华强北电脑城 龙岗电子世界 龙华电脑城  凯尔电脑

 找回密码
 立即注册

QQ登录

只需一步,快速开始

查看: 2081|回复: 0

pfSense project

[复制链接]
发表于 2012-1-1 15:55:10 | 显示全部楼层 |阅读模式
<table style="TEXT-ALIGN: left; PADDING-BOTTOM: 0px; WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT: 12px="12px"  'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; PADDING-TOP: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class="blog" cellspacing="0" cellpadding="0">, K% s  w8 o9 q& o- e7 \/ m
<tbody style="ADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px">$ i$ k9 A& g) L/ w0 E% b
<tr style="ADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">
% w$ Q1 h! e0 e/ T$ M; R<td style="ADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px" valign="top">
9 P* W! j. W4 {% v, i3 y+ X<div style="ADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">
9 c. _7 K1 S" ?/ X<table style="ADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(0,0,0); PADDING-TOP: 0px" class="contentpaneopen">& x' M/ Y7 h( j& U  a/ t) N1 h
<tbody style="ADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px">( |* _  x2 {% j- K8 F7 u
<tr style="ADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">
, Y# B9 L7 {; g, v: ?<td style="TEXT-ALIGN: left; PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', Arial, Verdana, Tahoma; COLOR: rgb(0,0,0); FONT-SIZE: 14px; FONT-WEIGHT: bold; PADDING-TOP: 0px" class="contentheading" width="100%">Home</td></tr></tbody></table>7 m/ |5 s; Z( Q* p& @2 t$ G
<table style="ADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(0,0,0); PADDING-TOP: 0px" class="contentpaneopen">
$ h3 `( r% z6 \% N- I; ]: v4 `<tbody style="ADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px">
$ E1 U9 r$ P+ ~2 r" i<tr style="ADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">
  t; z) K: L  x/ t4 X6 Z" u! B' }: q$ T<td style="TEXT-ALIGN: left; PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(51,51,51); FONT-SIZE: 12px; PADDING-TOP: 0px" valign="top" colspan="2">6 Y( r" e% B5 h: ?1 ^, R; V
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">Welcome to the home page of the pfSense project!</p>
$ f! q1 H5 v# s<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">pfSense is a free, open source customized distribution of<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://www.freebsd.org/">FreeBSD</a><span class="Apple-converted-space"> </span>tailored for use as a firewall and router. In addition to being a powerful, flexible firewalling and routing platform, it includes a long list of related features and a package system allowing further expandability without adding bloat and potential security vulnerabilities to the base distribution. pfSense is a popular project with more than 1 million downloads since its inception, and proven in countless installations ranging from small home networks protecting a PC and an Xbox to large corporations, universities and other organizations protecting thousands of network devices. </p>3 G& C$ ?0 [  @( N# b5 E; `# @
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">This project started in 2004 as a fork of the<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://m0n0.ch/wall/">m0n0wall</a><span class="Apple-converted-space"> </span>project, but focused towards full PC installations rather than the embedded hardware focus of m0n0wall. pfSense also offers an embedded image for Compact Flash based installations, however it is not our primary focus.</p>
% ~( X: x# _# ]* S& A( P<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px"><strong style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px">New to the project?</strong></p>; h) w6 l9 T' P: O; U1 Z
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">For those new to the project, we recommend reading the<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://www.pfsense.org/index.php?option=com_content&amp;task=view&amp;id=71&amp;Itemid=81">Common Deployments</a><span class="Apple-converted-space"> </span>and<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://www.pfsense.org/index.php?option=com_content&amp;task=view&amp;id=40&amp;Itemid=43">Features</a><span class="Apple-converted-space"> </span>page, and checking out the<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://www.pfsense.org/index.php?option=com_content&amp;task=view&amp;id=41&amp;Itemid=45">Screenshot Gallery</a>.</p></td></tr></tbody></table></div></td></tr></tbody></table>
$ n* x+ N4 M+ L; `/ `<p>
