There is one thread from almost exactly a year ago that matches GF's search suggestion, here it is: http://forum.pfsense.org/index.php/topic,4505.0.html Your hardware looks fine though - what kind of WAN link are you hooking it up to - what is the speed?  Your upstream connection will likely be your bottleneck, and that hardware will have plenty of cycles to spare filling it up.

I hadn't upgraded this particular installation from 1.0.1 yet.  I did that last night / early this morning, and it looks like entering the same IP twice works fine now :)

The embedded is exactly the same as the full version. With the exception that you cannot install packages, and that the kernel wont panic if there is no keyboard/no VGA/default console output is COM1 (serial port)

So, after searching around I found out how to reset the graphs now that it is on the hard drive. I am happy to report everything is working 100%. Thanks for the help, and now this thread can now be closed.  ;D

looks good to me  :)

While we are talking about FTP Helper. I want to share another trick. When you have a WAN using a private subnet and a DMZ using a public subnet. You will certainly have an advanced outbound NAT rule that will NAT outgoing packets sourced from LAN with an IP address from the DMZ public subnet thus making the packet routable through Internet. Right, but what about FTP and Active FTP ? FTP helpers won't work because they will use your WAN IP Address, which is unreachable, inside FTP protocol. (eg. PORT command). To solve this: Edit the /etc/inc/config.inc file and go to line 1670 (in the 1.2 release), should looks like this one : mwexec("/usr/local/sbin/pftpx {$shaper_queue}-c {$port} -g 8021 {$ip}"); Comment out this line and add this one: mwexec("/usr/local/sbin/pftpx {$shaper_queue}-c {$port} -g 8021 -p [PUBLICIPHERE]"); Should work fine. I have 10+ boxes running like this since pfsense uses pftpx.

Are you trying to ARP lookup an IP from the WAN? what for? Are you talking about a bridged setup? routed? NATed? Do you want to spoof the MAC of a PC on the LAN to the WAN? Generally more information would be nice. (what are you trying to achieve?)

@morgan14: sorry guys I'll search by myself  ;) Thanks a lot for all Edit /usr/local/pkg/squid.inc $conf .= <<<eod<br>icp_port $icp_port pid_filename $pidfile cache_effective_user proxy cache_effective_group proxy error_directory $errordir visible_hostname $hostname cache_mgr $email access_log $logdir_access cache_log $logdir_cache cache_store_log none shutdown_lifetime 3 seconds logfile_rotate 31  <<–- add option here EOD; I have mine set for 31 rotations.</eod<br>

hi ! you can try ssmtp… work for me !

No, any device that "automatically adds states" when needed should not be trusted.  States require RAM.  Not every machine has unlimited RAM which would end up in a nasty situation. Regardless, pfSense should not "lock up" under full state situation.  It will simply stop passing new connections. I would check your Network interface cards.  It almost sounds like you are going down when you have high IRQ loads.

How about sponsoring it! You win IPv6 and pfSense devs take something back for their work. Ermal

@MicroWISP: Use one of these… http://www.digital-loggers.com/lpc.html I wouldn't know what to do without them. was just shopping these around on ebay and such, neat and useful looking.  thinking about getting one and figuring out a way to have it auto-reset my cable modem when the pfsense LoadBalance monitor detects the link is down theres also a competing product, much more expensive "iBoot" but only has 1 plug, lame

ok, I entered the /boot/loader.conf to disable acpi and now my firewall 4000km away is not booting :(

You can do this by using Captive Portal. 1. Set captive portal to no authentication. 2. You need to allow your website through captive portal with "Allowed IP Addresses" 3. Upload a custome captive portal page with one of the following: Custom page that looks like your website A PHP or meta tag redirect A frame or iframe to you website Simple page that says what you want to say with a link to your website. If you will have many users you might want to do the following to help Captive Portal scale better. These performance improvements I have identified by running 100+ customers in Captive Portal with pfSense. This prepares the pfSense built in web server for more concurrent traffic. http://forum.pfsense.org/index.php/topic,8861.msg50280.html#msg50280 This helps optimize PHP so it doesn't hold web server resources for a long period of time. http://forum.pfsense.org/index.php/topic,8878.0.html The above performance enhancements will be included in pfSense 1.3.

You have to make the clients use the proxy (like proxy settings in webbrowser and so on). Simply add block rules at interface>lan so they really have to use it .

Thank you very much hoba and sullrich! Yes the computer I'm using is really cheap. The 2nd NIC caused a Dell workstation to not even boot. Many of our computers are random clones that I don't trust too much, certainly not for a router. but I didn't much else to spare. But I was able to get a Dell with a decent 2nd NIC. Will try this all again. Thanks!

the last thing i test was disable the transparant proxy.n thn whn i connect to web it time out, actaually it quite close to wat i want….but it cant work wit the schedules

Unless you don't have a portforward to a ftpserver inside your lan you don't need the ftphelper at interfaces>wan. Turn it off. If it still is acting up I don't know what to say. You are the only one with that issue, so you have some kind of broken config. I would restart from scratch then.

@jasoneisen: So this is a universal (only one allowed) thing.  I cant set up rules for specific networks or mac addresses to boot from different files? Not at this time, it's a global setting.  Patches accepted, of course.