Thanks for the explanations. All clear now  :).

@chpalmer:

Id see if you can find a firmware update for your modem.

Is it possible your running pppoa on the modem but pppoe on your pfsense box when the modem is bridged?

Thanks for that and I had checked that possibility.  With different modems, it still dropped.  Remove the Realtek cards,,,,,,no more drops.

I appreciate you taking the time to reply…........

It has nothing to do with what they're using for DNS, you have to configure your firewall rules to only permit traffic to the proxy and other traffic you need to allow directly out, and not allow HTTP or HTTPS directly out.

Yep, figured after research.

Fixed.

Distinguishing a legit RDP user vs. a brute force attacker is impossible to do accurately at the network level. Nothing at the network level has that kind of visibility into RDP. Limiting the number of simultaneous connections per IP is the best you can do. That type of scenario has to be detected by the server, or something monitoring the server. To react to it, something on the server or monitoring the server could be scripted to block the IP on the firewall.

Not on a 32 bit piece of hardware.

Big Thanks to MIQ in the IRC channel!!

here is how to do it for any future searches:

Pf sense >firewall>virtual IPs
add a new rule:
type ip alias,
wan interface
type network
(IP address/subnet mask)
save and apply

Pf Sense >firewall>nat
outbound tab, save in manual mode then add a new rule:
leave do not nat unchecked.
interface wan
select protocols
source (your internal server)
destination any
translation choose your alias
save and apply.

move rule up or down in the outbound mappings.

If all goes well then that box should go out on the IP specified in your alias

good luck

Thanks a lot :-)

@johnpoz:

"Modem is connected directly on pfSense WAN card"

Depends if what your calling a "modem" is really a modem and not a gateway.  What is your pfsense wan IP, does it start with 10.x.x.x, 192.168.x.x or 172.16-31.x.x ?

"I have now tracked the problem down to the squid proxy"

thought you said they could make it work for you since they changed something?

Modem is the real cable modem. IP of wan is 81.x.x.x

If you watch the tests in the first post, you see the tunneling of rtmp isn't blocked. I guess they didn't use tunneling in the past, turned it on for a moment (the moment it worked for me) and now turned it back off.

From what i've read flash ignores proxy settings and tries to use port 1935, 80 or 443 and if this doesn't work alot of website will try to send the data in a capsulated http packet. They don't use that method for some reason. I've tried to add port 1935 to the squid savelist but that didn't fix it.

I'll try moving ALL the load balancing to an external IP address using IP Alias and see if that makes any difference.

[edit]

Ok, that works. TCP Load Balancing worked fine using external IP addresses on the DMZ interface
DNS load balancing ONLY works if ALL load balancing (including the TCP) uses IP Aliases.

I will dig into this further and see if I can suss out exactly whats going on.

Thanks all!

Why not just assign a WAN interface and then attach nothing to it? Are you running into restrictions because of the number of interfaces you have? I have a few situations similar to what you describe and I simply assign a WAN to DHCP and then just connect nothing to the assigned WAN interface.

I have seen dozens of those Kingston SSDs fail in the wild for customers (Thankfully I haven't used any myself). Wouldn't shock me if the drive was dying.

The @'s in the log after a reboot are normal - they aren't log files, they're clog files - binary circular logs. The logs are cleared on reboot. On 2.1 and 2.0.2 they aren't cleared anymore.

Typically if it's a crash from a driver or OS issue it will take a crash dump and when you login to the GUI it will offer to submit the crash data to use. The kind of failure you describe sounds more like a hardware failure, but it's still kind of hard to say.

There isn't a way to adjust its interface binding, but you can certainly block it with firewall rules and access it via ssh port forwarding if you like.

Ouh… thatz hell of a task :)
anyways thx fr ur suggestions :)

Thank you for your reply.
i definitely need to assign a public IP on my server. NAT is not working on the internet service i need (according to the internet service support team).
I have tried to bridge WAN - OPT and after that, two more interfaces appear on Interfaces - Assign. The BRIDGE0 and an opt which has the same mac address with my WAN. Should i do something with them?
If you thing that this is not a good implementation, i can use pfsense in bridge mode only and route internet traffic of my lan to another connection.

Thanks again

Well we are trying to figure out the problem. Let us eliminate RIP and set a perm route to make sure.

@stephenw10:

pfSense uses pf(4) not ipfw. Though it does use ipfw for the captive portal function.
I think you may out of luck translating that from iptables.  :-\

Steve

If you don't mind setting up the rules manually, you can activate the portal and then create your own ipfw rules. The only trick is to make the last step in your rules skip over the portal rules (assuming you don't want captive portal functionality).

I run dhcp on my pfsense, and it provides IPs for ALL devices on my LAN.  This interface has been enabled since pfsense was installed.

What your saying doesn't make any sense - enabling dhcp has NOTHING to do with the web gui of pfsense.

How are you access the web gui now?  Via what IP and from what client?  You say your enabling the lan interface?? Can I please see a screen shot of your interfaces and what IP do you access the gui on now?  Your accessing it via 172.16.1.xxx  – why hide the last octet btw, that is a PRIVATE IP and not routable via the public net - there is NO security concerns with giving out this info.

You say that is your WAN IP in pfsense.  That is not how you would normally access the gui, you would have to allow for special firewall rules to access gui via WAN interface -- since default firewall rules would block all inbound traffic and block private networks.

So what rules do you have in place?

edit:  If your LAN network is 10.0.0.0/24 with pfsense on 10.0.0.1, then your client your accessing pfsense from would also be on this 10 network, not on the 172.16 network.  Your not setup like me if your access pfsense web gui on 172.16 wan address that is for sure.  I access everything on pfsense via its lan interface.  Are you changing lan from dhcp to static?  And your lan was dhcp before and its getting an IP from something else?  Your router??

What is your settings for your lan when it works and you can access the gui?

lan1.jpg_thumb
lan1.jpg
lansetup.jpg
lansetup.jpg_thumb

pfsense 2.01

We've only had it running for a day or so, but I'm trying to address issues early, like I said m0n0wall didn't work so well for us, we found ourselves restarting it every couple of weeks.

pfsense itself seems fine, the only stat I saw go too high was CPU usage, but that happened only when I reset the captive portal, and everyone had to log back in. State table is under 50% used, memory 75% used, everything else shows similar levels of usage.

You're right about 10Mb/s being insufficient, but this is for a school, giving students all the bandwidth they want for their smart phones isn't something they can do. The whole guest network is done on the cheap.

I am the consultant who's done it before. Like I said, the wireless is fine, we're just doing the guest captive portal part on the cheap.

I'll throw some more memory on the VM and see how it works.