Ha, nice.  :) Steve

Happened across my own answer.  PfTop, Rules view.

Was there ever a solution discovered for this? I'm seeing the same thing on my firewall running 2.1-RC1 (i386) (built on Wed Aug 28 16:55:08 EDT 2013) Is there code somewhere that forces the system to log if the IP options checkbox is checked under the advanced options on my IGMP rules?

@ilumos: My two thoughts with using VLANs are that 1) I'm not sure if cheaper wireless hardware can deal with VLANs and 2) every subscriber would need a VLAN capable switch to untag the packet (is there a cheap way to do this?) Whereas PPPoE can traverse wifi, can it not? Look at the "airMax" Ubiquiti products line… you can get info/help about the wireless part of your project at his forum http://community.ubnt.com/

@stephenw10: Edit: @jimp: VLAN MACs follow the MAC of their parent interface. That is the default behaviour. The web GUI allows specification of MAC address on VLAN interfaces. I have a recollection that in some contexts the configured MAC address for a pfSense VLAN interface wasn't propagated to the hardware. (I can't remember the context - a virtualised environment? a 'feature' of specific hardware?) Bridge interface MAC address seems to get propagated to the hardware.

Yes though you would not want to remove the existing command, but run it also (should be OK to put a ; and then your command after the one there already)

Ok…sorry for the delay in getting back...school starting has kept me very busy... I have considered VPN and even tried to implement it but had zero luck with that. I'm not sure why, it was several weeks ago now. I know that opening multiports for RDP is not the best solution, but it seemed like one that I could make work, at least for now. I would love to get VPN up and going but I'm not sure my Firewall/VPN skills are up to it. If someone could point me to a beginners guide to VPN, espeically if it was specifically related to setting it up on pfSense, I would really appreciate it. I am under the gun timewise for getting this working...so that students can have remote access. Regards, riversr54

If someone will find this topic I've got one remark. Initializing the monitor mode in 'separate lines' (like in the post above) didn't work for me. I had to do it in one line with: ifconfig wlan create wlandev ath0 wlanmode monitor ifconfig wlan1 up Interface options for reference: wlan1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500         ether 00:80:48:64:63:57         inet6 fe80::280:48ff:fe64:6357%wlan1 prefixlen 64 scopeid 0xb         nd6 options=43 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <monitor>         status: running         ssid "" channel 11 (2462 MHz 11g) bssid 00:80:48:64:63:57         regdomain ETSI country NL ecm authmode OPEN privacy OFF txpower 30         scanvalid 60 protmode OFF wme burst</monitor></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast>

$ file /usr/local/lib/libiconv.so.3 /usr/local/lib/libiconv.so.3: ELF 32-bit LSB shared object, Intel 80386, version 1 (FreeBSD), dynamically linked, not stripped Sounds like you should reinstall.

Yup – more hassle than any possible benefit that is for sure.  Your printer support jumbo?  All your switches, do the devices even agree upon the same jumbo size.  From what I can tell the makers of the nics and drivers come up with their versions of what the actual size is.. So nic X might not be same as nic Y in computer Z. Do you really see benefit in the majority of the traffic, dns queries, your gets for your websites.  If you look at the types of traffic that flows around your network - where do they make sense.. Unless all you were doing is moving LARGE amounts of data all day long I juts don't see the point of them.  Shoot many office networks and homes are like 50% or more wireless these days anyway. My cheap nics can do 800+ Mbps over the wire at 1500 mtu..  Bottleneck is the drives in moving the data normally, so what performance boost would using jumbo get me?

Thanks for the reply. I actually figured out a workaround … I created another 1:1 NAT rule with OpenVPN as the interface.  Otherwise the rule is the same for the 1:1 NAT rule that sends public traffic to the private IP. NB: for OpenVPN clients who do not use the "send all traffic over the VPN" option, accessing the public IP is no problem, but for clients who DO send all their traffic over the VPN, this is necessary to connect to public IPs.  In a few critical scripts which we share with our customers the public hostname/IP is configured, so staff who might use those scripts from a hotel/airport/conference while tunneling all traffic to the firewall make this configuration requisite.

@compy: I clicked over to the "Traffic" tab after Steam downloaded 13.6GB of new games (Thanks humble bundle!), and none of the WAN numbers were even close to this. I'm guessing I'm either looking at the wrong graph, or just missing something. The traffic RRD graphs show bandwidth consumed (bits per second). Its not clear to me how you compared "bits per second" with bytes and determined they "weren't even close". The attached traffic RRD graph from my system shows (mostly) 2Mbps download for about 24 hours on Friday and Saturday. 24 hours of 2Mbps gives a a bit under 22GB which is probably "close enough" for a download of a 17GB file (and possibly other files as well). Is it possible you downloaded compressed data and the report showed uncompressed data? [image: status_rrd_graph_img.png] [image: status_rrd_graph_img.png_thumb]

Seems highly unlikely to be honest. What theme are you running?  What version did you install exactly? 32 or 64 bit? What browser are you using?

You actually do want all those things, you just want an add-on module that creates them all for you for that one simple use scenareo you described.  Alas…  I'm no dev.

@stephenw10: I presume at that point the console is completely non-responsive, it's not possible to login? It doesn't matter what shell the admin user is set to run if you can't login as admin. Yeah, the shell is correct, I just wanted to check whether toggling the GUI checkbox does actually does something or not… Sounds like completely different problem. Rather then hunting for gremlins, a quick reinstall and backup restore should sort it out if it worked before.

Here's what I finally did on my setup: I created a subinterface (VLAN interface) with a "random" VLAN ID on one of my physical interfaces and assigned a /32 to it. It can basically be used the same way as a loopback can, but the benefit is that you can assign it and use it in menu selections such as GRE tunnel source in my case.

Fixed! Changed: Interfaces : Wan Static IP config: changed the  "/1" to "/24" I hope this helps someone!

Using VMs you are effectively using the same NIC/driver combination for every case but I guess that includes pfSense. Interesting that m0n0wall shows less latency. It's based on FreeBSD 8.2 last time I checked. pfSense 2.0.x is build on 8.1 and 2.1RC on 8.3 so all different versions. You could try an older pfSense, 1.2.3 was built on FreeBSD 7.3 (I think). It can only support one PPPoE session though so limited. You could try PC-BSD which is easy to setup. Various versions built on various FreeBSD versions are available. I agree though that testing a VM of FreeBSD 8.3 is probably the best test you could do. I've no idea how to setup a PPPoE session directly in FreeBSD though.  ::) Steve

This works perfectly. FYI, anyone who is doing this, you must disable any previous NAT & firewall rules for 443 aside from the OpenVPN 443 rule. So far so good, all exchange services are working. (Exchange 2013*)