: ?+ f/ ~" H* C% {<table style="TEXT-ALIGN: left; PADDING-BOTTOM: 0px; WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT: 12px="12px"  'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; PADDING-TOP: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class="contentpaneopen">
+ v. R( x+ _5 [7 A+ t! `8 q% r<tbody style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px">
! q+ h( P* k9 w0 Z/ S3 V<tr style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">' m8 I1 }! A9 y$ D0 |' i8 |8 r
<td style="TEXT-ALIGN: left; PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', Arial, Verdana, Tahoma; COLOR: rgb(0,0,0); FONT-SIZE: 14px; FONT-WEIGHT: bold; PADDING-TOP: 0px" class="contentheading" width="100%">Features</td></tr></tbody></table>
  ^3 e3 x/ t6 g$ P. o2 t; `7 L<table style="TEXT-ALIGN: left; PADDING-BOTTOM: 0px; WIDOWS: 2; TEXT-TRANSFORM: none; TEXT-INDENT: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT: 12px="12px"  'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; WHITE-SPACE: normal; ORPHANS: 2; LETTER-SPACING: normal; COLOR: rgb(0,0,0); WORD-SPACING: 0px; PADDING-TOP: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px" class="contentpaneopen">- ?& s6 t4 j/ N$ R; `# ^3 E' v- n6 M+ v
<tbody style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px">$ f9 z; b6 e. v- i# o- R
<tr style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">7 q4 n) B2 [' @2 L4 K
<td style="TEXT-ALIGN: left; PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(51,51,51); FONT-SIZE: 12px; PADDING-TOP: 0px" valign="top" colspan="2">
1 T/ f8 S. E* O' x: H4 F<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">pfSense includes most all the features in expensive commercial firewalls, and more in many cases. The following is a list of features currently available in the pfSense 2.0 release. All of these things are possible in the web interface, without touching anything at the command line.</p>  Q; ~5 m0 n* l; R8 ~0 ]$ |
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">In addition to features, this page also includes all limitations of the system of which we are aware. From our experience and the contributed experiences of thousands of our users, we understand very well what the software can and cannot do. Every software package has limitations. Where we differ from most is we clearly communicate them. We also welcome people to contribute to help eliminate these limitations. Many of the listed limitations are common to numerous open source and commercial firewalls. </p>4 u- L( Y* J" F$ Y1 m, o" p
<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Firewall</h3>
" R- Z# X, B7 h3 t7 i, ]+ P& U<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
' N0 A, n% N3 d/ n4 O<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Filtering by source and destination IP, IP protocol, source and destination port for TCP and UDP traffic</li>4 K: A0 n( P( T  ?& J
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Able to limit simultaneous connections on a per-rule basis</li>
$ d% q# U! {) y<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">pfSense utilizes p0f,<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://lcamtuf.coredump.cx/p0f.shtml">an advanced passive OS/network fingerprinting utility</a><span class="Apple-converted-space"> </span>to allow you to filter by the Operating System initiating the connection. Want to allow FreeBSD and Linux machines to the Internet, but block Windows machines? pfSense can do so (amongst many other possibilities) by passively detecting the Operating System in use.<span class="Apple-converted-space"> </span><br style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px"/></li>/ J  k/ c, c6 _0 u! H' L# V3 A% Z
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Option to log or not log traffic matching each rule.</li>% Z* B, W' V, J0 Q* x3 M: H8 i- Q
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Highly flexible policy routing possible by selecting gateway on a per-rule basis (for load balancing, failover, multiple WAN, etc.)</li>" l: N- v0 D/ w( T( R: z+ n2 H
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Aliases allow grouping and naming of IPs, networks and ports. This helps keep your firewall ruleset clean and easy to understand, especially in environments with multiple public IPs and numerous servers.</li>
( |' m. I# ]* x3 I: V# T) {6 F  p<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Transparent layer 2 firewalling capable - can bridge interfaces and filter traffic between them, even allowing for an IP-less firewall (though you probably want an IP for management purposes).</li>+ C9 W1 p2 R) ~- g9 h5 `
