You could have them all authenticate against a single RADIUS server.

Thanks for that. Can see where its occurring now: When Captive Portal starts up it calls routine captiveportal_radius_stop_all() That then attempts send a radius stop request for each username in the captive portal db file. Problem is it also calls getVolume(rulenumber)  to get the number of input/output bytes for each username/rule from the db file. That rule doesnt exist so sits there and errors out. Has to go through each and every username/rule in the db file and this is a slow process when you have a large number of users in the file still (guessing its slow due to error handling or something) Hmmm….whats the best way to clear this up I wonder ? Cant let it run through the routine closing all accounting records for users - so could just delete the captiveportal db file on service startup (that would sort out my un-clean reboot issues), but causes a mess with concurrent logon checks Could just send a dummy username through to radius to truncate the radius accounting table on startup - seems a crazy way to handle it Could run a query against the MySQL radacct table manually on service startup (bypassing radius all together). No such a detached model and also dont have extensions in place to hit MySQL directly. Who's got a good idea ?

I did not disable that. It is still un-checked - The wording is a bit confusing for it's description but from what I gather if it's un-checked it's enabled. I changed the ports to reach the router to some random port and I did use to reach it with httpS (SSL). So, maybe there is a bug and the anti-lock doesn't work with a port change done as I was locked out both through the VPN and the LAN. However, I did tamper with firewall rules that day. But as you are saying those should not have effected given the anti-lockout was NOT check-marked. Thanks,

@wallabybob: In Services -> DNS forwarder, below the first save button, add name entries for your systems with static IP addresses. That seemed to work. Thank you!!! pfSense is great, and it is so versatile, and I'm still learning. Thank you all!!!

Correct, you will want to find an IP nearby (logically speaking) and use that to maintain consistency of your quality RRD graphs.  If you can't use your gateway IP (which you should be able to, regardless of the fact that you're getting a new IP from the ISP on DHCP renewals), your local ISP's DNS servers, if they respond to ping, would be a good choice.

Port 25 is normally used by the SMTP server. Unless I've mistaken your description, the log entry is telling you that someone outside your firewall is attempting to access the SMTP server inside the firewall. If you want to allow this access you will have to add a firewall rule to allow it. If you are sick of the reports you could add a firewall rule to block the access and not log it.

A few thoughts: Why would you disable proxy?  Unless it is causing you headaches/problems with something, I would preserve all the bandwidth you can - especially in a dorm environment. Read up on the Sas6/iR and other raid cards.  Check the HCL for the appropriate FreeBSD versions and read posts in this forum regarding compatibility etc.  I ran into issues a while back, but that was likely when pfSense was built on an older version of FreeBSD. Intel NICs>Brodcom NICs - read numerous posts on the subject in this forum Depending on how you have IPs assigned, you could use BandwidthD to monitor usage by IP. You'll need Squid with logging enabled to track site visits, LightSquid will be a big help with this.  You could also use something like OpenDNS and redirect all the DNS requests to their server, but this probably won't tie site lookups back to individual users unless you are handing out 'real' IPs.  Squid logging is far more comprehensive.

That was it thank you. The Backup area was confusing me as it was always outputting ALL, then I found the bug listed and it's actually because I left Do not backup package information checked, so it has to be unchecked when backing up specific areas.

Just wanted to report back that the problem has gone away. Not really sure why but my best guess is that it is heat related. Have been unable re-create the problem.

Ok, thanks

Go to Diagnostics -> Backup/Restore and download your config. Next time please search the forum.

Thank you efonne, I've end up removing the sixth nic from my pfsense box, and when I did that, I broke pfsense completely. Couldn't do anything like get to shell locally or ssh into the box, something about 214 xml, even tho dhcpd was still working. Had to do a wipe and reload, I had configuration backup just before I started messing with it. I'll setup another pfsense box try your suggestion if it works, I'll implement it into my primary. If it doesn't work I'll get a managed switch.

Thanks kindly for your answers. You're right, it seems that the fault lies in the hotel's internet server, not something he did to my computer or connection settings. So that's a relief.

Strangely, yesterday when I tried what you suggested (adding the absolute path of wol to the command), it worked, and I set the cron job to 4PM (16.00) everyday.  Today, at 3.55PM, I was randomly chatting on my laptop and suddenly remembered that normally, my server should wake up at 4PM.. it didnt….  I wonder why!? I tried to manually launch the script via the pfsense web config (command) but it did not work.  I noticed everytime I launch the script, my router's light would flash all at one.  I imagine this means that the pfsense machine is effectively broadcasting a wol command to the network.  However, on my laptop, I successfully woke up the server using "wol 192.68.0.101"... nothing more. Is there an incompatibility between freebs and linux (slackware)?

Additionally, if you really wanted to, you could create NAT rules such that all requests from the LAN to the DNS port (53) would be redirected to the DNS server of your choice (just one though), regardless of what server the client was trying to use. This would allow invalid configs to work but still only go to the allowed server. A similar setup (not specific to DNS but should work) is described in the pfSense book when discussing NAT.

It's been a while and I'm not sure if they still do it, but the other thing I've seen from OpenDNS is that they've (transparent) proxied Google in the past, to resolve a specific issue they were having. I discovered this when I was using it and Google wouldn't load for anyone (a proxy issue on their end) but everything else worked. I forget what the exact reason was (there was a technical reason that went along with the way they were doing "shortcuts" or something), and like I said I don't know if they still do this. I haven't had any issues with that or any other part of the service for a long time, and I use them pretty regularly.