Godt at se du er begyndt at bruge en ordentlig firewall Anders. ;)

just metioning ran into a similar  problem a yesterday days,, it seams the only way to get the work was to run setup wizard under system.  if you manually enter in  a gateways or any system  they are not registered properly.. the only way they register properly is once the wizard was used.. any changes manually could break and the only way to repair again was via the setup wizard this was the amd version ( it sure seems buggy that version)

best way I find that works  to control internet access ,  set your  lan to something like 172.16.0.1/23  or 172.16.0.1 /22 put dhcp on 172.16.0.0 /24 and  create  very restrictive  fire wall rules for within this ip range  then on range of 172.16.1.0  or higher leave it uncontrolled,  or create  a rule that leave out port 80  across the entire lan .  then create an alias  that enables port 80 for certain ips  with in those ranges  (you can just do it on a single ip range too  give the upper half dhcp and the lower half  static ( you can use captive portal for more restriction control  but it will also have to block  port 8000 as this is the port all port 80 get redirected through this way any one who logs on to your system with dhcp will automatically be assigned into a highly  controlled  internet. and to access fully they have to connect by static  ip and / or static arp  . those you wish not to be controlled so much  give them a static ip in the  172.16.1.0 range or higher .and create an alias for them that  open all the ports  or what form of access you want it  hard for them to  cheat the system easily  . since the only  way for them to actually access the internet  fully, is to use a static ip of one that already assigned to another computer. any other ip  will will have very restrictive  internet if you just want them to access gmail the best is  install mozilla thunder bird ( or any imap client)  on  go into gmail configuration  and enable imap. then simply  only allow ports 1-79 and 81 - 1000. do this on the  for the ip range of 172.16.0.1  .  this way they will be able to send receive emails. but will not be able to surf. ( for set up you need full access ( PORT 80)  TO SET UP IMAP SETTING AUTOMATICALLY  after that port 80 can be disabled again or enter setting in manually  .. but otherwise  you can do the same sort of thing  create alias that allows certian ips to have access to certain websites while at the same time enabling port 80 or the entire port range for those  particular ips if you do not want to use a subnetmask  you can  install a second network lan  and plug it into your switch  with a different ip that you use a completely different ip range on.  and that one you can use  static ip, do not enable dhcp on this card..  it the same difference  as above  just less can go wrong and it  a bit harder for someone to determine  the ip range in use and more so if you using different switches to separate the  allowed users and restricted users. otherwise like mentioned before with out doing it this way. the user could simple  give themselves a different ip    but because it is static Ip based  it makes surfing  or stealing  some else ip a real pain because most of the time nothing will work for accessing the internet. and if your hardware  switches /equipment  have some good  network  management  on them    they will lock out  any  duplicate ips right away as soon as the appear

@mohandshamada: SO IF MY LAN NETWORK IS LIKE THAT 192.168.1.0/23 AND MY SERVER IS IN THIS RANGE IS OK yes

Hello, I never installed it on pfSense, I used it once in Zentyal.

@jimp: I can't say I've seen that happen before on any one of the hundreds of boxes I've used. Did you do anything special with the keymap during or after the install? Do you have a system that is using a US or English locale to try from, or only ones using the Hungarian locale? I have another Hungarian Win7 system from which it woks well…

Throughput in Mbit/s is meaningless for a DoS of that type. You are worried with pps (packets per second). Tiny packets, especially tiny UDP packets, can be quite troublesome to forward in large quantities. Some tweaks here can help: http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards

pfSense_SMP.8:options    PPS_SYNC It's already there. Though you might need to disable pfSense's openntpd (/usr/local/sbin/ntpd) and use the FreeBSD version (/usr/sbin/ntpd) instead. Probably not that easy, but I know of at least one other person out there who attempted it, though I don't know the results.

Thank you very much.  I was able to find a good definition and I understand better now.  ;D

Does anyone have any ideas on this? I have a few customers that want this system setup for them and I do not want to do it without network discovery working correctly.

@jimp: PPPoE always gets a subnet mask of 255.255.255.255 Gateway doesn't really matter for PPP connections the way it does for others. Though I haven't seen it give out 0.0.0.0 before, it should be giving the "server address" value to the clients for their gateway. Does it actually work? I don't recall seeing any other complaints about the PPPoE server. excuse my english, i have the same problem, works ok with captive portal, but with pppoe server no default gateway asigned to the pppoe client (0.0.0.0). DNS Works OK indeed, ping to google.com resolves ok to IP address, but cannot reach or explore. NAT ok, Firewall Rule for PPPoE ok. Tested on 2 Pfsense Servers 2.0.1 Release. Need Help PD: maybe should i try the patch commented before?

I added a note to the wiki: http://doc.pfsense.org/index.php/Interface_Settings

That may be true for gstripe, but we do have gmirror support (even in the installer) Why would you want to stripe two disks on pfSense? That doesn't make a lot of sense, RAID 0 would only reduce your stability over time. It only helps to gain space by adding disks together to get a larger storage area. Not much use on a firewall (unless it's a separate non-boot volume for something like squid). gmirror makes sense as it gives you RAID 1 redundancy with two or more disks.

ok, thank You all for helping me!! really appreciate that ! now I understand it better …. Tom

I'd like a simple method for this as well. The best I have so far is to access DarkStat and then hosts. From there I just refresh to see what's doing the most bandwidth. From there it's tricky though, sometimes I can figure it out just from the device, but if it's my mac, I have to use something like Little Snitch to see what process/port is being naughty. If someone has a simple solution, I'm all ears.

IPv6 has no relation to the DHCP server. All that checkbox does is either add rules blocking all IPv6 or not add them. Neither way has any impact on anything with IPv4. Is the DHCP server running when it stops giving leases? Check Status>Services, and the system logs. The only time I've seen the DHCP server stop handing out leases is when it doesn't have any to hand out. It may be possible there is some missing input validation somewhere that lets you generate an invalid config file that stops dhcpd, which would be in the logs, but that would have to be something atypical you're doing.