Depending on your shell scripting ability, you could take a tcpdump on your WAN interface of (say) 20 packets with output redirected to a file, sleep 5 minutes, repeat using an incremented file name (with leading zeroes so the names sort usefully). The RRD graph will show you which files are of interest. The tcpdump output will give you source IP for the traffic. The port numbers may give you an idea what the traffic is attempting to do. to help reduce the number of files your script might watch the wan interface statistics from netstat and only log after an interval of high traffic. (# netstat -I em0 -b will give you bytes sent and received on em0. The FreeBSD man pages at http://www.freebsd.org/cgi/man.cgi will give more detailed information on tcpdump and netstat. Good hunting.

I could only find a few settings in the Config.xml. I will look into the pfssh.php examples

follow those directions and enter your cable modems gateway (or any IP) as the monitor IP, I entered my cable modems gateway (Private LAN IP at first, that didnt help, then I did the Public IP and it worked)

For states that is true, but last I knew you couldn't have two connections sharing the same outgoing port number. (Ermal would know for sure). pf may be smarter than I'm giving it credit for.

I'm using two pfsense boxes. too. WAN1 –            --- pfSense1 - LAN -172.16.0.0/16 - WAN - pfSense2 - LAN - 172.17.0.0/16 WAN2 --/ pfSense1 is using LoadBalancing pfSense2 is using SQUID + Lightsquid it ist NOT necessary to double NAT on pfSense1 and pfSense2. I do NAT on pfSense1 to the internet, but I use pfSense2 as a router/firewall WITHOUT NAT. To disable NAT, you can google or find information in the pfSense docs ( http://doc.pfsense.org/index.php/How_can_I_completely_disable_NAT%3F. It works for me fine. But you need to configure Static Routes on pfSense1.

It's not a problem on 2.0… Just tried it again, selected shared key, unchecked the auto generate box, and the form field came up and was editable. If it's on 1.2.3, I haven't seen that happen there at all either, it's been working for years.

@dreamslacker: Try adding a rule to put ICMP traffic into qacks and try again. I am a noob and have just been experimenting abit with pfsense so i have no idea how to add that kinda rule i checked in firewall > rules but cant find any "qacks" i checked all things in the firewall menu and cound not find any like that sorry its probly easy but as i am noobish can some one maybe point me to a guide or howto that explain this? Or just give me a hint where to find it? :)

To build on what Efonne said, be sure that the block rule goes at the top of the list - above the pass all rule.

http://redmine.pfsense.org/issues/900 is not about traffic shaping or VLANs. Sure the ID was 900 and not something else?

Either use multiple rules or create an alias with the multiple addresses or subnets.

@tubaguy50035: Wow.  I also discovered that if I turn of UPnP, the connections drop a lot. Yes.  uPNP is an easy way to punch through the NAT for torrenting if you don't have access to the router or don't know how to configure port forwarding for torrenting.

OK so the only way is to upgrade to 2.0  but is it enough stable? 1.2.3 still has some bughs but it is pretty stable like for small or mid size componies. Thank You

Hi, It's solved. I just copied the binary from a freeBSD 8.1 to my pfSense. It works…  ;) It's a nice tool... In 5 minutes I duplicate a Good slice to a second one. So I can continue testing without any stress, I will always be able to start my firewall.

Keep in mind at least around here Comcast provides a "gateway" device to its Commercial customers. This is a router device and will usually respond to pings… If your a residential customer then would depend on the modem you use... Good Luck!

Thanks, yes, you are right. I will try that tonight and post back. Would it be possible to provide LAN-1 as discussed with the /27 public IP address and LAN-2 (interface vr2 on Alix board) with DHCP from private IP pool (RFC1918)? I will look into buying a managed switch which can do vLAN so certain ports will be used for the /27 public IP and certain ports to be used for private local IPs on the switch. Do you think that is possible? Budget switch Linksys SLM2024 (anything better you have in mind for the switch?) info: Manageable:  Yes Management:  DHCP IEEE 802.1p QoS IEEE 802.1Q Tag-Based VLAN Built-in Web UI for easy browser-based configuration (HTTP) Thanks