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Packet normalization - Description from the pf scrub documentation - "'Scrubbing' is the normalization of packets so there are no ambiguities in interpretation by the ultimate destination of the packet. The scrub directive also reassembles fragmented packets, protecting some operating systems from some forms of attack, and drops TCP packets that have invalid flag combinations." - f7 Z& N8 I& ~& Y6 d# _
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
1 \! J- \# ~4 O$ b1 h+ O; @<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Enabled in pfSense by default</li>4 n5 R+ N- _$ e& M4 C3 C4 b% H
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Can disable if necessary. This option causes problems for some NFS implementations, but is safe and should be left enabled on most installations.</li></ul></li>; ~5 X. v. Y, s( H6 o3 R
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Disable filter - you can turn off the firewall filter entirely if you wish to turn pfSense into a pure router.</li></ul>6 N  I* K- R" R. C
<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">State Table</h3>
- k$ d( @3 F# F/ I<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">The firewall's state table maintains information on your open network connections. pfSense is a<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://en.wikipedia.org/wiki/Stateful_firewall">stateful firewall</a>, by default all rules are stateful.</p>1 L4 Z# D2 `8 c$ q" s2 Y
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">Most firewalls lack the ability to finely control your state table. pfSense has numerous features allowing granular control of your state table, thanks to the abilities of<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://www.openbsd.org/faq/pf/">OpenBSD's pf</a>.</p>
2 i1 S% s* m* y* r& s: f. G# R<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
- q% T& w: ]/ ~6 e& R  e( M<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Adjustable state table size - there are multiple production pfSense installations using several hundred thousand states. The default state table size varies according to the RAM installed in the system, but it can be increased on the fly to your desired size. Each state takes approximately 1 KB of RAM, so keep in mind memory usage when sizing your state table. Do not set it arbitrarily high.</li>
9 a; o! p& d  \9 B2 L<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">On a per-rule basis: * I/ K% Z1 S* M: p
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
8 p$ d: t) J) W3 G$ h1 |3 C, K3 |<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Limit simultaneous client connections</li>8 M* T2 {0 F3 T
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Limit states per host</li>
" A% S1 J& }. N5 y5 @* m' ^% d) g8 s<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Limit new connections per second</li>3 r  U* |  j9 C7 m. I9 ^) i# @
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Define state timeout</li>
) L* [7 o1 a0 c<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Define state type</li></ul></li>
0 v" q( c- f" L7 q! H<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">State types - pfSense offers multiple options for state handling. , a) S8 v% Q9 a* Z
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
% A! C& c8 G; ^& _7 f6 ]& I<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Keep state - Works with all protocols. Default for all rules.</li>
0 j2 A1 @" M+ U0 [$ A% B, g8 `<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Modulate state - Works only with TCP. pfSense will generate strong Initial Sequence Numbers (ISNs) on behalf of the host.</li>% z  t4 m' k; S" g& A8 l% j
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Synproxy state - Proxies incoming TCP connections to help protect servers from spoofed TCP SYN floods. This option includes the functionality of keep state and modulate state combined.</li>1 c% _" P6 C. t. }: t
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">None - Do not keep any state entries for this traffic. This is very rarely desirable, but is available because it can be useful under some limited circumstances.</li></ul></li>
- [, k& O# n: O- n8 @* o<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">State table optimization options - pf offers four options for state table optimization.
