@MAHDTech: I know I'm a bit late to the party and apologies if this has been discussed, I have searched, but I was just reading this blog post https://blog.pfsense.org/?p=1588 and had a couple of questions as it seems pfsense is going from strength to strength. Why the choice of Intel DPDK over something like netmap or dna -> does DPDK perform better? what about the license for DPDK, I thought there was certain things only accessible with purchase of a premium license? I like the mention of moving to a model closer to crochet, would that potentially make it easy to get pfSense on ARM or MIPS64 as well as AMD64? Bootstrap + Python FTW! I believe your question was answered in a later blog. In https://blog.pfsense.org/?p=1866 it seems like pfsense 3.x is leaning more towards netmap or even a combination of both. Back in February, I wrote a blog post that discussed our plans for pfSense software version 2.3, which is now in alpha, and our plans for pfSense 3.0.  While I promoted DPDK then, we’ve since found that netmap provides a simpler API, and substantially better safety, as the device drivers remain in the kernel, rather than running in userspace with DPDK.  Still, DPDK provides a set of libraries, such as longest-prefix match, which uses a variation of the DIR-24-8 algorithm for routing lookups, which we should find useful in our pursuit of the ultimate open source software router. Carlos

Is this possible with one installation of pfSense? Of course.  This is a very common use scenario.  Firewall with local servers on LAN port-forwarded, or 1:1 NAT.

As said: Please verify DNS The question is very known on the forum. The answer also. It's a DNS setup issue. It boils down to : (pfsense) DNS serves your attached client, but can't use (its own) the DNS itself. edit: when it works, test by upgrading to 2.2.5  :)

Check out another thing: how many people on earth speak natively Portuguese. You will be surprised.

John's suggestion of using VPN is certainly always a good choice. However, to answer your original question- YES pfSense can do this. You need to go to Firewall > Aliases, and create a new alias for your allow list. Add your no-ip FQDN e.g. foobar.no-ip.com and save it. Now in your firewall rules, create an allow rule that passes traffic on your WAN interface(s) and set the 'source' to the name of your alias which should auto-complete when you start typing. Save and you should basically be good to go. The default refresh time for the firewall to update your dynamic IP is 300 seconds. You can adjust this up or down as needed by filling in a value for 'Aliases Hostnames Resolve Interval' on the System > Advanced > Firewall page. HTH!

What was your System Activity like during those super slow transfers? Where you getting a large number of interrupts and high kernel CPU? Even when I'm doing 70k-pps, I'm still around 150 interrupts per second. Intel i350-T2 is sweet.

That depends on your requirements.  High loss is fine if you don't notice it  ;D  However, if it is causing an impact then you need to isolate the problem.  For example, how stable is the route between you and the VPN provider's endpoint that you connect to?  A tunneled connection won't improve line quality, so if you're getting loss or high latency when pinging then that's a problem. You have a local web server that you want to present to the Internet?  I don't know how your VPN figures into it.  Create a port-forward for the web server and a firewall rule on WAN to allow the traffic. https://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting https://doc.pfsense.org/index.php/Category:NAT 3)  Sorry, I don't know much about Squid in a multi-WAN configuration. 4)  What you want sounds like policy routing https://doc.pfsense.org/index.php/What_is_policy_routing

It's shitty router by ISP it can't show realtime usage. Even windows reporting 200mb/s +…..... [image: h1LDBCW.png] So how it's possible, im getting some turbo boost speeds, but in other test's im getting what i pay for. What is that?

Nah scrub that, the server is free all the apps which are otherwise free elswhere are charged. I sort of get it, but to install the few things I want would be £80 or more. Might as well stick with windows.

@jahonix: @sfernan: That simple? That simple! With the benefit of different HW just install the full version and import the config. You may assign the new NICs to your config before importing or do so on the new HW. I find it a bit easier with a text editor before importing when you use VLANs on top of your hardware interfaces. Other than that it's straight forward. Thank you guys.  Worked as mentioned above.

@akieni: True, it was a memory limitation…. I did not know that the ip allocation would use that much resources from my server... Thanks 16mil IPs times ( 4 bytes per IP plus 12 bytes per MAC address) is 256MiB. That is not including any other overhead like padding, time stamps, etc.

There should be 0 collisions on a switched, gig-e network.

Only reason to reboot should be pfSense version updates and hardware maintenance.

there are no fix-all solutions. you could check the E2guardian bounty. https://forum.pfsense.org/index.php?topic=87526.0

@LFCavalcanti: 3 - If you say security concerns for NAS in pfSense are BS, you clearly understand s** about security. You NEVER, EVER expose your files or any sensitive data for that matter, in the very OS that serves as Firewall between your network and the rest of the world. When your boss know what you do in bed, sensitive data last thing on your mind. Some people understand everything about security, some of those people understand it will be losing battle. If I'm getting paid for it then yes, for myself I could care less. It's always about getting things you don't need. It reminds me when I stop by a Mcdonalds few years back while on the road at night. I saw this very over weight woman, she couldn't even wait for her order to get done. She was eating it right at the counter, my other boss was like "OMG you don't need take other bite of that. Put it down!" Yes idea of firewall and NAS is not normal, but sometimes people do odd things. @jwt: Also:  "Woof!" Arf

@johnpoz: The current proxy the old helper/proxy could do NOTING with ftps..  The helper/proxy looks in the control channels and fixes the IP to be public, and opens ports if needed in the firewall for data channel.  When your control channel is encrypted… It is not possible for helper to see anything in the control channel to either change the IP to the public one vs private or know what ports to open via seeing the port command.. Why don't you just connect in passive mode.. You don't need anything special to connect in passive mode.. Since in passive mode the server tells you what port to connect too.. So unless you have restrictive outbound firewall rules that limit ports.. You can connect to any ftp ftps server using ssl/tls or not since there is no aspect of the data channel where the server is connecting to you..  Its all you connecting to the ftp server IP and ports. Thanks for the answer. Perhaps indeed a problem in the client. I'll check.

@tymanthius: EDIT: I added the Lan gateway as an upstream gateway to Opt1. Seemed to help for a min, then its gone. You know, I actually wanted the screenshots to check that you did NOT set that up. Completely broken idea. And yeah, sounds like dead HW to me.

If you are not routing traffic through pfsense, then there is really little reason for L3 mode on your cisco..