400 on your WAN side.
Second : Can you browse (IE / FF / whatever) google (lightweight page) ? Can you browse MSN (heavy page) ?

I Think you are mismatching between routing ang gateway role of your PFSense.

In Datacenter envireonment, we tried to manage the WAN Acces from 3 different operators. We wanted to manage the whole solution through VLAN Interfaces instead of physical interfaces. And we faced many problems, concerning routing, nating and IP Aliasing (VIP), because we wanted PF to act as a gateway role, not a simple routing role.

We Believe PF loves 1 Interface = 1 physical interface when you want your PF behaving as a gateway. In a routing only configuraiton, no problem dealing with Vlans insteads of physical interfaces.

If you want a gateway mode, i'd suggest you to dédicate 1 phys interface for Public side (WAN), and another phys interface for the Private side (LAN). You can still use VLANs for your LAN phys interface…

Be sure of what you want to NAT beside of what you want to route.
...Or deal with AON - Manual OUtbound NAT....

Hello,

Finally it solved with the help of your post.

Thanks for all of your excellent support.

-Vasu

Will add this setting - thanks very much!

Here is a free one for windows that I have used in the past
http://www.snmpsoft.com/syslogwatcher/syslog-server.html

Pretty simple to use.

Since you just made an adjustment to the firewall, I suspect you may be just seeing leftover connections that lost their states. They should go away on their own, but you can try rebooting your clients, then the firewall, to see if that clears it up. More here: https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F

@MaxPF:

No other options were changed and up till 1 hour ago this was not happening. Is there a way to disable this behavior? On the WAN I only want to see the incoming traffic blocked.

When you say "see" do you mean disable logging for the default rule?
https://doc.pfsense.org/index.php/Firewall_Logs#Disable_Default_Block_Logging

I agree with Jon here.
You are using the Cisco switch to replace four unmanaged switches. You are using VLANs internally in the switch to separate it into what is effectively four discrete switches. This should mean that there are no tagged packets entering or exiting the switch and there is no VLAN setup required in pfSense. This has the advantage that you can move ports on the switch between subnets just using a config change and that it's easy to add VLAN interfaces in pfSense if you ever need more than 6. The disadvantages of such a setup are that everything has to be in one physical location (probably not a problem for you) and that it's very easy to get the switch config wrong resulting in ports on the wrong group or communication between the subnets.

Steve

Already been through these?

https://forum.pfsense.org/index.php?topic=56766.0

https://forum.pfsense.org/index.php?topic=69807.0

https://www.google.com/search?q=pfsense+screensaver