Well, I'm afraid this is not an option as the network contains web servers with "unknown" SMTP senders, so we would not know who to block and not to block.  This is why we are looking at the "SPAMBLOCKER" route for outgoing traffic.

You should not be running pfSense 2.0 in production.  It is labeled an "alpha alpha alpha" release and is not suitable for any sort of production use.

oh really? Ok, I will have to give it a try then. Thanks!

I simply make firewall rules to allow the sip server access and no port forwarding involved…

oh yeah, duh. i forgot that it they are connected with cat 6 but to a 10/100 switch. thanks for pointing that out!

Well the new fix was tested for more than 700 users and it behaved really well. Even the status->CP was fixed to be usable under load. It is better to get a snapshot rather than the 1.2.3-RC1 that is in the mirrors cause they might not have updated the new image with the fixes.

Not saying this is always the case, but typically random weirdness of that nature is indicative of hardware issues. If you can get to a shell, running top -S might help figure out what is taking so long. Pay particular attention to RAM usage. I'm not sure if it works during the boot process, but pressing Ctrl-T should print on the console what the current active process is when you're waiting on it.

I don't know if this does what you want, but if you serve DHCP addresses to other computers you can have the names of the other computers registered in the DNS forwarder automatically. (Web GUI: Services -> DNS forwarder, tick the appropriate boxes in one or more of Register DHCP leases in DNS forwarder and Register DHCP static mappings in DNS forwarder).

I guess I was hoping to use port number in combination with IP address since apps like messenger and a few others now try to sneak out on port 80. The problem for me on the port rule is that occassionally apps like the ftp server will try to use these 'banned' ports. So far I have settled for tracert'ing all the well known ones and building their IP address into an alias for blocking. As for the p2p I have gone into traffic shaping and set the upload / download allowance to zero.

Not supported and not possible without rolling your own pfSense so also not recommended.

I just did a reboot about 4 hours ago and the problem was solved without any aparent reason. I did not change anything i just rebooted . [image: hi-cpu.JPG] [image: hi-cpu.JPG_thumb]

Thanks, i'll tried that and if i run into trouble i'll give you guys a shout.  Thanks again.

Everybody from this forum clicked the link trying to help and the server was brought down ;)

CARP works with private addresses too. Did you see my 'solution' at the bottom of this thread; http://forum.pfsense.org/index.php/topic,15393.msg81475.html#msg81475 I had to run the modem as a 'router' and have the PPPOE endpoint there. You won't be able to run it as a modem and have PPPOE running at the same time on each firewall. Well, that is not quite true….. my first attempt was exactly that, PPPOE running on each firewall and it worked in so far as each PPPOE session could establish the link to the ISP, but traffic would only flow over the link that was 'first' to connect. I remember in the 'early days' of xDSL that people were successfully running multiple PPPOE sessions. Obviously, some ISPs don't want users to do that now. here is an ifconfig on my primary firewall; em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:be:25:a5 inet 10.18.200.1 netmask 0xffffff00 broadcast 10.18.200.255 inet6 fe80::250:56ff:febe:25a5%em0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:be:11:dc inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::250:56ff:febe:11dc%em1 prefixlen 64 scopeid 0x2 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:be:5a:54 inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255 inet6 fe80::250:56ff:febe:5a54%em2 prefixlen 64 scopeid 0x3 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:be:2c:78 inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255 inet6 fe80::250:56ff:febe:2c78%em3 prefixlen 64 scopeid 0x4 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active plip0: flags=108810 <pointopoint,simplex,multicast,needsgiant>metric 0 mtu 1500 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 enc0: flags=0<> metric 0 mtu 1536 pflog0: flags=100 <promisc>metric 0 mtu 33204 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: em3 syncpeer: 224.0.0.240 maxupd: 128 carp0: flags=49 <up,loopback,running>metric 0 mtu 1500 inet 10.18.200.99 netmask 0xffffff00 carp: MASTER vhid 1 advbase 1 advskew 0 carp1: flags=49 <up,loopback,running>metric 0 mtu 1500 inet 192.168.2.99 netmask 0xffffff00 carp: MASTER vhid 2 advbase 1 advskew 0 carp2: flags=49 <up,loopback,running>metric 0 mtu 1500 inet 192.168.1.99 netmask 0xffffff00 carp: MASTER vhid 3 advbase 1 advskew 0 secondary; em0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:be:74:e5 inet 10.18.200.2 netmask 0xffffff00 broadcast 10.18.200.255 inet6 fe80::250:56ff:febe:74e5%em0 prefixlen 64 scopeid 0x1 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:be:26:94 inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::250:56ff:febe:2694%em1 prefixlen 64 scopeid 0x2 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em2: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:be:3d:87 inet 192.168.2.2 netmask 0xffffff00 broadcast 192.168.2.255 inet6 fe80::250:56ff:febe:3d87%em2 prefixlen 64 scopeid 0x3 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active em3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:50:56:be:50:e3 inet 10.10.10.2 netmask 0xffffff00 broadcast 10.10.10.255 inet6 fe80::250:56ff:febe:50e3%em3 prefixlen 64 scopeid 0x4 media: Ethernet autoselect (1000baseTX <full-duplex>) status: active plip0: flags=108810 <pointopoint,simplex,multicast,needsgiant>metric 0 mtu 1500 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 enc0: flags=0<> metric 0 mtu 1536 pflog0: flags=100 <promisc>metric 0 mtu 33204 pfsync0: flags=41 <up,running>metric 0 mtu 1460 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 carp0: flags=49 <up,loopback,running>metric 0 mtu 1500 inet 10.18.200.99 netmask 0xffffff00 carp: BACKUP vhid 1 advbase 1 advskew 100 carp1: flags=49 <up,loopback,running>metric 0 mtu 1500 inet 192.168.2.99 netmask 0xffffff00 carp: BACKUP vhid 2 advbase 1 advskew 100 carp2: flags=49 <up,loopback,running>metric 0 mtu 1500 inet 192.168.1.99 netmask 0xffffff00 carp: BACKUP vhid 3 advbase 1 advskew 100 Notice the IP addresses are all private.</up,loopback,running></up,loopback,running></up,loopback,running></up,running></promisc></up,loopback,running,multicast></pointopoint,simplex,multicast,needsgiant></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></up,loopback,running></up,loopback,running></up,loopback,running></up,running></promisc></up,loopback,running,multicast></pointopoint,simplex,multicast,needsgiant></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast></full-duplex></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,promisc,simplex,multicast>

:'(