+ C* S, U  o1 T<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">5 n+ `3 O  u( Y5 k6 ~* {) d
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Normal - the default algorithm</li>/ C! ]7 i$ K0 U- D4 M# D
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">High latency - Useful for high latency links, such as satellite connections. Expires idle connections later than normal.</li>* M: n1 O! Z# Y4 g3 r6 f
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Aggressive - Expires idle connections more quickly. More efficient use of hardware resources, but can drop legitimate connections.</li>
2 [& X% a! |2 x% j" }- s( _4 r<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Conservative - Tries to avoid dropping legitimate connections at the expense of increased memory usage and CPU utilization.</li></ul></li></ul>
/ x  H$ @% D% |% K<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Network Address Translation (NAT)<br style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px"/></h3>
+ P2 Z2 A: U9 c5 P<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">3 L4 }. h6 W" ?+ d
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Port forwards including ranges and the use of multiple public IPs</li>7 s/ O; \7 ^4 j! \
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">1:1 NAT for individual IPs or entire subnets.</li>
; b7 [# M4 N' u% h, [<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Outbound NAT " S& j6 Q! Q. u/ c* }! ]3 {3 L
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">6 P8 T2 q# b9 ~8 R( f8 ?7 G. y
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Default settings NAT all outbound traffic to the WAN IP. In multiple WAN scenarios, the default settings NAT outbound traffic to the IP of the WAN interface being used.</li>
9 m3 I# C$ h2 K( \& X0 ]<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Advanced Outbound NAT allows this default behavior to be disabled, and enables the creation of very flexible NAT (or no NAT) rules.</li></ul></li>" h6 C1 `3 q6 s' f( Q* r
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">NAT Reflection - in some configurations, NAT reflection is possible so services can be accessed by public IP from internal networks.</li></ul>
! P7 a- T0 e! _% {! B) }2 w1 `( u' x<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">NAT Limitations</h4>* }1 P8 S- `; y8 y( h* R: ]
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">8 n: ]6 b! w" S8 i( F" u
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">PPTP / GRE Limitation - The state tracking code in pf for the GRE protocol can only track a single session per public IP per external server. This means if you use PPTP VPN connections, only one internal machine can connect simultaneously to a PPTP server on the Internet. A thousand machines can connect simultaneously to a thousand different PPTP servers, but only one simultaneously to a single server. The only available work around is to use multiple public IPs on your firewall, one per client, or to use multiple public IPs on the external PPTP server. This is not a problem with other types of VPN connections. A solution for this is currently under development. </li></ul>
% q6 m' \- T$ N; w! A/ B/ Y% {5 b6 f<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Redundancy</h3>2 E# ]# S) Z/ x; \
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px"><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://en.wikipedia.org/wiki/Common_Address_Redundancy_Protocol">CARP</a><span class="Apple-converted-space"> </span>from OpenBSD allows for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. pfSense also includes configuration synchronization capabilities, so you make your configuration changes on the primary and they automatically synchronize to the secondary firewall.</p>
; t/ k4 t% [( k6 |$ j* O<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px"><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://www.openbsd.org/faq/pf/carp.html">pfsync</a><span class="Apple-converted-space"> </span>ensures the firewall's state table is replicated to all failover configured firewalls. This means your existing connections will be maintained in the case of failure, which is important to prevent network disruptions.</p>
: E$ |* v" O6 W<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Limitations</h4>* q5 t' o  I- y* m, B& b4 _
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
% H0 K: E' T0 _4 \$ G<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Only works with static public IPs, does not work with stateful failover using DHCP, PPPoE, or PPTP type WANs</li></ul>. {" [' \" i9 a& K( a; d% A+ z6 |2 K
<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Load Balancing</h3>
% ~5 N- ~  {/ ]6 |* K/ E7 i0 ^2 t<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Outbound Load Balancing</h4>5 W1 N) M+ r" F3 F; ?, C
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">Outbound load balancing is used with multiple WAN connections to provide load balancing and failover capabilities. Traffic is directed to the desired gateway or load balancing pool on a per-firewall rule basis.</p>
( L" S& l0 I$ a$ K& |<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Inbound Load Balancing</h4>
+ H" z$ f5 b1 P<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">Inbound load balancing is used to distribute load between multiple servers. This is commonly used with web servers, mail servers, and others. Servers that fail to respond to ping requests or TCP port connections are removed from the pool.</p>* S# T9 B# `4 D8 Z  n
<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">VPN</h4>9 K8 s& Z1 I6 H9 K- y( Y) c
