@stephenw10: This post maybe relevant: http://forum.pfsense.org/index.php/topic,35414.0.html It looks as though it isn't configurable.  :( Though that is an old post. Steve The post is old but the content is actual. Probably no changes in 2.1

Good.  I had to allow a small piece of the 172 block through so I ginned up a modified block-RFC1918 rule.  I guess I needn't have bothered but I feel better about it anyway.  Thanks.

ok that sounds something like i can worth with however my 1st option was a mikrotik router and i am sooo struggling with it. it doesnt like having multiple gateways or rather i am not figuring out how to do it. about having pfsense. it would be a bit tough cause i'd have to dedicate a full x86 machine to put at the location for this task. and since pfsense cant be ported to mikrotik hardware …

@Siteview: Configured the interfaces LAN and WLAN; added a bridge and interface. I noticed the bridge having two interfaces in 'learning' state; I've never seen it switch to the forward state. I also tried forcing the interfaces to be edge ports, so they can enter “forwarding” state immediately — even if STP is somehow activated on that bridge. This didn't worked, as well as implicitly turning STP on and off. But if you look into the logs (not so long after updating interface / bridge configuration), you will probably see a line like this:``` kernel: bridge0: error setting interface capabilities on {one_of_bridged_interfaces}

That shows the config is indeed applied, it's configured that way, but the NIC refuses to use it for some reason. Not the first time I've seen that on a Realtek NIC, it's not very common, but some of those NICs cannot have their speed and duplex forced. The config setting applies, and the NIC refuses to use it. That's what you're seeing there. Is what you're plugged into really forced to 100 full? Best to always use autonegotiation if that's an option.

Thank you, yes I do have 2 nameservers defined for each WAN connection in System - General.  So 4 DNS servers total.  It should work when WAN1 is down but I am not at the location to test by yanking a cable etc.  Is there a way to temporarily "down" an interface via SSH or GUI to test this?

Thank you It worked

You're welcome.  :) If you're still worried about heat then mbmon will probably work on that age of box. There are quite a few references on the forum. Steve

Thanks, the screenshots look good. The earlier replies suggested you were mapping pfSense WAN directly to the NIC (not a pppoe interface) and you didn't say you changed that.

You need to better define "freezes up the Internet connection", what exactly happens? Can't open new connections but the existing ones work fine? Can you ping the firewall, its WAN IP, its WAN default gateway, Google, …? Torrent problems aren't common, they're far less common here than with your typical Linksys because they can't handle large numbers of connections generally. If you have settings in your torrent client that let it go crazy with creating large numbers of connections, you may be maxing out your state table. You can check that on the front page of the web interface, and in the RRD graphs, and can increase it under System>Advanced.

How do you know it's not connecting? Try going to Diagnostics: Ping: and running a test on each WAN interface. Steve

ok, thank You very much ! Tom

ok, thank You very much ! Tom

Depends on traffic rate in pps not Mbps, and the hardware you have. That sounds roughly normal depending on specifics.

That last capture is much different, more like what you showed in the text output, which shows the behavior varies. Why isn't clear. What the last one shows is your client sends the SYN to open the connection, it gets a SYN ACK in response, and then it RSTs the connection. In more plain English, basically your client starts the TCP connection, the 10.0.0.50 device responds back for the next step of the handshake, and then your client says "no, close that connection". Then your client sits there for 3 seconds and repeats the exact same process. After that, it sits there for 6 seconds and repeats again. The order is as described, but the timing is such that I seriously doubt the client gets the SYN ACK before it sends back the RST. There is around a half ms between the SYN ACK and RST, which is far too short of a window for the client to have gotten the SYN ACK, so it seems more like the client sends then SYN, and about 10 ms later, sends the RST. The two retries have 1 ms between the SYN and RST. I have no idea why your client would be behaving that way, but that's the issue. Firing up Wireshark on the host itself, in the capture options put in a filter for "host 10.0.0.50" on the OpenVPN interface, and see what you get at that point would be my next troubleshooting step.

Sorry I edited while you were typing! I'll read your other thread. Steve

you can't do that. installing packages locks things and you can't load other pages, you have to wait for the install to finish.