Hello! I checked the box, I rebooted the firewall and the problem still continues. Regards, Josep Pujadas

If i assign 202.61.42.18.1/24 as Gateway to Machine running behind Pfsense then how traffice will pass through Pfsense. if i donot assign Public Ip that is 202.61.42.18 to my WAN interface of Pfsense then after bridging LAN interface with Wan at Pfsense at what IP ADdress i can access Pfsense Managment Console.

You can change the opendns branding with your own logo. thanks for all the input.

::) Nobody knows your setup. So you have to provide better information if you want help, screen dump and network diagram etc.

Thanks Sir, I really stuck with this problem. I try to re-install pfsense and put router before isp modem. But the problem still there. Thanks.

I have the same problem with Radius, although I'm not running the latest pfSense.  So yes, in general, PF scrubbing + Radius = not working is certainly a normal feature.

OK, thanks for the quick answer - I was afraid that might be the case.  The ability to use URL's into the rules (or at least into an alias) would be a nice feature at some point in the future. Until that day arrives I'll hard code the IP addresses into an alias.

Search the forum about port-knocking. There have been discussions about that, and why it's not such a good idea.

The CIDR is assigned by DHCP too obviously btw.. I'm not sure how to check the actual CIDR of the dhcp allocation - the system log only says the ip address without netmask or CIDR..

thank for the quick help  ;D

Ok here is what I used. But file and procedure is in french… but a give a quick howto HERE. PM me if someone is interested and doesn't understand everything. First you need a "table" which will contain the IP list. edit /etc/inc/filter.inc SEEK #SSH Lockout Table table <sshlockout> persist</sshlockout> ADD AFTER #LOCK STATIONS table <stations>persist</stations> Then you need the filter rule for the "stations" table. edit /etc/inc/filter.inc SEEK        /* optional interfaces */        $optcfg = array();        generate_optcfg_array($optcfg); ----> ADD HERE !!  <----        if (is_package_installed('squid') && file_exists('/usr/local/pkg/squid.inc')) { ADD /* Internet LOCKING */ $ipfrules .= "\n#Block internet on some workstations\n block quick from <stations>\n\n";</stations> Save file and reload filter from web manager pages. Do an ls -lt in the /tmp folder to see if rules.debug is correctly generated. You can cat the file and grep it to see if the text you added is correctly added and at the good place. You can now manage it with: pfctl -t stations -T add 10.x.x.x pfctl -t stations -T show pfctl -t stations -T delete 10.x.x.x Then add some php scripts in a folder in : /usr/local/www/stationlocking/ Code it and add youself authentification system in these webpage. Exemple: file /usr/local/www/stationlocking/station-lock-10range.php session_start(); $username = "scott"; $password = "tiger"; if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) { header("WWW-Authenticate: Basic realm=\"BOSS ACCESS\""); header("HTTP/1.0 401 Unauthorized"); echo "NOT ALLOWED"; exit; } else { if($_SERVER['PHP_AUTH_USER'] == $username && $_SERVER['PHP_AUTH_PW'] == $password) { //SOME CODE IF AUTH IS CORRECT, OR PLACE IT AT END OF SCRIPT SINCE ERROR = EXIT } else { header("WWW-Authenticate: Basic realm=\"BOSS ACCESS\""); header("HTTP/1.0 401 Unauthorized"); echo "NOT ALLOWED"; exit; } } system ( 'pfctl -t stations -T add 10.10.10.10' ); system ( 'pfctl -t salles -T add 10.10.11.11' ); ?> <center> ### DONE LOCKED FOR 10.10.10.10 and 10.10.11.11 </center> Now by browsing http://pfsense/stationlocking/station-lock-10range.php and giving good credential you can block 10.10.10.10 10.10.11.11 Script to unlock is the same but with delete instead of add. And you can use status to get status (i didnt code status maybe you will need to use passthru instead of system).

ASR is almost never used when there is some kind of state-tracking firewall between the two hosts.  I am not sure of the packet flow, but i am guessing that what is happening is that input tcp packets are entering from a different interface than the one the routing table on the receiving host says to use for the return packets.  fixing this (somehow) would be a good idea.

yes, agreed!  i did this, and my SIP problems all went away.

I have pasted this problem on the VMWare forums and see with them what may be the problem. I will be comming back and give some info. See you later. :-\ Thanks

Hi, sorry, I realized last night I made a mistake when posting the pfsense screenshot. Will post the REJECT one as soon as I can. The router is in Congo DRC which I've left yesterday evening. Will try to get someone to provide me the proper REJECT logs. Thanks again for your help.

Remove the IP addres for the WLAN.  1) you don't want an IP on the bridged interface and 2) you can't have two interfaces in the same subnet anyway.