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">pfSense offers three options for VPN connectivity,<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://en.wikipedia.org/wiki/IPsec">IPsec</a>,<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://openvpn.net/">OpenVPN</a>, and<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://en.wikipedia.org/wiki/Pptp">PPTP</a>.</p># u; _* y5 D( j/ P9 d* |( D
<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">IPsec</h4>7 E; T7 c! b# A; H! G/ |" c/ h
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">IPsec allows connectivity with any device supporting standard IPsec. This is most commonly used for site to site connectivity to other pfSense installations, other open source firewalls (m0n0wall, etc.), and most all commercial firewall solutions (Cisco, Juniper, etc.). It can also be used for mobile client connectivity.</p>- W, L/ k; [7 M& I- \
<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">OpenVPN</h4>
8 @9 @; ^; p& o# k/ ~<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">OpenVPN is a flexible, powerful SSL VPN solution supporting a wide range of client operating systems. See the<a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://openvpn.net/">OpenVPN website</a><span class="Apple-converted-space"> </span>for details on its abilities.</p>/ I+ t2 l) ~5 R1 o* o
<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">PPTP Server</h4>
' V$ M8 v3 L2 r' P) t( I# q0 {) q6 `<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">PPTP is a popular VPN option because nearly every OS has a built in PPTP client, including every Windows release since Windows 95 OSR2. See<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://en.wikipedia.org/wiki/Point-to-point_tunneling_protocol">this Wikipedia article</a><span class="Apple-converted-space"> </span>for more information on the PPTP protocol.</p>; K8 B- |& @7 o0 C* j0 ?
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">The pfSense PPTP Server can use a local user database, or a RADIUS server for authentication. RADIUS accounting is also supported. Firewall rules on the PPTP interface control traffic initiated by PPTP clients.</p>
5 q$ S$ W, K1 B<h5 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 14px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Limitations</h5>5 h, W: o6 i1 o/ M7 n1 t' q& ^- I
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
. S) u3 Z9 I# L<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Because of limitations in pf NAT, when the PPTP Server is enabled, PPTP clients cannot use the same public IP for outbound PPTP connections. This means if you have only one public IP, and use the PPTP Server, PPTP clients inside your network will not work. The work around is to use a second public IP with Advanced Outbound NAT for your internal clients. See also the PPTP limitation under NAT on this page.</li></ul>; i" t0 i* R' S2 H. k
<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">PPPoE Server</h3>
* ]: O6 N6 e! V9 P# |<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">pfSense offers a PPPoE server. For more information on the PPPoE protocol, see<span class="Apple-converted-space"> </span><a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://en.wikipedia.org/wiki/Point-to-Point_Protocol_over_Ethernet">this Wikipedia entry</a>. A local user database can be used for authentication, and RADIUS authentication with optional accounting is also supported.</p>
+ G/ s' V" S3 q<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Reporting and Monitoring<br style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px"/></h3>$ F' K# ~/ \: V1 Q
<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">RRD Graphs</h4>
2 n1 _# K, J' u" d! i8 Z7 n<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">The RRD graphs in pfSense maintain historical information on the following.</p>
/ |' b& _' Z5 V2 f- b+ X0 I& ?<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
0 K/ }' q) e: `<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">CPU utilization</li>+ z  O, Q+ {0 u: `
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Total throughput</li>
! x2 l$ I$ G3 O9 p3 s3 Q<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Firewall states</li>
& r& E$ h/ f4 S<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Individual throughput for all interfaces</li>
/ W2 b" r: l/ ?: e<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Packets per second rates for all interfaces</li>
) e% p4 {1 n/ N3 N<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">WAN interface gateway(s) ping response times</li>, R( X. Y7 F: U8 a! ]& O; x; e% X
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Traffic shaper queues on systems with traffic shaping enabled</li></ul># r$ d6 f& C7 B. L$ ~0 x# j4 |
<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Real Time Information</h4>/ t0 C2 z$ V- ]" f+ Y
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">Historical information is important, but sometimes it's more important to see real time information.</p>
# y2 B+ A0 R! R0 ?<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">SVG graphs are available that show real time throughput for each interface.</p>8 p; p2 h' H# G& x6 L- C
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">For traffic shaper users, the Status -&gt; Queues screen provides a real time display of queue usage using AJAX updated gauges.</p>2 G7 i& J: `  t6 i  `- A
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">The front page includes AJAX gauges for display of real time CPU, memory, swap and disk usage, and state table size.</p>0 l$ r' j9 c2 A* j) J" y
<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Dynamic DNS</h3>
