http://www.newegg.com/Product/Product.aspx?Item=N82E16833704011

These are the cards I put in

@stephenw10:

Good to know.

Did this start happening immediately when you installed the Squid3 package then or maybe after some package update.

You could use the Squid2 package instead, that is supported by the devs and this sort of issue would be a show stopper.

Steve

no.. i think it takes at least 1 month or 2 after squid installation.
atm we use handycafe filter to block porn sites, etc. so pfsense handles only for policy routing, firewall, ntp server, dhcp server

That's great advice.  I'll see if I can get  capture during an outage.

Jeff

Thanks for your answer.

The main problem is that i want to recieve the notification form the pfSense firewall itself (under System -> Advanced -> Noticfication) so there is no interface that the traffic enter.

Of course i could change my VPN Tunnel that it is not the default Gateway, but i hope there is another way.

//EDIT

My VPN Priovider whitelisted my needed SMTP Servers…
It works  - done!

openvpn  / ipsec vpn are builtin vpn solutions that are generally used for any form of remote access.

Not forgetting that, normally, syslog runs on UDP.  If anything is corrupted it will be just discarded.  Have you checked for errors on the network between machines?

Edit:  Or maybe run a packet capture to see if pfSense is actually sending them?

@charliem:

Generally this is caused by something sending data to the serial port while getty is running.  getty is expecting nothing but username/password pairs but seeing 'garbage' from your console switch.  This is  a unix thing, not a pfSense thing …

I can't speak to the apparently successful logins shown in your logs.  Are you saying the logins are false positives, and you didn't really log in at those times?

that is correct…i am NOT trying to login at any of those times, and NO ONE knows my password except myself, and console access from the outside is not allowed.

since i unplugged my console switch....nada....

i will look into the console switch config...

Yes, fixed my problem. haven't had to reboot since. Thank you!

I think I figured out the errors reported on my switch. I enabled EEE on my switch and it seems my Intel i350 is the only NIC that actually supports EEE. There seems to be a correlation between my error count incrementing and the ports being idle. This would explain why I saw a few errors on my ports shortly after restarting PFSense from the upgrade, no traffic.

Recently, my ISP did an upgrade late at night, and my switched showed the ports going up an down a few times because they turn off when no traffic and an EEE device is plugged in. The next morning, I saw 2 more errors.

I can't get a causational link, but it seems highly correlated. Even after 9 days of uptime, I only have 5 total errors and they were only spotted shortly after something would have caused WAN traffic to cease.

@vishibalo:

So I been messing around with an old NIC that I picked up of eBay, it seems I got it to "work"  I think my main problem now is that I have no idea how to set up my interfaces or firewall or anything, I was suggested previously to set them up similarly to my 1st LAN interface but that didn't work well, I have a mess of things that probably got me all sorts of confused.

But here is what I want to do, I have 1 WAN port on my MOBO, and 4 LAN ports on my PCI NIC, so basically I want WAN port work as such, and 4 LAN ports be essentially identical to each other as far as doing same thing (nothing fancy just work)

I just don't understand how to set it up as a normal router/firewall.  That and because the NIC is so old I have to access WebGUI via WAN port by assigning it as a LAN (using mobo Ethernet port as a LAN port) making everything that much more confusing for me.

So I am hopping that there is perhaps a thread that I missed that someone has a clear explanation of step by step on how to set it all up.

Thanks.

I am not sure (and am afraid  :-[) I understand your question right. Did you do a google? As there are a 1001 tutorials on how to set up pfSense from scratch, and, if I may: most of them are not really more than a bunch of 'click here' screenshots of what the most excellent installer itself will show you once you run it. Did you try to run the installer? Where did it go wrong?

@hakkatil:

I guess I did not make myself clear.

What I am trying to say is make all the ports invisible on the WAN interface not on the webserver or any other device behind the firewall. If someone scans my public IP address, they won't be able to see any ports open. Just I need to know if this is even possible.

I am prety sure that all the ports were not seen (may be open in pfsense) by outsiders but the webserver was still accessible when I use the pfsense 1.x. At least what grc.com showed all of the ports were stealth.

Thank you

Unless your WAN IP is different for your web server, there is no way to both make port 80 invisible to a scan and allow HTTP to work.

Now if you had one IP for your firewall and one IP for your web server, you could have your firewall be all stealth and your web server would show up on a port scan as having port 80 open.

What it comes down to is, what ever public IP address your web server is using, you will see port 80 opened, unless you block it, which will make HTTP not work.

Wonderful. That'll do it for me.
Thank you for this good news vindenesen and taking time to explain it.
Nice one.

perhaps

instead of

but thats definitively the wrong section for your request. (no bounty :) )

I use https://forum.pfsense.org/index.php?action=unread;all;start=0 when I read.

(woo, 15,000th post!)

Upgrade.

@cmb:

On rare occasions I've seen a host that wouldn't enable those settings properly until a host reboot, usually turning it off and back on suffices.

How right you were.

Both the servers I have tried this on have the exact same patchlevel of ESXi. One is a Proliant DL380G6, the other a SuperMicro whitebox.

The proliant had no problem to enable promisc just by changing the setting. But the SM (which was the one i ran on primarily) did in fact require a reboot.

The better option is limiters if you are OK with giving them a fixed pipe.  There is a burst option in there for allowing people to exceed that limit for a short amount of time.

https://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter

To limit each device to a specific amount of bandwidth you'll need two limiters, one for download and one for upload.  When setting up the limiters, the download one should be set to "Destination addresses" and the upload one set to "Source addresses" in the "Mask" setting.  You'd then apply those limiters to your pass rule on the LAN firewall rules.