hi Services > Captive portal > Pass-through MAC i think this is what you're looking for, i am using it for some vip's so they don't see the captive portal page, i am also using squid in transparent mode to make it easy on me. good luck

fast but not easy solution is to run PPPoE server and to make changes all clients to move over this service. Bad - have to go to all clients if they don't know how and what to set up… and believe me they don't. If you using DHCP, then create leases and give static IP's to all users. Create MAC filter in the router. Scan who send more than 10 ARP requests per second and lock it. (Better make new scope for IP's where you don't have any users and start it.) Segmenting the network is the only good, cheap and long term reasonable idea. Fastest way is to put few old WRT's with OpenWRT or DD-WRT. They support VLAN-taging, MAC filtering, port managing (ugh - but don't really support Layer 3 filtering). Next step is using L3 switches.

What are you trying to accomplish? Do you have a proxy installed on pfsense?

Yah, after reading this the next day I fully realize my mistake with the notation. When I checked my Linksys settings I found that I was using 255.255.255.0 [/24] anyway. You ever beat your head against a wall so many times figuring something out that you stop thinking clearly? LOL, I had such a hard time just getting pfSense installed on a machine that would detect all the network cards and this mistake happened towards the end of a very long day. I gotta remember to take a break sometimes. ;) Completely IMHO, I think it would be nice if you could put in the actual subnet rather than the / notation in pfSense. It is a little bit more user friendly as most people are used to that notation if they haven't had a ton of networking experience. Also, once you get beyond /24 it becomes a bit of a mental stretch to figure them out. Just my 2 cents.

@gloomrider: +1 on the advice for a standalone DSL modem in bridged mode.  Forgive the thread creep, but where would one purchase a Speedtouch? Thanks in advance. PS: I'm using a Netopia 2241N-VGx purchased from http://costcentral.com Don't think they sell it in the States but almost any modem will do the job. A D-link DSL-2320B will do the job (possibly better reliability because it doesn't run as hot as the Speedtouch modems).  Available on Newegg @ http://www.newegg.com/Product/Product.aspx?Item=N82E16825112003 It is capable of acting as a gateway but has the option to be switched into a bridge.

No interface with a matching IP means what it says, you don't have an interface IP matching that subnet, which means it won't add that CARP IP. CARP IPs must be within the subnet of the interface IP where you're adding them. Could be you're using the wrong subnet mask, or just trying to add a CARP IP that isn't valid.

Mine was really easy.  Assign a static IP to the slingbox (through static DHCP assignment), add a port forwarding rule (and the accompanying firewall rule) for port 5001 to the static IP assigned, and enjoy!

Found part of it. Just neede to open my eyes http://doc.pfsense.org/index.php/Static_Port

@chpalmer: It would be interesting to know why and if its normal for the box to do that…   I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router... Keep us updated on what they tell you after you get past level 1 support... It'd cripple most consumer routers within minutes.  Even those the higher-end models.  I've tried the more powerful models like the D-link DGL-4300, Linksys WRT-350N so on and so forth.  They will rapidly slowdown at 3000+ connections and just freeze up at about 6000 connections.

I don't suppose there is any real means to doing this owing to the versatility of pfsense.  There are many packages available and they will present a different load to the system depending on the hardware. eg.  A VIA/ Alix might outperform an Atom/ Celeron-L when there are connections utilizing certain encryption algorithms simply because of the onboard decryption chipsets.  However, the latter would outperform the former for pure throughput so on and so forth. Not to mention, there are simply too many scenarios for a single suite of tests to give accurate results.  Some users just need pure routing throughput, some heavily use VPN connections and some deploy the box as a load-balancer/ reverse proxy.

SSH also has the capability to compress traffic, so depending on what you are transferring, and if that feature is enabled, that could also affect it.

A search of the forum will give you many other threads about memory usage. In short - at 62% memory usage you're wasting 38% of your memory.  A modern OS will use all available memory for disk caches - high values of memory usage are normal and good (as long as you're not hitting swap, in which case you don't have enough memory installed). CPU usage - that's different - if you're regularly running at 100% you'd be in trouble.  Low values are fine.

As I told, what I need is a FW that serves a slow internet connection (2MB), and for this the Alix was perfect. What surprised me was the reboot, not the speed of the backup. (i can wait the whole night for it). What Jimp told looks interesting for me, I will try. I trust on Alix (I have lots of these serving as FW and OpenVPN endpoint and are working well). I will tell.

@Supermule: The link doesnt work in IE8…. On my 6 machines at the office :) @cheesyboofs: Yes, I can only echo GruensFroeschli's comments. I have this setup and it works very well. The best bit is being able to redesign the network without even unplugging any cables, you just change the VLAN allocation. You can see my implementation in the link of my sig. Cheers You have to wait a bit (under ie) as it is a M$ Visio Web doofa (its a bit fat) alternat link (quicker) http://wan2.cheesyboofs.co.uk/home.htm