Ah, found the "half-bridge" mode it in the ADSL router – it was called "PPP IP Pass"  as opposed to "NAT". I hear it is also called DHCP spoofing. Now if I could only find a cable modem using PPTP that does the same thing.  My biggest problem with these SOHO routers is their poor handling of large amount of states due to memory and cpu limitations.  Heavy, continuous loads cause them to slow down and need periodic rebooting, so I want to avoid their routing engines altogether.

Cheers,
Z

Then do a double nat. Set the modem in router/nat mode and search for an option called "dmz" or "expedited host" in the modems webgui. Assign the pfSense WAN IP there and everythig will be forwarded to the pfSense. The only things that don't work nice with such a config is the integrated dyndns client (as pfSense doesn't see it's real WAN IP anymore) and maybe IPSEC (unless you configure a different identifiers than "my ip address").

Hm, I also noticed by accident, thanks to the arse-backwards filesystem (bangs head against desk), that there are two php.ini files - the in-use one actually being in /usr/local/lib/php.ini, and another one in /usr/local/etc/php.ini. Not sure what the purpose of that is, but I'm going to guess that if I reboot after having mistakenly made my boot-time edit to ./etc/php.ini, I may now have my problem sort-of solved. Not one to reboot my gateway on a whim though, so I guess it'll have to wait til the next reboot. =P

Good to hear :)

Some devices need a reboot or manual arp cache reset when IPs change to new macadresses.

@GeeZuZz:

sullrich: I'm not sure what you mean by "monitoring ip" - you mean its a ISP problem? I'm not loosing connection every 5 minutes - it appears to be very random, but in average i would guess 5 minutes.

hoba: WAN is ADSL 2+ using PPPoE (static IP). WAN adapter is le1.

The main reason why i'm thinking it may be pfSense is because it appeared to work fine for about 12 hours right after i restarted pfSense the first time. But of course, that could be a coincidence… But i also think those spikes right before connection is dropped was a little weird.

Any other things i should check out before i contact my ISP?

Edit: I'm just using  "ping -t" from Windows to monitor the connection - and the last 30 minutes it looks like instead of connection going down, the ping time just goes up to 100-200ms for the same period.. Only went completely down one time ("request timed out").
Edit2: Now it just started to show "Request timed out" again... And it went down every 10-20 seconds the past minutes...

If you think it is the ISP, you can try this…..

open 5 cmd windows on your windows box
first cmd window ping your internal gateway EX: 192.168.1.1 -t
second cmd window ping your WAN port Static ip EX: 10.1.1.10 -t
At this point…you **"should"** not have any drops if it is your ISP
now the 3rd cmd window ping your ISP gateway IP 10.1.1.1 -t
the 4th, just ping something on the net EX 4.2.2.2 -t
5th ping another internet address EX ping 208.68.222.222 -t

run these pings for a while to monitor
If you can, isolate one pc on the LAN to do the testing.
If you think it is PFSense, take the box out of the picture by connecting your pc/laptop right to the provider device (with your windows firewll on ;) ) and setup your connection to the net…run the same test

Now, if you get drops past the 3 cmd window (ISP gateway) , good chances are that your ISP is the problem.
If you get drops on 3,4 and 5 all at the same times, check with your ISP.

You can also use something link ping plotter to ping these address over a timeframe and you will be able to check what time they dropped.

What does top report when that happens? You can run it from diagnostics>command or from the shell for a more dynamic view.

@hoba:

Yes, I have not used any of these solutions yet so I can't be of much help here.

Anyway, thank you  :D

i have this problem as well, packetloss on all interfaces. The difference in this case is, that i didnt upgrade to 1.2, i have a clean installation.

If this packetloss occurs, i cannot ping the pfsense box from the lan. It disapears by itself, if i reboot the box the packetloss is gone.

I removed some installed packages like ntop, will see if this fixed the problem.

