So far so good :) looks like it's fixed in 2.1. wonder what it was in 2.0.2 that was causing disconnect, does anyone know?

Moved to vmware and lan problems are gone, but now the same thing is happening for wan (basically there are a lot of retransmitions/dup acks in tcp connections), lowering mtu/mss does not help.

On the surface this sounds like a network design issue or possible hardware related.  We're here to help, so state your issue and provide details, so we help you identify a possible config issue, subnetting issue, flaw in network design, hardware issue or bug in the software. Honestly, if you have your network deployed "properly"… DNS, DHCP, WAP's, etc should all be handled outside of the firewall anyway... I do not think PFsense is your issue. There are people here who have dedicated years of their time to provide you with a solid product for FREE, so less ranting... it just inflames the community. Clearly defined goals, issues, details and a map of your network posted in the proper forum is the way to go... the dev's and the community will be happy to help.

Yeah I phrased that badly, I meant to say…. Powerd is disabled by default so unless you have enabled it yourself it won't be running. Enabling it will not provide any significant power savings (or even measurable) because the desktop Atom CPUs don't support speedstep. That doesn't mean it won't effect performance though as it will still attempt to use cpu throttling. See this for why that's not much use. Steve

Update: This seems to have been related to some component of the hardware I was using. I migrated my config over to a dedicated appliance (a Twitter box from TranquilNet with an Atom processor, Intel NICs and a 4GB CF card) and my RRD graphs are now gap-free. I'm still not sure which component was the root of the problem, so apologies if you happen upon this thread hoping to find the culprit. If you do, post the hardware you're using and maybe we can narrow it down.

@stephenw10: Hmm, well your situation seems to be slightly bizzare. Presumably the monitoring software wants to see an 'everything is fine' report coming back from every IP it can see otherwise it starts sounding alerts. By inserting an additional NATing router between you and the central server it will only see one IP lease so you can have several machines (or VMs) reporting back. However I would have thought any half decent monitoring agent would be able to detect it's behind NAT and report that. It looks like you are fighting your IT department on this which is generally not a good thing!  ;) What exactly are they asking you to do? Presumably there are plenty of other bits of equipment on the network that cannot run the monitoring agent, printers wifi access points etc. This is above my pay grade to be honest.  :) Steve snicker You think it's bizarre :) The goal is to protect the legacy hardware yet still provide networking capability.  In some sense, how we get there doesn't matter- but upgrading the machines it is attached to (by say, going modern) isn't an option. It's not so much as a fight as disagreement in what is needed.

Thanks for that link, exactly what I was looking for. I should have thought of searching the phrase "double slash"! It's not that I thought double slashes were a problem; it's that I didn't know what it meant, and thought it might be something significant.

@wallabybob: @sirdir: But to be honest, I think something has to be wrong in the algorithm of pfsense. I have set it now to fire an alarm after 60 probes, so how can I get an alarm every second? It might be necessary to restart apinger to get it to notice the change in configuration. Anyway, I still think something is wrong. My wireless link is completely dead now, so how can I get 20 messages a minute stating the link is removed from a routing group if it is down and stays down?

My ISP has given me a new block of ip addresses to isolate the computers connected to the router by giving them each a different public ip address which should put them all onto a different network but still going through one common gateway. I'm going to use the old firewall to monitor the connections from the other pc's connected direct to the router to see if one of them might have something on it which can interfere with the two routers handing out dhcp ip addresses as this seems to be the stumbling block.

If your ISP is routing your public IP space to the /32 on the WAN, then you only need to disable NAT for the DMZ network. It sounds like you still have automatic outbound NAT on or still have the auto created rules. Switch outbound NAT to manual. It should create a default set of rules. Remove any rule that includes the DMZ subnet. Setup FW rules to allow traffic from WAN to DMZ. Do the same with your LAN (to allow access into the DMZ). You do not need 1:1 NAT or port forward to a routed set of public IP addresses.

Nacht, Thx a lot. Will do so. I've a 2.1 beta running on one of my schools. Only thing I have is slow internet connection when SQUID and SQUIDguard are activated. But I'll repost that issue within the correct sub. Kind regards, Me

@pmiccich: LAN 2 & LAN 3 unfortunately dont have internet connectivity… and they cant connect to each other, which is something i REEEEALY need By default, only the pfSense LAN interface has firewall rules allowing access "anywhere else". You need to add firewall rules to those interfaces to allow the access you require.

ok, see i didn't know what to think, i have always had problems with java, seems whenever it's on my computer i can expect it to have problems, but lately i have been playing minecraft so it's kind of necessary. I'm also on youtube a lot, in the meantime i think ill just bypass HAVP if it's not going to harm my computer (theoretically), i was just wondering if it wasn't someone tampering with the download.

You can easily achieve a fail-over scenario between two WAN connections using a single instance of pfSense installed on your box. You can load balance the two connections as well if you want. Depending on the speed of the connections and the spec of your hardware you may want to install pfSense as a single VM anyway because you can then use the hardware for running additional VMs. This does reduce security (potentially) but given your lack of access to hardware might be the most efficient way to use it. Do you intend to run any packages on pfSense, Squid Snort etc? What is the full spec of your box? Steve

@Klaws: I prefer regular APs instead of built-in WiFi cards. No driver issues, no need to buy outdated hardware. And you gain the flexibility to put the pfSense box at a convinient location while the AP goes to the optimum position for RF coverage. I agree with those listed advantages for external APs but I have found the pfSense reporting and troubleshooting facilities far superior to those on any commodity AP that I have encountered.

You can just copy the last good config from /cf/conf/backups/ to /cf/conf/config.xml and reboot.

I tried the WiFi option in pfSense as well and I had to give up at the end (I posted about it in the wireless section). I came to the conclusion that the hardware that works well with FreeBSD 8.3 in AP mode is very limited and hard to find at best. I could spend hours trying to find the right ath based card on ebay or just spend $90 for a proper AP and be done with it.