We use the System Patches package heavily in development and testing, for adding customer-specific fixes/work-arounds, and for deploying fixes to customers between releases.

My directory of patches is by no means "official" but it's close. Eventually those will probably make it into some form of patch list kept somewhere in the packages repository.

I've thought about having it load a patch list/manifest file and offering some common patches, but the more I've thought about it, the more inclines I am to never go that far because if it's too easy, people will start slapping them on without thinking and not knowing what they do. :-)

A thread is fine for keeping user-submitted patches. Might want to add a warning to the first post to caution people against loading random patches without understanding what they do.

Yea, it came preloaded with PFSense 2.0.3, which is what I just downloaded, and installed, and it worked. Now to upgrade to the latest release.

Thanks.

You have a couple of options. What you have done will technically work, you will simply have them on different subnets and will need to configure things appropriately and enable firewall rules to pass traffic between the interfaces. You will essentially be doing Layer 3 routing through it and depending on the specs it may not be up to snuff to handle full bandwidth if you want to push large files to the HTPC.

The other option is to get a small switch and put the firewall, AP, HTPC and uplink to other switch on it.

You could try bridging the interfaces but I honestly have no experience with that option and can't help you there. Honestly I think option 2 is your best bet or option 1 if you can't get a small switch there.

Looks like it was a DNS issue, I've set 8.8.8.8 in general setup and set KC's gateway as the gateway for that DNS server and so far all is well!!

No dropouts!!

:)

As a rough guide a D525 will top out at ~50Mbps of VPN traffic total. It varies by encryption type etc. That's assuming you're terminating the VPNs at the pfSense box which you appear to be doing.

Steve

So it's all working as you wish now?

As I mentioned above when 2.2 is released, or you try a 2.2 pre-release snapshot, there will be a new outbound NAT mode that will function as you expected it to.

@https://doc.pfsense.org/index.php/2.2_New_Features_and_Changes:

Hybrid outbound NAT style that allows the user to keep the existing automatic behavior but layer manual rules on top of it.

Steve

@kenshirothefist:

Any other suggestion to accomplish that, besides the one that BBcan17 posted?

Could create some phantomjs scripts to automate the process through the pfSense GUI.

Not as elegant as an API, but it would work.

@verigoth:

Same issue as this?
https://forum.pfsense.org/index.php?topic=75163.0

Hello @verigoth

Thanks. I'm sorry I did not see.

@abard:

Thanks for the input.

Jason - I was actually eluding that you could justify, before Cisco, with "Support the Community" logic but with the acquisition, it becomes a dollars and cents decision.

BBCan - I'll look into those, appreciate the suggestion.

That doesn't make any sense.  You were willing to spend $500 before but not now simply because Snort was bought by a larger company.  Sourcefire was never a not-for-profit and they got paid something fierce when they were purchased (it was almost $3B if memory serves).

Anyway, this price is way cheaper than the IDS options on Cisco's ASAs.

Possibly. There seems to be a hard cap at 3Mb and about 2-2.5 on upload. I dont have vLans setup though, but I too cannot find anything in the logs that would give a clue as to where the restriction is. Its very odd… I am not running the proxy in transparent mode as I have a .pac file that points systems to the proxy. I have tried running in transparent mode by manually setting a client PC to pfsense as the gateway, and the problem goes away. Since I will eventually replace my original firewalls with the pfsense ones, this will be a non-issue soon.

in update:
I did the Alix firmware upgrade. And I did fresh 2.1.3 install on a new 4G CF card. For now it looks like all is fine again  :)
I was thinking to do some extensive testing on the old CF, but lacked motivation (After all, all it took was some time + price of the new CF. Though I really hate problems without hard-pointed cause… >:( I guess I'm going to blame the CF anyway and get over it ::))

This for clients:: http://ltsp.org/

Pfsense would be used for Routing/Firewalling/Proxying….. maybe even Captive portal on Wifi.

And, Possibly

VLAN's to segregate your VOIP and DATA traffic.

Hmm, shouldn't this be the other way around? Server host tells you what settings to use?

As podilarius said all the settings are in the config.xml file. That includes things you may not want to send to your hosting company.  ;)

Steve

Are you booting from that drive while you try to modify it?

Or are you booting from CD?

You'll have to boot from something else to make that work, I believe.

Awesome!  Thanks for the information!  It's exactly what I was looking for (and confirmation that it wouldn't be do-able in the GUI).