Another thing that is weird is that while I can see 2Gb/s on the live bandwidth graph, the RRD graphs don't show anything that high (maybe 20Mb/s or something).  Is it possible the RRD graphs have upper limits and my traffic is above those limits, and therefore being ignored?

yes :) try changes with my-ip.com :p

Check: pfctl -vvss To see the expiration time for state table entries.

pfSense WAN is public IP. Clients on local subnet contacts local gateway: 172.16.0.254 and gets static route from pfSense eg. 172.16.1.0/24 -> 172.16.0.1 Routing is not the issue here. Routing works fine from MPLS to local LAN, LAN to MPLS, MPLS to WAN and LAN to WAN. ISP had configured router that provide access to Internet and MPLS - I have no access to that router. As I see it pfSense LAN don't allow traffic from LAN to MPLS, and again it is all TCP:S packages that are blocked. If I come from MPLS net to eg. my remote desktop server my route looks like this: 172.16.1.2->172.16.1.1->172.16.0.1->172.16.0.15 - as I wrote before: ping and trace works fine. All MPLS MPLS trafic are routed over 172.16.0.1 to 172.16.0.254. I asked the ISP if that was correct, and they answerd "yes no problem, We'll just route all traffic to 172.16.0.254 and then you handle the routing in and out of your own subnet". Is it making any sense?

Hi. "wirelessly, => no access to the internet". Does this mean that when you connect by wire, you have access ? Do you use the Capive Portal ? What are the firewall rules on this interface ? (You are posting in the Firewall forum, but not showing any rules ….). You tested the NIC ?

Ok I reinstalled pfsense current 2.0 again, and this time set up the modem as a passthrough with pppoe on router or computer mode, Set up pppoe on  pfsense to get DSL working and this stopped access to 192.168.0.1 and that error has gone away

Here you have some info about ultrasurfing, maybe its usefull to you.  ;) (page 8 tells how to block it) http://www.m86security.com/KB/Attachments/Ultrasurf-GUID78cf6064c4d04affa2e177bc01284be4.pdf

Hi, my version of FileZilla server didn't have this option.  I upgraded the version of FileZilla server and was able to configure the passive port range OK.  I am now able to configure firewall rules and use FTPES OK through the pfSense. Thanks, Todd

@srs: no I can't see it's mac from the arp table. Is there any software in repository that I can install and that may give more info about firewall logs? thanks! Just for record: an arp inverse lookup should do the trick! The command should be arp -a IP-address

I see… another NIC with subnet... have some space left... :-) tnx!

@Gertjan: What about the 10 $ solution ? … On the firewall page, for every OPTx firewall, lock down the acces to the "port 80" (the GUI). Or just two cards, one to my PC the other via a switch to arbitrary other PCs, with a firewall rule that connections from the second card can't access the router's web ports. A neat solution. Doesn't change the utility of a genuine lockout on the GUI but does solve the specific social problem (subject to locking the router away and keeping the key safe :)

Jimp, I figured it wasn't anything major to worry about.  It's probably been going on forever.  But, I just restored my RC3 config to release on a new box and I was looking at the logs carefully. I'm aware of the condition that you linked to.  And it makes sense to me when it is blocked at the wan interface.  I'm just curious as to why, in my case, I'm seeing it on the LAN interface? Jeff

Setsuna: Check your rules and disable your default –> ANY rule on the LAN interface, this rule allows all traffic to traverse the LAN interface that is going outbound or in the local subnet.  Make sure you make a rule that will allow you to still talk to the LAN interface itself for admin of the pfsense box before you go disabling. The rules are parsed top-down I believe.  And...By default, everything should be blocked.  So anything that you open will be allowed specifically after you disable the default pass any rule. @Setsuna666: Is this working for you ? I just tried and from the LAN Network I could still access service on other ports. The only traffic I allowed is HTTP and HTTPS, but other ports seems to work and nothing is blocked. I don't think adding another rule to block all other traffic is necessary since pfSense should block everything that is not explicitly stated in the firewall ?

I see. Thank you very much!

@bainwave: Oops, bump Does any body help me out in squid? http://doc.pfsense.org/index.php/SquidGuard_package

Thanks. A lot for your your help XIII and tommyboy180! Pfsense 2.0 is now working well. After a fair bit of playing around with the web interface. I was able to get snort working and updating. It must have been waiting for a reply from the server or some other settings for it to start updates and be active. I probably need to do a bit more reading on this and the other features and functions of pfsense, so my question is now that how am I able to test if these setting work. It looks to me like snort, ip-blocklist and squidguard are similar with their functionality or would I need these to ensure maximum defense? The blocklists and blacklists I have implemented are from the same sources like this for example; http://www.shallalist.de/Downloads/shallalist.tar.gz. Does that mean one cancels the other our or do they cancel each other out? tommyboy180 your packages are great and if only I had read your tutorials a bit better I would have avoided some of the gray hairs Ive gotten over this. :-) I did have another issue which I was able to resolve after a couple days. I had installed a mikrotik router to act as client router. I was able to access the web interface on the client which was on a different network but the host wasnt able to ping pfsense through the router. After a teardown. It had turned out that a rule we had created earlier in pfsense was blocking the hosts. I had to change the rule to allow any protocol to and from the "green" interface.

I already went over what to look for in the packet capture in post number #10 http://forum.pfsense.org/index.php/topic,41957.msg217775.html#msg217775 Did you see d1:ad2:id20 in the payload? If so then its just P2P noise!!!  You can filter it out if you want from the log so you don't get all freaked out about such NOISE I would be happy to look at the packet capture you took if you want - just PM it to me. or Post it. To filter just create a layer 7 container for bittorrent, then a wan firewall rule on to block that layer 7 and not log it.  Now your P2P noise will be gone and you can stop freaking out about NOISE ;) After your posts I decided I didn't need to see all that noise either - so that is what I did. Like I said the internet is FULL OF NOISE!!!  Yes the default block that blocks all unwanted traffic is going to log that noise.  So you can either create the block all rule yourself and not log it, or if you want you can just filter out what is clearly P2P traffic your seeing for example d1:ad2:id20 in the payload via a layer7 rule and not log it.  So this way you will just see non p2p stuff that is blocked ;)  And should be less information that your seeing. As to your quality RRD graph – what is it you do not understand?  It is showing you the response times to your gateway, if if you lost connectivity to your ISP gateway it would show in this graph..  Its pretty straight forward -- not sure what else to say.