I'd be more worried about running 1.2-RELEASE than a zombie process. You should really be on at least 1.2.3-RELEASE.

You can install the dns server package and have the same functionality, yes, but the design philosophy of pfDNS was to be used standalone as an appliance, not a firewall/router. You could always have the same functionality (moreso on 2.0 since it can run OK with a single NIC) it was just more of a prepackaged setup.

Those host unreachables are coming back from your ISP probably because something inside your network is trying to access something on that private subnet, which you don't have internally so it gets routed out to the Internet. They shouldn't be getting blocked if that's the case though, could be any number of things, weird noise on the Internet is pretty much the norm. And yes, you should definitely upgrade. Though I doubt if it changes that.

Did you have any luck with this?

There is a way to set up a VPN using SSH, but the pfSense web gui doesn't support this, so you would need to do it manually if you wanted to do that.  It is something that is described somewhere in the OpenSSH documentation.

thanks for the link there - I've read over it but it doesn't really give me much more than i already understand. Basically, I know the function of traffic shaping exists but what i need to know is if my example of use is achivable?? Does that make sense? I don't understand the limitations or options available in traffic shaping and should someone tell me what i want isn't possible I don't want to take the time testing and researching into it for zero return. Having a 3yo daughter and full time job doesn't leave me much in the way of spare time to play with things so i'd prefer someone to give me an opinion if my config is acheiveable - then if i know its possible i'll do the research and testing knowing I'll get somewhere in the end :)

oh yeah….. feel completly stupid now... so, first rule when you play with vlan: Be sure to configure your host to tag the right vlan OR Be sure ton configure your switch/port with the right vlan before saying that nothing is working ;-) thanks again. I still have a network issue but I will put this in another thread. Romain

AT&T is blowing smoke about your router. There's nothing keeping your router from using all 4.5 Mbps of your connection. Or 10 Mbps, or 100 Mbps, or 1000 Mbps. There are other people using PfSense in much larger applications than yours. But it's worth noting that the speed you're getting on the WAN link to the first router and the speed you're measuring on speedtest.net are not the same. It's pretty much true that only AT&T can measure the connection speed of the T1, unless you somehow have access to the T1 termination equipment and you know how to ask it what the connection speed is. Also, you will lose about 10% or so of the actual connection speed to TCP overhead, and even if you had a Speedtest.net server connected directly to the router at AT&T, the connection speed and "internet" speed will be different as a result of that. So I would expect a maximum capacity of about 4.09 Mbps on 3 T1s and 2.73 Mbps on 2 T1s. If you're getting somewhere in between those two numbers, then AT&T isn't lying to you about the connection speed (especially if you're getting slightly more than 3Mbps - that would be impossible if only two T1s were working).

Got it working, thanks so much.

It's almost as if em3 is not brough up during a reboot procedure at all. Is anyone aware of why this would occur? Cheers!

Sometimes you have to power down the ISP provided modem before you change what's connected to it.

Does the ADSL modem have a full-duplex Ethernet connection? Does the pfSense computer have one, too? If not, both should be. Both ethernet connections should probably support 100Base-TX (or higher) just to make sure that there is never a moment in which the ethernet is the bottleneck.

I just realized I forgot the most important term ! :) I'd like to create a custom quality graph of the LAN if. Is it possible ? This option is not present in the custom preset graphs.

ahh nfs with firewall rules - perfect! thanks closed!

Not in the way that you'd want.  It would be a major management nightmare and wouldn't work quite like you'd expect.  Better to throw a squid (or other filtering box) into the DMZ and send all connections through it.

jakobud, get to work  early in the am,,get a bootable cd with memtest86 on it. 1. boot the (linux)cd and at command prompt type in memtest let it run for a couple hours. ,,,if this results "OK"(no red blocks) 2. Put a different keyboard on this pfSense machine as someone else mentioned. 3. restart pfSense machine. Post your results so someone else will know what has been found. Take Care, BC