Thx for the suggestions, but I will not do something that will compromise even a little bit of security.  We're here to make rock-solid firewalls, and that's all that matters  ;)

I swapped the 250GB for an 80GB I had lying around.  So I don't care about the extra space anymore.  I can always hook up the 250GB in my server comp and access it from there…much safer ;)

Thank you all. I will post a diagram soon.

I have only VLANs in this NIC (tagged traffic)

Best

Kostas

Thank you stephenw10
PHP shell is very powerfull!

thanks

Thanks for the quick reply. :) it helps me.

You need 3 things to make this work.

Route to each different subnet.
Rule in LAN to allow such traffic.
Outbound NAT rule to allow the traffic to return.

I think if you get those setup, you won't have any problems. I think I wouls also turn on the advanced option to bypass firewall rule if the traffic is on the same interface.

Thank you very much jimp  :)

I have personally found BT Infinity to be wildly varying in throughput.
I have the old 40/2 service but get anywhere from the expected 36-37Mbps at 2 AM to 15-16Mbps at 6 PM.
Try it late at night.
Try using the Windows PPPoE client directly (or whatever OS you are running).

Steve

If I can get this working with a password I will post how to do this, as username only is not good security.

More information would be helpful.

What name server should the LAN system be using? Is the LAN system correctly correctly for that (static IP) or getting the correct name server IP address from its DHCP server? Is the DHCP server configured to supply the correct address?

Perhaps your firewall is blocking all access to the name server. Perhaps the firewall is blocking DNS access to the name server.

Some parts of the developer rules page on the dev wiki may be useful to you.  The site for it seems to be down at the moment, so here's a cached version: http://webcache.googleusercontent.com/search?q=cache:xNnNncCyXkUJ:devwiki.pfsense.org/DeveloperRules

There are also other pages that may be useful.  Cached version of the main page: http://webcache.googleusercontent.com/search?q=cache:CCzm5_BWozEJ:devwiki.pfsense.org/

It is better to get get each network segment working to the internet, then you can work on getting them to talk to each other. Basically it is rules and a lack of NAT for each network to talk to each other. Without knowing what rules you have set, what NAT you have set, and the packages you have installed, it becomes a guessing game for us. LAN is going to have a default allow rule, but any OPT interfaces will not. If you have not created a rule there then opt interfaces will not have internet or any access.

Usually this is from the rate program on the realtime traffic graph getting stuck…

The usual way to kick it in the rear is (via ssh/console shell)

killall -9 rate

If that doens't work:

killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui

While we don't technically support that in the GUI, the underlying OS is perfectly capable of doing that. It can take a little hacking to make it work, but it can be done.

On 2.1 you can adjust the "retries" on the pool. And there is a Settings tab with settings for the interval and timeout.

You might change to a different monitor type, see if it helps.

@mklopfer:

What it seemed like was happening was the web server was spending time trying to maintain dropped connections to the outside at the expense of inside connections - which should never touch the firewall.  All internal machines used an internal DNS server that specified the IP for the web server that was on the same subnet.  It looks like the symptoms we were seeing were indirectly related to the reflective NAT issue.  For some reason there were tons of connections between the server and itself trying to loop back over an external address–-my best guess is that something somewhere was hardcoded to talk over that IP.  But if that were the case, removing NAT reflection would not resolve the issue - it would still try and talk out and back and be blocked.  I'm still at a loss to the exact mechanism of the problem but any speculation to help others in the future is welcome.

My guess would be that the html/php/asp is telling the client to go to http://<externalip>/internalpage.html/php/asp instead of ./internalpage.html/php.asp and as a result you where getting essentially redirected to the external ip instead of it using the internal ip from DNS. This happens sometimes when your webpage needs to load data from another page. This is generally the wrong way to setup a website IMO.</externalip>