[pfSense Support] Re: Microsoft updates through pfSense
In message 8c26a4fdae599041a13eb499117d3c286b396...@ex-mb-1.corp.atlasnetworks.us someone claiming to be Nathan Eisenberg nat...@atlasnetworks.us typed: I doubt it, why would the SSL cause problems unless you denied clients authentication, but why would you deny access to your own clients?!? You probably don't have the ability to sign valid certificates for update.microsoft.com. With the ability to push root certificates out to machines it wouldn't be difficult to dummy up certificates that would pass muster. Of course just pushing the proper registry settings would be far easier than screwing around with any of that. Since you're redirecting SSL traffic bound for that destination, instead of telling the application to talk to the right server, the common name is going to be wrong, and the SSL handshake will fail. SSL certificates aside, while Windows Update and WSUS provide similar functionality the protocol isn't interchangeable and the functionality isn't identical. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Microsoft updates through pfSense
In message aanlktinaa08gkvm_bj6xyzylkmjnzzwqmdppdcml4...@mail.gmail.com Shali K.R. sh...@vidyaacademy.ac.in was claimed to have wrote: But WSUS requires a domain controller for the perfect functioning, i also tried this without domain controller but its not working well WSUS is absolutely the way to go. WSUS has no need or use for a domain controller, except to configure the machines. You can build a .reg file and import it however you normally manage your machines. Once you're configured client-side there isn't much else you need to do, the rest is done server-side. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Firewall security compromised by auxillary programs?
In message AANLkTi=htn0sn-dcyqkopye6hq02bge+q-8gxnhi3...@mail.gmail.com Kurt Buff kurt.b...@gmail.com was claimed to have wrote: On Fri, Feb 4, 2011 at 20:21, Joseph L. Casale jcas...@activenetwerx.com wrote: Well, I hear of people running pfSense in a VM, and I wonder how do you avoid exposing the host OS to the network? How can a firewall be run in a VM and not leave the host OS hanging out to be attacked? Well, if the interface is setup in a bridge with nothing else, what exactly is addressable that you can connect to and then hack? Now add a vm and plug a nic into this bridge and put pfsenses wan designation on it. When you show me one case of the host being compromised I'll believe it, until then it's not been done as far as I know... If the OS is a VM, then you might want to understand Blue Pill: http://en.wikipedia.org/wiki/Blue_Pill_%28malware%29 And, I believe, it's just the beginning of the threats for virtual environments. A Blue Pill attack is effective against actual hardware, lifting the running OS into a Hypervisor without the OS or user being aware. However, this type of attack wouldn't need you to be in a virtual environment. In fact, it might be more effective on real hardware than within a VM environment since AMD-V and VT-x functionality itself isn't available within a guest environment. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Firewall security compromised by auxillary programs?
In message A683EE2D55D14244B72772B0A53B3A1B0135502CBFC6@ihcomm.ImageHawk.local Mark Jones mjo...@imagehawk.com was claimed to have wrote: Well, I hear of people running pfSense in a VM, and I wonder how do you avoid exposing the host OS to the network? Proper configuration? How can a firewall be run in a VM and not leave the host OS hanging out to be attacked? I can't speak to VMWare's design limitations, but Hyper-V makes it trivial to bind the local machine's IP stack to one NIC, while Hyper-V guests are bound to one or more other interfaces. The attack surface is still marginally larger since the Hypervisor's virtual switch is a potential target, but this is reasonably tolerable. Crawling out of the guest environment and compromising the host isn't necessarily impossible, but by that point your firewall is already so thoroughly compromised that you've probably got bigger things to worry about. Yes, I agree that having a jabber server on the firewall is less secure than not having a jabber server, but I question it being less secure than having it on my internal server. If it is on the pfSense box and becomes compromised, the hacker will need pfSense skills to get any further, then they will need an additional set of skills to get at my primary servers. If I open the ports that the jabber server uses, then they have access to my primary servers via the jabber server software because the firewall is permitting connections into and out of the network on those ports. If the Jabber service itself is compromised then no additional skills are needed to get out beyond what would be needed to get out of a standalone