No interface with a matching IP means what it says, you don't have an interface IP matching that subnet, which means it won't add that CARP IP. CARP IPs must be within the subnet of the interface IP where you're adding them. Could be you're using the wrong subnet mask, or just trying to add a CARP IP that isn't valid.

Mine was really easy.  Assign a static IP to the slingbox (through static DHCP assignment), add a port forwarding rule (and the accompanying firewall rule) for port 5001 to the static IP assigned, and enjoy!

Found part of it. Just neede to open my eyes http://doc.pfsense.org/index.php/Static_Port

@chpalmer: It would be interesting to know why and if its normal for the box to do that…   I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router... Keep us updated on what they tell you after you get past level 1 support... It'd cripple most consumer routers within minutes.  Even those the higher-end models.  I've tried the more powerful models like the D-link DGL-4300, Linksys WRT-350N so on and so forth.  They will rapidly slowdown at 3000+ connections and just freeze up at about 6000 connections.

I don't suppose there is any real means to doing this owing to the versatility of pfsense.  There are many packages available and they will present a different load to the system depending on the hardware. eg.  A VIA/ Alix might outperform an Atom/ Celeron-L when there are connections utilizing certain encryption algorithms simply because of the onboard decryption chipsets.  However, the latter would outperform the former for pure throughput so on and so forth. Not to mention, there are simply too many scenarios for a single suite of tests to give accurate results.  Some users just need pure routing throughput, some heavily use VPN connections and some deploy the box as a load-balancer/ reverse proxy.

SSH also has the capability to compress traffic, so depending on what you are transferring, and if that feature is enabled, that could also affect it.

A search of the forum will give you many other threads about memory usage. In short - at 62% memory usage you're wasting 38% of your memory.  A modern OS will use all available memory for disk caches - high values of memory usage are normal and good (as long as you're not hitting swap, in which case you don't have enough memory installed). CPU usage - that's different - if you're regularly running at 100% you'd be in trouble.  Low values are fine.

As I told, what I need is a FW that serves a slow internet connection (2MB), and for this the Alix was perfect. What surprised me was the reboot, not the speed of the backup. (i can wait the whole night for it). What Jimp told looks interesting for me, I will try. I trust on Alix (I have lots of these serving as FW and OpenVPN endpoint and are working well). I will tell.

@Supermule: The link doesnt work in IE8…. On my 6 machines at the office :) @cheesyboofs: Yes, I can only echo GruensFroeschli's comments. I have this setup and it works very well. The best bit is being able to redesign the network without even unplugging any cables, you just change the VLAN allocation. You can see my implementation in the link of my sig. Cheers You have to wait a bit (under ie) as it is a M$ Visio Web doofa (its a bit fat) alternat link (quicker) http://wan2.cheesyboofs.co.uk/home.htm

Uhm… I'm not sure if the infos you gave help at all. Bandwidth: 512mb,   mb = ? MB (as in MegaByte) Mbit (as in Megabit) ? What kind of line is that? ATM, PPPoE, Fibre, multiple Ethernetlines aggregated? Rules: "allow all" or "no rules" ? No rules means everything will be blocked, so kind of the opposite of "allow all". Nat: none. Do you have public IPs in your subnet? How did you disable the NAT? (via the AoN?) Still standing question: What is in the system log (when you loose your connection)? How is your setup (ASCII art appreciated)?

cheesyboofs! Problem solved! Due to the nature of the environment I had limited time to perform thorough experiments, so I don't have anything conclusive to report, other then I have the system working. What I did: -I changed card to Intel Pro 100/1000 GT. -I added a cross-over cable and changed cable port placement to new corresponding ports(8thport(A) to 8thport(B). -I first connected the switches then turned them on, with nothing else connected - then I added the pfsense box, which had also been turned off. At this point the whole thing works fine, clients are able to connect to captive portal quickly and download files at 2-300 kbytes, from either switch. Another change was the uninstallation of squid as it turned out we didn't need it anyway and it allowed a means to bypass the captive portal easily. "Also you shouldn't assume its pfsense just because it is new, unless you can put back the old modem and the speed returnes…" Yep that's what we did. If I had time to peform experiments I think I would have found it was the old 3com card, that caused negotiation issues, that probably muddled the auto-midx mechanism. Can't thank you enough cheesyboofs, solution to the problem and so many nice tips and tricks

Mostly because VLAN 1 is treated differently by a lot of switches. I've seen some that won't tag VLAN 1 traffic no matter what you set in the GUI, and some other strange & incorrect behaviour. It's easier to just avoid using it altogether. Also because it's the default VLAN, it's pretty easy to inadvertently end up with untagged traffic all over the place that you weren't expecting, or ports that can get on networks they shouldn't, ARP broadcasts crossing VLAN boundaries etc.

There appear to be some issues with reflecting any UDP services. I've been working on a patch to help the situation, but it's too soon to tell if that would fix the issue you are seeing. Split DNS is the better way to go for DNS issues, but it if there is a bug in the code somewhere, fixing it would also help in the long run with other UDP services.

no … i wouldnot to disable squid since it's have solved just ... how to prevent ultrasurf utility ? because that access by ip address ... any idea ...

There are no automated ways to do that (that I'm aware of). What you'll need to do is make a note of the existing rules and port forwards, and the business reasons behind those rules, and then recreate them in pfSense.