@woodie03: How to create bandwidth allocation per IP? Start here: Firewall: Traffic Shaper: Wizards Choose "Single Lan multi Wan" (or whichever is appropriateto your topology.) Quick how to: http://pfsensesetup.com/qos-management-using-the-traffic-shaper-wizard/ Online documentation: https://doc.pfsense.org/index.php/Traffic_Shaping_Guide Full documentation ("The Book"): http://pfsense.org/book <– I recommend this highly. @woodie03: How to iliminate idle connection? For Captive Portal? Services: Captiveportal: Zones: Idle timeout https://doc.pfsense.org/smiller/Captive_Portal.htm

I just tried your config and it's working fine for me. First, I created a Target category named 'Google' and filled it with your domain/IP list and set its description to 'Test WL'. Next, I created a custom Group ACL so that I could test without screwing up access for my users.  I called my group "Test".  The group has only my IP address in it.  For Target Rules, I have Test WL [Google] on top set to Whitelist, and my Default access [all] set to Deny. Redirect mode is Ext URL redirect (enter URL) and Redirect is http://www.mycompany.com. When you make your changes, SquidGuard has a little weirdness that makes you go back to the General tab, click Save and then click Apply.  If you don't do this, your changes won't be acted on and nothing will work as you expected. Now when I go to any URL that isn't in your list, I get my company page.  When I go to any of your URLs, they work perfectly.

@MMacD: Yes, it's console output.  '#' most recently. I've used a number of different kvm's and seen them fail a lot of different ways (and more frequently then anticipated). I would suspect the cable first, then the kvm. Temporarily substituting a standard monitor and keyboard in their place would isolate that possibility. Also, if it turns out to be the board, you could try a different USB port for the keyboard input (or swap a USB for the PS2 if it's OG).

So not too good as a room heater then. You need a rack of overclocked Netburst Xeons.  :P Seriously though. pfSense has great traffic shaping/limiting features: https://doc.pfsense.org/index.php/Traffic_Shaping_Guide Using Squid as a 'web accelerator' is unlikely to make much difference if you only have a few machines. Steve

Though that answer was provided only scraping bits of info from various sources. I have no actual knowledge of the project to back that up.  ;) Steve

Two possibilities come to mind. First I would verify that there are no speed/duplexity mismatches anywhere when the pfSense box is in the loop. For simplicity I would take out the switch for testing: laptop –> pfSense --> Modem Check Status: Interfaces under media to see what duplexity pfSense is using on it's interfaces. For the remaining devices (Modem, switch, and laptop) you may have to resort to their indicator lights to verify speed & duplexity. If that all checks out, then I would watch the CPU during the download to see if it's at 100%. Status: RRD Graphs: System: Processor If that all checks out, then I would probably trying a local test to what the pfSense does locally. Something like: laptop --> pfSense --> desktop

@Koenig: @iamkrillin: I ended up changing net.inet.ip.fastforwarding to 1, its under system tunables, this seemed to fix it right up.  no cron job required. I'll give this a try. Thank you! Unfortunately it didn't work for me… I have a TV-server (DVB-T2) on my LAN-side, wich streams TV to the clients on the LAN, and I want to be able to watch TV with clients connected through an OpenVPN-tunnel, but I can't get it to work for more than a few minutes. Anyone who could be nice and patient enough to explain to me how I should set this up?

The only new thing I run now (compared to old versions) is Unbound. My complete package list: pfBlocker snort squid Unbound

Well, looks like both physical USB ports are in UHCI-mode (USB 1.1) that's why the 12Mbps up/down limit….. Nope, it's connected to USB 2.0 ugen4.2: <huawei mobile="" huawei="" technologies=""> at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON</huawei> But still the speeds are about 12Mbps down / 15Mbps up

Hmm, not really sure here. If you look in the main system logs do you see any apinger entries at the same time? It could be the gateway doesn't respond to pings causing apinger to mark it as down. Steve

The information available via SNMP depends on what SNMP modules you have enabled and what they are capable of. You can get a list by checking out the SNMP service page on your pfsense. Below is what I currently have. I think probably some of the things you want via SNMP may not be monitored/available without something third party. The traffic graph shows what IP the generated traffic is coming from. I am not sure where it is looking or with what at the moment but you could have a look at where its getting its data from. After  you can figure out how it could be piped via SNMP SNMP Modules MibII Netgraph PF Host Resources (Requires MibII) UCD Regex

Where are you putting this rule - why would you not put the rule on the vlan interface?  And the source would be that vlans network. Why do you think you need to create an alias to contain all your vlans?  To allow them to access the internet? Can you post pictures of your rules.

Nothing to do with rc.conf gets touched, you can't manually configure lagg or anything else in rc.conf (with or without .local). WAN can't be deleted. If you want to use its NIC for something else, assign WAN to a different NIC. Or make up a non-existent VLAN if you don't have a spare NIC.

You skipped the important part - what about the fxp sysctls Steve asked about? Usually such timeouts are a bad NIC, or a poorly-seated NIC, or on occasion with some systems where the NIC is sharing an IRQ with something else and that something else somehow messes up the NIC.

Somehow using the php/develper shell? Or via similar commands? The issue maybe that the password is held as a hash in the config file so you can't operate on it directly like you can with other settings in the file. https://doc.pfsense.org/index.php/Using_the_PHP_pfSense_Shell Steve

@txadmin: Regression 2.1 RC0 -> 2.1.3: Firewall logs don't show names of rules That is an option in the system log settings. They can be configured to show as their own column, their own row, or not at all. Your old snapshot may have been before it was moved to its own option. @txadmin: Bug: Reject rules show up in the logs with the red "block" symbol That's how pf logs them, nothing we can do about that. @txadmin: Feature request: Make the firewall log rule names consistent We are doing this on 2.2 each rule is getting its own tracking ID that won't change. This is already done in 2.2 and should be working now.

Does this issue still exist? If you don't use limiter due to the IPV6 issue, how do you ensure fair bandwidth use by users when only using HFSC traffic shaper?

First create an alias of the internal IP address in firewall aliases ie 192.168.1.10 -> Johns PC Second create an alias of the website you want to allow / block add a rule  [ABOVE the allow all to all rule] ,  to LAN or OPT1 or however your internal LAN config is in pfsense and you are done… P.S i use aliases so i can have a clear view of what device goes where.. its easier to understand applied firewall rules if its  "Allow Johns PC to Google" or "Block Johns PC to Google"  than "Allow 192.168.1.10 to                    173.194.113.39           173.194.113.32           173.194.113.38           173.194.113.36           173.194.113.35           173.194.113.46           173.194.113.41           173.194.113.37           173.194.113.40           173.194.113.34