Check out another thing: how many people on earth speak natively Portuguese. You will be surprised.

John's suggestion of using VPN is certainly always a good choice. However, to answer your original question- YES pfSense can do this. You need to go to Firewall > Aliases, and create a new alias for your allow list. Add your no-ip FQDN e.g. foobar.no-ip.com and save it. Now in your firewall rules, create an allow rule that passes traffic on your WAN interface(s) and set the 'source' to the name of your alias which should auto-complete when you start typing. Save and you should basically be good to go. The default refresh time for the firewall to update your dynamic IP is 300 seconds. You can adjust this up or down as needed by filling in a value for 'Aliases Hostnames Resolve Interval' on the System > Advanced > Firewall page. HTH!

What was your System Activity like during those super slow transfers? Where you getting a large number of interrupts and high kernel CPU? Even when I'm doing 70k-pps, I'm still around 150 interrupts per second. Intel i350-T2 is sweet.

That depends on your requirements.  High loss is fine if you don't notice it  ;D  However, if it is causing an impact then you need to isolate the problem.  For example, how stable is the route between you and the VPN provider's endpoint that you connect to?  A tunneled connection won't improve line quality, so if you're getting loss or high latency when pinging then that's a problem. You have a local web server that you want to present to the Internet?  I don't know how your VPN figures into it.  Create a port-forward for the web server and a firewall rule on WAN to allow the traffic. https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting https://doc.pfsense.org/index.php/Category:NAT 3)  Sorry, I don't know much about Squid in a multi-WAN configuration. 4)  What you want sounds like policy routing https://doc.pfsense.org/index.php/What_is_policy_routing

It's shitty router by ISP it can't show realtime usage. Even windows reporting 200mb/s +…..... [image: h1LDBCW.png] So how it's possible, im getting some turbo boost speeds, but in other test's im getting what i pay for. What is that?

Nah scrub that, the server is free all the apps which are otherwise free elswhere are charged. I sort of get it, but to install the few things I want would be £80 or more. Might as well stick with windows.

@jahonix: @sfernan: That simple? That simple! With the benefit of different HW just install the full version and import the config. You may assign the new NICs to your config before importing or do so on the new HW. I find it a bit easier with a text editor before importing when you use VLANs on top of your hardware interfaces. Other than that it's straight forward. Thank you guys.  Worked as mentioned above.

@akieni: True, it was a memory limitation…. I did not know that the ip allocation would use that much resources from my server... Thanks 16mil IPs times ( 4 bytes per IP plus 12 bytes per MAC address) is 256MiB. That is not including any other overhead like padding, time stamps, etc.

There should be 0 collisions on a switched, gig-e network.

Only reason to reboot should be pfSense version updates and hardware maintenance.

there are no fix-all solutions. you could check the E2guardian bounty. https://forum.pfsense.org/index.php?topic=87526.0

@LFCavalcanti: 3 - If you say security concerns for NAS in pfSense are BS, you clearly understand s** about security. You NEVER, EVER expose your files or any sensitive data for that matter, in the very OS that serves as Firewall between your network and the rest of the world. When your boss know what you do in bed, sensitive data last thing on your mind. Some people understand everything about security, some of those people understand it will be losing battle. If I'm getting paid for it then yes, for myself I could care less. It's always about getting things you don't need. It reminds me when I stop by a Mcdonalds few years back while on the road at night. I saw this very over weight woman, she couldn't even wait for her order to get done. She was eating it right at the counter, my other boss was like "OMG you don't need take other bite of that. Put it down!" Yes idea of firewall and NAS is not normal, but sometimes people do odd things. @jwt: Also:  "Woof!" Arf

@johnpoz: The current proxy the old helper/proxy could do NOTING with ftps..  The helper/proxy looks in the control channels and fixes the IP to be public, and opens ports if needed in the firewall for data channel.  When your control channel is encrypted… It is not possible for helper to see anything in the control channel to either change the IP to the public one vs private or know what ports to open via seeing the port command.. Why don't you just connect in passive mode.. You don't need anything special to connect in passive mode.. Since in passive mode the server tells you what port to connect too.. So unless you have restrictive outbound firewall rules that limit ports.. You can connect to any ftp ftps server using ssl/tls or not since there is no aspect of the data channel where the server is connecting to you..  Its all you connecting to the ftp server IP and ports. Thanks for the answer. Perhaps indeed a problem in the client. I'll check.

@tymanthius: EDIT: I added the Lan gateway as an upstream gateway to Opt1. Seemed to help for a min, then its gone. You know, I actually wanted the screenshots to check that you did NOT set that up. Completely broken idea. And yeah, sounds like dead HW to me.

If you are not routing traffic through pfsense, then there is really little reason for L3 mode on your cisco..

Thank you cmb! I will remember that, thats why it was not working :)

@tomli: Thank you for your suggestions. Would you mind teaching me how to set Active/Active or Active/passive in pfsense? No I can´t do so, sorry. I was using LAGs for a short time, but not together with pfSense, than I switched over to 10 GBit/s thats more efficient and more reliable and stable. In shorter words, there are two modes and one is using all lines of the aggregated line and the other modes is using only one line and if this line is full the next one will be begin to use. And they are also two different ways you can walk this road, one is automatic over the LACP with dynamic LAGs and the other is the manual way using static LAGs and you will be able to choose the method by your own to balance this out over more line at the same time. I was using even static LAGs, active/active and together with the "weighted round robin" method, to fill all lines constantly. So I was thinking if there is now something likes you were reporting likes port flapping or packet drops it would be perhaps the problem of the active/passive usage of the LAG.