A quick way to reduce power consumption on a GX280, aside from what Steve mentioned about the CPU swap, is to run pfSense from a SSD or Compact Flash card.  Run the nano/Embedded version to reduce wear on the SSD/CF card (Will they go in to sleep in pfSense? If so, even just running that with a spinning drive could spin down the drive to save power.)

Also, disconnect the CDROM, you're not using it, same with the floppy if it's so equipped.  Also disconnect the keyboard (and mouse if one is connected.)  All these things are small, but they add up.

GX280's have a PCI-Express slot, and often a video card occupying it.  Take it out, use the onboard video (there may be a small grey cover over the onboard video port.

The down side of a GX280 is that it's (assuming you can't get a P4-M) still a P4 with Hyperthreadding.  This was previous to much of any power saving features.  A GX280 can't reduce the clock or FSB speed through the BIOS (well, I think there's some kind of compatibility mode that's crazy slow, you don't want that.)  So, if you can't take out the CPU, you're stuck with the core of your system being power hungry.

I really should take some measurements of the systems I have hanging around my house.  I'm pretty sure my old PII Celeron based GX100 is right around 35 watts, but I need to test it.

Nope, any interface pings it.
Then, I changed the equipment.

Thanks you all!

Not easily, no.

If you craft a rule and edit the advanced options and set just the right TCP flags, maybe, but I'm not certain that would really help or if it might hurt.

I have yet to reproduce it reliably, so I don't know. I've seen it maybe a half dozen times over the years, from 1.2 to 2.x. It's rare, but it does happen.

I don't know if it's due to an especially high/sustained rate of logging or something else that puts it over the edge.

Best option is to use console option 13 to reapply a firmware update to make sure that all needed files are present. It's possible that more than just pcre is missing.

hehe

Im sorry for my late answer I havent have time before know!

Thanks !!

Then I learned something new!

@newbieadmin:

Can I hook up the Intel gigabit onboard (vPro port) onto the switch and have it work (just get IP address for mgmt and nothing else)? Would it cause a loop and crash the switch/network?

Yes, you can connect it to the switch and get an address via DHCP.  I do recommend setting a static IP in the BIOS for it though.  Allows you to monitor the entire boot process over IP (internally) and before the router boots.

The RRD graph shows block and pass seperately, the Traffic Graph I'm not too sure of.

The logs might seems like a lot of blocked connections, but that means there was only one packet, so not a lot of data.

Switches are designed to move packets. They are simple things really. pfsense will have processing to do and adds a bit a time for that. So, what happens is that you will get less than line speed. Generally that is not a problem except in highly utilized networks.

Use this as a comparison.

http://forum.pfsense.org/index.php/topic,53185.0.html

Not really, depending how you set it up.  I use to run in type 2 mode - but what was the point to running a full OS on the hardware when the hardware was just for VMs – made no sense from resource sense.  Anything I wanted to do on the host OS, just do in a  VM.

You do run a more of risk I would think of exposing the host to public, if for some reason you put an IP on the interface on the host that you have setup for public side pfsense wan, etc.

There is one thing if your playing with a couple of vms on your desktop, and that is the only hardware you have, etc. Sure you can run your vms in type 2 setup.  But if you have hardware your going to run VMs on only, etc.  Why in the world would you not run type 1??  Your just throwing away cpu cycles that could go to VMs on the Host OS.

@wallabybob:

@_Adrian_:

@marvosa:

Other than that, your NAT:Port Forward should look like:

WAN | TCP | * | * | WAN address | 80 (HTTP) | <webserver ip="">| 80 (HTTP) | description |</webserver>

WAN TCP * * SERVER1 address 80 - 443 192.1x.x.x 80 - 443 IIS1
WAN TCP * * SERVER1 address 80 - 443 192.1x.x.x 80 - 443 IIS2

Why do you have two port forward rules? Since they have the same port range only one of them will be effective.

What is "SERVER1 address"? Since you mentioned DynDNS I suspect your WAN interface has a dynamic address. If so, the port forward rule needs to specify Destination type=WAN address (not the CURRENT IP address of the WAN interface) so the rule's behaviour will track changes in the IP address of the WAN interface.

Thanks wallabybob !!!
Its working :D

Had to do a couple changes…
It didn't want to play nice so i went to a port 8080 redirect.
With that being said...

NAT :
WAN | TCP | * | * |WAN address | 8080 | <webserver ip="">| 80 (HTTP) | SERVER1 ( Description )

and created an rule for it that ended up looking like this:
IPv4 | TCP | * | * | <webserver ip="">| 80 (HTTP) | * | none | NAT SERVER1 ( Description )

Now when going to adrculda.hopto.org or adrculda.zapto.org gets redirected to my first IIS7 Server.

Now i wonder if my provider offer multiple external IP's :P</webserver></webserver>

I once managed to block some of the GUI with Ad Block Plus. Confused me for a while.  ::)

Steve

Hmm, I don't think I've fully understood the problem here.  :-
Are you asking whether multicast over OpenVPN is possible?
Perhaps: http://forums.openvpn.net/topic8036.html is relevant.
Or are you trying to solve some ipeng problem?

Steve

Edit: You may use the IGMP proxy to multicast between subnets, possibly an easier solution. Perhaps!  ;)

On my windows I reset the script to:

@echo off :: similar to above methods but this works :: get current date/time into vars :: vars= day month year hour mins secs mili for /f "tokens=1* delims= " %%a in ('date/t') do set dayname=%%a for /f "tokens=2* delims= " %%a in ('date/t') do set mmddyyyy=%%a for /f "tokens=2* delims=/" %%a in ('echo %mmddyyyy%') do set day=%%a for /f "tokens=1* delims=/" %%a in ('echo %mmddyyyy%') do set month=%%a for /f "tokens=3* delims=/" %%a in ('echo %mmddyyyy%') do set year=%%a for /f "tokens=1* delims=:" %%a in ('echo %time%') do set hour=%%a for /f "tokens=2* delims=:" %%a in ('echo %time%') do set mins=%%a for /f "tokens=3* delims=:" %%a in ('echo %time%') do set sec=%%a for /f "tokens=1* delims=." %%a in ('echo %sec%') do set secs=%%a for /f "tokens=2* delims=." %%a in ('echo %sec%') do set mili=%%a echo day =%day% echo month=%month% echo year =%year% echo hour =%hour% echo mins =%mins% echo secs =%secs% echo mili =%mili%

Thanks I wasn't aware of the shellcmd feature. Perhaps I'll checkout 2.1 as well as the box isn't going into production for the next couple of weeks. Maybe I can keep it free of extra packages with 2.1.

Cheers / Thor

So your VMs is the lab you want to access? Does your VPN allow access to your internal network as it is now?
I am not sure that you would have to alter your setup nor that you need any vlans for what you want.
If you connect to PFsense through OpenVPN you could deny the traffic from reaching your internal traffic by blocking any vpn-traffic that wants to go out the "Wan interface" of PFsense and only allow it to go to the Cisco switch. And if you don't want to allow traffic from your lab to reach your internal network, you could block access for traffic originating from the PFsense router to reach your internal network.

You could do this in a couple of ways, it all depends on what access requirements you have and if you need any traffic from the PFsense router to access your internal network.