I've done this before with only access to the WAN. 1st.  You started off right by disabling the firewall pcftl -d then connect via the wan to the Web GUI.  Don't add any firewall rules at command prompt. Go to firewall rules > WAN tab delete the "block private address" wan rule.  Its at the top.  Grey. Now add a pass rule on the wan to allow you to access the web gui via the wan at this point you can pcftl -e Now, very gingerly change your pfsense password to something secure. Now, at this point I'd configure SSH on the WAN and probably OpenVPN also. Then I would delete the HTTP / HTTPS pass rule you created on the wan From this point, if you are doomed to only have access via the WAN, at least you can do it securely. For anyone who may be wondering "why the heck did you ever do this", its because I was using pfsense only as a VPN server and was forwarding ports from a ddwrt router to a VM running in vmware player.  Just to give a friend access to his LAN remotely without him needing to buy any hardware.

Often you will find the cron job pushes the machine to use more ram and cpu than normal, so it exposes perhaps bad areas of ram that are not normally used, marginal chip cooling, or marginal power supplies.

The defaults are fine for Skype. If you have traffic shaping or limiters configured, you might be throttling it. Otherwise, if you're getting appropriate performance in general for your Internet connection, it's not the firewall. Possibly poor connectivity between your ISP and the other person's ISP, among other possibilities.

Sorry for the delay. I'm not familiar with the business hub but it seems very likely that it is causing the open port reports you're seeing. I'm still not clear how you have it configured. Steve

Just to post a follow-up, the dnsmasq from the 8.3 package has been working as expected for over a week now. Thanks again.

Hi, ok a few ideas in "reverse SSL certificate" it is set as "webConfigurator default" should be certif1 tic "Transparent http proxy" as well What is in your "Integrations" What is in your "Custom ACLS (Before_Auth)" In webConfigurator What is your "SSL Certificate" set to? (should be certif1 not webConfigurator default) And lastly when you created your Certificate was Server set to Yes (see link) http://www.sxl.net/guides/how-to-setup-pfsense-ssl-certificate-authority/ I hope this helps

I just ran vmstat -i while I was running iperf against PFSense, and the interrupt rate was unflinching. A flat 40/core, for a total of 120/sec.

Then you could have an offline copy of pfsense and even the forum using httrack ?

@riahc3: There are graphs in pfSense for quality? Intresting. That's what I wanted to look at in the first place :) Where can I view that? Status->RRD Graphs->Quality Status->System Logs->Gateways

Thank you for the clarification. I think I have mine correct then. There's no need to change the LAN computer's listening port of 80, which I was confused with. However, having my LAN computer's setup like that, I still receive the errors: Browser: No remote browser access to security server on publicWANIP:8061. Remote browser access to security server on publicWANIP:8063. SSH: $ ssh ubuntu@publicWANIP -p 8061 ssh: connect to host publicWANIP port 8061: Connection refused $ ssh ubuntu@publicWANIP -p 8063 ssh_exchange_identification: Connection closed by remote host TeamViewer: TeamViewer to 192.168.1.40 blue, but won’t connect. Now TeamViewer to 192.168.1.40 connects, but 192.168.1.120 turned off? TeamViewered into 192.168.1.120, the remote connection turned off. Traffic analyser: Tested packet capture: LAN computer > pfSense > Diagnostics > Packet Capture > Start > remote computer (I'm on this) > Terminal  > $ssh ubuntu@publicWANIP -p portNumber > Enter > LAN computer > pfSense > Stop. No packets reaching the pfSense WAN. I'm now stuck remotely and will need to physically go to the local computers for access, to try again tomorrow.

@mulder00: Just tried it but unfortunately it didn't work. Didn't have any connection at all with it disabled. If this indicates you tried disabling gateway monitoring already the result doesn't look right. You should have at least the same connectivity as before. Steve

Try the bandwidthd package first: it will give you traffic graphs by client and classify the traffic. Web site tracking is more complicated, I haven't done much of that.  Suricata can do some I believe, but there may be a better package for tracking site usage by client.

@ehuk: Quick question, if we select an Active Directory server as the main authentication server for a pfsense box, what happens if the AD servers is unavailable for whatever reason? Would we be locked out, or would it try and authenticate with the Local Database? It falls back to the Local Database. In fact, the Local Database is always active. If you log in with credentials not valid for the AD, pfSense will retry the same login with a local account instead. Keep the local admin account and give it a strong password. Then you can always log in regardless of AD connectivity. Also, you need a local account to do syncing between firewalls and ssh logins to the firewalls. Lars

No one?

How can I now test the bash script? I have cron installed (using the GUI) with */1 * * * * root /home/wolserver And the code is in wolserver. nothing is happening and I see no logs (do not even know if cron is running the script), am i missing something?

See this thread https://forum.pfsense.org/index.php?topic=71198.msg403630#msg403630. I've made a few changes since… take a look and let me know if you're interested and I can post updates on the old thread...