% w7 ]' e1 `* A, [( W+ f<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">A Dynamic DNS client is included to allow you to register your public IP with a number of dynamic DNS service providers.</p>! E% ]  o2 c# k/ {9 _% n
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
$ F! f1 \! @* w& H! N5 g<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">DynDNS</li>
# P. `. K/ Q0 {% u5 e+ {& u; n<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">DHS</li># F4 N% N% @; I6 F9 T5 o  j
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">DNSexit<br style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px"/></li># Y: w% Q; d( H/ |' t
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">DyNS</li>3 Z- k5 k) ]7 w, x) w2 b
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">easyDNS</li>5 v( G0 h  N- Q  i
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">freeDNS</li>4 O* ?9 ~" t5 o7 z
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">HE.net<br style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px"/></li>
3 F. ^/ U* C5 |% h! E4 Q( E<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Loopia</li>
# q, D! n& s" s3 z<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Namecheap<br style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px"/></li>
, a1 k; p3 I9 p9 l8 w9 C  x% V<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">No-IP</li>7 g  R6 ~8 m4 x$ [! l
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">ODS.org</li>
: u6 t% B# G6 w$ {+ A<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">OpenDNS<br style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px"/></li>! e+ N: S& Z% c9 T8 q7 i  [
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">ZoneEdit</li></ul>/ y. w( r! r8 J) e
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">A client is also available for RFC 2136 dynamic DNS updates, for use with DNS servers like BIND which support this means of updating.</p>+ g. s, g- A9 k
<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Captive Portal</h3>' M9 I2 V) Q8 K5 p5 c' P) L- w
<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">Captive portal allows you to force authentication, or redirection to a click through page for network access. This is commonly used on hot spot networks, but is also widely used in corporate networks for an additional layer of security on wireless or Internet access. For more information on captive portal technology in general, see the<a style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); TEXT-DECORATION: none; PADDING-TOP: 0px" href="http://en.wikipedia.org/wiki/Captive_portal">Wikipedia article</a><span class="Apple-converted-space"> </span>on the topic. The following is a list of features in the pfSense Captive Portal.</p>  q- H  f! S) p3 k
<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
! q/ h( G" J0 _4 C% m9 i. o<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Maximum concurrent connections - Limit the number of connections to the portal itself per client IP. This feature prevents a denial of service from client PCs sending network traffic repeatedly without authenticating or clicking through the splash page.</li>
% x3 N+ y% a- a2 O3 ?<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Idle timeout - Disconnect clients who are idle for more than the defined number of minutes.</li>
1 Q" R7 F+ z7 b! |<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Hard timeout - Force a disconnect of all clients after the defined number of minutes.</li># o) j# x$ U' y: J5 B7 ?' k* v
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Logon pop up window - Option to pop up a window with a log off button.</li>
) J8 R9 K2 X2 P/ {. T; y8 I<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">URL Redirection - after authenticating or clicking through the captive portal, users can be forcefully redirected to the defined URL.</li>
2 J8 O% y* l$ v0 @  m% c" u<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">MAC filtering - by default, pfSense filters using MAC addresses. If you have a subnet behind a router on a captive portal enabled interface, every machine behind the router will be authorized after one user is authorized. MAC filtering can be disabled for these scenarios.</li>& l" i4 `% k) r3 F
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Authentication options - There are three authentication options available.<span class="Apple-converted-space"> </span><br style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; PADDING-TOP: 0px"/>
: y, Z  C8 `. B- \<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">
( j; P$ B+ e5 O2 n9 l% c/ X7 f: l<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">No authentication - This means the user just clicks through your portal page without entering credentials.</li>& N+ A# x4 |# l7 X
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Local user manager - A local user database can be configured and used for authentication.</li>9 \/ p  H4 z+ M3 O4 H9 d
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">RADIUS authentication - This is the preferred authentication method for corporate environments and ISPs. It can be used to authenticate from Microsoft Active Directory and numerous other RADIUS servers.</li></ul></li>
3 B0 M! s7 |0 [6 J4 q6 d4 r$ {<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">RADIUS capabilities
4 b( B/ G$ c3 [$ n6 U! C6 t( O<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">( g8 s  ~* t# Q5 v; f; e6 S% \
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Forced re-authentication</li>
" V, K( d4 a/ \% u# `<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Able to send Accounting updates</li>, e: R3 M4 N: S% ?
