@luke240778: Are you saying that it is not a good idea to have upnp enabled? I would say, not if you don't need it. You seem to have a clear need for it though. Just be aware that it effectively allows any client behind your firewall to open ports and setup port forwards. Since you are a WISP this is perhaps more of a risk than for other users who can control what is behind their firewall. Steve

Meant the default timeouts. Such as: set timeout tcp.first 2 set timeout tcp.established 3600 set timeout tcp.closing 2 set timeout tcp.closed 600 set timeout udp.first 2 set timeout udp.multiple 3600 set timeout icmp.first 2 set timeout other.first 2 set timeout other.multiple 3600 set timeout adaptive.start 20000 set timeout adaptive.end 220000 I am playing with 2.0, looks pretty good. Took a patch from FreeBSD mainline to support my 8 port serial card. Had to recompile the kernel with puc enabled for it to work, but it works like a charm. Overloading dumps excess entries into a table, which can be used for later processing. For example, I have different uplinks wrapped in different 802.1Q tags. When something passes reverse path verification (something else I can't yet locate), and exceeds 90 syns/min, it dumps the IP into the synflood table. 5 minutes later, it's removed. I live in the CLI. However, the guy that pays my bills does not, and most of the people on my team are specialized in a specific talent. This means a GUI is needed. pfSense has impressed me, and once I become familiar with its source, I do plan on submitted many a patch.

You'll never get a proper environment for compiling on the firewall, not without a lot of headaches and mess that really aren't worth it. Setup a FreeBSD 8.1 box or VM, compile there, and move things over. Much simpler that way, and it doesn't reduce the security of the firewall (unless you're installing a program that does :-)

A /31 isn't generally considered a valid mask as it doesn't contain any routable addresses. FYI- 255.255.255.252 is /30, not /31.

Do you have a screenshot of what this looks like? If it's just the question mark by the cursor, I get that on all of them and that's normal, it's just the style of the cursor that shows with the overlay for the alias popup.

Thanks guys for your replies. Actually power outage is exactly what happened. I also figured out that "promiscuous mode" had nothing to do with the file system. After a proper restart the system log is clear of warnings. Thanks again.

@stephenw10: I'm not sure I understand the question. Do you mean would it be better to use the switch for port mirroring? If so then yes, if your switch supports it, as it won't load your pfSense box. Steve Hi Steve, yes that was my question. I will use a switch then.

Anything bigger is fine.

Thanks for the replies Fellas… Found out what was happening.... I originally tried pfSense followed by M0n0wall and some others. I was experiencing the same issues. I did try to connect to by using an IP address but it would just lay there and look at me. I dug deeper by looking into the firewall logs of one of the servers providing shares and found that it was complaining about connection attempts from ports 137-139 (Old Windows 2000 and XP PCs) and also port 445 from the Win 7 boxes.  445?    I had to look that one up.  It seems that this port (Discovery Server Port) is the replacement for the old NetBIOS ports 137-139. I allowed port 445 on the file server and I was able to connect a share by name. Cool.... But not finished. Now when you try to connect to a share you cannot see the rest of the network. You have to go into: Control_panel --> Network and Sharing Center --> Change Advanced sharing settings and enable "Turn on Network Discovery". This allowed me to see all of the other members of my group. The Firewall is working well. I upgraded all of the Win 7 boxes to Service Pack 1 to give the firewall/gateway a workout and it was not even sweating (2.8GHz, 512MB, 80GB, w/2 100mb links). I have a 22Mb/s down and 5Mb/s up Comcast link so everything went real fast. One other note.... If any of you are reading this and still have trouble with XP and 2000 connecting then go to the PC that is providing the share and go into that PC's firewall software and tell it to specifically allow your PC (by IP Address) to use ports 137-139. I did this with McAfee and it worked. Why all of this broke when I put pfsense online still baffles me. I was still on the same LAN so pfsense should have not been involved. When pfsense was disconnected everything worked without any modifications. Most peculiar. Thanks again for your help!!!! Darius

It might get a bit tedious repeatedly connecting to the pfSense GUI and entering the details so another option would be be to (for example) create a shell script on the pfSense box in the office to issue the appropriate wol command and then invoke it by ssh from home. (Might need to do this under a user other than admin.) On the pfSense box you could add static arp entries by shell command but they will disappear on pfSense reboot. I believe the pfSense config file can include shell commands to be executed at startup (see the Shellcmd package and the discussion in, for example http://forum.pfsense.org/index.php/topic,34391.0.html ).

Also, your source port will not be 443, that's your destination port.

Have you tried reading the documentation and searching the forum? Much of what you ask is trivially found with even just a cursory review of the documentation.

First, you should be on 1.2.3, not 1.2.2. (Or even 2.0 at this point) Package installs do not require a reboot. For bandwidthd, all you need to do is go to Services > BandwidthD and set whatever settings you want, save, and then wait a bit for it to make the graphs. You can make a backup before you install if you want, no need to backup the whole HD. Just go to Diagnostics > Backup/Restore and download a backup. If something goes wrong, you can reinstall (From CD, embedded image, etc) and then just restore your config file and it will go back to the way it was.

On 2.0 you can edit the gateways and weight them appropriately based on how fast they are. For instance, my cable is about three times faster than my DSL, so I have my Cable set to a weight of 3, and DSL to 1. If you are on 1.2.3 there is a trick you can do the same way, just add your faster connection to the LB pool multiple times and that will use it that much more often. So in my example above, I'd add my Cable to the LB pool three times. In both cases, out of every four connections I make, three go over Cable, one over DSL.

I fixed it all with a simple change… Made the AP vlan the native vlan(example, vlan200) instead of vlan1.. everything works like a charm now. Thank you very much for your help :)