search the forums i have read about it all you have to do is create  the pool with the 3 instance in it. when you do the fail over just make sure all the different wans a covering each other 1->2->3, 2->3->1, 3->1->2 that should always keep you up search forums 1st

not to bee the jerk and and captian obvious did you disable everything down to just the processor and the nics? what kind of hard drive is in this thing and what kind of chipset is also running the thing? (nvidia) i have had 3coms and Intel nics in my machine and the only thing that has been tripping it up is my assistant that was covering for me when i was on vacation she pulled the power plug on the unit insted of the cable modem. i think that i was up for well since august no issues.

Not currently doable but it will be in 1.3.

Removing that extraneous monitor IP in the LB config seems to have fixed it.  Also bumped states up to 20k as my feeble attempt at a stress test managed to occupy just over 1000 states (approx. 20 simultaneous browser page loads).  Will post back again if any more weirdness happens…

Could you elaborate on your "FIX" We simply having a hell of a time with FTP over here: http://forum.pfsense.org/index.php?topic=7096.msg40246

@newfirewallman: currently i am using virtual IP and setting the subnets on servers and using the virtual ip on the dmz nic for their gateway. Using VLAN's would create many more rules and management would it not? Most likely not if you use aliases.

I only use the LAN-ports of the "AP" but…you got me thinking Gruens. I just changed in the AP configuration and got it up and running. Now i can reach the LAN from the WLAN.   I but i can't reach the WLAN from the LAN though, but that's not important enough for me to continue messing with the AP for  :) And besides...my primary aim is to learn how to manage the pfsense box, not the AP  ;D Thanks for the help everyone!

If this is multi-wan you need to ensure static routes are in place to send a dns server out to each isp.

From the time I first installed m0n0wall (and later on pfSense) I didn't have to look at 'firewall builder' anymore. But IIRC there was an option to read a configuration from an existing box and output it in a different format. Don't know if pf is supported, though. Take a look at:  http://www.fwbuilder.org/

@crave: If what you want is to see the currently active PF ruleset (as well as some other info) you could have a look at http(s)://<pfsense-ip>/status.php as described here: http://m0n0.ch/wall/security.php.</pfsense-ip>

Yep, did that. Changed the admin port to 443/HTTPS for security and added firewall rules on WAN and OPT1 allowing TCP 443 from any to any.

Wow, your ISP shouldn't route RFC1918 space anywhere. Apparently they use it inside their network, likely one of their routers you were hitting. The block private networks only applies to the WAN interface, only for traffic initiated outside. If you want to keep RFC1918 packets from going out, put deny rules on your LAN as well. WAN rules, and the block private networks feature only apply to traffic initiated from the Internet. This traffic was initiated from your LAN, and your LAN rules allowed it.

@sullrich: Maybe a view of the tables contents allowing someone to delete an item would be a good idea.. This along with a way to block the IP entirely or just that IP's port. Neither of these is a big deal since I understand how it works now. Just icing on the cake.

Bingo!!  Thanks so much for the help.  I would of never figured that one out.  Hmm… It's my feeling that WebGUI Anti-Lockout should never automatically pass traffic on ports other than 80 and 443 (unless the firewall admin changes the listening port for the WebGUI service, which in that case WebGui Anti-Lockout should update itself to allow traffic into the new port).  The naming of this option to me is kind of deceptive.

Thanx a lot!

@Sylhouette: did you check the box in system –> advanced -->  Static route filtering, you need to do so. regards, Johan Yes it's checked. Giacomo

@dotdash: You should be able to use Aliases (Firewall, Aliases) to do this. I'll check it out, many thanks.

Try running these two commands. They did the trick to get Vista talking to Windows 2003 server. Might work for pfSense. netsh int tcp set global autotuninglevel=disabled netsh int tcp set global rss=disabled