Fair enough. I see the reasons for those features, but it's not really something I need at home. Not at 2-3 times the cost. I've ordered this instead: http://www.supermicro.nl/products/system/mini-itx/sys-e200-8b.cfm

Yeah. Make changes using the GUI and save /conf/config.xml.

Go under the dansguardian service and use the log and reporting page to make your change. You cannot directly edit the files. They will be overwritten. I don't know how many times I need to say it. STOP directly editing the files!

Thank you for the response. I had already researched and saw the page at the link you provided and went through the processes there. It did not resolve the issue. I have set no-logged firewall rules both allowing and blocking the WAN interface (one at a time, not both at once) outbound access to any host, internal or external, using any protocol as well as TCP / all flags allowed, as a test. It still blocks it and logs it, telling me that the rule is not applying. I believe the issue lies with a wireless router I have. I had flashed a Linksys/Cisco wireless router with DD-WRT and used one of their guides to set it up as a "dumb" switch. I then connected it to VLAN16 (192.168.16.0/24). All communications work well to and from the wireless hosts (ping, Internet access, etc). These log entries only appear when a wireless host is connected (such as a laptop or cell phone) and 90% of the external hosts are Google servers (the are all android phones). So, I'm thinking it has something to do with the setup on the router. I'm looking further into it at DD-WRT's website. Thanks again for your response.

@neik: So if I am assigned 1.2.3.0/29 I would have the WAN as 1.2.3.6/32 and the LAN as 1.2.3.5/29, with the hosts on 1.2.3.1-1.2.3.4? That does mean that the WAN is in the LAN subnet, even though it is a /32. It's not equal though, with the WAN being only /32, it should be fine. @neik: Here in the UK we always, in my experience, just get a /29 or /28 block with one address in that block set automatically by the PPPoE connection. What would be "usual"? The typical scenario with business class DSL in the US and most other places seems to be getting an IP assigned via PPPoE, and having the static subnet routed to that dynamically-assigned PPPoE IP. Sometimes, like with my AT&T Uverse at home, the modem must do the PPPoE and then my static /29 can either be assigned LAN-side of the modem, or routed to something with a private IP on the LAN. It'd be nice to have unnumbered support at some point, not sure offhand if that's possible in mpd and FreeBSD.

My roommate works for Comcast, weve already gone through every support tool they have. It was no help.

I see them too :-( How can we make them stop? lol I raised a bug report: https://redmine.pfsense.org/issues/4383 I could not see where I could fix this in pfSense PHP code. I concluded that it is somewhere in "pf" in real compiled code from pfSense-tools, so I will let the devs get onto it in due course. I'll resist using the compiler as long as I can find interpreted code bugs to fix  ;)

@tim.clarke: applauds Thanks, Bill. You are welcome.  Here is one more link I found where someone did this eons ago for Windows 2000.  This is the Google cached version:  http://webcache.googleusercontent.com/search?q=cache:LqAyrNNeSmQJ:sourceforge.net/p/snort/mailman/message/7666254/+&cd=10&hl=en&ct=clnk&gl=us. The original link appeared to be dead.  Here is the text in case the link is dead for you – -----Original Message----- From: McCammon, Keith [mailto:Keith.McCammon@...] Sent: Friday, July 26, 2002 11:36 AM To: snort-sigs@... Subject: [Snort-sigs] Signature for W2K Login Failure Hey all, I caught that request a few days back for a netbios login failure and started tooling around with the concept of detecting Windows network login failures.  However, I don't have access to any 95/98/NT systems (which I couldn't be happier about), so I couldn't hammer out much netbios.  But I did manage this: alert udp any 88 -> any any (msg: "W2K Kerberos Login Failure"; content: "|24 30 22|"; content: "krbtgt"; dsize: <300; classtype: unsuccessful-user; rev: 1;) If you're running an AD domain (native mode, which uses Kerberos by default), this should catch failed login attempts.  I've done a good bit of testing on a smaller segment without any false positives or negatives. Hopefully you'll have the same results... Cheers Keith    Bill

@dgcom: The issue with cron emails is a know one. I wrote about it before - this is cron's default functionality to send email if any job produces stderr output. The reason why not too many people are complaining is because default pfSense install does NOT have sendmail executable, so no emails are going out. But the moment you install package like arpwatch - it will add sendmail link to special php script used by pfSense - cron will start spamming you (if there are jobs with output). The best solution for this I found is to add this line to crontab file: MAILTO="" Or you can redirect output of most annoying jobs to /dev/null if you are interested in output of some of them… up to you. I'll try that, hope editing cron with the cron editor package won't bounce it out of the file…

Tried DNSsec again (without forward), Hardne glue and Hardn DNSsec Data enabled, got a lot (at log level 3) of those while the browser becomes unresponsive dnspois1.jpg dnspois2.jpg

Did little more work on it [image: ascreencapture-192-168-1-1-phpsysinfo-3-2-0-index-php.png] [image: ascreencapture-192-168-1-1-phpsysinfo-3-2-0-index-php.png_thumb]

BINGO! After doing this the connection came up. As well I went snooping in the switch and updated FW / adjusted strict settings. All good in strict mode now. Thanks MATE!!!! ++REP

@marcelloc: So, SO and pfsense config are fine. Did you captured traffic while using firefox? Most times, we need to close firefox and reopen to get proxy settings changes applied correctly. To test, I rebooted the whole computer, so Firefox was restarted by design ;) What do you mean by "capture traffic while using firefox" ? How can I do that? For now, on the desktops that are using firefox, I made the input manually for the WPAD file in the settings. But I'd really like to make the auto-detect work. Upon searching on the Google, I found out some old articles stating that Firefox does not support the DHCP way to get the WPAD file, it only supports the DNS way. But following this article: https://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid I did add a DNS host override like so: http://cl.ly/image/3k382b461r3N So it "works" but not like I wanted it to be.. that is, only setting needed on any computer is to make it auto-detect proxy settings. I tested with IE, Safari and Chrome : all work. Only Firefox is whimsical

If you suspect it's a cacheing issue you could always turn off the cache in Squid and try again. As I've said, it may be worth checking your Squidguard settings and making sure you haven't got an overzealous block in place.

This would come in handy for managing multiple UTMs, especially if there is a package install/update that can be done to 2 or more by a single click. Also if a package configuration change can be pushed to multiple UTMs.

https://forum.pfsense.org/index.php?topic=81014.msg442131#msg442131