dear, please can you more specific where to add"::" at line 125

@porcomaster: Hi guys I just purchased an h81i-plus, Pentium g3285 and 8 GB ram for a FreeNAS machine, but after some advice, I decided to buy a better suit hardware to my FreeNAS machine with ECC and hookers, but I do have now a real nice hardware at hands that I could just sell it and lose some money or transform it to a router, my router is already on its end of the lifespan , I know that this CPU would be too overkill, and it will consume a lot more power than a router, but it looks better than sell it, my actual router is a wdr4300, and it's already my third router with OpenWRT, my questions are, pfsense is a good choice for this? , H81i-plus just have one LAN card and one pcix16, so how is the best option to connect to my FreeNAS machine?  (I may buy a switch, for this one,  I do have an IPTV at home too) Which wifi card do you guys would recommend me? it's any wifi card that would be able to do 2,4 and 5 GHz? any advice? regardless I do ask sorry for any grammar mistake as I am not a native speaker, and I do ask sorry if this information is at any place, it's hard to find information about this matter I would think of your new hardware not as overkill, but as headroom. Pfsense can be configured as anything from a simple no frills router, up to a full fledged UTM type device providing deep security and a wide range of services. Naturally, the resources to power that activity scale up as well. Concur with stan re wifi. If you do on board, you take on the limitations of whatever the upstream FreeBSD sources provide, and no use case for that springs to mind. I use Cisco AP's myself, as we were already using them at work when I took us off the Cisco routing path and moved to pfsense. If you haven't purchased a switch yet- you may want to consider the Cisco 300 small biz series. They cost a bit more than I would like, and rarely hit the used market at much under retail, but they are a supported switch for PacketFence should you choose to go that route. Quad port nics are widely available on the secondary market for less than you'd pay for a new single port. You can do everything with a single nic and vlans, but it can make your brain hurt at times. 3G/4G is another story - if you have a need for out of band remote management, on board can be a good option, as the external devices aren't all that great - but you need to check the HCL carefully.

Glad you got it figured out. Probably some mangled data in one or more RRD files leftover from the power outage.

If this can help I found out that each time there is a degradation in the connection on the system logs there are this lines: Jul  9 17:12:59 magneton check_reload_status: updating dyndns WAN_PPPOE Jul  9 17:12:59 magneton check_reload_status: Restarting ipsec tunnels Jul  9 17:12:59 magneton check_reload_status: Restarting OpenVPN tunnels/interfaces Jul  9 17:12:59 magneton check_reload_status: Reloading filter Not sure if it is a consequence or cause – edit: BTW: I do not have any ipsec tunnel defined ...

@dennypage: To my knowledge, there isn't a way to do this directly with pfSense. However, you might be able to use an external agent to collect and store the data. Something like a Zabbix or other SNMP based monitor. Yeah you'll need something like that, since as Denny noted, RRD doesn't have all the fine-grained long term data.

…something to do with DNS. I will be combing through all my DNS settings in great detail within the next few days. In the meantime, a quick fix was to set my pc DNS to 8.8.8.8 as a band-aid. The source of my problem has been pin pointed and temped until further resolution. Thanks for the suggestions earlier...

@virgiliomi: I'm pretty sure that ntopng has this capability I don't think so: https://github.com/ntop/ntopng/issues/150

Have you put this rule to the top of the ruleset?

setting vswitch on esxi just allows it to pass tagged traffic..  You still have to setup the vlans you want on pfsense and your switch and your AP.. "my vm router connects into the wan port on my pfsense box" Huh??  Can you draw up your network..

