I'm not entirely sure if it's the best to post this to the development
list, but I believe it's development related - after all, there are no
replies as yet in pfSense support forum and in local provider's
linux/bsd-related forum, so it seems there is no ready support for the
feature that I need and it needs some non-trivial efforts to
Could someone please point me in the right direction - what would be
the easiest way to go in the following situation (preferably, but not
necessary, with m0n0 or pfSense)? If it's not too complex and involves
mostly interface work - I'll probably be able to implement it myself
and submit the results.
============= a copy of my message from pfSense forum ==============
I live in Moscow, Russia, and recently I've switched to a different
Internet provider. The new one is called Corbina (home.corbina.ru -
Russian language, sorry). To connect from a Windows machine one uses
the following procedure:
a) provider gives you an Ethernet cable in your flat. You set up a
connection using DHCP with no specific settings and get on the
provider's internal LAN (with addresses 10.*). At this stage you can
use internal LAN resources (mostly users' FTP servers, some game
servers, etc) for free at 100Mbit speed.
b) to connect to the Internet you have to set up a PPTP connection to
the provider's gateway using the LAN connection established on the
previous step. The details are shown at
are in Russian, but screenshots are pretty simple and, in fact, there
are only three details that should be noted: a) the PPTP connection
is made with a host vpn.corbina.net, b) provider assigns a "real"
dynamic IP address at this step, c) the encryption is disabled. This
PPTP connection gives you the access to the Internet with the
bandwidth you paid for.
What I want is to put an old machine between my home LAN and the
provider's LAN and have it deal with firewalling and, especially,
traffic shaping (as I've done before for my previous provider which
didn't use PPTP in this fashion). Could this be done with pfSense,
and if so - how? I've used m0n0wall and IPCOP in various situations
before, but as far as I can tell they don't have the functionality
needed. If even pfSense can't do this - perhaps someone could point
me to some other distribution that has traffic shaping and can handle
this kind of connection with minimal manual setup?
Pavel mailto:m0n0wall at abletools dot com