The DGS-3100 has a slightly more complex VLAN setup, hence, the exact steps are as follows if you want to allow all LAN ports access to the Switch configuration (in this instance, you would use a computer on Ports 2-32 or 43-47 to access the switch management): Go to L2 -> Asymmetric VLAN and enable it. Go to L2 Features > Forward & Filtering >DLF Filtering Mode: Select All (check the box), Select Forward all DLF packets. Apply. Go to L2 -> 802.1Q VLAN: Edit Default VLAN (VID 1). Select Ports 1 & 33-42 as non-members. Select Ports 2-32, 43-47 as untagged. Click Apply. Click on the Add/ Edit VLAN tab. Add a new VLAN with VID = 2, Name = LAN. Select Port 1 as Tagged. Select Ports 2-32 as Untagged. Select Ports 33-48 as Non-member. Click Apply. Click on the Add/ Edit VLAN tab. Add a new VLAN with VID = 3, Name = Freeswitch. Select Port 1 as Tagged. Select Ports 33-42 as Untagged. Select Ports 2-32, 43-48 as Non-Member. Click Apply. Click on the Add/ Edit VLAN tab. Add a new VLAN with VID = 4, Name = Wifi. Select Port 1 as Tagged. Select Port 48 as Untagged. Select Ports 2-47 as Non-Member. Click Apply.

You MUST reboot your FW and all be "recognized"  ( you will be able to choose the database in FusinPBX menu )

He means set source ports to all and set destination to 127.0.0.1. However I fail to see how that could possibly work.  ::) If you research Ultra Surf at all you will find it's very difficult to block. It's specifically designed to bypass firewalls and filters. Steve

Had a recurrence of this just now, with NAT outbound rules that all specify source addresses. Trying one variable at a time here (oh, I did change the Ethernet cable for good measure). Next is swapping the LAN interface to re2 on this card.

I use only openvpn by myself but i have configured also pptp & l2tp vpn's for testing I haven't done a thing with ipsec on these three vpn's

@wallabybob: I don't think /var/log/dmesg.boot is a general FreeBSD facility - perhaps it is specific to pfSense. It is indeed, /var/run/dmesg.boot contains the dmesg buffer just after the boot even in a FreeBSD system. There is another reason why dmesg could not be right command for finding disks: dmesg shows the kernel buffer message, so if the kernel is long lived and has outputted several messages, dmesg has scrolled and disk information is lost. Other commands that will work are: atacontrol list for ata devices and camcontrol devlist for scsi, usb devices.

There might be a solution using a pfSense package doing what we want after all.. I noticed while reading the readme, bandwidthd has the ability to log traffic to an external database: DATABASE SUPPORT Since version 2.0, Bandwidthd now has support for external databases.  This system consists of 3 major parts: 1. The Bandwidthd binary which acts as a sensor, recording traffic information and storing it in a database across the network or on the local host.  In this mode Bandwidthd uses very little ram and CPU. In addition, multiple sensors can record to the same database. 2. The database system.  Currently Bandwidthd only supports Postgresql. 3. The webserver and php application.  Bundled with Bandwidthd in the "phphtdocs" directory is a php application that reports on and graphs the contents of the database.   This has been designed to be easy to customize.  Everything is passed around on the urls, just tinker with it a little and you'll see how to generate custom graphs pretty easy. Using Bandwidthd with a database has many advantages, such as much lower overhead, because graphs are only graphed on demand.  And much more flexibility, SQL makes building new reports easy, and php+sql greatly improves the interactivity of the reports. My ISP has now switched over to the database driven version of bandwidthd entirely, we have half a dozen sensors sprinkled around the country, writing millions of data points a day on our customers into the system. INSTRUCTIONS As a prerequisite for these instructions, you must have Postgresql installed and working, as well as a web server that supports php. Database Setup: 1. Create a database for Bandwidthd.  You will need to create users that can access the database remotely if you want remote sensors. 2. Bandwidthd's schema is in "schema.postgresql".  "psql mydb username < schema.postgresql" should load it and create the 2 tables and 4 indexes. Bandwidthd Setup: 1. Add the following lines to your bandwidthd.conf file: Standard postgres connect string, just like php, see postgres docs for details pgsql_connect_string "user = someuser dbname = mydb host = databaseserver.com" Arbitrary sensor name, I recommend the sensors fully qualified domain name sensor_id "sensor1.mycompany.com" Tells Bandwidthd to keep no data and preform no graphing locally graph false If this is set to true Bandwidthd will try to recover the daily log into the database.  If you set this true on purpose only do it once. Bandwidthd does not track the fact that it has already transferred certain records into the database. recover_cdf false 4. Simply start bandwidthd, and after a few minutes data should start appearing in your database.  If not, check syslog for error messages. Web Server Setup: 1. Copy the contents of phphtdocs into your web tree some where. 2. Edit config.conf to set your db connect string You should now be able to access the web application and see you graphs.  All graphing is done by graph.php,  all parameters are passed to it in it's url.  You can create custom urls to pull custom graphs from your own index pages, or use the canned reporting system. In addition, you should schedule bd_pgsql_purge.sh to run every so often.  I recomend running it weekly.  This script outputs sql statements that aggregate the older data points in your database in order to reduce the amount of data that needs to be slogged through in order to generate yearly, monthly, and weekly graphs. Example: bd_pgsql_purge.sh | psql bandwidthd postgres Will connect to the bandwidthd database on local host as the user postgres and summarize the data. I didn't have time to test this yet, but in theory this would allow to: -Save usage date, also if the webconfigurator restarts -Display usage stats from EVERY ip -Make custom usage reports e.g. per ip per day Any comments on this, or maybe someone has even (successfully) tried this out already?

As I posted in the other thread, just replace the contents of that file with a known good copy like here: https://raw.github.com/bsdperimeter/pfsense/master/etc/gettytab

OpenNTP is used for syncing time even when the service is not enabled. IIRC the difference is when it's "disabled" in the GUI, it is not setup to listen for client connections.

It should be fine

Just replaced it and the error disappeard. Thanks jimp Btw file wasnt empty so probably some blank lines.

It seems that in the pfsense forum only network noobs hang around ;) not any creative idea for this problem ?

Thank you all, for Captive portal server I can allowed IP for Manager group, It worked.

Bare in mind though that your results seem to show your CPU is not running at 100% so there is no need to offload calculations to the NIC. In fact if the NIC/driver is the bottle neck in your system it may be better to have your CPU doing those calculations. Steve

Its a point to point line… With a wagon wheel you mean: honeypot like /23 covering the guest subnets separate guest subnets /24

See here for somebody else's experiences.

Cool- good to see its working for you! Now I need to go loiok at my setup and see if I have that checked or not… :)

I JUST figured that out myself (by trial and error) and logged back in here to let everyone know. Thanks for posting this! If I hadn't been desperate enough to try something, you would have saved my life here. I learned also that to do it easier, you can just type "viconfig", which will load the config, and upon closing it will kill the cached config file, causing PFsense to reload the new config. Means you don't have to reboot.