server. Sure, some basic OS skills will be useful, but being on pfSense is no better or worse than anything else here. If this analysis is wrong, please someone point out where it is wrong. This assumes that the jabber server only opens the ports for XMPP and nothing else, no management ports etc. There's a number of considerations. To start with, many networks have more than inside and outside, your Jabber server doesn't necessarily need to have access to anything at all other than other Jabber servers (plus the ability to receive client connections from within the user-facing LAN) In this context, the firewall becomes the gatekeeper between each subnet/VLAN/LAN/whatever, and so is a far more attractive target. Also consider, if your Jabber server only opens ports for XMPP and nothing else, and your firewall passes all traffic to those XMPP ports, what benefit do you receive from having a firewall at all vs putting the XMPP server completely outside your firewall? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Import shared key from XML
In message 1906f75b-41fe-444f-95d6-a2ae2d3f6...@todoo.biz bsd b...@todoo.biz was claimed to have wrote: I am trying to import a Shared Key from a previous XML file, It looks like the key found in the XML file can not be directly copy / pasted in the shared key box. Do you know what I have to cut out to make It work ? This might be a stupid idea, but create a new key, export the XML, insert the old one and import? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: How do I break down a /22 into smaller subnets to use behind(LAN) side of my pfsense box
In message 002e01cb64bd$300fced0$902f6c...@c3a.ca Adam Thompson athom...@c3a.ca was claimed to have wrote: (On an unrelated note - anyone know why I can't send emails to this list from my BlackBerry? Works for other mailman-managed lists elsewhere...) For whatever reason this list is rejecting mail based on the MAIL FROM SMTP command rather than the FROM header. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Allow Traffic Between Interfaces
In message aanlktimhp=h08xsyt=bvkel4vhi_u2zroxp9xjxnm...@mail.gmail.com Chris Buechler cbuech...@gmail.com was claimed to have wrote: Firewall Aliases. You should really get a copy of the book. :) http://pfsense.org/book Kindle? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: multi-wan, multi-lan security
In message 24b7224eff7c4e19b1a43fd4df416...@dp2000xp Tortise tort...@paradise.net.nz was claimed to have wrote: My ISP advised us not use common private LAN addresses for this (common problem) reason. (I now use randomly generated addresses) I do hope you never need to contact the legitimate owner of whatever IPs you're using... Personally, if my provider gave me such advice (not just a single rep, but the provider's official policy) I'd find competent provider. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: multi-wan, multi-lan security
In message 8c8f0f7add704cf491998cbe298fb...@dp2000xp Tortise tort...@paradise.net.nz was claimed to have wrote: Yes I was referring to ARP poisoning and my cable connection experience which is the reason for the random (obscure) LAN subnet range selection... It's worth noting that even if you use an uncommon LAN subnet range selection internally, anyone in your broadcast domain could easily observe your ARP packets and find your IP range, so you're not gaining much security by obscurity here, although you are decreasing the odds that two random 192.168.0.0/24 networks will cross-talk if you both made the same configuration error at once. This assumes the case of a large ancient cable modem network that still broadcasts ARPs between client side networks on different modems, and assuming a configuration error directly connects a LAN to the WAN bypassing the firewall. In reality it's been a while since this was that big a deal on cable modem networks (or at least any that I've touched), around here it's probably been 5+ years since you could see floods of ARP requests. I think that the cable modems only transmit ARP requests from WAN to LAN for MAC addresses already known to exist on the LAN side, so strictly speaking your cable modem won't pass valid traffic after the modem is rebooted until the LAN side machine sends at least one packet up to the modem. This is a handy side effect of cable modems already needing to track valid MAC addresses to limit the number of machines connected for billing purposes. 10/8 is huge, 172.16/12 is a little less widely used and also significantly large enough that I've never ever personally seen any remote network overlapping with the /21 that I picked out for myself, and I VPN into remote client sides regularly, and travel somewhat frequently. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: multi-wan, multi-lan security
