Thanks for the responses. Unfortunately it is a Lenovo desktop and they've locked the BIOS down heavily, so I can't alter most of the ACPI and power settings. I tried to boot with ACPI disabled (An option from PFsense, not the BIOS), but the system will hang during boot then. I guess it isn't going to work :-( Thanks for the help.

so – is this the machine your having problems with your port forwards on?  So you do have more than 1 interface, and your prob forwarding out the wrong one that your .3 box is connected too??

Set HDD cache size to 0. I think this is described below the option if I remember correct. Further you can set the minimum and maximum file size for files to be cached on HDD. So in theory you could increase the minimum file size to lets say 4MB so it will only cache some bigger files on HDD and not the many little 10kb webpage pictures. But I am not an expert on such a big squid cache environment.

@mlrabbitt: Thanks guys.  I looked into doing this through Xen and VirtualBox since both do PCI passthrough without VT-d.  Xen I found way too complicated to use as my linux skills are pretty basic and VirtualBox I found had poor performance and some incompatibility issues.  I ended up just buying a VT-d CPU since my mobo already supported VT-d.  I'm going to use either XCP or ESXi now and pass through the NIC to my BSD vm and pass through the tuner card to my Linux vm. (insert big thumbs-up emoticon here)

Set up an openvpn server at you home/office/datacenter where you have the possibility to open ports. then use you pfsense as a openvpn client to create a tunnel between remote-location & home/office/datacenter

no re occurance since uninstalling ntop previous cycle solution was to uninstall bandwithd so it's something to do with bandwith management packages together with our configuration. hope this helps someone :-) and thank you all for your assistance

Reinstalled pfsense 2.0.1 and retored config from backup and all works again, thanks for the post cmb.

No reason to feel stupid ;) It's not that usual that an access point allows client separation.

I haven't managed to break anything password related yet hence I've not had to look into it!  ::) Sorry. Steve

@frbaratieri: I've tried everything. You are probably overstating the case. Have you checked the server log for an explanation? Have you checked the pfSense log file for relevant events (e.g. LINK DOWN/UP) around the time the file transfer failed? You don't seem to have yet provided strong evidence that pfSense is related to this.

I have found a better solution for this problem, using squid instead of firewall rule. I did get success using firewall rules but I have to include every google and youtube ips I found in arin, not an ideal solution for me. Now I have set squid to use gateway of the vpn and firefox add on foxyproxy only to use the proxy for youtube and it works without a hitch :) Here is how i do it if anyone needs to know add this rule to floating rules interface : vpn interface direction : out protocol : tcp/udp source : any destination : any destination port : squid port gateway : vpn gateway in proxy server general setting interface : lan and loopback custom option : tcp_outgoing_address 127.0.0.1; and you are good to go, set your browser to use the proxy and every traffic to the proxy will go through vpn gateway I didnt make this soution but found it here in this forum, it is the same setting with proxy for multi wan.

I don't have a single box that won't soft shutdown by pressing the power button. So I can verify it does work though I don't run nano anything.

That's not possible yet. I'm hoping in 2.2 to extend the notifications system to include capabilities like that, but that feature doesn't currently exist.

Will open a new thread in Virtualization section on pfsense freezing frequently.

they're directly translated into pf with those names and pf doesn't allow characters we don't allow.

;D Excellent The combination of both of your answers solved my issue, thank you both for your time and effort, i was close with the static routes but i was looking at it the wrong way, and i had no idea about that default LAN rule. Once again Thank you For any one else in the future that stumbles on this issue here is my configuration [image: firewallh.png] [image: staticroutes.png]

Ah, it was the BandwidthD plugin. I had that on the old box though. Strange…

Ahh right sorry. Yea makes sense to be honest, just going into auto mode myself when I do things like this with my server. Thanks for the tip!

I have never used any Ubiquity hardware but a quick look through the manual shows that it seems pretty well thought out and almost specifically designed for your situation.  :) It looks as though your can run multiple SSIDs on each AP (virtual APs) and each SSID can be set to use different VLAN IDs and authentication. So you need to set your APs to run a parallel wifi network with a different SSID and VLAN tag. Set the authentication on the new network to just the WPA2 so your cameras don't have to deal with login. Setup a new interface in pfSense, as you've already done, with the VLAN tag. Now apply firewall rules as appropriate. If you run into the tagged/non-tagged traffic problem you can always set your guest wifi network to use VLAN tagging as well and have two VLAN interfaces on LAN1 such that all traffic becomes tagged. Steve