Thank you!

Excuse me sir, how to solved this problem (update windows with ssl bump squid3-dev)?  :)

Unless it's very low traffic you're going to need a syslog server of some sort then. Steve

Thanks for your help! I configure all as  your words but not lucky, dhcp not work. From wan net able ping to lan, ok. From client, i configure manually with ip 192.168.3.10 and gateway 192.168.3.2 (interface wan2 of pfsense), and work ok, is possible ping to lan and work internet. The problem is dhcp, not work and is active in pfsense (interface wan 2). Assing me ip generic: Log of pfsense register this: Nov 25 20:00:36 WAN_VODAFONE_4G Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List 169.254.34.122:137 Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 169.254.255.255:137 Any Ideas? I can´t to admin menu of Router. Thanks. Regards.

Exactly, these are real 'hardware' switches. They just have an open bootloader for the SoC that runs the management firmware so you can load an alternative if you so desire. Exactly like OpenWRT on a SOHO router just with an emphasis on switching and much much more powerful hardware.  ;) Makes me think that an OpenWRT switch might not be far off at all. Steve

If you are happy for (want) all devices to be able to talk to each other on a single LAN, then you do not need to have different actual interfaces. You can just assign static-mapped DHCP for each "known" device to put them in a particular piece of the 1 big subnet. Then leave the "unknown" guest devices in the ordinary DHCP pool. Then your rules can allow/block differently for the different parts of your 1 subnet. But that provides no real security - any guest can set an IP address themselves, rather than taking DHCP, and effective put themselves in a "more trusted" part of your subnet/rules. So you need to decide what is your internal known/trusted network, and what are guests and other public stuff. I suspect that you will want printers and other local network resources (NAS, your own file server…) on the trusted LAN along with your home computers, so they all just see each other. Many people would end up with: LAN - your own home computers, printers, NAS, file server, an AP for your home WiFi. Guest - and AP for your friends to use, with no (or very controlled) access to LAN and more generous internet access DMZ - anything you have that provides public services (public web site...) WAN - 1 or more actual uplinks to your ISP/s So you might end up with 3,4... interfaces on pfSense. If you have that many physical NICs, then easy. Otherwise you need a VLAN switch also. Then pick some private address space for each of LAN, Guest, DMZ...

For some reason , i try package install from http://ftp.freebsd.org/ , Folloing directory and syslo-ng install safely , to not occur pfsense crashe and stopping. For appropriate advice , finnaly replace my router to PFSense box. Thanks for all reply. Will ask if that also do not know.Best regards.

I found the issue. It turned out to be a bad switch. There was an unmanaged ethernet switch between the modem and the WAN, I replaced the switch and haven't had a drop since.

You can't set the media type on a PPPoE interface (or any type of virtual interface) you have to set it on the parent interface. If you don't have that available because it isn't assigned just add it as an new interface and set it as type 'none'. Then set the media type there. What is the actual hardware the WAN is connected to? Are you sure it's not forced to 100Mbps, have you tried connecting to it with something else? Steve

Those are both FreeNAS issues. The first looks like some problem with jails perhaps? It's trying to rename the virtual Ethernet pair and can't for whatever reason. The second issue maybe DNS related. Read this: https://bugs.freenas.org/issues/4027 Have you recently updated FreeNAS? You will probably have more luck on the FreeNAS forum solving those, though many here run FreeNAS. Steve

Wanted to say thank you for this post, I was struggling to figure out why our new android devices suddenly couldn't load facebook on wifi, and it was draining our batteries trying. I set it to "none" and off I went. Now I will go back and set up IPv6 locally since my ISP does support IPv6 (I have it getting an address on the WAN side, so I'll setup IPv6 on the LAN). Thanks again!

The hardware offloading features available in the System: Advanced: Networking: section of the webgui do not include a complete TOE as referenced in that Wiki page. They only offload smaller functions: TSO, LRO and checksum. It looks like there is at least some support for TOE in FreeBSD but you would need to enable in manually in pfSense. Importantly I have no idea how it would interact with pf. As referenced in the wiki article once you've handed off the entire TCP stack to hardware much of the OS internal networking features are by-passed. It could be potentially completely redundant in pfSense. Steve

All of the methods people use to try to examine and filter the contents of HTTPS amount to a MITM attack.  Which is about the same as breaking HTTPS.

Tell them what you want.

It looks like it's HAVP as when I remove never_direct allow all;cache_peer 127.0.0.1 parent 3125 0 name=havp no-query no-digest no-netdb-exchange default; from the integrations box, it then successfully downloads. I've now added .adobe.com/ to the whitelist and it seems to be working fine. Any ideas why this is happening in the first place? Detect broken executables is turned off.

Good stuff.  Thanks a lot, Jim!

Unfortunately no, and even for me using single Ports the monitor just always shows the balancer as unknown status :(, tried numerous guides and set ups and none of them work for me on my 2.1 box so i just gave up on it.

First thanks for all replies. The strange thing is that this setup is working (apart https). I have luck that my private lan has another subnet than 192.168.1.0/24 (I never use that!). Here is an (censord) extract of netstat -r: default          z.y.x.5.cust UGS        em1 z.y.x.5.cust link#3            UHS        lo0 5.x.y.z/32  link#3            U          em1 As you can see default gateway is the same address of pfsense… but it works! And, I can reach also 192.168.1.1., probably thanks to default route. Now I will try to configure modem as bridge or static ip, anyway I would like to understand this thing. It is a dlink dsl320-b