@sot010174: I've had the same issue. In my case this happens whenever I'm on the Traffic Graph (with rate package on wan) page. Closing the tool stops the messages. :) that's normal expected behavior with the rate package. rate in 2.0 has been patched to not go into promiscuous mode (doesn't need to in a firewall scenario) so you don't see that there.

The FTP proxy was completely redone in 2.0, so it's probably your best bet at this point.

If all goes well it may make it into pfSense 2.1 then :-)

Yes, what you're looking for is known as a reverse proxy, web accelerator or load balancer. You'll find a number of options available, including the ones on that thread you linked to.

Ok, i'm migrating a flat network and using a pfsense as firewall. i have a 3 interfaces box, one for wan, two for "lan". For now i'm using both lans in the same subnet, with same ip. I do assign both ports (interfaces) the same IP. I do it to make easier the network configuration. The DHCP scope, for instance, provides one gateway for all hosts on my network.  So it works like a charm, the problem is that in the end, this two ports are working like a hub. So the solution would be to enable "bridging" in both interfaces, right? But with bridging, can i still using one IP to both interfaces? Or should i create different subnets and assign different ips to both interfaces and keep both port in different subnets? The problem with this option is that it brings an undesirable complexity. @jimp: Then you bridge the interfaces together, not assign them IPs in the same subnet.

This would be a real pain to do in pfSense.  You'd be better served setting up a stand-alone squid box to do all this.  Be aware that a lot of this stuff, especially anything using ImageMagik can really use up a lot of CPU, so plan accordingly.

No, FreeBSD 8.2 was just released, and 2.0 is already going RC shortly. There is no time for 2.0 to completely switch up the underlying OS and retain any sense of ensured stability. Maybe 2.1 will, depending on the timetable there.

Without firing up a copy of the x64 BETA you can take a look at the config file for the x64 packages. These are all the current packages http://redmine.pfsense.org/projects/pfsense-packages/repository/revisions/master/entry/pkg_config.8.xml.amd64

Using System Tunables made all the difference.  Thank you.

I have just replaced my Zyxel ADSL modem/router by a Tenda D820 ADSL modem/bridge. The Tenda doesn't do ppp. Here's how I setup my pfSense 2.0 BETA 5 snapshot build: rl0 has two VLANs. OPT5 is VLAN 10 on rl0.  pppoe1 is on OPT5. The modem has static IP 192.168.1.1. I configured OPT5 with static IP 192.168.1.2/24. A ping from the LAN side of pfSense didn't elicit a response from the modem. A tcpdump on OPT5 (# tcpdump -i rl0_vlan10 host 192.168.1.1) showed the ping going to the modem but with a source IP address on the pfSense LAN subnet. Since the modem didn't have any static routes configured (there didn't seem to be any way to configure routes in the modem) the modem probably didn't know where to send the replies. Since I saw ping replies when I ping'd from pfSense, the missing route back to the LAN IP address was probably the reason I couldn't see replies to a ping from the LAN. As explained in the document I referred to earlier, enabling NAT on the OPT5 should fix the source IP address problem. In the pfSense web GUI: Firewall -> NAT I clicked on the Outbound tab, added a rule Interface=OPT5 Protocol=Any Source=LAN subnet  Destination=192.168.1.0/24     Translation Address=Interface Address     No XMLRPCSync: Unticked, clicked on button Manual Outbound NAT rule generation (AON - Advanced Outbound NAT) then clicked Save. I don't know if it was necessary but I also went to Diagnostics -> States, clicked on the Reset States tab then the Reset button. Then I restarted the ping from the pfSense LAN subnet and it reported a response. The tcpdump on the rl0_vlan10 interface showed the ping with source address 192.168.1.2. Attempts to access the web GUI of the modem time out so I still have a problem but seem to be closer to its solution. It wasn't particularly obvious to me what the difference between the two Outbound NAT buttons ( Automatic outbound NAT rule generation (IPsec passthrough included)   Manual Outbound NAT rule generation  (AON - Advanced Outbound NAT)). They seem to mean "Disable the following mappings" and "Enable the following mappings" respectively.

Thanks the comma did the trick also I'm interested in the the dynamic update features of 2.0. I assume 2.0 is in beta because are any of you guys running 2.0 if so how stable is it?

That's exactly correct.  It pings the upstream gateway on each WAN interface and puts the resulting ping time into an RRD database.

I have it working now, the LAN interface had to be selected in order for it to work. Filtering via dns and squid guard not working real well, but with more tweaking/playing should be able to get it. Thanks for the help folks. ;)

I need to make a doc wiki entry for that I suppose. It's handy to have. The same tactic should work on VirtualBox as well.

funny, i posted a topic about the same time you did. I installed a solution using pound on my box but asking the forum if there are any security concerns. Pound is only for http/https traffic tho. http://forum.pfsense.org/index.php/topic,33566.0.html I'm not sure how to do this for mail(pop3,smtp,etc) but since they use different ports then HTTP, just setup a NAT/Firewall Rule for your mailserver IP and ports. Edit: Take a look at http://forum.pfsense.org/index.php/topic,33566.msg174126.html#msg174126 I did a quick how-to for pound