Only. i can block ip "Proxy Content" setting. [image: iyasak5.jpg] [image: iyasak5.jpg_thumb]

@cheesyboofs: So, I gave pfSense up. Probably I need a firewall-class to learn more before using pfSense Its a real shame because that is the perfect opportunity to learn something and a  great sense of achievement when you figure it out. Yes, it's a shame, but I've put down many hours on the matter, and I did learn a lot. I'll come back to pf Sense later. //Ben

err I might be mistaken but i'm sure theres a setting you need to enable to apply firewall rules when you bridge interfaces. Was very late the other night when I did my setup so a lot of the optins blend nicely into a red page in my brain..  ;)

Your LAN is 192.168.10.0/16 which includes 192.168.2.0/24

Sorry for asking this But How do i enable it? Is it in web config ? Thank you for your help

Thanks that worked perfect, I don't know how I could miss that :D Thank you!

put squid on pfsense in transparent mode and set up squid box as upstream proxy.

@ermal: One solution is to not run pfSense in bridge mode but with 1:1 nat for each of the providers to the server. The server will have only one private address with this setup. The other option is 1.3 which can do this but its ALPHA so not suitable for production. okay but the server need to have the public ip of the first provider.  I don't like the 1:1 NAT option as it causes problems with some services. Is it possible to create a second LAN connection for the 2e provider and connect this to the same (our internal) switch as the 1ste LAN connection or will this cause problems?  Or do i need to use a secondary networkcard in every server and another VLAN on my switch?

@fastcon68: I run into this all the time.  the first thing that I do,  is change the ASDL modem to bridge mode.  This puts the external ip on the pfsense device.  I have haveing a firewall behind a firewall. The only time I have kept the orginal configuration is when I need a DMZ. Any questions kept posting here or send me a internal email. RC I am fine width router mode. Just want to know how to effective use firewall.

Found the solution: Advanced Setup, Bypass firewall rules for traffic on the same interface

@psychosematic: Like I said earlier I am pretty good with flat networks but trying to understand what I can accomplish or if it will be beneficial to me to run vlans. Actually, you can do lots of funky stuff with networking in general. It's just not always useful…  ;-) If you are "good with flat networks" then ask yourself if you have or plan to segment your network into subnets. That's when you can use VLANs. That of course implies using a VLAN capable (managed) switch. Oftentimes it is easier (and completely sufficient!) to put something like an access point on an additional interface of your pfSense (e.g. OPT1)

Thanks! did not even notice that

I have examined the logs and the connection between a WIFI_IP 10.0.0.200 and port 80 of a DMZ_IP xxx.xxx.xxx.198:80 is passed as the connection between 10.0.0.200 and 127.0.0.1:80. It seems that for a strange reason pfsense box regards that the connection is not being made to the DMZ server xxx.xxx.xxx.198 but to the box itself 127.0.0.1

In 1.2 that's its at the end cause all the rules have quick in them. In 1.3 the ruleset begins with a block {in, out} all and continues to faciliatate some more pf features and flexibility from the gui.

Yes, but pfSense has something called DHCP leases so I think maybe there is an option to associate this data table directly without having to do it manually, the idea is to have in the firewall log the MAC address next to the ip, because the ip association changes from one day to another (I'm using dynamic DHCP).

Thank you so much .,,               I ever seen IPcop addon they setup L7 ipp2p to block all p2p.. Thank again.

bump