Yes.  Turned off then back on in settings tab and that restarted it. Would have been nice to have a notification that it wasn't running.

@vbman213: … Any ideas? check MTU on WAN as well My hardware should comfortably support a HUGE pipe. yes, this is WAY overkill, a atom can route this easily, are you running any packages or other things on the box that you need this?

This is almost certainly a load-balanced WAN problem. I see that on some forums, dd-wrt for example. I just created an alias with sites that can't handle multiwan and route traffic to them via a failover group rather than load balance. Steve

That's possible with any syslog daemon that I've used. Check the man page, look for host filters. 1. Make sure the host is resolvable via REVERSE DNS, usually this means an /etc/hosts entry 2. Use something like this: !* +* +mypfsensehostname *.*                                            /var/log/pfsense.log

Not specific to pfSense really, but Kali Linux does have plenty of tools built-in for scanning and testing such as OpenVAS. While not as accurate or detailed as Nessus, OpenVAS has similar functionality and is free, compared to $1500/yr for a Nessus feed subscription. It all depends on what your budget is, which is the better fit. The advantage of a distribution like Security Onion is that it's already put together and ready to use. Sure, you could take the same functions and build them into another Linux distro, but why reinvent the wheel? Why not just use both Security Onion and Kali in separate VMs? Kali is designed with pen testing in mind, and its default setup/layout is geared toward that. Security Onion is designed for persistent monitoring/logging/etc. They both have their strengths, and trying to make one thing do both would probably end up with lackluster results.

Thanks to all. I reset pFsense to factory defaults and reconfigured the VLANs. All OK now. In answer to Wallabybob's question, yes all my switches are VLAN capable and configured.

Thanks for your reply. I am not using any bookmarks. When I try gmail.com / mail.com, it is going to -> https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=http://mail.google.com/mail/&scc=1<mpl=default<mplcache=2          with an empty page after refresh only I will get Gmail login page. Pfsense 2.0.3 latest version running on Hyper-V. Dandguardian, Squid, SARG installed. I am using 8.8.8.8 and my ISP DNS also I checked with Firefox 20 & IE 10 browsers still same issue. Now I just checked with transparent proxy, and I have forwarded port 80 to 8080 as per the following. Now its working fine. Firewall>NAT Port Forward tab click the + button Interface: LAN Protocol: TCP Source: LAN subnet Destination: any Destination Port: HTTP to HTTP Redirect IP: <the ip="" of="" your="" pfsense="" box="">(10.0.2.1 in my case) Redirect Target Port: 8080 Click Save and then Apply Changes But I couldn't receive mails from the outlook, any port forwarding is required for that? if so, could you pls explain me. Thanks in advance.</the>

Well i don't know what was the problem, but i re-establish the whole "/etc/" from the pfsense install CD. and it worked… :o

@Nachtfalke: Are you sure that there isn't any "Anti-Lockout rule" on the WAN interface ? Perhaps you can post a screenshot of your WAN firewall rules so that we can check what's going on ? Maybe not a good idea to post the rules here? But I don't have any rule on my WebGUI port. @tim.mcmanus: Silly question:  Are you testing it from inside your LAN?  I made the silly mistake once of creating a route out another WAN connection (same pfSense box) and tried to access WAN1's external IP address from WAN2, and all I got was the pfSense login page even though I didn't have that port open on the WAN.  Took me about an hour to figure it out.  I had to resort to using my iPad over 3G to test the perimeter of my pfSense box (still do on occasion). I was testing from a proxy. Confirmed now on 3G I can't access it.

Solved. Turns out Ooma was spoofing my PC's address.  I'm not a networks expert, but it doesn't seem right to me to have this setting be the default. When changing out network cables, Ooma was disconnected from power for over 12hrs, I'm thinking the device reset itself to factory configuration.

Thanks all for your comments. To heavy1metal, I thought it would be possible to force via Group Policy something that gives LAN connections priority over WiFi connections when a cable is connected, however I do not see where this is, can you point me in the right direction please?  I have 2008 R2 DC's. By the way, no users are admins, so they cannot change settings to their NIC's without the admin login, so setting up a bridge etc is very unlikely. Related to this, let's say, your office is in range of a completely separate, unsecured WiFi network, let's say a cafe or a shop.  Your users connect their laptops to this.  They also connect the the LAN by cable.  Surely this presents a problem then?  There must be a way around this scenario.

Resolved by installing i386 version.

Perfect, I just figured this out. The system plays the startup chime, so I know when it's booted. Press #2 (Set Interface(s) IP Address) Press #2 (LAN) Type 192.168.1.2 Press ENTER Type 24 (CIDR) Press ENTER Press n (Do you want to enable the DHCP Server on LAN? y|n) press n (Do you want to revert to HTTP as the webConfigurator protocol? y|n) Press ENTER to confirm Should be back at main menu.

VPNs / tunnels would create more hassle then solve, you'd end up getting calls from parents on what's wrong and you end up providing at home support. If you setup a proxy, I'd personally suggest having a separate box / virtual machine to handle it, since it can be compromised / attacked / overloaded. But a proxy would be the easiest solution. Apple has an enterprise utility where you can create profiles for iDevices, you'd then just email or create a website for you or the kids to click and install the profile. Within the profile you can set and lock in proxy settings. I'm sure you have an iPad (to support it, gotta have one), hopefully you have some time to sandbox it and iron out any issues.

Yeah, I have seen others with this issue involving captive portal, but as I stated above I only have lusca-cache, squidguard, and the widescreen packages installed. I've never even used captive portal. If there is nothing to worry about that is fine, I just wasn't sure if this was a side effect of the upgrade to 2.0.3 or if there was something else going on malware related, or something similar on the network.

Thanks for the ideas. I may format my pfsense box and start from scratch, I have a few other tests I can try.

Not sure if you can have a VLAN on the interface outside of the LAGG, that's probably up to the switch more than anything. You can have VLANs on LAGG interfaces just like any other interface, just add them under Interfaces > (assign) on the VLANs tab. Once you have the LAGG interface defined, it shows up as a choice for a VLAN parent.

Hrm… must be a problem with my chrome then. I'm not going to stress over it as my Fire Fox works fine. Just thought maybe it was a bug. It did cost me some time troubleshooting thinking it was pfsense's fault, or a problem with the hardware in the pfsense box.