it is crazy. At the morning, rrd catches some data…. [image: status_rrd_graph_img.png] [image: status_rrd_graph_img.png_thumb]

Finally, I got it work. My network is behind pfsense and untangle where untangle act as bridge. I did some research on untangle forum and the problem was the antivirus. Untangle scan every single file that I downloaded through IDM. Because of that scanning process, it prohibit me to have multiple connection. What I did, I just simply turned off the antivirus and now I get no problem with my IDM. Thanks for your answer guys, I really appreciate it.

If you had non-functional DNS on the host and tried doing those lookups at that point, at times PHP has a nasty habit of hanging onto failed responses and refusing to issue new queries. Running 'killall php' at the console should resolve, or at worst, reboot.

The RRD traffic graphs are generated from PF counters. If you're not filtering on bridge member interfaces, rather only the bridge itself, the graphs of the member interfaces will be blank because there is no data for them.

For Windows you can use the shutdown.exe tool that was on IIRC the Win2K resource kit and is freely downloadable from MS. It also works with all newer versions of Windows. You could also pkg_add samba on the firewall and use a "net rpc" command to power down from there. Probably easier to do it from a Windows server if you have one with shutdown.exe.

after doing some further research i found out that the wrong password attemps happen near the time of the periodic reset. manual reconnects do not cause this behaviour. i will now try to capture a periodic rest with wireshark.

arnoldg, personally i think the only real secure way to do this is using VPN.  Follow the instructions on this video and it will work nicely.  This is the video that i used way back when i set mine up, works a charm: http://www.youtube.com/watch?v=odjviG-KDq8

Killing from the console/ssh is fine if it's going nuts. I've seen rate do that before myself, but not in a repeatable way. The usual way I see it is if I click on the traffic graph page accidentally and then navigate away from it really fast, but even that's not perfectly repeatable.

@miles267: Thanks - that worked.  Is a pass phrase necessary for the key? Well, technically it's not required, but it's a good practice security-wise to keep keys password protected. If you do a lot of logins/logouts throughout the day, then you could use Pagent (in case of putty).

macraig you can see in console or system.log Watchdog timeouts on network interfaces ? I have a similar problem using Intel PRO 1000 MT Dual port PCI after minutes system hang

Stephen, thanks SO much for your patience and help.  In the end, I was able to restore libgcrypt from the FreeBSD archive site and install the appropriate version of freeipmi.  This restored both my bmc-watchdog functionality as well as added the ipmi-sensors function.  I too was able to add the IPMI Sensor entry to pfsense Diagnostics drop-down so I can access from within the web UI.  Much appreciated.

I have just tried this and It works, thanks to everyone who contributed. I set this up on my BT UK service. I have a business account and have used the supplied username and password they email when you sign up. I think the following is default for domestic installs on BT, homehub@btinternet.com as the username and no password (set to 1234). I should add this is a FTTC install and I replaced the BThub3 with my pfsense box

remember that some ISP's block ports under 1024 to "SCREW" their customers …. Fixed that for ya!    ;D

On my LAN all nodes have public, fixed IP addresses, so as far as each computer's built-in firewall and/or the pfSense box allows, each one can access any other one regardless where it's located by a fixed IP address or FQDN. This of course falls apart, as soon as a machine leaves the LAN, and that I try to prevent. The one big thing that the Internet still has that's rather outdated is the geo-IP stuff, when in fact global roaming of any given IP address should be possible (just like a moble phone can be anywhere in the world and still be reachable by the same number). So the goal is, to destroy the geo-location dependence of in practice a few, conceptually of all, my computers' IP addresses while retaining the ability to reach all of them by the same fixed IP address from any public network, regardless where they are located. I'd like to end up with a logical environment that's largely independent from the physical location. e.g. an rsync script shouldn't have to know where a computer is. It should only need to know its public IP address and/or FQDN, and start working, as long as the host is reachable (if the laptop is sleeping in an airplane, it won't be reachable, but it shouldn't matter if it's set up in a hotel in Nairobi, a coffee shop half a mail away from the office, or in orbit on a space station: if there's internet connectivity, it should be reachable by the same address and FQDN. Due to the boneheadedness of Verizon, I was already forced to virtualize my entire LAN by routing the public IP addresses over a VPN link to where I am, which means theoretically I could go traveling around the world with the entire LAN, IP addresses and FQDN's remaining invariant. So now I'd like to extend that concept to individual machines. Bridging would be just fine, if somehow I could filter the broadcast traffic… On a fast internet connection, the amount of broadcast traffic wouldn't be an issue, because there are not that many machines involved, and the net is generally fairly quiet, but traveling one doesn't always have a fast connection, and then broadcast traffic can quickly get deadly... (think GPRS link to the internet...)

Thank you for the reply! I'll see what I can do from the GUI then. Regards, Nick

seriously… i am a dumbass so... I will go sort that out... thanks a lot

You'll need to assign one of the VLANs as LAN, assign an IP to it, and then do the config from there in the web interface. There isn't a way to assign a gateway at the console.

Obviously doing this you could easily break something etc etc.  ::) Edit the file: /usr/local/pkg/lcdproc.inc Towards the end of the file the rc script is generated. Change the line $start .= "\t/usr/bin/nice -20 /usr/local/bin/php -f /usr/local/pkg/lcdproc_client.php &\n"; to $start .= "\t/usr/bin/nice -20 /usr/local//bin/lcdproc C T U &\n"; Change C T U for whatever screens you want. Re-sync the package or reboot the box. Steve

@cmb: Just use an external AP, you can generally place it in a more optimal location for coverage that way, and the cost is generally no different. The thing is I need it to be a mini switch, as well.  But the good news is I found this nice used appliance, with everything preloaded for $70.  It should be a fine pfBlocker box, and I can use use my wireless router to do the rest. So I'm a happy camper.  :)  Thanks!