There appear to be some issues with reflecting any UDP services. I've been working on a patch to help the situation, but it's too soon to tell if that would fix the issue you are seeing. Split DNS is the better way to go for DNS issues, but it if there is a bug in the code somewhere, fixing it would also help in the long run with other UDP services.

no … i wouldnot to disable squid since it's have solved just ... how to prevent ultrasurf utility ? because that access by ip address ... any idea ...

There are no automated ways to do that (that I'm aware of). What you'll need to do is make a note of the existing rules and port forwards, and the business reasons behind those rules, and then recreate them in pfSense.

Thanks so much!

A /24 would mean that you have .1 - .254 addresses to use yourself from the subnet (.0 and .255 reserved). If you have only 6 addresses then you probably have a /29 but it looks like your setup may not be a standard one. I second what submicron says, ask your ISP for details.

Did you restart Squid after you cleared it's cache by hand?  If you didn't then all the cache files are still open and therefore still using disk space.

Provide the logs of MPD about this.

Thank you for the reply. I don't have load balancing enabled, only failover. Do I have to update?

Update: I bought a new ADSL2+ modem (a Netcomm NB6 modem/router, configured in full-bridge mode, i.e. used as a modem only), and substituted it for the Draytek Vigor 2600Plus. What a contrast!  The complete pfSense PPPoE connection and login sequence was successfully completed in under 6 seconds - everything first time.  The "power on" to "internet available" time was less than 45 seconds.  Now that's more like it. :) I think that proves beyond reasonable doubt that there's nothing wrong with the pfSense PPPoE client and that my problems were 100% related to interference from the Draytek's PPPoE pass-through mode.

Still seems like it's overheating or power related since both boxes are doing the same in the exact same location, but works fine else where. Voltage drop or spike maybe not enough for the ups to kick in. Can you raise the tolerances on the ups to kick on battery if there is any power spikes or drops. Some UPS's won't trip on battery until well below 90 volts.

You have 4 packages including one of the most resource intensive ones installed on an embedded box with barely the required memory for pfSense itself.  Enough said.

All of these questions have been answered in more detail if you search the forum. The hardware you have described should be plenty powerful.  Search the forum for more on hardware sizing, try the hardware forum. I would replace your current router and have the pfsense box be your only NAT and firewall.  Will simplify things. Almost any network card will do, but see the HCL on www.pfsense.org and know that Intel cards are the best, and Realtek cards are the worst.

Yes.  However doing that in a virtual host doesn't give you isolation - just take a look at the security advisories that VMWare (and others) issue.  Virtualisation doesn't add security, it adds another very complex piece of software with it's own vulnerabilities to the mix, reducing security.  Better to use multiple real hosts, or one single host with many interfaces.