There is no timestamp on those really. Those are all active connections, so the timestamp is "now". :-)

There is some more information that can be had (age, expires, how many packets, what rule made it) but that would require even more parsing since it would require enabling the verbose output of the states view, and the display of that page can already take quite a bit of time with a large state table. It might be possible to add as an option in the future though.

That is from NAT reflection. It's trying to bind the reflection daemon to a high port in order to bounce connections back.

That message is likely not related to what you are seeing - something else must be happening before that to trigger a reload of the LAN interface. Perhaps it's losing its link (or it believes it is).

Sounds like it could be a flaky cable/NIC/switch port.

Not for an established connection.

If a system properly terminates its connections, the entries go away immediately. They don't hang out there forever unless one side believes it is still open.

Even better.

@limecat:

More serious, there appears to be a bug– pfSense does not want to bind with credentials.
I went into iRedmail's LDAP config, and enabled anonymous bind, and all of a sudden it was able to bind no problem.
How do I open a bug for this?

Check pfsense's bugtracker http://redmine.pfsense.org/projects/pfsense/issues?set_filter=1

Solved!

Yesterday, in desperation for an answer, I swapped the hard drive with the pfSense install on it out for another and installed Arch Linux on the machine. It took a couple of hours, but I was able to get Arch set up so that it would do exactly what I had pfSense set up for (WAN on em0, LAN on LAGG0 (em[123]), OPT1 on VLAN1 on LAGG0, and OPT2 on VLAN2 on LAGG0). Rerunning IPerf on the same pair of old and crufty workstations got exactly the same performance figures, approximately 228 Mb/s.

I boggled for a minute then realised the problem was either the hardware on the pfSense box (maybe the LAGG and VLAN configuration scared up a bug) or the workstation's NICs (as limecat suggested). I plugged my fairly new laptop into a port that would use OPT1 on the pfSense box and reran IPerf to a machine on the other side of the WAN port (ie. NAT was involved). Got about 928 Mb/s. So the workstations were at fault!

This is a huge relief. pfSense makes for an easier solution, than building a Linux router, to most of the problems I'm running up against (inter-subnet routing speed, web caching, traffic shaping, prioritising video-conferencing traffic).

Fixed it. Yes, rebooting after mirror rebuild didn't help.

Copied an old backup of the config and that fixed it.

1.  Call and verify they have the right cable modem mac address for your account.

2. Verify that when you plug your ethernet cable into the ports that they light up indicating connection.

3. Verify on your WAN page that you are set for DHCP.

4. Verify on the "Status/Services" page that the DHCP service is in deed running.

5. Start the modem first and then power up your pfSense box after the modem finishes syncing.

If you change devices on the modem you must power it down and restart it.

Same problem - webui keeps hanging… I found killing all of lighthttpd and php processes off fixes it.  I'll dig further the next time it stops responding... Not hard to make it happen, just use the UI.

Soekris Net6501-50 with a regular 5400rpm SATA drive.

guessing your made it png vs php because you can not upload php?  took me a second to figure out what you did ;)  Like what how am I suppose to compare code with a png?  Then the light went on ;) heheh

Looks nice - thanks!

Check the gateway status widget and the gateway status page. You could lift some code from there for your script.

Can you login with that same user without a key? (just password?)

Does the user actually have shell permissions assigned?

It always runs fsck automatically after an unclean shutdown. It says r/w mount denied, so then it runs fsck to fix the problem with the filesystem, and once it's cleaned up then it mounts the drive normally.

If that automated process doesn't work, then it's possible the drive was corrupted more than usual by the power loss. If it's that bad, then it could possible take a few fsck runs (boot to single user mode) to fix up all the way.

@cpartsenidis:

The reason for this is because I want to create a backend program that will automatically update the user database to allow new users access the Internet, without it requiring someone to manually enter this information via the Captive portal user management.

Rather than messing with pfsense's local db, you could authenticate CP users against a RADIUS server and have your back-end program update its db.

Also, is it possible to program the captive portal to accept a pin number, instead of a username/password?

Check the vouchers function in CP.

Scroll down to the very bottom of the page, is there a PHP error at the bottom of the screen?

Hi, im using pfSense 2.0 + siproxd since Dec 2010 ( pfSense 2.0 Beta5 ) in a Test enviroment and it work fine, at least for my needs.

My network topology is:

WAN1 –
          |--[ pfSense + siproxd ]–--- LAN  --> [ MT PPPoE Server ] –> [ Wireless AP ]    <– -->  [ Wireless CPE ] –->  [ ATA ] ( SPA2102 )
WAN2 –                        |
                                    ------> [ SoftSwitch ]–> PSTN

@Alf:

I have a completly different question now.

We have plugged everything up and everythins is running smooth. The internet connection is constantly maxed at 100Mbit/sec.

The only problem is that we cant connect to any games using Battle.net.
Do you have any idea what it can be? We have all ports open, nothing is blocked and no traffic shaper.

When we try to connect to WoW we're only getting instantly disconnected. WTF?

Edit: there is like one constantly playing WoW, everyone else cant connect

You need to forward ports per client for battlenet.  i.e.  6112 on wan to client 1, 6113 to client 2, 6114 to client 3 etc.
This is why it is important to assign static LAN IPs for each client.  You then notify each user as to the port they need to setup the bnet client for (default 6112).

IIRC, there is a limitation of 6 hosts per IP (WAN) for battlenet (at least for WC3/ Dota this holds true).  You must setup the NAT so that each group of clients goes out a certain WAN IP for Bnet.  This is best done with Manual Advance Outbound NAT (AoN).

i.e.  You allocate 6112 to 6127 per table (with each client using one of the ports).
Then under AoN, you set the NAT so that ports 6112:6127 for 10.0.1.X (table 1) are mapped to one of the WAN gateways, 6112:6127 for 10.0.2.X (table 2) for another WAN gateway so on and so forth.  Make these static ports.

This does not negate the 6 hosts per IP limitations but you shouldn't be having that many hosts on bnet to begin with.  For regular WoW access, this should not be an issue so long as all the clients have unique ports.