That's all feasible. It's not exactly something where someone can write out what you should do in a post, it'd take dozens of pages to explain. Read http://pfsense.org/book for the best source of in-depth instructions. Lot of other info on doc.pfsense.org and elsewhere too.

Thanks for the reply Steve After some thought i came to the conclusion that if i set a rule for torrents and Youtube that it will really only affect the port that is requesting the data. The rest of the network would not really notice it. (i assume) Leaving WAN access unmetered, i can update and download on 9 machines before latency surpasses 65ms. I am quite happy with that but i want to see if controlling bandwidth in a more granular manner can put that back down into the 40's or less.

That for the answer, I wasn't aware of the options you could use with it. Pressing 1 makes it show the same output with the GW field I was seeing. As for someone pressing it on the keyboard, I'm the only one here and had been nowhere near the keyboard for a couple days prior to when I noticed it. I'm so used to seeing it I'm sure I would have noticed it before then if that's how it had been since I originally brought up the screen. That's obviously what caused it though. Thanks again.

Got it ! Thanks anyway. I had the box pointing at itself

I FOUND THE PROBLEM!  ;D It actually has to do with the captive portal. I had to add to and from rules in the allowed IP addresses list. I already had added the server's MAC to the MAC Pass-Through list, and thought that was all I needed to do, but I was wrong. Now that I have added the IP address of the server to the "allowed IP addresses" list in Captive Portal section it is working as it should be. Thank you guys for helping me troubleshoot. :)  You all have been quite helpful!

following code does the trick require_once("config.inc"); require_once("functions.inc"); require_once("filter.inc"); require_once("shaper.inc"); require_once("ipsec.inc"); require_once("vpn.inc"); /* invalidate interface cache */ get_interface_arr(true); $retval = 0;                 $retval = filter_configure();                 clear_subsystem_dirty('filter');                 pfSense_handle_custom_code("/usr/local/pkg/firewall_rules/apply");                 echo "The settings have been applied. The firewall rules are now reloading in the background. ";

That command tells FreeBSD to remount an already mounted slice. It is telling you that it isn't already mounted. Which is bad, /cf should be mounted. It looks like this thread: http://forum.pfsense.org/index.php/topic,56506.0.html What does your output from the CLI 'mount' command look like? Steve

Depending on the OS you use on these additional PCs you might be able to configure them to use VLANs directly. –> The PCs would communicate via tagged frames only. Of course this only works if they aren't dynamically comming and going and aren't managed by you.

yeah Chrome isn't playing nicely with thttpd for some reason. I don't see any config options related to that in thttpd. Anyone know how to fix that? We use it because that server serves the bogon updates and it scales awesomely well for huge scale file downloads where Apache was a real headache. I'll look at it more at some point when time permits.

OK, I'll try it. thanks

apparently there's something else, probably in the firewall. I have an IPSEC lan2lan vpn to another office, traffic from the other end to pfsense work, while the other way around just for UDP/ICMP packets. http doesn't work either!

The problem is solved by the provider. They have set the LAN interface on 100 / Full duplex.

See my notes here for updated info on working with the UML290: http://forum.pfsense.org/index.php/topic,56696.0.html

Ah, interesting. I read that more as a figure of speech than a defined connection method. As in simply not one of the static IPs. However I could be mistaken. He was not using a fibre connection though so it could easily be different. I was not aware that BT offered a dhcp assigned service for broadband at any time. Some LLU ISPs did though. I've been caught out by that before. Steve

With Siproxd you set it to look at a particular port. Ive only been able to get 5060 to work here. But then to the provider it looks like your natted device has a public IP. But looks like you got it working.    :)

@neteffectcafe: Yes i am canning Rogers as its throttled all to hell with pings hovering at 400 if ANYONE hits P2P, including game updates that use p2p. And at about 4 or 5 it slows down when all the local kids come home. i am surrounded by buildings which are probably over sold. The bell line is fine unless the up load breaks 500k, then it also goes haywire and hits 400 to 500 ping and throttles. I am hoping for 16/16 FTTN which they swear is unthrottled and has no caps. We will see. if worse comes to worse i will get someone who knows far more than I to come in and implement MLPPP when i am forced to switch to Teksavvy. You are going to need some systems side work to help reduce the load. Most free to play (account based) games do not actually need to be updated the normal way.  You can usually bypass the updating process by updating only one client and replicating the game directory on the other computers. Certain games may store the versioning information in the registry key, export this together with the copy process and manually import the key on the other computers if need be. Some tools that can make your life better are Nircmd, Autoit (simple but powerful scripting language), batch files, Robocopy & Task scheduler. What I used to do was to implement a schedule to load a custom written program (in Autoit) on startup.  The program tests for the existence of certain flag files (an empty txt file with specific name in certain directories).  Upon encountering the files, it will take certain actions.  eg. Import a reg file in a certain directory. Since AutoIT can be compiled into an exe without any UI, the process cannot be closed normally by the customers like a batch/ cmd file. This basically allows me to copy & paste the updated game folder & reg file onto the other computers and insert a txt file marker at the same time.  Rebooting the computer will then import the reg key automatically and there won't be a need to update the client, thus, reducing the internet bandwidth usage. If your computer naming convention is done properly, you can use a batch script to automate the copy process. This is an example script I used in the early parts (subsequently changed it to allow parameters to be parsed and added more variables to allow the script to become a universal template): I had my computers with names in sequential order.  eg.  PC01, PC02…..PC34, PC35 If you want to reuse this, you will need a similar way of connecting to the computer by name or IP (change the share path variable into IP address octets instead) @ECHO OFF SET STARTRG=1 SET ENDRG=30 SET SRCDIR="c:\program files\game dir" SET DSTDIR=\game dir SET LOGDIR=C:\TEMP\ SET LOGFILE=GAME_Log.Log SET LOGPATH=%%LOGDIR%%LOGFILE SET OPTS=/MIR /COPY:DAT /DCOPY:T /NFL /NDL /NP /R:3 /W:10 IF NOT EXIST %%LOGDIR MKDIR %%LOGDIR for /L %%x in (%%STARTRG,1,%%ENDRG) DO ( if %%x LSS 10 ( ECHO Copying to PC0%%x... if %%x equ %%STARTRG ( robocopy /LOG:%%LOGPATH %%OPTS %%SRCDIR "\\pc0%%x%%DSTDIR" ) else ( robocopy /LOG+:%%LOGPATH %%OPTS %%SRCDIR "\\pc0%%x%%DSTDIR" ) ) else ( ECHO Copying to PC%%x... robocopy /LOG+:%%LOGPATH %%OPTS %%SRCDIR "\\pc%%x%%DSTDIR" ) ) pause