Okay, just found Gateways under Routing.  Hope that is the right place to put them in manually.

Tried what you suggested with the mac pass through in the captive portal. That is true. all but the last mac will delete. Not a big deal because we almost have more then one mac in the list.

I was not talking about the states. They are syncing OK. I was referring to the captive portal login info. So in other works when someone logs in through the captive portal that computer info is stored in status/captive portal. That only shows in the master router. It is not shown in the slave. however when the master is taken offline you can continue to surf with re entering the username and password, so the info must be read by the slave somehow. Maybe it just doesn't show on the screen.

I just tried it on my VM and it started itself after a reboot.

Make sure you are on a current snapshot and have the most current version of the package installed.

I remember that getting fixed at some point in the last couple weeks.

Ok, So my normal lan (fysical port vr1) is used for normal internet traffic to WAN (fysical port vr2), I made a second WORKLAN (fysical port vr3) with a pc and a server on it. I can access my WORKLAN trough my normal lan, but not the other way around.
normal lan =192.168.10.X /24
worklan    =192.168.1.X /24

Now i'm trying to access a remote network via an openvpn trough my worklan, the other lan should not see it or be influenced.

When setting the push gateway in the advanced tap i seem to route all traffic from the worklan  trough the openvpn and the normal lan doesn't work anymore :(

that's the current situation
Thanx for all the help
Jan.

Hi Veni,

Thanks, I already found out the "hard way", but many thanks for coming back!

Take care - Steen

I ran into the same issue trying to fit the 2gb image onto a Sandisk 2gb card.  No dice. 
Had to use the 1gb image.
Those stingy mfrs !!

OK Cool thanks.  I assumed it would be by each username logged in, thats great.

Hi,

I have a strange issue with snap version. Installation on Xeon server goes smooth and by default NAT works fine. Once the  captive portal been enabled it stops browsing even if the user is successfully Authenticated [ local db or Radius]. This problem is persisting with only Xeon machine, the same CD works fine with a core 2 duo or i3 machines…Help me out..

Tried with various version on 2.xx

a hint:
first: create a new user, assign rights.
second: test that user, if fails, review settings.
third: if test doesnt fail, disable the old admin

I have good and bad news!

The good news: now my SquidGuard is working again!
The bad news: I solved this issue disabling the Blacklist from the General Settings in SquidGuard… Now I have only my own rules... :-(
What can it be? May I report a bug?

same issue after 2 weeks under this snapshot.

Full 2.0-RC2 (i386) built on Tue May 31 16:38:57 EDT 2011

Jun 15 20:49:42 ipfw-classifyd: unable to write to divert socket: No buffer space available
Jun 15 20:48:59 ipfw-classifyd: unable to write to divert socket: No buffer space available
Jun 15 20:48:59 ipfw-classifyd: unable to write to divert socket: No buffer space available
Jun 15 20:48:59 ipfw-classifyd: unable to write to divert socket: No buffer space available
Jun 15 20:47:50 ipfw-classifyd: unable to write to divert socket: No buffer space available
Jun 15 20:47:50 ipfw-classifyd: unable to write to divert socket: No buffer space available
Jun 15 20:47:50 ipfw-classifyd: unable to write to divert socket: No buffer space available
Jun 15 20:47:06 ipfw-classifyd: unable to write to divert socket: No buffer space available
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: worldofwarcraft (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: tor (rule action block)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: shoutcast (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: rtsp (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: rtp (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: replaytv-ivs (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: quicktime (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: msn-filetransfer (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: mp3 (rule action block)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: httpvideo (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: httpaudio (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: http-rtsp (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: http-itunes (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: h323 (rule dnpipe)
Jun 15 20:45:02 ipfw-classifyd: Loaded Protocol: bittorrent (rule action block)
Jun 15 20:45:02 ipfw-classifyd: Reloading config…

0.99 is not the latest. 0.99_h_ is the latest.

http://doc.pfsense.org/index.php/ALIX_BIOS_Update_Procedure

Only officially announced releases are digitally signed, not snapshots.

There has only been one official 2.0 RC released, RC1. RC2 only exists on snapshots. RC3 will be signed, maybe released this weekend if nothing big breaks.

That would be specific to your hardware. Often a BIOS update or setting can also help with that kind of error.

Sorry I was doing to many thing at the same time.  While trying to formulate my last post.  I should have said to add rules to the IPsec filters and the Lan filters.  I'm glad to hear that your now working.

So is there any way to programmatically make pfSense automatically bring the interface down/back up when switching gateways from OFFLINE to ONLINE?  Or can this bug be fixed?  Does this only affect nanobsd builds?

I'm not sure at all, Don't seem to have the smarts to figure out filters!!
Tried this one below just a while ago and it seems to filter out HTTP traffic but still counts file transfers in windows networking as TCP traffic.

"not((src net 192.168.1) and (dst net 192.168.1))"

"you will see traffic trying to find things like pc1234.com as it works"

That will only happen if pc1234 does not exist in your search domain, but since it does on your domain which would be the first search you would not see traffic for pc1234.com ;)

And I don't agree that \pc1234 would fail some of the time - either they would fail all of the time.. Why would thy fail only part of the time?

Just sniff your traffic to see what happens.. Any windows box over 2k would be able to use direct host smb, would it not - which is dns based.  So as long as you have a search string setup then you would find your boxes via dns and then connect to the share on 445

so I disabled netbios over tcp, on my box other it would just broadcast for the names first and since im currently only on one segment would not be a valid test.

So I turned it off, then cleared both netbios cache and dns cache, fired up wireshark and then run \p4-28g and connects just fine..  From the sniff you clearly see the dns resolution happen to the FQDN

There are many ways to skin a cat, and sure running a wins server to allow for file sharing across segments for name resolution, but it is not the only way.

http://support.microsoft.com/kb/204279
Direct hosting of SMB over TCP/IP

I am not saying that you might not still need to run or want to run wins or some other NBNS, some legacy type software might still require it, etc.  But in general just because you have multiple segments does not mean you can not just access \computername - all that you need to work out is name resolution.

you will notice my queries go over ipv6, but that just because I am using ipv6 on that client so it likes ipv6 over ipv4, but as you see the returned address is ipv4 address, since that client does not have ipv6 enabled.

directhostsmbdns.jpg
directhostsmbdns.jpg_thumb