Thanks for the replies everyone. I've taken the plunge and set it up, took a whole day because had to rewire everything as I wanted the server in the loft, however its all done now and working. I've got a small problem though, my broadband speed has dropped, i'm on 4meg and used to be able to download at 420kb sec and now my max is 30, I have no idea whats wrong, either its a coincidence and somethings wrong at my ISP end or the pfsense box is causing it, which I doubt.

sounds like you may be running into a known issue. http://cvstrac.pfsense.org/tktview?tn=1352,32

how about this. I use EchoLink (HAM radio Voip Thing) i need to trigger ports 5198 5199 UDP but i dont want to open them, two computers on the lan use them. I would rather trigger then have a hole.

@Matts: Ok Solved, It seems that the IP adress of the LAN side in a bridge really should be different than on the WAN-IP. But, it needs to be in the same subnet or it will not work 100% well. I have the feeling that this IP on LAN can be used for another system because it does not exist in the ARP table on the router. But, beware, this adress is needed different AND needs to be in the same SubNet !!! Yeah I verified that's a bug. I opened a ticket. http://cvstrac.pfsense.org/tktview?tn=1352

@john99: Thank's a lot for the helpful informations! At the moment, my firewall (fli4l:) is also the gateway for the local WXP-lients and a little AD-serveer(W2K3). Question: If pfSense is set up as a transparent bridging firewall, it cannot be anymore a gateway (and therefore reached from the internal network with an IP) ? Not on the same interface. You can leave your LAN setup as it is now, add an OPT interface bridged to WAN and use it for your publicly accessible services.

Yes, look under Advanced Options when you add/edit a firewall rule.

damn am i a idiot. thx a lot, that was it! cheers

Ahh, the latest snapshot won't let you use hyphens, only underscores. That's a good thing :)

Hi, It was a little bit strange because with the normal 1.2 release I was not able at all and now I can, when I place them in the same vlan ofcourse ;) I was confused because of the 1.2 BETA1 but with the latest snapshot everything is solved and does work as it normally should. Thanks ! Matt

Based on recent findings, I would only recommend enabling polling if you're concerned about your management interfaces (console, webGUI, SSH, etc.) being unresponsive while under extreme load ("extreme" varying depending on your hardware). Even cranking up the hz, polling is significantly slower than running without.

@GeeZuZz: Then i create a new rule, and place it underneath the "Block private networks" rule which is at top. Block, Protocoll: *, Source: blacklist, Dest.: *,  Port: *, Gateway: * that sounds to me as if you've added this rule on the LAN-tab. But rules on your LAN tab wont block connections comming from WAN to servers in your LAN.

thanks for double checking that.  ticket is open. http://cvstrac.pfsense.org/tktview?tn=1348

Search for log analyzers that understand OpenBSD pf logs, if you're looking for strictly firewall log reporting. If you want detailed info on network traffic, check out the pfflowd package and look into NetFlow collection and reporting software. There are TONS of options, as this is what Cisco uses on their equipment.

All legit traffic gets passed. Out of state traffic is common and gets dropped. Same as this: http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html This also drops traffic some hacking tools generate with invalid flags, you'll see a little of that, mostly the above.

Thanks, the Intra-BSS option did the trick.. Damn.. I knew it was something small but I'd never think it hides on this tab :) Thanks !

Ok! Thanks! Josep Pujadas

I still need this ftp-proxy function, any chance only to disable the log ? Many thanks.

It's possible…need to read up on Squid ACLs. I doubt there is anything in the pfSense gui for Squid that will let you do it though - you'll need to manually edit the Squid config file.

Hi there, first the good news: the problem really seemes to be gone - at least it did not occur again since updating to the snapshot mentioned in my last post. However, the reason why that is so, is still in the dark. I changed since then only two things: updated the states to 500000 updated the image. Regarding states, I see even in heaviest times like 1000-2000 states - this is still very, very far away from even the standard 10000. Again here my setup: Internet routing x.y.z.w/25 , GW x.y.z.129 –--- x.y.z.130 (WAN-IF)---pfsense (transparent bridge mode)-----x.y.z.135 (LAN_IF)------ clients in the range x.y.z.w/25 via DHCP (without the used ones) I agree that the blocked traffic looks like out-of-state; however, when the situation occured the GUI showed me much less states than have beeen configured. Anyway.. for now the problem is solved and i hope it stays like that. If it will re-occur, I'll try to give even more details. Best regards and keep up the good work! Arno