States on the schedule rule are killed by default. It can be disabled by checking the "Schedule states" box under System>Advanced, Misc. My guess is either your rule order is wrong so it's not matching that rule, or you disabled that option though I doubt the latter.

Hi oippi: Not sure about others but I stopped reading minds when I got married.    ;D Can you share more information about the makeup of your network?? (WAP's, Switches, ect…)   And maybe some screenshots of your rules en such. I have a customer I just put on 2.1 that does meeting from around the globe on Skype...   No extra rules, port forwarding or funny dances in front of the router to make it work...  Netgears (5 tries)  that the cable co. gave him was dropping connections thus the reason I got the job...   Not one drop since then.    (2.1 (freebsd 8.3) due to needed driver not in 2.0.1 (freebsd 8.1))... :)

I have experienced slow access to the GUI when my first WAN went down, the fix for the GUI only was to add multiple DNS destinations. Goto System -> General Setup -> DNS Servers My Setup uses the following 8.8.8.8 - WAN1 8.8.4.4 - WAN2 I found this speeded up the GUI with a WAN failure. Are you using a PPPoE connection for the ZEN connection if so have you checked the firmware in your ADSL Modem is up to date and ensure you have ticked " Dial on Demand" with a time out of " 0 "

@k6usy: @radicd: Thanks for the reply, but I'm trying to avoid maintaining VLANs in the firewall. I would like pfSense to act as nothing more than a firewall and have the VLANs configured in the router. Is the setup I mentioned in the original post possible? How many vLANs do you have? Too many, 50+ on each switch and constantly being modified.

@FJSchrankJr: It was much higher yesterday the traffic but I blocked so many networks in China. This is why on a lot of my rules I only allow IPs registered to North America to pass.  I was getting to much junk traffic from China and Russia.

Perfect, that's what I thought. So, even though the "match" rule only appears when selecting the "queue" type from the Floating Rules menu, presumably I can use it for the other things "match" is used for in pf?

Hi Goliathxo: RRD: can you post it for the other interfaces too (same time period)? Will work on finding/solving it over the weekend. Thanks

If these two computers are in the same subnet, then pfSense would have nothing to do with this since the traffic between the two would not go via pfSense.

If you create a wan rule and limit the number o connections per second. If external ip exceeds the value you defined, it will be blocked for about 02 hours by pfsense. You can check blocked ips on diagnosts -> tables.

I've tried disabling the squid proxy at all, and then the policy routing works, but when squid is enabled the default wan is the one which makes the squid to exit the network. ANy suggestion?

In the default config, all ports on all protocols are allowed outbound from clients behind the firewall. Incoming connections from the Internet are blocked, but not outbound.

WAN address would generally be your router's internet IP address.

I set up a NAT rule to catch all DNS requests on port 53 and to have it go to the DNS forwarder on my pfsense box.  That means no matter what someone may have manually set their DNS server to, all DNS requests go through the router and then captive portal can properly redirect any outgoing web requests for authentication.

If you read through the squid tutorials/documentation, you will notice the "transparent proxy" option - if you enable this, you should not need to configure users browsers.

ok here is the answer I setup a nat rule Interface  WAN Protocol UDP Destination WAN Address Destination port range from:  4569 to: 4569 Redirect target IP Enter the internal IP address of the server on which you want to map the ports. e.g. 192.168.1.12 Redirect target port 4569 NAT reflection enable save and apply did the trick for me everyone is so happy now lol

I checked the bug tracker but didn't see that it was resolved. I will take a look within the next few days and try to locate/fix the problem. It only happens on a multi-wan setup and the wan graphs also include traffic from the other wan interfaces. Is this what others are seeing? The more info you can provide the better. Thank you guys.

"The block private networks rule logs everything that matches it" Really – then why doesn't it show the little i next to it for being logged.  Or state that in the setting?  You can turn off logging of the default block rule.  So is it that this rule would log everything without a way to turn off the logging?

Neither the ip or mac for this particular machine were showing in the arp table on the pfsense box. When changed to another ip this machine showed in the table correctly, ip changed back and no entries in the table for the problem ip. I reset and restored the config and had the same problem. There is definately no duplicate ip on the network. I reset pfsense back to default and reconfigured it from scratch and it all works fine now. No idea what the issue was but it appeared some part of the config was corrupt or not being applied as it should. Thanks.