it is not problem, when i finished my work, i am changing permisson with "chmode -w"

I had a PFS box that with similar(if not exact) problem as what you described, all the settings are okay, webGUI okay, captive portal radius auth okay, even package info display nicely(if internet down it will say sth like can't access server), but just no internet connection on the user side. The issue fixed by reinstalling the squid package. My squid is on transparent mode. Did you try to reinstall the squid package to see if it can help your issue? Your squid is in transparent mode so it is capturing all port 80 traffic automatically but it is not proxying them out. Did you see anything funny in the squid cache.log? Did your squid use any disk cache? What is your hdd usage? Or apparently the most direct way backup your settings, factory default your PFS, and restore them back, the squid would reinstall itself and settings will retain(once an internet connection hooked up to WAN), be warned that I never try this on any snort. Better if you have another spare machine, set it up as PFS, and try on that. So you won't ruin the old PFS further.

@jimp: You can have multiple users for the GUI in 2.0, but permissions are given on a per-page basis, not a per-setting/per-interface basis. So if you give someone access to the interfaces page, they can get all of the interfaces not just "theirs". Thanks for the reply. I have VZN FiOS 150/65 with 5 external static IPs (same ONT and shared bandwidth) and one TWC static 50/5 backup (which I will try to load balance/failover tomorrow). We have 5 businesses in our office, all of which have seperate compliance, risk, etc. I would ideally like to have 5 logins who can each see only their "stuff" (and access shared resources I put on an additional "common" interface). Additionally (and I haven't tought this out fully yet), since I only have one backup IP (not a corresponding block of 5 external IPs) is it possible to setup isolated blocks of port forwarding on the failover line and keep those seperate or if my primary ISP goes down will everyone be able to see eachother on the secondary ISP? (I understand Rules Vs. NAT and internally they will stay seperate… I'm asking about external access in.) re: multi user logins... 2.0 is the only option? with 123 only one admin is possible? Thx very very much for the responses and help so far. It is much appreciated.

Try to look carp

thanks for the solution, got it done by making a rule in the pppoe tab in firewall , works great Thanks

I created a IP alias as VIP. Entered the gateway in the gateways page and entered the DNS servers on the general page, and it works now. Now working on CARP…

I have been facing mysterious server hangs recently, and it doesn't always happen during high usage, the thing could die without anything touching it, or it could survive a peak usage lunch break. When it died, it just died, ping timeout, the console frozen, even the crontabbed auto-reboot script failed to execute. A reboot will fix it but it will come back again. Recently I have got another rig and swapped in one of the server which has been hanging like hell, it has been running for about a week till now without any issue(at least from my point of view). Therefore, I too agree with Peter, if it is something wrong, check the a) network, b) hardware. –- Check out the latest post in my thread: http://forum.pfsense.org/index.php/topic,34563.0.html

Of all the imaginable settings I believe has been all tried out. I am still new and still feel like didn't even figured out how 10% of PFS works, anyhow here is my set up: 8 PFS(1.2.3) on different subnets in one single LAN, providing wifi to a group of university students of some 20k from several campuses spread over different geographical location, CP is enable and auth'ing on windows server RADIUS so everybody login with their AD accounts. Squid is on transparent mode. Of course, the DHCP range won't be enough for all of them, I am getting maximum some 400 concurrent CP users logged in. I am interested to know that of all the scale you guys have here, how do you keep track of your servers and total bandwidth usage? Who downloaded most ahemm cartoon? Total connected users? Server load… etc NMAP and Nagios is one way to find out if your servers are alive and how well they are doing. But here is how I did it: From a dedicated linux box, have all the ssh keys set up, then make a bash script that looks something like: get_stat=$( ssh $host "grep -c "192.168." /var/db/captiveportal.db; grep -c "192.168." /var/dhcpd/var/db/dhcpd.leases; grep -c "active" /var/dhcpd/var/db/dhcpd.leases") Then make it into a function so you can do something like: getpfsstat "pflondon" getpfsstat "pfnewyork" getpfsstat "pfkinabalu" And arrange the output nicely on the screen with simple printf: Server: London Status: up users: 98, dhcpd: 269, active: 180 Server: New York Status: up users: 78, dhcpd: 384, active: 172 Server: Kinabalu Status: OMG SERVER DOWN HIT PANIC BUTTON NOW Run# watch -n20 ./servermonitor.sh And then you can happily counting how many total users you got over your network :D Optionally you can also output to a html file, host it on lighttpd. Then you can access to that webpage and brag about how many people is using your servers now. Now, seriously, has this been a common practice or I have been doing a simple thing complicated way... @dnky_bones: Fun to see a thread I started so long ago still kicking :) Fun to see that the TS is still kicking too :) @elalcaudon: 'm actually in the middle of this argument with one of my bosses.  He wants Cisco, mainly because of paid support - which I completely understand.  I told him I'm more comfortable with pfsense, I know what it can and can't do.  I don't know anything about Cisco IOS. You can fire your boss, Cisco won't, that's why. :p

The packages along those lines aren't for finding the cause of network connectivity issues. They can under some circumstances help show there is a problem, but they do nothing to tell where that problem is. Network issues along those lines can't be automatically analyzed by anything. The best option is getting something in place that allows you to capture traffic, and doing so both at the host initiating the traffic, and via a tap or span port outside of the last piece of equipment on your network that you're responsible for (your router/firewall). If your router or firewall has the ability to do packet captures of traffic as it's seen on the wire the way pfSense does, then you don't require a span port or tap generally. Comparing those two points of reference will confirm or deny whether you're actually passing that traffic in or out, and exactly what latency is induced by your equipment. Also if your current router or firewall has the ability to tell you how much bandwidth is being used, that can be very helpful - the most common cause of high jitter and/or latency is exhausting your available bandwidth, especially on the upstream side where you have an asymmetric connection (much faster down than up).

Maybe smarter ones can answer that does this work. i would use vlans in wan side to have multiple ppoe logins.

just reset states

pfSense works great for the home, too. :-) The main different is the target hardware. <x>WRT/Tomato and friends are meant to run on APs and tiny embedded platforms that don't have much in the specs department (low storage, low ram, small ARM or similar CPU). pfSense runs on x86/x64 hardware and has a lot more features because the hardware is a lot more capable. That said, you can do plenty with WRT for the home, and some small businesses, and pfSense can do the same and more. It's really a question of what hardware you have available and what your needs are. At home I use both, pfSense as my edge router, doing multi-wan, VPNs, etc, and I use Tomato on my WAP.</x>

That would usually be a limitation of your BIOS. Check with the manufacturer and see if there is an update available.

It means no new connections will be allowed. You'll need to increase under System>Advanced if that's the case. Can check how much you're using historically in RRD graphs

See this post for a good explanation. Steve Edit: Interesting that your value for max mbuf clusters is 0. Hmmm.