pfSense can do natreflection to make your forwarded services available by their public IP for the internal clients. Just enable it at system>advanced (very bottom of the page). Other option is to setup a split dns (resolving the internal IP of your server for the clients). This has to be done at the DNS-Server that your client use. In case it'S the DNS-forwarder of the pfsense visit services>dns-forwarder and add static mappings to make it resolve the internal IP for your servers.

And we had complaints about the latter, hence the reason it is using terminal.

I cannot win either way so I'll just leave it alone.  Sorry.

And we also assume your on 1.0.1.  If you are not, please upgrade.

dia is good, if you are using  *nix.

@rsw686:

If you get a network card with a dongle you could stick it on the bottom and put the wireless card on top. That way you wouldn't have to take it apart.

Or if you do take it apart just rip off the plastic that covers the antenna. That way metal casing can guide the card in correctly.

btw, the metalcase is also used to get rid of heat. Removing it could load to heat issues besides the danger of short circuits.

This is working sometimes, and not others.  It may have been a simple case issue (grep -i).  Is it possible the log file contains characters that could cause grep to prematurely detect an end of file?

:D

The outgoing PPTP problem when the pptp server is enabled is a known issue, not of pfSense but of the underlaying FreeBSD. Maybe this thread is interesting for you to read as there is some work going on to make pf handle pptp states properly; http://forum.pfsense.org/index.php/topic,2507.0.html

Looks like someone is doing some macflooding (see http://www.securesphere.net/download/papers/SwitchSniff.htm ):

MAC Flooding
Switches keep a translation table that maps various MAC addresses to the physical ports on the switch. As a result of this, a switch can intelligently route packets from one host to another, but it has a limited memory for this work. MAC flooding makes use of this limitation to bombard the switch with fake MAC addresses until the switch can't keep up. The switch then enters into what is known as a `failopen mode', wherein it starts acting as a hub by broadcasting packets to all the machines on the network. Once that happens sniffing can be performed easily. MAC flooding can be performed by using macof, a utility which comes with dsniff suite.

[root@tachyon dhar]# macof
77:6b:e1:6e:5e:8c 93:2d:ed:45:f9:e3 0.0.0.0.45702 > 0.0.0.0.11000: S 1847390231:1847390231(0) win 512
84:a4:d3:57:ef:8 12:56:52:42:dc:95 0.0.0.0.16630 > 0.0.0.0.3031: S 1484147693:1484147693(0) win 512
88:f0:9:3f:18:89 d:86:53:53:d7:f8 0.0.0.0.15535 > 0.0.0.0.7466: S 293820390:293820390(0) win 512

I'm not really interested in a userland proxy.  The very next complaint will be why the source IP isn't preserved to the web server.  With that said, a userland proxy can (and should) be done as a package if there's any interest.

–Bill

Please reinstall the package. Those errors have been fixed. The latest version is 20061023.

It appears when you have 2 usable drives in the installer as a Create GEOM mirror option.

Ha ha that's a good one :)

Ah well, I'll just run ntop when I need it and stop it afterwards.

thanks Billm.

Working now on interpreting the log.

@hoba:

Enable static ARP entries at the dhcp server settings screen. Beware, by turning this on only machines listed in the mac adress list at the bottom of this page will be able to communicate with the pfsense and thus configure it.

this is exactly what i wanted to happen, i just need to give access to two clients, thanks hoba.