In message b8ab6ffcb532416f938e8d117b87e...@dp2000xp Tortise tort...@paradise.net.nz was claimed to have wrote: - Original Message - From: Dave Warren dave-use...@djwcomputers.com To: support@pfsense.com Sent: Saturday, August 07, 2010 4:51 PM Subject: [pfSense Support] Re: multi-wan, multi-lan security In message 24b7224eff7c4e19b1a43fd4df416...@dp2000xp Tortise tort...@paradise.net.nz was claimed to have wrote: My ISP advised us not use common private LAN addresses for this (common problem) reason. (I now use randomly generated addresses) I do hope you never need to contact the legitimate owner of whatever IPs you're using... Personally, if my provider gave me such advice (not just a single rep, but the provider's official policy) I'd find competent provider. Woops - sorry for being misleading. I meant (and use) random numbers taken from within the private address ranges. (10.x.x.x etc) In that case, excellent advice and one I would absolutely agree with. I'm possibly overly sensitive on this particular issue just because I'm tired of dealing with it professionally, one of $DAYJOB's partners used to give out advice like this and we spent untold hours cleaning up. I hope no offense was taken, certainly none was intended on my part and if I came across to harshly, I do apologize. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Fwd: Re: [***SPAM*** Score/Req: 05.6/5.0] Re: [pfSense Support] blocking Tor Networks
In message worldclient-f201001061619.aa19060...@connected.cl Víctor Pasten vpas...@connected.cl was claimed to have wrote: A proxy server (squid, or another webfilter) cannot stop it (TOR clients), because it's unable to analyze TOR traffic (encrypted traffic). You don't need to analyze to block. In fact, if you can't analyze something, and it's not on a trusted-by-IP whitelist, block it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: PFsense + Load Balance + Squid
In message d64aa1760912041209l2df7af05j1af2f329bdca5...@mail.gmail.com Chris Buechler c...@pfsense.org was claimed to have wrote: On Fri, Dec 4, 2009 at 2:46 PM, Dave Warren dave-use...@djwcomputers.com wrote: In message d64aa1760912041123v2e92448fi3bc780947235c...@mail.gmail.com Chris Buechler c...@pfsense.org was claimed to have wrote: That's how it works. Traffic initiated by the firewall doesn't get balanced. Is this likely to change in the future (2.0 or beyond)? You can use floating rules in 2.0 to balance traffic from the firewall. Awesome, thanks! Just trying to plan out a long term strategy, short term I'll just run squid on another box. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: PFsense + Load Balance + Squid
In message d64aa1760912041123v2e92448fi3bc780947235c...@mail.gmail.com Chris Buechler c...@pfsense.org was claimed to have wrote: On Fri, Dec 4, 2009 at 6:14 AM, Rafael Cristian rcristia...@gmail.com wrote: Hi, I have problem in configuration the load balance in pfsense. I am configure, but not get work the squid. My clients in Squid not balance, but In clients out squid get balance normally. Anybody know why??? That's how it works. Traffic initiated by the firewall doesn't get balanced. Is this likely to change in the future (2.0 or beyond)? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Shaping Bridge
I'm looking at making a shaping bridge, hopefully using a single port using VLANs (although this isn't a strict requirement) Is pfSense a good choice for this role? (The reason I ask, researching this on Google yields several forums discussions indicating that m0n0 is a better fit, but since I'm already using pfSense in a few places, I'd prefer to use pfSense if it will do the job) Thoughts? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Shaping Bridge
In message d64aa1760911281210y5677dc3q8c8db8292db7b...@mail.gmail.com Chris Buechler c...@pfsense.org was claimed to have wrote: On Sat, Nov 28, 2009 at 3:04 PM, Dave Warren dave-use...@djwcomputers.com wrote: I'm looking at making a shaping bridge, hopefully using a single port using VLANs (although this isn't a strict requirement) Is pfSense a good choice for this role? It'll work fine, potentially with one caveat - I'm not sure how or if a bridge would handle 802.1q tagged frames with m0n0 or pfSense. Fair enough, I can live with that. I've got dual port Intel NICs in the machines anyway (plus onboard NICs), I'm just a wee bit short on switch ports, so if I can use VLANs, I can put off needing a new switch. Thanks muchly! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Sticky Connections
I'm running 1.2.3-rc3, load balancing two connections (MultiWAN, NAT mode) shortly after enabling Sticky Connections I notice problems making connections. Looking through the lists this appears to be a known issue. Is there a workaround or is there any case where this does work or do I have something misconfigured? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Quad NIC's?
