I try this this tonight. Many thanks. Nico38.

That looks like a device already in modem mode (PID: 1506). Exactly what devices do you have in /dev? Please copy and paste the output of: ls /dev/cu* What was the result of trying to setup a ppp interface? What did the ppp log say? Steve Edit: The Huawei E5331 is a mobile hotspot device. Is that what you have? How are you connecting to it?

@loupalladino: Do you have Nagios by chance? Not yet, but is planned for 2014  ;)

Bravo johnpoz for hanging in there. I like nothing more than to help people understand networking - so I sure hope this helps the light bulb turn on for you Indeed you must.  And I'm sure you helped someperson472034.  In enjoyed reading your networking explanation as well.

Yes you can do all of that. Q1. If you have firewall rules in place pfSense will route traffic between the subnets. You can access a server at, say, 192.168.3.10 from a machine at 192.168.2.20 by simply entering it's IP. No need to bridge the subnets which would effectively make one big subnet. If you want to access servers by name you can add DNS overide entries to allow that. One area that can cause problems here is if you want to browse network shares. Generally the client OS will only look for servers inside it's own subnet. If you are running Windows clients and you have a Windows server you can specify the address of that as the WINS server in the DHCP information which will allow clients to know where to look. Q2. Yep, port forwards are easy enough and well documented. https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F Q3. Yep, traffic shaping on a per IP basis can be done. A better configuration would be to bridge your router so that your public IP is on the pfSense WAN interface. That will, as you say, make port forwarding easier. Steve

I was having an issue where my WAN interface would not stay up.  I switched the WAN interface from em5 to em0 and found the problem was resolved.  Every other time I've plugged anything into em5, same result.  My issue seems to have been simply hardware related. Maybe swap interface assignments and see if you get the same result on the the same NIC.  If so, it's most likely hardware related.  If the problem moves to the WAN interface on the new NIC, the problem is probably generated by a conflict between the pf box and the router/modem, or some other ISP setting. At least, that sounds logical to me!  : )

I was able to figure it out. pgrep: invalid pid in file '/var/dhcpd/var/run/dhcpd.pid' I deleted the contents of this file and restarted DHCP and everything is working now! :)

not sure exactly what you are asking but I do know exchange activesync need ports 990,999 and 5678 - 5679  forwarded to work.  Of course you need ports for smtp(s) and perhaps pop3(s) and/or imap(s) opened.  Also a submission port if you use that. you will need port 443 forwarded if you use owa

Not sure if this will help but I had a similar issue on my Asus router. in the dnsmasq custom config I had to put these settings to make the error stop rebind-domain-ok=/yourdomain.com/ server=/yourdomain.com/xxx.xxx.xxx.xxx (this is your local dns server ip) server=//xxx.xxx.xxx.xxx (this is your local dns server ip) obviously make the correct changes and leave my comments out.

Normally the admin user is always locked into /etc/rc.initial as its shell. If it doesn't come up, then either someone manually edited the code or the passwd file to change the shell, or otherwise changed the .*rc files in /root, or maybe the passwd database has become corrupt in some way. Often just an edit/save action on the admin user in the GUI is enough to fix things up, assuming the pfSense code was not modified. In other cases the passwd database has to be manually rebuilt using "pwd_mkdb -p /etc/master.passwd" or similar.

What you're talking about sounds perfect. I don't have a development environment at home, but I'll see if this is something I can pull off. Thanks for your input.

thanks jim

I run vms at home - and I am against such a joining as well.  Don't see any reason that makes sense.  It makes more sense to just fire up a VM and use an OS/Distro geared towards being a NAS vs using my firewall to provide my storage. I just can not see a reason why anyone would do or want such a thing to be honest. If they want such a box maybe they should look to something like http://www.clearfoundation.com/Software/overview.html which is one of those Do everything Distros - acts as your gateway while also being your storage, LDAP, email server, etc.. etc.. Just because pfsense and freenas share a common core OS freebsd does not mean they need to join forces ;)

Someone was trying to run a SIP attack against you. The pf log parser gets enough data that can be parsed through tcpdump that the actual body of the packets was getting decoded. If you have a SIP server, you might want to make sure it's adequately protected in terms of rules, passwords, access, etc. If you don't have a SIP server, this may have been a random scan/attack that just happened to hit you. It's very common for such things to be seen sweeping the Internet looking for SIP servers to exploit. When they find an open one they'll burst a ton of pay calls through it. We've heard of people getting 5 and 6 digit dollar amount bills from improperly protected SIP services.

Well yeah when the sites are accessible its a given you must of been able to do a dns query for them - I would of been more interested when they were not working ;) So was snort blocking access to the site, or the dns query? Any sort of IPS/IDS is going to take loads of configuration and work to make is viable product - if you think you can just click click and install something like snort and not have to spend quite a bit of time adjusting the rules and working out false positives then no snort is not for you.