I haven't used it, but I've noticed that "Install on gmirror" or similarly worded option appears in the installer if 2 or more disks are available. So you should be able to add 2 or more virtual drives for the VM and setup a gmirror during the setup.

Gateway to a local subnet.

Great. :)
I see that they abandoned their original plan to use off the shelf hardware because it wasn't capable of more than 60Mbps. I can't find what their custom board can do though.  :-
Keep us updated with your experiences of this interesting product.

Steve

That is correct. And if it was selected before, you will most likely need to reboot to make sure the module is unloaded properly.

To fully proxy https traffic you need to run a man-in-the-middle like you said. If you have the correct certificates in place though your users won't see any warnings and hence probably won't know anything about it.
Perhaps tmg inserts the correct certs without you doing anything?

Steve

Similar?

http://forum.pfsense.org/index.php/topic,64527.msg349711.html#msg349711

No, relayd is only acting as a port forward (to put it simply) – if you want that kind of control, you'll need a proxy/lb package with more features such as HAproxy.

Pings between machines in the same subnet (in the dmz) don't go through the firewall at all. There's no way of filtering it there. You would need a switch that can do client isolation.

Steve

@Supermule:

An d then you would probably kill the firewall memory wise until Bmeeks comes up with a way to get snort going on multiple interfaces without loading all the rulesets more than once….

Good point!

Just for reference if anyone wonders how much sort uses memory, I have everything switched on with snort, ie as secure as possible on 4 interfaces and its using up 34% of 4Gb of ram, using the AC-BNFA option.

FWIW.

Good Idea! I didnt know about the service watch dog buts its downloading now. Thanks!

ah ok, I'll keep an eye out for the 2.2 beta then. Thanks!

If you're using older hardware I suggest you use nas4free (branched from an old version of freenas) instead. Its hardware requirements are far lower.

Steve

What are you trying to achieve with this setup?
Do you want the second box to act purely as a router?
Why not put all 6 signers on the first box?

We need more info to usefully advise you otherwise we're just speculating.  :)

Steve

Can you get to the console and restore back a few steps? Its a new feature in 2.1 like the windows system restore facility.

You might need some sort of traffic shaping because I had issues with openvpn before I put a traffic shaping limit on it, but I was running over a 1mb adsl connection then and could basically trash the vpn by trying to watch high def youtube vids to test the bandwidth capability through the vpn.

I'd go for a separate box because I've seen hacks for ESXI and other VM's so because you ultimately have little control over what can read the memory or access the disks on your main machine through a pipe for example, you best bet is a standalone independent machine like your old dell.

Bear in mind no AV software can find all viruses, plus the very nature of virus definitions is its just a list of whats been found and the vendor has decided is a virus. Virus definitions updates are an automatic process where software looks for "signatures" ie just a unique set of hex inside the files and decides what variant it is, when they find a new variation of it, they update their list and punt it out.

The actual task of deciding if a program is a virus can take many months of reverse engineering depending on how the programmer(s) wrote the original code, so just like it took over a year before anyone discovered and considered stuxnet a virus, so the same can happen today, ie you could get infected and not know about it for months.

It also never ceases to amaze me when I plug in old hard drives to retrieve something that a new virus is often found on the drive even though it might not have been used for over a year and was not found at the time of it being in daily use.

What BT router are you using?

The old 2700 HGV doesnt remember the settings if you put it into bridge mode and has a special way of working ie you need to key in some settings on one of the pages, click save before editing the rest of the settings on the same page.

You might also want to get rid of your BT modem if you dont want someone external messing remotely with your system.

I've cancelled my BT phoneline and business broadband because someone keeps switching on the router wifi. I have also noticed that despite only have a few ip addresses assigned to me, I get the entire block of ip addresses as I see the hack attempts coming in on ip addresses which are either side of the block of ip's I have been allocated.

I finally found a box that still showed this error on shutdown and was able to confirm that changing the loop in a similar way to ceama's example fixed the problem there. I just committed a fix.

Looking into this more I find other oddities.  Under System, Routing, Gateways, not all editable fields are sticky or have any effect.  For example the WAN1GW only works with apinger when set to all defaults.  I can change the gateway from dynamic to the real static IP but then it forces the monitor IP to be the same.  I can't monitor say 4.2.2.1 or apinger will just sit on PENDING.  The same if I try any advanced settings like setting the ping interval from 1 sec to 5 seconds, apinger chokes on this too.

Is this behavior all because I have a second LAN adapter disabled and not in use that "could" be an alternate gateway?