It was actually a good question….  But your subject line stunk. You'll really find it helpful for you and those that follow when your subject lines have real meaning or at least contextual meaning...  not "NooB Question".  You're "NooB Question" would be a great opening line in the message body. I still keep a Linksys e4200 with the latest, tested DD-WRT beta from Seb (physically) sitting at my network entry as a backup for my pfSense box.  Sometimes I throw it online to confirm network issues are in my configuration - It can be a real sanity check.  You'll find pfSense and its packages are so much more powerful but for testing connectivity, DD-WRT just works. Rick

Thank you so much for your reply Harvy66. I just connect my linux computer to WAN port and window laptop to LAN port and did an iperf test again, just as you said with a lightly larger window size -w 128k I could easily reach 950+Mbps with less than 10% CPU usage and around 30% interrupt, and the best I could achieve between pfsense and computers on either WAN/LAN port was still around 500 Mbps with high CPU usage, no matter how large the tcp window I chose. Also I just thought if pfsense could achieve gigabit between WAN and LAN, it doesn't seem to be reasonable to say it could not achieve similar throughput between LAN and LAN. I ran iperf again with 128k window size and this time it could reach 800~900 Mbps even with all the LAN ports bridged together. I could not on earth remember how I was not able to reach this speed with the same window size this afternoon, perhaps I in fact forgot to test LAN<–>LAN with different window size as I naively assumed LAN<-->LAN should be definitely slower than LAN<-->Pfsense so no need for further test >:(. Your explanation about user space and kernel space of routing/iperf makes a lot of sense. Now I am confident that if I move to a place with gigabit fiber connection this pfsense box surely won't be the bottleneck. Thank you again  :D

I think the correct answer is that pfSense is not your normal home router software. It doesn't act as a server, allowing you to access data from a USB flash drive or hard drive over your network. Security-minded individuals realize that ANY server running on an internet-connected firewall is a potential security risk, and thus the functionality you're looking for is not included with pfSense "out of the box". Whether someone has packaged up Samba so that you can do what you're asking about, I don't know.

Another screenshot of the system logs not showing the 2000 entries. Why did the screen shot from the first post get removed? [image: systemlog4.jpg] [image: systemlog4.jpg_thumb]

@Foxi352: Can i choose what source address / interface PFS uses for it's own outgoing traffic ? You can use outbound NAT therefor. Firewall > NAT > Outbound By default it is set to "Automatic outbound NAT rule generation".  Check "Manual Outbound NAT rule generation" and click save. Then edit the rule WAN  127.0.0.0/8 * * * WAN address 1024:65535 NO Auto created rule for localhost to WAN  and change the Translation to LAN address. If the routing for LAN network works correctly pfSense should get its responds well this way.

blood eagle viking style I'm afraid to put that into google. :/

@doktornotor: It notifies you just fine when the IP changes. Not really sure why would you like to be notified when nothing changed. It does notify me when my ip changes?  How does it notify me?  I have notification setup via email in the webgui, do ip changes automatically send me an email by default?

This is what is in my advance box, I'm pretty sure you are right though, it is probably something in here: remote-cert-tls server;comp-lzo no;verb 4;explicit-exit-notify 5;key-direction 1;auth SHA1;keysize 256;key-method 2;tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA; I just updated to 60 internet today, clearing all my logs and see what I get, pretty sure it will be the exact same.  Nice though, going through the tunnel I get 60, outside the tunnel 70.

Yeah I see that now. Thanks. I changed it to em0 and it complained so I changed it to WAN and lost LAN connectivity to it completely after applying. I will go by there tomorrow and restart it. Thanks again.

Thank you, will do as you suggested. Today is a working day, should schedule for further testing  :o

so it seems its very serious product. are there any case studies about it ? and deployement scenarios where one could read them to get more insight into it ? i need to understand it more .. maybe i might recomend it at some point if asked by someone.. i am following on this forum and wiki and general internet though . .

was it working earlier ? with which device? if it was working with pfsense and your pfsense is wokring on another ppoe then the ntu might be the culprit .. have you tried to ask them to change the port on ntu ? also can you try connecting the cable to any pc (windows ?) and configure ppoe and try connecting if it works ? if it was working on another device and nwo you introduced pfsense then you should give mac spoofing a try..

i have adsl modem running in bridge mode.. ppoe is configured on ddwrt. after some reading i found that my packets wont fragment if payload is set to 1464 bytes so add 28 bytes to it my max and optimum mtu is 1492.

Folks, problem solved – after update the issue disappeared. Hope this helps you, too. Cheers, Cyberax. :)

Determine if apinger is detecting and marking the interface down. Maybe try increasing the apinger down threshold.  Or disable apinger to see if that helps.

Suggest starting a new thread for this non related topic. Edit / Update: Oh I see you did that already. @shuhdonk: Thanks all for the help and suggestions, I appreciate it.  I have another non related issue. How do I determine why occasionally lose internet connection for just a brief moment a few times a day since putting this pfsense box up, no issues at all with my connection before the pfserver.  What should I look into to see if anythings shows up anywhere?  I assume logs, but which logs, how?  what am I looking for? thanks again!

I'm not sure what you accomplished Heper?  Are you saying pass all https traffic Wan 1 or 2, not balanced? If not, different tier relative to what, the load balance tier 1?  I have the same issue.  I first plopped a Lan pass rule putting all https on Wan2 just above the loadbalance catchall (Wan1+2) at the bottom. Problem is Netflix is on https so the balance becomes very imbalanced. Another issue is dynamic "per ip" rate limiting. I limit, on the loadbalance rule, with values just below the aggregate of Wan1+2 both having an equal provision. However, load balance is never equal and gets more unbalanced when sticky connections are applied so the modem buffer gets hit on occasion increasing latency during high load.  I can't figure out a way to apply separate limiters on each Wan and still load balance both Wan's.