…..would be a closer use case to users surfing the web. This could also be a nice test fir sure and on top of this it might be also that he is able to set up that iPerf test with the -p "n"command to high up or scaling up the entire workload. As an example: iPerf Client --------------------------------------> iPerf Server IP 10.1.1.2                                          IP 10.1.1.1 #iperf -c 10.1.1.1 -P 8 so over that test it will then be used 8 streams and that could be also really filling up or saturate that line.

Also - I did find this info on the forum from others having similar issues installing pfblockerNG / php memory issues but I don't know if I need to do these edits too: for amd64 systems … change /etc/inc/config.inc (line 75) from 512M to 640M or 768M. Code: [Select] // Set memory limit to 512M on amd64. if ($ARCH == "amd64") {   ini_set("memory_limit", "512M"); } else {   ini_set("memory_limit", "128M"); } to Code: [Select] // Set memory limit to 512M on amd64. if ($ARCH == "amd64") {   ini_set("memory_limit", "768M"); # amd64 Default 512M } else {   ini_set("memory_limit", "128M"); } AND modify the /usr/local/etc/php.ini (last line) and /etc/rc.php_ini_setup files (line 303) from Code: [Select] suhosin.memory_limit = 536870912 to Code: [Select] suhosin.memory_limit = 671088640 # 640M Default 536870912 or Code: [Select] suhosin.memory_limit = 805306368 # 768M Default 536870912

I've been having the same issues.  Did you ever resolve it?

@johnpoz: So did you try turning off the dmz host mode and just forwarding specific ports, like 80 or 443, 22 and test the specific ports.. Does it source nat as well?  If so that is just MESSED UP!! Do you have any other choices for isp?  If so freaking tell them your moving to different ISP and see if that gets their attention. I did try just forwarding specific ports, but it was the same. No difference. I can't figure it out. I've never had this problem before with any previous ISP. Once explanation is that our house was built this year and it's all new infrastructure. So maybe they are still smoothing out the bugs. I'm hoping that's the case anyway. Unfortunately ISPs usually have a monopoly in specific neighborhoods. So where i live they are the only option. The only way to change ISP is to move house.

Ok, will remove it on all machines then. Sounds clear! I had the idea from the name itself: maximum transmission unit

At the moment there isn't a way to add a user to a reserved system group in a way that will be preserved. You could script a groupmod command into a shellcmd so it would happen at bootup /usr/sbin/pw groupmod proxy -m <username>That might get you closer, though it could still be clobbered if the groups get rewritten later</username>

I have got the routing setup by my ISP now. Works nicely.  :) . Thanks again for your quick reply.

It would be nice to be able to experiment with some of this stuff and right now I'm not able to. I'm not so much trying to fix a problem. Like what?  vlans - you have a managed switch..  Just not getting why you think you need a 2nd router to do vlans?  And not sure what you think having your nas in multiple networks gets you?  If you want to have your devices access files off this nas with using a different interface ok.  But then really your devices need an interface in this other network, etc. If you want to setup a management vlan and have your nas have its normal network that it serves up files on, and then a management network you access it from to admin it, ok.  But then your devices you will manage from really need to be in this managment vlan or again its pointless.

I'd try to see what a 4GHZ+ chip would do.  Maybe even overlocked with some cooling. Perhaps it would be nice to set it up in a VM, then it might be nit really bounded to the single CPU Core or am I wrong now?

Load balancing will be able to realize over two or more WAN ports with the following methods; Service based routing and/or Session based routing, this both will be the most common ways to balance traffic from server.

Moat odn't but oyu can go back and edit the topic if you like to something like [SOLVED].

You can create a NAT with anything you want as the Destination address, but pfSense has to know to listen for it.  It automatically knows to listen on the WAN IP.  All others must be explicitly set via Virtual IP.

Thank you for taking the time to look at my crash report and write a thoughtful reply. Last night it crashed again, and today I ended up putting in a different motherboard/CPU/RAM. So far everything looks good; hopefully it stays that way. James

Beside the simplicity you now have double NAT and possible problems with port forwarding, possible bufferbloat on modem side, etc… but it's your choice anyway.  :-X

for sure there is a problem with pppoe reconnection - as i have this problem with 2.3 (including all recent updates) and searched more than 2 days to find a proper solution, i.e. to have a stable pppoe connection with my pfsense. the fix mentioned here works good for me: https://forum.pfsense.org/index.php?topic=54207.0 Failing that, give this a try: Edit usr/local/sbin/ppp-linkdown and comment out or remove this line (keep an unaltered copy around though so you can restore the copy if it doesn't help) Code: [Select] /usr/sbin/ngctl shutdown $1: mind that there is a closed, 17 page long thread at https://forum.pfsense.org/index.php?topic=41061.240  i came across several times. imho this workaround should be added to that thread, as it will help people who have this problem. unfortunately, that post is closed and cannot be replied anymore. can some moderator add this information ?

Not that I'm aware of. Searching for macsec or 802.1ae doesn't turn up anything meaningful outside of a few references to drivers for cards that support it that had to be worked around.