Generally where you have IPv6 enabled, but have it set to block all IPv6 under System>Advanced, Firewall/NAT.

Thanks @heper. @jahonix these are special events, definitely not day to day use.  THe bandwidth hog is an intranet serving video  from an internal Wowza server.

@gokorn: Eveything works OK now. I did manually import settings for squid proxy.. I just have one question. Is this normal in services I have duplicates one is Squid reverse proxy and the other is Reverse proxy. Both menus show the same configuration. had the same issue, settings needed to be configured manually. but so far everything works fine .

It's probably worth posting a link to your findings in Redmine #2859. The code in question is in the interface_configure() function of /etc/inc.interfaces.inc (around line 2907):         $mac = get_interface_mac($realhwif);         /*         * Don't try to reapply the spoofed MAC if it's already applied.         * When ifconfig link is used, it cycles the interface down/up, which triggers         * the interface config again, which attempts to spoof the MAC again,         * which cycles the link again...         */         if ($wancfg['spoofmac'] && ($wancfg['spoofmac'] != $mac)) {                 mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) .                         " link " . escapeshellarg($wancfg['spoofmac']));         }  else {                 if ($mac == "ff:ff:ff:ff:ff:ff") {                         /*  this is not a valid mac address.  generate a                         *  temporary mac address so the machine can get online.                         */                         echo gettext("Generating new MAC address.");                         $random_mac = generate_random_mac_address();                         mwexec("/sbin/ifconfig " . escapeshellarg($realhwif) .                                 " link " . escapeshellarg($random_mac));                         $wancfg['spoofmac'] = $random_mac;                         write_config();                         file_notice("MAC Address altered", sprintf(gettext('The INVALID MAC address (ff:ff:ff:ff:ff:ff) on interface %1$s has been automatically replaced with %2$s'), $realif, $random_mac), "Interfaces");                 }         } The thought occurs that replacing $realhwif (and the one seemingly incorrect occurrence of $realif) with $interface_to_check throughout that block of code might make the behaviour more correct - act on the interface itself except in the case of PPPoE, where you need to be acting on the parent interface.

I'm thinking just buy/build a cheap pfsense box so he can restart it to his heart's delight while I'm not home. Probably the best solution suggested so far. You might even find with a properly configured pfSense box as your main router, you're not restarting the router all the time to get your internet back. At minimum you should be able to figure out why you need to restart ( and maybe solve it….)

THANK YOU!!!

@divsys: Did you ever bring that up to the latest release (2.2.5)? Well worth the effort and would get you on a solid footing for troubleshooting (if required at all). Yes, I did that before I swapped the hardware.  Still had the kernel crashes and watchdog nonsense until I swapped the chassis.  Now the only remaining symptom is the LAN hotplug event (and my android clients for OpenVPN quit working).

I think the issue is fully understood and resolved, BlueKobold. BT Broadband and BT Infinity require PPP authentication, but this is merely to pass a domain to the BRAS to identify which RADIUS servers should be used for authentication. The password can be anything, as BT Broadband and Infinity authenticate based on the circuit ID inserted by the DSLAM's PPP Intermediate Agent. Chris had set the password to a single space but because pfSense doesn't enclose the password in "", mpd5 ignored the set auth password line in /var/etc/mpd_wan.conf and went looking for the password in a non-existent /var/etc/mpd_secret file. The resolution was to set a password that consisted of something other than white space.

As i am planning pfSense in transparent using IPv6, snort, captive portal i wonder if they can be configured in transparent mode? pfSense can be run in the transparent mode Squid can be run in the transparent mode Snort must be run in the transparent mode (only as I am informed I don´t use it)

Thanks for the suggestions guys. I've been dealing with this crash report for weeks now. I've already tried the latest version but had bad luck on implementing squid + squid guard. It seems that if I'm using the latest version which is 2.2.5, only https websites are accessible if transparent proxy is enabled. I'm also suspecting this is a hardware issue cause I'm using an old P4 machine with 512x2 ddr1 ram and 80gb of hard drive dedicated to pfsense. I'll try once agaain the latest version if this crash will disappear. Also, is there anyway to know if my processor supports 64bit version without opening the case. Like CPU-Z on windows. Thank you.

I don't know if I ll give you a right answer but as I know, there is other router before the server. I have one switch before the server because I need 2 entry for 2 telephones. As I know, the pfSense is installed on a FreeBSD system.

@pinuccio29: We have installed in a hall a  mini PCs with Linux, which hosts a website in HTLM, connected via RJ45 to a router, to give the opportunity to visitors with their mobile phones or tablet after beings connected to WIFI (free and without internet) of consult. To day must type the address http: //192.168.xx that corresponds to the index page of the localwebsite, it is possiple to automatically direct (in  first request on the browser) all traffic to the index page …? The current router: Linksys WRT54GL (firmware dd-wtr) THANKS IN ADVANCE for a simple solution .... Oops, missed this bit sorry!

"wireshark and portsniffers" require "proximity".  In order to capture packets (wireshark) of what is coming out of  your WAN port, he'd need to know the assigned IP address.  If you are behind a cable modem, he'd need to know the IP address assigned to it.  Depending on the infrastructure of your ISP, he may not be able to get to it.  Port sniffers, pretty much the same thing. Is it possible that he also installed something on equipment in your home network to provide access/data?  Yes, that's the way malware/virus/ransomware do a lot of things. Sending logs elsewhere:  Yes, it's possible. The default pfSense install is: Everything originating from LAN side is allowed out WAN Everything originating from WAN side is blocked UNLESS it is a response to LAN traffic. The second point only matters if you are running a service you want accessible from the public internet (web server, ftp server, etc). A simple thing to do would be to post screenshots of the rules that are configured on your WAN, LAN interfaces, any floating rules.  A list of installed packages would also help. If he's busting chops to make sure you learn and understand that's good, just don't let trust overrule common sense.

This worked, thank you!! No clue what was wrong here. -flo-

For future reference, the Cache/Proxy forum is dedicated to Squid, squidguard and other proxy stuff like this.

One possibility would be to enhance the RRD Summary package to be more real time (you'd have to use the minute by minute data for the past hour) and add a feature to tear down an interface once the limit has been reached. There is no 'off the shelf' functionality in pfSense to limit usage of an interface.

remember to enable trim