In message f68e3c0e0909230911v178948e3v8380845007f80...@mail.gmail.com Simon Dick sim...@irrelevant.org was claimed to have wrote: I even once used a 4 port 10Mb card with built in hub... :) Those were fun days, weren't they? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: 1.2.3-RC1 Web gui logout
In message abf9510930e1374ba4b4c61a01104fbda36...@monterossa.activenetwerx.local Joseph L. Casale jcas...@activenetwerx.com was claimed to have wrote: There isn't one in the 1.2 series since it uses HTTP authentication. Argh, that means I have to close my browser:) You could close your browser, or you could use a browser that implements a method to forget HTTP authentication. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Can captive portal authenticate based on windows login
In message ffb190ee79ba57428e06ab63df10963bfcbe1d9...@hivemind.integrita.internal Dimitri Rodis dimit...@integritasystems.com was claimed to have wrote: Single Sign-on (aka one set of credentials) is one thing, the captive portal's ability to automatically _receive_ (and authenticate) the credentials from the requesting client/browser is another. Unless I'm misunderstanding, Ryan wants to get rid of the username/password prompt from the captive portal, and have the current windows logon credentials automatically pass to the captive portal, which is currently not possible with pfSense-- ISA Server is the only thing I know of that does this. It can be done by any 'ol proxy that supports kerberos, but the browser needs to know it's talking to a proxy to even try to authenticate, so it would still take some browser configuration. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Intel Atom Install Trouble
In message 49d1326b.3050...@elitemail.org Vaughn L. Reid III vaughn_reid_...@elitemail.org was claimed to have wrote: I have a Intel Atom based board that I'm trying to get pfsense to install on. I can boot fine into safe mode but I get a panic message when I try the default boot config. I can reproduce this from both the pfsense ISO and after an actual install onto the hard drive. I'm trying to install 1.2.3 (downloaded today). This is a shot in the dark, but try resetting the BIOS to it's defaults and see if you've got any luck. I've got an Atom 330 based system (Sorry, I don't have the mobo or chipset details handy, beyond to say it's a Intel mobo) that panics during the install based on some combination of BIOS options that I don't entirely recall. I have reason to believe there are some ACPI issues but haven't had the time to track it down, but at this point if I disable ACPI I can't even boot the system, it locks immediately after the Highpoint driver (I don't use any Highpoint cards in this machine), and ACPI needs to be enabled for the system to even boot. Beyond the initial hardware configuration fun, it has been rock solid. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Internet at the lake? Rogers Mobile Internet Stick (Rocket) with pfSense?
In message 4ad1738e0903271251l1713a491y14a69e8496202...@mail.gmail.com Dave Donovan donovan.da...@gmail.com was claimed to have wrote: I've got an HTC TyTn II. I think you told me that you had the same one, or a similar one. It has a connector for 2 external antennae. One is for GPS, I think the other is for cellular. The external antenna may also solve the all-or-nothing issue with your 3g phone by giving you a bit of a boost. You're correct, this is an external antenna jack. There is a registry hack to make the device support WiFi tethering. Note that this needs WM6.0, WM6.1 apparently allows the carrier to detect tethering and bill you extra (not that Rogers does this, to my knowledge, but they could start) I know a TyTn isn't exactly cheap but if you don't have one already, you might be able to get one cheap with a screen defect or something. It's also quite possible that other, older/cheaper models would serve as well but I can only speak for what I've got. They're surprisingly cheap on eBay/Craigslist now (vs the $600 I paid for an unlocked unit when they first came out) I could probably be talked into selling mine with some minor cosmetic damage for $250 or so (I haven't looked at the new/replacement costs yet, I just know what I want to buy instead, I need a replacement as part of $DAYJOB involves testing WM software) Contact me off-list if this looks useful. Note that you'll probably have to reflash the firmware, I'm on a modified one, although I could probably flash a stock ATT image back on the device before sending it out. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Internet at the lake? Rogers Mobile Internet Stick (Rocket) with pfSense?