Dude if your wifi are getting IPs 192.168.2 and your pfsense is 192.168.1 then its not an AP.. To use any old wifi router as just AP its very very simple..  Thought I already went over it.. Disable its dhcp server, give it an IP on your network for for example in your case 192.168.1.?  and connect it to your network via LAN port on the old wifi router… There you go that is now an AP.. What your doing I have no idea but if your saying wifi clients are on 192.168.2 then its NATTING or routing if not natting and you put in a route on pfsense to this 192.168.2 network either way its for sure not an AP.. Lets forget wifi for a minute and get your 2 wired devices working..  So again going to ask what is the WAN Ip of pfsense?? is it rfc1918 or public?? Lets connect your 2 machines to your switch.. What IPs do they get?  Can they ping pfsense lan IP?  Can they resolve outside stuff?  say ping www.google.com do they return an IP address for that?  What is it?  Or use nslookup.. so for example here is my machine. > ipconfig /all Windows IP Configuration   Host Name . . . . . . . . . . . . : i5-win   Primary Dns Suffix  . . . . . . . :   Node Type . . . . . . . . . . . . : Hybrid   IP Routing Enabled. . . . . . . . : No   WINS Proxy Enabled. . . . . . . . : No   DNS Suffix Search List. . . . . . : local.lan Ethernet adapter Local:   Connection-specific DNS Suffix  . : local.lan   Description . . . . . . . . . . . : Broadcom NetLink (TM) Gigabit Ethernet   Physical Address. . . . . . . . . : 18-03-73-B1-0D-D3   DHCP Enabled. . . . . . . . . . . : Yes   Autoconfiguration Enabled . . . . : Yes   IPv4 Address. . . . . . . . . . . : 192.168.9.100(Preferred)   Subnet Mask . . . . . . . . . . . : 255.255.255.0   Lease Obtained. . . . . . . . . . : Thursday, July 7, 2016 6:20:34 AM   Lease Expires . . . . . . . . . . : Monday, July 11, 2016 6:20:32 AM   Default Gateway . . . . . . . . . : 192.168.9.253   DHCP Server . . . . . . . . . . . : 192.168.9.253   DNS Servers . . . . . . . . . . . : 192.168.9.253   NetBIOS over Tcpip. . . . . . . . : Enabled > ping www.google.com Pinging www.google.com [172.217.4.100] with 32 bytes of data: Reply from 172.217.4.100: bytes=32 time=11ms TTL=54 Reply from 172.217.4.100: bytes=32 time=15ms TTL=54 > nslookup www.google.com Server:  pfSense.local.lan Address:  192.168.9.253 Non-authoritative answer: Name:    www.google.com Addresses:  2607:f8b0:4009:800::2004           172.217.4.100 if they can both ping pfsense lan IP 192.168.1.1 and can resolve.. Then what is not working on the internet?  As to disable ipv6 on pfsense..  Set ipv6 to NONE on both your wan and lan.. And then go into setting advanced networking.  If your going to do that I would sugget you disable it on the client as well.  Notice how mine had no ipv6 on it..  But I can turn it on very quickly if I want it..    But for sure for your troubleshooting lets take it to basics 2 machines using ipv4 wired.. [image: turnoffivp6.jpg] [image: turnoffivp6.jpg_thumb] [image: ipv6.jpg] [image: ipv6.jpg_thumb]

setup up a host override in pfsense for server.whatever.tld your local domain is then you will be able to access http://server.whatever.tld that is if your nas uses http.  If your trying to just access a file share via unc you could still do \server.whatever.tld For example I access my storage server via \storage.local.lan [image: fqdn.jpg] [image: fqdn.jpg_thumb]

Could it be an errant .pid file that makes it think that there is a lock when there isn't really one?

No, you cannot get a report using captive portal usernames. There is no way to reliably map the IP addresses to a username over time, and it isn't logged since squid and captive portal do not directly interact. If you want to use it that way, force the users to put in proxy settings (or use WPAD, etc) and use squid authentication instead of captive portal.

That's probably just a bit rate mismatch in the config. After the boot prompt the console is being set to a different rate. The BIOS on the APU is 115200,8,n,1. pfSense (FreeBSD) is probably set to 9600 in the config. If you set your serial console to 9600 you will likely get incorrect output during POST but after that it should be sane. When you get your system up go into System > Advanced and set the serial speed to match the BIOS (115200).

I certainly wouldn't suggest a floating rule for what is presented as a very basic single interface/direction firewall case. Just my $.02