Agree'd.  I am looking at mailing infrastructure scripts so that we can add email support to pfS.  Once this is completed we can e-mail all sorts of stuff, including this.

Do a nslookup on these sites. Then add all these IPs to a hosts alias and use policybased routing to send these connections out only through one of your wans. Alternatively you could just send out https protocol only one of your wans. At our office the https rule fixed 99% of all issues with onlinebanking sites (at least if they run as browsersession rather than using a special application).

Out head code has support for adding URLs as aliases btw but that version is not ready yet for productional use.

You may need to reflash then.

And in the future please do not hijack threads.

Congratulations!

The soekris is even easier to setup as it simply works with enabled keyboard and video and you don't have to swap kernels (though it doesn't have these components, the bios works around it pretty well). Just install pfsense from cdrom to your media in a system that supports booting from cdrom. Leave the nics assigned as sis and move the media to the soekris after the install has finished. You should be able to access the gui right away after booting up form the default lan interface. Enabling serial console at system>advanced is recommended. We installed a 2,5" hdd in my notebook this way and mounted it to bills soekris 4801 during the hackathon.

Sounds like an MTU issue to me. Try lowering the MTU at the WAN connection that has changed. Try something conservative like 1400 and go up from there until it breaks. Then go back one step.

@MrMoo:

pfSense uses mtree which performs a similar function and checks on every boot.

We do?  Guess I need to pay closer attention to our boot process.

–Bill

got pfsense rc2h running on an ibm 1u with one 3Ghz intel 4 interfaces.
had 400+ users last week on one day, 250 avg for 3 other days. ran like a champ.  Will be bringing up a dell poweredge 1850 with dual xeon 3.4s and 4 interfaces to be the primary in a carp pair soon.

Most likely, you should upgrade  ;D

That's correct though there are some mechanisms to throttle the opposite end.
See http://www.openbsd.org/faq/pf/queueing.html#red and http://www.openbsd.org/faq/pf/queueing.html#ecn for some backend information of the shaper pfSense uses.

Thanks once again ;)

Oh. I can see where the name really cause confusion.

http://en.wikipedia.org/wiki/D_programming_language_%28disambiguation%29

:-\

It's also mentioned at the downloadpage at pfsense.com and even at the shell after assigning the interfaces the first time.

Please use something more descriptive the next time you start a thread. This one sounds like you are drowning and need a baywatch babe.

@techatdd:

There are too different bugs:

(Configuration: 192.168.1.2 pfsense Beta3 with a PPPOE Wan Connection as the default gateway and 192.168.1.4 pfsense running squid with a second PPPOE Wan connection.)

First. When I configure a Nat rule on the 192.168.1.2 for redirecting http traffic to 192.168.1.4:3128(squid) I get simply no HTTP Respond back so nothing works. The same NAT rule works fine, when I configure it on 192.168.1.4 and set this box as the default gateway.

You can't redirect to an internal server from inside.  With reflection, it might work, but will be horribly slow.  PF isn't designed for it and the NAT hooks aren't in the correct place to allow for it.  We won't be changing that behaviour, it's a limitation in the OS.

@techatdd:

The second bug has nothing to do with squid (it dos not works with or without a transparent squid).
Second. When I configure on 192.168.1.2 the second box (192.168.1.4) as a rulebased loadbalancing gateway and create a firewall rule selecting this gateway for port 80 traffic, the inbound traffic works fine, but the outbound traffic is terribly slow (<1 kb/s) after something like 64 kb.

See above.  Same problem.

–Bill

@fuzzy:

Will pfsense be a participating mentoring organization in the google summer of code 2006? If so, when will there be ideas posted on the google participating mentoring organization links?

Unlikely.  But FreeBSD will be.  Don't let our lack of participation prevent you from implementing any of these ideas:
http://wiki.pfsense.com/wikka.php?wakka=BillM
http://wiki.pfsense.com/wikka.php?wakka=GeekGod
http://wiki.pfsense.com/wikka.php?wakka=IdeasThatAreGoodButNotReadyQuiteYet

–Bill

haha that robot from LExx would be great. Man i havn't watched that show sense highschool i use to rush home from college classes at night just to watch it.

um, if we had a large enough floppy array could run pfsense;)