I would like to see a "proper" solution.  Single IP monitoring is causing us no end of issues.  Gateways being marked as down, but really the monitor IP has dissapeared, or ICMP is blocked but real world taffic tcp/udp is flowing perfectly. My concept would include many IP's and have some weighted rules.  Something like www.policyd-weight.org comes to mind. This would allow a list of say 20 IP's to monitor and allow for x number to be down and some marked as higher "number value" than others, then only mark the gateway as down if the sum of these values is below y.  Could even use the same IPs for many gateways and if one ip down on one gateway the IP can be checked against another gateway. I have no development skills, but would be willing to test and give feedback. –Paul

If you could get me a backup of your config, that would definitely help. Can PM it to me here, or email to cmb at pfsense dot org, or email me to arrange other means of transfer. I don't see a means of replicating from that, so that should help.

Great, thanks! I'll try this next time I have a network maintenance window (aka the gf isn't home and won't mind the Internet being out) and I'll post back if I get any good results!

It just occurred to me that I had a traffic shaper enabled, specifically CODELQ. I tried to delete those queues, but after applying changes I lost all connectivity with the box. I used the console to restore to a point before I delete and then restarted the box. After I got control back I deleted it again, and this time they are gone and the box is still running. I repeated the CIFS test and the performance problem seems to have been resolved. But now the question turns to why would the traffic shaper do that?

So I received a 6620L and tethering does not work by default: Anyone know if a a compiled driver will work? ugen1.3: <mifi 6620l="" novatel="" wireless="">at usbus1, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (500mA) bLength = 0x0012   bDescriptorType = 0x0001   bcdUSB = 0x0201   bDeviceClass = 0x0002   bDeviceSubClass = 0x0006   bDeviceProtocol = 0x0000   bMaxPacketSize0 = 0x0040   idVendor = 0x1410   idProduct = 0xb00c   bcdDevice = 0x0228   iManufacturer = 0x0001  <novatel wireless="">iProduct = 0x0002  <mifi 6620l="">iSerialNumber = 0x0003  <0123456789ABCDEF>   bNumConfigurations = 0x0002</mifi></novatel></mifi>

Ok just sent message to all of them in same format to: emailaddress subject: test message to emailaddress This is test message per thread on pfsense forum about strange email getting added to messages. Let me know what you get..

@doktornotor: Do NOT put gateways on your LAN! It's even written in the GUI! That did the trick thanks !

I have a small/home network. So with raspberry pi is enough just for collecting logs. But, I'm thinking in mount a virtual server (proxmox) and I could use a virtual machine for logs. Also I would like to install in that virtual server: kali linux, honeypots, web servers, etc. I have to start saving!  :) Thanks.

What? Yeah have lots of dc in multiple customers I support.. Not one of them has public internet talking to them for dns..  If they even suggested such I would think they are on drugs..  If you want to use MS to host dns - sure go for it.. But not your AD dns using the same domain for sure.. You still have the problem that you only have 1.. same freaking IP, that your registrar even let you do that is beyond me.. Fixing your DNS is priority one.. Your name delegation is completely borked no matter what you want to use to host it, etc..  FIX YOUR DNS!!!  I have already told you what is wrong with it.  First step is at your registrar - having actually 2 different dns serves that should NOT be on the same network that is for sure..  If you set on hosting your own public dns off your connection and off your DC ok.. But get s secondary somewhere else. If you do not know anything about dns - then get someone in your org that does.. Hire some one if need be..

Thanks for the response. I ran /etc/rc.conf_mount_rw via SSH - it returned successfully very fast. I then ran /etc/rc.conf_mount_ro - it took a few seconds, then also completed successfully (both commands verified by looking at the output from "mount") After the filesystem was mounted read only - I ran fsck -y /cf - and it produced the following result: ** /dev/ufs/cf ** Last Mounted on /cf ** Phase 1 - Check Blocks and Sizes ** Phase 2 - Check Pathnames ** Phase 3 - Check Connectivity ** Phase 4 - Check Reference Counts ** Phase 5 - Check Cyl groups 33 files, 8520 used, 92535 free (39 frags, 11562 blocks, 0.0% fragmentation) ***** FILE SYSTEM IS CLEAN *****

You could block all outbound traffic from the offenders, then when they complain you remind them of the policy they are violating and you'll unblock when they stop violating.

Well you should not be natting between 2 lan segments.. So you checked the arp table and pfsense arp table showed correct for the machine you were putting the .40 address on?  Could the .40 ping pfsense interface? I have never had to reboot pfsense because something wasn't working, I have had to clear states for a specific connection sometimes when trying to block something when there was a state already.  Only time had to reboot pfsense was when updating it. So your connections to pfsense from this .40 box is just to switch and then pfsense interface on same switch.  Your just doing dumb switch or do you have vlans setup, etc. etc.

Ah dang,  yep didnt catch that…...thanks for pointing it out!

I use the pfSense box to run captive portal and a seperate vlan for wireless network.  I also use it just to monitor bandwidth and get stats.  I want to keep the Comcast box as the lans main dhcp server/gateway for now.  That will change down the road but at the moment I'm not ready to make that switch.

@pfcode: But they are tied to the Month (e.g. September_15), which isn't what I want,  aren't they? No, they are not (also, read the notes there) - it's just the GUI calendar being completely confusing