SSH on to your pfSense host and enter vi /etc/crontab.  You may want to learn how to use vi first ;)

The issues that loader.conf can cause/resolve are so pronounced that you would HAVE to modify it to even use the router at all.  If you're seeing >10% of your bandwidth come through the pfSense box/proxy, then you're likely not affected.  Most of the issues have been corrected with more recent versions of the squid package as well as bumps in the underlying FreeBSD versions.

Hi dreamslacker, wow..  very good! I'm testing in lab on IBM xserver x226 - 1 Intel Xeon /1GB ram/sas 150GB mirror raid with on board broadcom (wan interface) and a old 3com 10/100 (lan interface) I have to configure pfsense for obtain bandwidth management, I must allocate equals bandwidth for each Vlan.. I'm testing this… but unfortunately ..don't wants apply my rule.. pls.. tell me if is correct: menu -> firewall -> traffic shaper -> pfSense Traffic Shaper Wizard and go to Setup network speeds ( interface: vlanXX and set adequate download/upload kbs) this for each Vlan interface... is ok? thx !! I look forward to your kind reply. Robert

Would be nice to have the top bandwidth users at a glance, tested rate but it only show one line, with the public IP of the firewall, not the real users inside… Should I change somewhere the interface being monitored? I'm using transparent proxy by the way...

Firewalls!. The pfSense firewall rules can be used to control communication between interfaces/subnets. The pfSense firewall capability is based on the BSD pf firewall facility so you could do some reading on that to better understand what can be done with pfSense. Never used the freebsd firewalls before, I only am familiar with iptables. I will do reading :D

From which IP 172.16.x.x are you trying to ping which IP 10.x.x.x? Your second rule in NAT will be never applied but this is not a problem now.

What exactly does bridging do? if you set it to "bridge" it basically creates a Layer 2(data link) type connection. however, i know you can create filtered bridges also… (someone please correct me if i am wrong here...)  i've always thought of bridges as switches with fewer ports or in your case, one port. Does it just allow two interfaces to see each other? it allows them to act as if they are connected to the same switch. For example, without bridging my laptop (wireless) and desktop (LAN) couldn't ping each other.  However, with it enabled then they could? makes sense… you either needed firewall rules or you had a routing issue. prolly firewall... Also, I had to enable a bridge between Wireless and LAN so that my wireless could use the LAN DHCP server.  I guess that makes sense but is that a common way to set it up? if i understand you correctly, it sounds like you have a wireless access point or router connected to an interface on your pfsense firewall. personally i would not set it up that way. (assuming this SOHO WAP)for security reasons, disable bridge, keep the wireless access point on a seperate interface (i think this is how you have it now), disable the dhcp server on your WAP, set a static IP for the LAN on your WAP, then move your ethernet cord so that it's on a switch port and not the WAN port.  this way your WAP should act like a switch with wireless enabled. then set dhcp server on your firewall accordingly and your wireless hosts should pick up the dhcp from pfsense.  be careful the order at which you do this or you'll lock yourself out of your WAP.  set the LAN static IP first. then disable the dhcp server on the wap. once you have that all working and have enabled dhcp on pfsense for your WAP then configure firewall rules accordingly to permit access into your LAN. if your only using the subnets which reside on the pfsense interfaces then you shouldn't have to mess with NAT either.. hope this helps…

Great! Thanks, brah.  :)

Captive Portal You'll find a forum on the subject further down.

Weird! seems to be symantec endpoint protection talking to a bunch of FTP sites… 69.22.137.48 is what i gather to be a symantec ip. Very strange as we are all locally managed for symantec updates.

Thanks for the help.  I appreciate it.

You might try to enable the traffic shaper, and set your upload bandwidth to something slightly less than your DSL sync speed (You can lost up to 13% due to various overheads). You can also try adjusting your ACK queues and such until it works better. I'm using PPPoE on an ALIX and uploaded a bunch of files to one of my websites last night and it went at full speed without any issues. I have a WRAP for testing but I haven't tried it as my actual home router yet. I've got them both running 1.2.3-RC3 images though, not 1.2.2.

The logs are stored in a binary circular log format, and are found in /var/log You can view them (and search some of them) via the GUI under Status > System Logs The logs are reset at boot time, or when you manually clear them. You can set how many lines are displayed in the GUI, but there is no easy way to control exactly how large each log file can be (it's hardcoded in the source, this should be fixed in 2.0 eventually)

Rather than posting to a months old thread, how about starting a fresh one in the correct sub-forum for the VPN you're trying to use (IPsec, PPTP or OpenVPN).

Take a look at posts in the Captive Portal forum.  The answer will depend significantly on the version of pfSense, the nature of the traffic and what you mean by "very good server" (since your definition won't be anything like mine, which probably won't be anything like other's).

@noi: how to fix this problem… "acpi_tz0: _TMP value is absurd, ignored (-247.7C)" This is caused by a BIOS bug, best fix is to get the BIOS fixed. If you have a board from Hacom, some of those exhibited this problem, but there is a BIOS update available that fixes it.

@luiscloss: It will work. I wish I had the same level of confidence… ;D

wow working like a charm now really apreciated your help thanks a alot hadi57

@wallabybob: If by "default DNS" you mean the DNS your ISP assigns then the most effective way (assuming your WAN link gets an IP address by DHCP) is to check the box. If your WAN link doesn't get its IP address by DHCP and you want your ISP's DNS server then contact the ISP to get the DNS servers address(es) (may be in ISP configuration help page) and then specify the DNS server(s) by System -> General Setup DNS Servers. If you are asking how to set this when you only have WAN access to pfSense and can't ssh in, then sorry, I don't know. You haven't specified if you want LAN systems to use the pfSense DNS forwarder (I presume you do) or you want the "default" DNS to be propagated to the LAN clients. Yeah default dns I mean the one my ISP assigns. And yes I use the DNS forwarder. And yeah I only have lan access to the web gui.