Yes bridged interfaces is correct.
If you move the bridge filtering from the bridge members to the bridge itself, as you have done, then firewall rules you have on the bridged interfaces no longer do anything. Instead you need to add firewall rules to the bridge interface. However if your bridge0 interface is assigned as LAN then the default allow all rule should be in effect.
If you haven't rebooted since you moved the filtering you should. The sysctl changed only apply when the bridge is created, as it is at boot.

Steve

Just the defaults that came with pfsense (at the time).

I have since changed my modem to act as a bridge and it's working fine. I didn't even realise that it had the option to do that. So all is well.

I have a new weird problem where ssh port forwarding doesn't seem to work for one ip address, but I'm not concerned about this now.

Ha! That's a funny blog.  ::)
If that guy wants anyone to pay attention to that he needs to include at least few pro posts. Nothing but anti posts like that just looks like obvious trolling.

Steve

@cirkit:

How do I ensure SWAP turns ON on every reboot How do I change size of swap from 2048mb to 4096mb

Make swap permanent by adding it to /etc/fstab. Something like:
#/dev/label/swap0              none            swap    sw              0      0

Ref. https://www.freebsd.org/doc/handbook/adding-swap-space.html

To increase the size of the swap you will need to repartition the disk or create a "swap file" (see link above) and add it to fstab as above.

https://forum.pfsense.org/index.php?topic=78519.msg429186#msg429186

Yes, that should work.
You may want to lock it down further. For example devices on OPT1 will have access to the webgui (though it's password protected) and any other services running on the pfSense box.

Steve

@cmb:

At least part of your problem is trying to use a base OS pre-Microsoft supporting FreeBSD. If you try 2.2, I suspect your apparent NIC issues will go away. It's not practical to run 2.1x versions in Hyper-V.

Thank you for the input. I've always wanted to use Hyper-V myself and I never knew that 2.2 would solve my problems. But, to me, Hyper-V is way more complex than it needs to be. I think it's just that the terminology is a little different. How is 2.2 coming along now? I have tried that version a couple times. I don't remember what happened though but I couldn't do some things. Oh, I remember now and it's probably fixed. I had some problems with making suppression lists in Snort. Most likely that was with a previous version of snort though. There were other problems as well because it just wasn't ready yet which is understandable. Each version of Pfsense comes out at an incredibly fast rate so I am more than satisfied.  So , anyway do what CMB says and try version 2.2.

Here is a direct link for 2.2 .

https://snapshots.pfsense.org/

To find that I went here.

https://doc.pfsense.org/index.php/2.2_New_Features_and_Changes

@Skar78:

I seem to have a related issue. However I am a beginner user and might simply miss something trival or missjudge my case.

Once in a while my ISP shuts my connection down (they do this automatic here (Taiwan) upon late payment - and my wife frequently "forgets" do transfer the money.

In this case it seems like they switch off the port on their side - the DSL modem can simply not sync the DSL line.

However pfsense behaves very strangely. Apinger service basically shutsdown and cannot be restartet and also the wan port is disabled.

If i manually enable the wan port it has no effect (stays disabled) and apinger basically never recovers and cannot be restarted (apply changes -> reloads and no change).

If i re-create the wan interface it worked last time, meaning i deleted the interface and created it again.

As i have the opportunity to face the same issue again today I plan to try a re-boot first.

Ok i tested this again. Reboot and disable/enable did not work.

What I noticed is that i need to assign the interface from its pppoe1(cuau0) to the vr1 again and re-enter login/password - only than it would work. Why i have to do that i dont know.

Everytime this happens it looks like pfsense would increase the index of the pppoe interface and add one bound to cuau0, why pppoe would be assigned to the serial port, no clue.

However this issue is different from OP, so sorry my bad.

@abinjacob:

Team,

I'm using ADSL internet link connected to pfsense for our clients. The problem is if the ADSL link goes down due to an issue from the ISP end, i wont be aware, the users will be the first to report, which makes my manager to stare on me.

Is there a way by which we can monitor the link via pfsense and to get alerts if the link goes down?

If the internet link is down, you probably won't be able to get an alert.  you'll probably want to monitor externally.

Thank you for the info, it's greatly appreciated!

Clever but hard to exploit in reality. The command part of the command line is already set and can not be changed by the glob expansion so it's limited to changing the behaviour of known commands. Many times you're better off by not using wildcards at all, people tend to write silly commands likegrep -r foobar *etc. where it's better to replace the wildcard with a dot (.) and let grep(1) do the expansion and recursion itself. Also if you want to protect against such tricks you can use the end of arguments list -argument```

alias rm='/bin/rm -i --'

That would no longer try to interpret file names like '-rf' as options if run as 'rm *'

@G.D.:

You could still create the VLANs on the pfSense, and you do not have to route them anywhere, you can point the interface to a custom Gateway, right?

I guess I could, but I'm not 100% sure what you're getting at.

You mean create multiple vlans with different gateways, assign dhcp per vlan, and point IP-helper or DHCP w/e on juniper to each individual gateway?

I guess this could work, and just NAT the primary VLAN and point default route on the switch to that pfsense gateway right?

@mbrossar:

I want to set up a central CA that signs for a set of Intermediate Certificate Authorities (ICAs).

@mbrossar:

My CA should not sign individual certificates.  It should only vouch for my ICAs.

@mbrossar:

All of my certificates are signed by an appropriate ICA.

@mbrossar:

I have a few sites that I am working on connecting via site to site VPNs using pfSense boxes.  I am thinking about leveraging the CA functionality within pfSense.  My question is, can I create an ICA on a site that refers to a CA that's on another site, at the end of a tunnel or does an ICA need to be on the same box as its CA?

Yep, this is the wrong section. A non pfSense related question should be in General Discussion.
You haven't given the exact model number but it looks like the only way to reset the switch is to upload the factory firmware from the bootloader prompt at the serial console. Good luck!  ;)

Steve

cant find exact wireless chipset compatible available on the pfsense wireless supported drivers

how about this one.

http://www.cdrking.com/index.php?mod=products&type=view&sid=10540&main=50#.U7DLqZSSxfg  ralink rt3060

thanks

@sollostech:

Has anyone made or thought of working on a responsive theme for pfSense? Would be delicious to have an easy way to manage from my iPhone.

Hello sollostech,

Did you try the "pfsense" theme? I don't use an iphone but that works for other models.

https://forum.pfsense.org/index.php?topic=44941.0

Has any of the developers taken a look at this since the source is available?

Look in the system log for any miniupnpd-related entries. In the console, do "ps auxww | grep miniupnpd". If no miniupnpd process is found, do "/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid -d" and see what it says.