In message 8a93eaa824a48b4abc87b3e3da03256ba953670...@xmail01.xunity.com Chuck Mariotti cmario...@xunity.com was claimed to have wrote: I have the option of staying/working from a home on a the Lake for a number of weeks this summer here in Ontario/Canada. Nice and relaxed. Unfortunately, the only internet access is dialup, which is not acceptable (of course). I spent my last summer working remotely from various campsites and cabins, it's well worth the pain. After much poking around, I borrowed my wife's iPhone, went up to the highest point in the house, stuck it up against each window, and low and behold with one of those windows... one bar of 3G. 3G / Edge jumped In and Out, but it was definitely there. Some tests were pretty good... 2mbit down, 500kup... others, pretty bad... very bad... 3G signal would go down, etc... but it's there! The one problem is, there are no leaves on the trees yet... and it's just one bar of signal. So I imagine it will get worse in a couple of months time. Second problem is, that the wireless provider here (Rogers) sells a USB Stick that will give me 3G Internet Access (like the iPhone). Model Ovation MC950D 7.2 USB Modem - HSDPA/HSUPA/UMTS... My concern is that this thing is as bad or Worse than the iPhone for receiving 3G signals. I would really like to not have to worry about signals here. Does anyone know if the antenna on this thing is significantly better than an iPHone? Will I get 0 bars or 5 bars? In my experience, the iPhone's 3G antenna / transmitter is less able to cope with inconsistent or spotty signal then either my ATT Tilt or my Razr2 V9 (all on Rogers Wireless 3G) Also investigate whether you can find an external antenna for whatever device you end up, a $100 whip style antenna will take an unreliable signal and make it reliable, a Yagi will make you think you're hardwired. Anyone have any suggestions or solutions to this problem? Depending on the area, you might want to take a look at TELUS' data services. I much prefer Rogers on my primary service, but I've taken my TELUS EVDO card out camping with me, one trip we moved to a new campground every day for almost two weeks only once ending up without a solid EVDO signal, whereas we only had reliable 3G every third or fourth day, we ended up having to fall back on GSM/EDGE the other days. My experience was in Western Canada though, out east you might have better luck with Bell rather then TELUS. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: Help with NIC Hardwares
In message beee84cb0903182141g67ddb93fk1581305b38076...@mail.gmail.com Victor Padro vpa...@gmail.com was claimed to have wrote: Neither way...single, dual, quad port(s) Intel's gigabit NICs will do the job as I stated before. I'd second Intel's NICs, they're well worth their cost. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] SVG graphs fixed in Google Chrome
FWIW, I just switched to the Chrome developer channel, SVG graphs started working in 1.2.1. Upgrading to 1.2.2 anyway, just waiting on the download. -- Dave Warren, d...@djwcomputers.com Office: (403) 775-1700 / (888) 300-3480 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Allow UPnP by MAC address?
Is it possible to allow access to UPnP only from certain MAC addresses, rather then by certain IPs? (I realize I can just set up static IPs or reservations, it just makes life somewhat simpler to avoid maintaining one more list if there is a supported syntax) Thanks in advance! -- Dave Warren, d...@djwcomputers.com Office: (403) 775-1700 / (888) 300-3480 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] What happens if the soekris hardware is defective upon arrival? The Cortex Systems way.
Jonathan Gonzalez wrote: I did a bank transfer for a soekris net4801-60 (256MB RAM) and other elements. When it arrived the hardware only recognizes 128MB of RAM. Can you reverse a bank transfer (like a charge back on a credit card?) -- If so, do it, send the box back COD (for the shipping expenses only) and let them figure it out. -- Our enemies are innovative and resourceful...They never stop thinking about new ways to harm our country and our people, and neither do we. -- George W. Bush 08/05/2004 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] Multiple WANs
Holger Bauer wrote: using the same gateway for both wans won't work as you can't specify rules for this I think. the rules are applied to a gateway and with both gateways the same... :-/ you might have to come up with a workaround like having a nated router in front of one connection to use this as gateway on one wan and put the pfsense in the dmz of this router. I'm trying to avoid needing more then one router, if I go that route then I don't need multiple interfaces in pfSense at all :) That being said, I might be able to force a different gateway -- I'll do a bit of experimenting. Thanks! -- There are two times when a man doesn't understand a woman before marriage and after marriage. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