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">RADIUS MAC authentication allows captive portal to authenticate to a RADIUS server using the client's MAC address as the user name and password.</li>  m7 y( d& t: ~, m. L8 w
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Allows configuration of redundant RADIUS servers.</li></ul></li>
% {+ _+ _( f( ^& C- j! D/ }<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">HTTP or HTTPS - The portal page can be configured to use either HTTP or HTTPS.</li>8 m$ a$ V! y2 l5 v9 H2 c* O" a
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Pass-through MAC and IP addresses - MAC and IP addresses can be white listed to bypass the portal. Any machines with NAT port forwards will need to be bypassed so the reply traffic does not hit the portal. You may wish to exclude some machines for other reasons.</li>% x/ ?. K& K' C  U, I( u
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">File Manager - This allows you to upload images for use in your portal pages.</li></ul>: A' C6 B# X* F8 S; @# y
<h4 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 16px; FONT-WEIGHT: normal; PADDING-TOP: 0px">Limitations</h4>
  G/ f0 k: O, F  u1 l8 j<ul style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  20px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(51,51,51); PADDING-TOP: 0px">1 v% N# r# k+ e  q5 a
<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">"Reverse" portal, i.e. capturing traffic originating from the Internet and entering your network, is not possible.</li>
( u$ K0 I  R, t8 f( s<li style="PADDING-BOTTOM: 0px; MARGIN: 0px="0px"  0px="0px"  0px="0px"  40px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; LIST-STYLE-IMAGE: url(http://www.pfsense.org/templates/modular_plazza/images/arrow_green.gif); PADDING-TOP: 0px">Only entire IP and MAC addresses can be excluded from the portal, not individual protocols and ports.</li></ul># V$ R6 p' i  V. w
<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">DHCP Server and Relay</h3>
4 T9 L4 Q! k& m) j1 u. ]& k<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">pfSense includes both DHCP Server and Relay functionality</p>
2 P1 n+ g! l" ?% D& u<h3 style="PADDING-BOTTOM: 0px; MARGIN: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; COLOR: rgb(153,0,0); FONT-SIZE: 18px; FONT-WEIGHT: normal; PADDING-TOP: 0px">And More...</h3>
' A& B' x1 i( _<p style="PADDING-BOTTOM: 0px; LINE-HEIGHT: normal; MARGIN: 0px="0px"  0px="0px"  1em; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: 'Lucida Sans="Sans"  Unicode', 'Lucida Grande', Arial, Tahoma, Verdana; COLOR: rgb(102,102,102); FONT-SIZE: 12px; PADDING-TOP: 0px">This is by no means a conclusive list. It will be expanded as time permits.</p></td></tr></tbody></table></p>$ U. W: F1 O( t4 r) d/ z7 A3 }7 v
<p> </p>
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|华强北 电脑城 龙岗电子世界 龙华电脑城 pc4g.com ( 粤ICP备16039863号 )

GMT+8, 2024-11-9 18:54 , Processed in 0.209286 second(s), 16 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表