@BigHusky:

Over the last year of trying to get pfsense (just base, without any additional modules) to perform properly it just became clearer overtime that in order for pfsense to be able to perform close to the proprietary appliances you have to throw in 'very' expensive hardware (expensive at the router level). We ran it on a 1.8GHz Athlon with 1 and 2 GB of RAM and tried various network cards. Everytime you mention here that you are getting very poor throughput going for example to another host on the same network as the WAN interface, etc. you will most likely be told you need to buy Intel Nics and all other Nics are pretty much 'crap'.
It turns out that even smallest routers and up to Cisco equipment don't have such 'highend' nics and certainly not such 'highend' cpu's/ram and still outperform pfsense in the same setup by a wide margin.
Unless you are willing to put in the money for all these items you might end up in better performance shape if you go with a PepLink or other multi-wan appliance.
I have high hopes for 1.3 and will be testing it again when first releases appear. In the meanwhile we had to take it out of usage.
Just some other thoughts.

But when you are talking about Cisco, Adtran, Sonicwall or any other pre boxed unit, they design the product around a specific hardware (including nics) and test that hardware.
I am sure that the engineers behind the pre built devices had to find the pefect match of performance and price that worked.

With a product like PFSense, you have to deal with many different Motherboards, CPU, Memory. BIOS settings, and yes NIC's. So yes, it is a bit harder to get the "perfect system"
but look at all the variables that are taken into play.

If someone recommends to use Intel nic, it is because you are getting the collective experience of other users and their success and testing.
I am sure no one is just saying get intel nics just so Intel can make more money.

I have used Many pre built boxes and you can certainly run into bottle necks on them also.

Look at it this way…..
If i have a Server that needs another nic, do i want to use something that has a proven track record or install a $15 off the shelf nic in a clients server?

@cmb:

This is already addressed for 1.3 though, with a complete rewrite of the traffic shaper that gets rid of this and several other limitations in 1.2.

Oh, sweet.  I plan to load 1.3 as soon as the beta lands, so I'm going to forget about this now. :)

Thank you.

I know of them, don't know much about them though. It's likely just a slightly rebranded version. The way we control (to some extent) companies other than ourselves and our partners from profiting off the project without giving back is restricting usage of the logo, it looks like they just slapped a different logo on there.  Not sure if they provide support or what.

For support, we have commercial support available from the foremost experts on the project with BSD Perimeter and Centipede Networks.

I strongly recommend against doing business related to pfSense with any company other than BSD Perimeter and Centipede Networks, the primary corporate sponsors, and those listed on our recommended vendors page on the website.
http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50

These companies provide significant resources to make this project what it is. Anyone not listed on our website is trying to profit off the project without giving back.

Ahhh…didn't know that option was even there! I know that command from linux, but didn't know it'd work with PFsense/FreeBSD... I'll check it out and let ya know...

Thanks.

I'm new to BSD. (we're trying out pfsense because I decided I want to learn how to use it).  How would I disable local login? Will disabling the menu disable to console as well?

EDIT: Thanks for the help.  I'm going to leave the console as is.  It should be safe enough, it's still in a restricted area.

I checked the active network connections when the pfsense freeze. I found out that the csrss.exe open a lot of connection. Finally I deleted the file (c:\windows\config\csrss.exe). I'm certain that the csrss.exe is not the MS csrss.exe which is located in the system32 folder, but I didn't find any useful info. Virusscan couldn't find anything. (McAfee)
Now I'm waiting what will happen…

I assume you want multiple subnets on the same physical layer.
DO.NOT.DO.THAT (you WILL have major problems with that…)

Using VLANs or more NIC's is the recommended way.

maximum in 83.59
maximum out -12.66

I guess the difference could be traffic to the pfsense box itself, though that number doesn't seem to match the graph??

"Refer to the appropriate FreeBSD manpage for the driver you're using to see which options are available (or run ifconfig -m)."