You should assign the bridge, not the member interfaces. (And set the system tunables so that you packet filter the bridge and not the interfaces.) Answered about zillion times before.

Well it's true the software was more designed to be used in a LAN environment, but it also is supposed to support remote phones with features, which ends up creating these huge packets. But my application aside, I am still curious what happens when a big packet hits the PFSense.

@akong: Hello, I will upgrade from 2.1.5 to 2.2.3 at other server. What is this problem about loader.conf.local file? Could you tell me what's problem and how to fix it? It is only if you happen to have certain hardware where there seem to have been some regressions in disk things somewhere betwen FreeBSD 8.3 and 10.1. Since you have been running fine already on 2.2.* then you do not have hardware like that. For reference an example thread is: https://forum.pfsense.org/index.php?topic=87364.0

Was hoping to recover gracefully, but alas this was not to be so.  I've re-imaged and recovered from a previous backup. On another note 2.2.3-RELEASE has a smaller memory footprint from what I can see. Thanks

I have a traffic shaping in place but not on a WLAN. My Alix has only the built in LAN ports. I increased the maximum limit of mbufs now. I have observed an absolute stable and very low amount of mbufs allocated at all times (in the RRD graphs). I'm not expert enough to understand which facts have an influence on used mbufs so it's difficult for me to trace an increase down to specific behavior of hosts in the network. Because the RRD graphs stop to display data on midnight before a crash of my pfSense I did not observe the amount of used mbufs shortly before a crash yet. I changed the RRD backup cycle to one hour now. Maybe the next time I can actually see an increase of used mbufs in the RRD graphs (if this does not occur only within minutes before a crash). Are there know typical scenarios which cause used mbufs to increase dramatically? I rather suspect that something else is eating up memory which has been reserved for mbufs. In other words something else / another process has higher priority when requesting memory than the network processes / the mbufs reservation. Is this possible at all in FreeBSD? -flo-

@three18ti: I just added 10 host DNS overrides entries and it was PAINFUL!  Copy the host name, copy the domain, copy the IP, submit, wait for the page to load, scroll to the bottom of the page, click the plus button, wait for the page to reload, repeat. It easily took me 30 mins to add those ten entries.  I have a few dozen more to do tomorrow.  (And that's not even mentioning the stuff we want to do with VMware which will require automatic updates without human intervention). Apparently there is not going to be an API…[1] So, pFsense gurus, how do you automate firewall changes?  Any awesome Chef recipes?  Or should we be looking at a paid Cisco product if we need automation? Thanks for any advice! [1]  https://forum.pfsense.org/index.php?topic=76587.0 Have you tried the "Advanced" menu?  For example: bogus-nxdomain=198.105.244.24 bogus-nxdomain=198.105.254.24 address=/examplez.com/127.0.0.1 The Advanced menu for dnsmasq here is over 1100 lines long.  running ps -Aww isn't pretty, but it works nicely from the first domain to the last!

The configurations options in squid are vast…  Just my opinion but not really a fan of running a proxy on my actual firewall.. If you require a proxy then I would do that on its own setup..  If you have a firewall in front of pfsense - why don't you just setup a squid box?  Seems odd to me to run pfsense just to get squid going, since squid is a addon package to pfsense and provided more as convenience..  I would move your question to the squid forums or the package section this forum. Do you have any delay pools setup in squid? http://wiki.squid-cache.org/Features/DelayPools?highlight=%28delay_pools%29 This is normally how you would limit speeds.. Out of curiosity why do you "need" squid or a proxy in general?

@johnpoz: gs108e is NOT a layer 3 switch - not by a freaking LONG shot!!!  Its a barely not dumb switch, lets call it a mentally challenged switch because smart would not be the word I would used and retarded is not really PC ;) Okay, I'm not going to lie. This seriously made me laugh out loud.

Bridge the VLAN to the other NIC.

This could be a nice one to have a watch too as you are totally new to pfSense:- A 50mins video with pfSense 2.2.2 firewall setup and features overview. https://youtu.be/dfix8WsNSHc

You already have the most optimal setup. What's wrong with having the wireless AP connected to the switch? What cable modem do you have? Some Hitron models have been known to have major problem connecting to 100Mbit NICs.

NTPD RRD shows an average of 0.14ms offset and a maximum 0.4ms offset over the past 24 hours.

Hi neo243, wow that is exactly what fixed it! I constantly had to chose between VLAN6 or PPPoE on my interface but this has enabled me to do both! Thanks everyone for all your efforts! Grt Bram

OK - so Scythe sent me another set of brackets, install is now complete and working fine.  So, for anybody wanting to do a motherboard swap, I can confirm that, in my case at least, everything went just fine.  I did end up keeping my NC360T card and hooking up my WAN/LAN wires to the exact same ports (keeping the motherboard's NICs for future expansion or what not), but pfSense just fired up as if nothing had happened. Two questions, though : 1.  I used to see the CPU temp in the dashboard, with my AMD CPU.  I don't anymore with the X3430.  Is there a reason for this?  Can I restore it? 2.  Is there such a thing as ipmitool in pfsense?  My searches seem to indicate there is, but a simple command to reset the IPMI password, which worked fine on FreeNAS (ipmitool -I open user set password 2 ADMIN, to reset to the default "ADMIN" for example) didn't work in pfSense - device not found or some such.  I didn't try modifying fan parameters with ipmitool, just figured I'd ask you guys first. Totally unrelated : anybody else seeing arpwatch as a red "X" on the dashboard ever since update to 2.2.3? Cheers!

Are you certain the user is being put into the correct group? I can't think of any reason why that privilege wouldn't work from LDAP unless the user wasn't actually being detected as a member of the group that included the privilege.