So curious are you actually using ipv6?  If not another option to remove the noise is remove it at the source by turning off ipv6.  Sure looks like ipv6 multicast for something to do with UPnP/SSDP with that destination. You can track down what is generating the noise..  And turn off ipv6 ;)  No noise, and less garbage on your network.

Thanks Bill for your reply. I was on holiday out at a remote location so could not response quickly. I will check the material and see if it would help me set this up quickly. Do you also have any literature on how to setup IDS and IPS with snort.

That's great, thanks guys  ;)

That was it!  I thought the Bundled Support Information link would just open a PDF like many of the other links in the pfSense support areas but I was wrong!  Thanks! [image: ScreenShot050.png] [image: ScreenShot050.png_thumb]

Thanks Jimp and KOM. KOM, When reducing the squid cache to 500mb and flushing squid did not free up any space I started to hunt for the culprit. Jimp I wish I looked at the inodes before i started deleting 60 Gig of SARG files (Just to be sure). There were a zillion small files in there. running a single rm -R * on the sarg-reports sub directories took 7 hours to complete.  Now my disk space is pitifully empty: $ df -hi Filesystem    Size    Used  Avail Capacity iused ifree %iused  Mounted on /dev/ad0s1a    81G    1.9G    72G    3%    42k  11M    0%  / devfs          1.0k    1.0k      0B  100%      0    0  100%  /dev /dev/md0      3.6M    46k    3.3M    1%      27  739    4%  /var/run devfs          1.0k    1.0k      0B  100%      0    0  100%  /var/dhcpd/dev Thanks for your help! looks like we solved this one.. I am putting it down to the inodes being full. Needless to say I removed the zero in the reporting options Cheers..

so your gateway is .145 what mask did you put on the vips? You sure its not just your server firewalling?  What are you running for your webserver?  Is it linux or windows based?  I don't understand why people do 1:1 why not just forward the ports you want? If was me I would create all the vips, and then setup rule on wan to allow ping.  And validate they all ping.  Then move on to what ports on what IP you want to forward to your inside boxes.

pfSense log files are binary circular logs of a fixed size. They do not "rotate", they roll over. https://doc.pfsense.org/index.php/View_Log_Files_in_the_Shell The size cannot be changed on pfSense 2.1.x or before, but it can be changed on pfSense 2.2 in the Settings tab of the system logs.

Hmm, yes too many errors to ignore if was me. Do you have a switch you can put in between the WAN NIC and your modem? Steve

Your right because after testing I didn't have any joys. I am tempted to move it to ESXi anyway which would solve this. A 1GHz via just isn't cutting it anymore now I am running squid and dansgardian.

Maybe you should look at this: https://redmine.pfsense.org/issues/1943

I see example , and i also do nslookup on firewall log screen. and many dns(port:53) logs up ..like this matter is existing , should not Introduce auto resolve function in PFSense , i interpreted. I still like study of English is not enough :-[ Even in awkward sentences,Thank you for reading.

Ouch! That's unlucky.

ICMP doesn't have ports, but it does have an ID. That's what that is.

That site doesn't appear to be tailored to PFSense. Is there a guide on how to do this with PFSense?

Using the internal CA and generating a self-signed cert in the OpenVPN wizard, I have successfully been able to connect. If someone could point me to a tutorial on creating a 3rd party CA and cert, I would be very thankful.

@Derelict: Yes.  I would create a VLAN for the green network.  Call it VLAN 20. Thanks much for the VERY helpful post. I haven't had too much time to work on this yet, but I have made some initial progress. I've actually decided to go with 3 new VLANs: VLAN 10: RED - No restrictions VLAN 20: YELLOW - Trusted family devices   – Access to RED net for printers, etc. (I implemented account controls for the NAS to allow backups)   -- Web filtering, with pass rules for Steam and Battle.net (so far) VLAN 30: GREEN - Untrusted guest devices   -- No access to RED or YELLOW nets   -- Web filtering, HTTP, IMAP, SMTP ports only (80, 443, 465, 993) Haven't had time to implement the WLANs yet (right now both APs are on RED, using the same 2.4g SSID, and in addition the NT-R66U is using a unique 5g SSID). Mostly using the two APs to extend range. I may use dansguardian filtering on YELLOW and RED instead of OpenDNS--it would be helpful to have all the nets use the DNS forwarder and cache. But I do have OpenDNS working on YELLOW by defining the two DNS IP addresses on the interface page and rejecting port 53 on the firewall page. Thanks again!