To directly address your question, when I had an issue like this it was because I had saved but not applied my settings in squidblock. Also, I found making a whitelist easy and effective for specific URL's that are being blacklisted I don't want blacklisted. Easy instructions located here > http://doc.pfsense.org/index.php/SquidGuard_package bottom of page, "Exclude domain/URL from blacklist" section.

To address your original inquiry, just wanted to put in my 2 cents for anyone who may be going through a similar struggle.

I was experiencing somewhat similar issues. I realized that my ram began running out and was beginning to use swap.

What I've done which worked great was to remove the pfblocker package with all blacklists there. Now I just use pfsense/squid/squidblock (with the blacklist here http://squidguard.mesd.k12.or.us/ i strongly prefer… all others I was able to find unfiltered porn sites with a simple google search -- found them on the first page of results, actually).

The blacklists I use are ads and spyware, this method is far superior to pfblocker for my needs. It not only seems to perform much faster, but it also is extremely useful to give an error message with the included blacklist that's causing the block, rather than just being unable to reach a page completely. I also have found that the blacklist is good enough for my needs to stop using HVAP which has also improved performance.

Just my experience, YMMV. Good luck.

Yes, Seems so. I'm installing AVG with the network license we purchased. It's a 2003 server that that I was using to test the pfsense. Dont know why they ran that old os on it, but they usually have good reasons ;)

Thread (can be) closed, thanks for answering

Doing aliases you have to create a new alias, of type net, add all the hosts and their ips and then place a rule in the LAN to block traffic to that alias.
This is useful also to avoid people being blocked from the proxy but being able to use the chat or other applications.

Duplicate post.

Thanks. I will give NAT a go and let you know if i get it working.

Ok thanks

Thanks CryHavok
i will try with latest release
kalu

Duplicate of this thread.

Ah ok cool.. i already have done that so good.  I just was wondering if that was right cause i remember with 2.0-RC3 it wasnt updating and i had to change the link for the updates

happen to me 1-2 times when rebooting. dont know what actualy cause this problem

You could add the IPs you want to monitor as gateways under "routing". (even though these probably arent actual gateways).
Under RRD-graphs quality you can now see how the delay to these configured pseudo-gateways behaves over time.

/tmp/rules.debug :-)

Or, from the command line or Diag > Command:

Go to system -> advanced -> miscellaneous

and set up proxy support

I monitor and log my latency both internally and WAN/External. I notice that internally things range on average from 0ms (about 100-150 microseconds on cross connects or p2p) to about 1-2ms and externally things range from 1-2ms all the way up to 20ms at times. I wish I knew what I could do to make that more consistant.

It gets mentioned quite a bit in most networking topics like that. (And sometimes if it isn't, I'll chime in and mention it :-)

If you are asking how to allow access to pfSense's webConfigurator from the Internet, keep in mind that it isn't considered good practice. Check http://blog.pfsense.org/?p=232 from which I quote:

To proactively protect your network from issues like this that may be discovered in the future, restrict access to the management interface as much as possible. First, never open any web management interface’s port to the entire Internet! If you require access from the WAN side, be as restrictive as possible with source IPs or networks. Using a VPN connection and accessing the admin interface by internal IP over VPN is a more secure solution for remote administration.

You should also restrict management access on your internal network in many environments. If you’re administering a small home network, you probably don’t care. If it’s a network with dozens, hundreds, or thousands of devices, restricting access internally is strongly recommended. There is a howto on the doc site describing how restrict management access in pfSense. You should investigate similar controls on your other web managed devices.

HDD's always come out and either get picked up/dropped off seperately or packed in plastic and put on a backpack. Heavy but much less vibration :)

Incase someone searches and finds this later on - it really did weigh 280 lbs. I got it down to about 125 lbs by removing the side & top panels, doors and all brackets (and the batteries that were 200# each).

I'll post a picture in a few.