Yikes!  I need to take notes. This has gone away and I can't remember what Ive done in the last few weeks…  Ive been using I.E. to admin the router so did not notice it go away. Ill compare notes with anyone who may stumble across this later.  Hopefully no one!  :P

It depends on where they were blocked. There are two tables in pfSense that can get IPs in them from different triggers, but it's pretty rare, and they are periodically purged. If you want to check, run the following from Diagnostics > Command. pfctl -T show -t sshlockout pfctl -T show -t virusprot If they are empty, that is not your problem. If you see an entry, you can delete it with -T delete <ip>or just flush it completely: pfctl -T flush -t sshlockout ```</ip>

pfSense is not linux and there is no glibc by default in pfSense ;)

For lagg to work, your switch has to support it as well. If you look at the feature list of your switch, see if it supports 802.3ad (this is the official standart defining link aggregation) more info here: http://en.wikipedia.org/wiki/Link_aggregation

hi. because you are using Squid Guard and Squid proxy with your main pfsense box. its better you use another pfsense box with Squid Guard and Squid proxy. in my exprience Squid Guard and Squid proxy in most case they slow down the system. at first they run like charm. but when ever they start to full flow(heavy load) they start to slow down the system. Me i am using 6 pfsense in six different internet cafe. All those cafe has 20+ work station. when i started to use Squid Guard and Squid proxy. They let me to face lots of problem. so i uninstalled those package and then all those problem gone. I think you are facing similar problem. BUT NEVER EVER DOUBT ON PFSENSE. It's Awesome…........

@rcbandit: What framework are you planning to use? Which framework do you find best for pfsence I don't think that has been decided. There has been talk of CakePHP but some people like it and others say it's too slow. Given that it's so far in the future for a topic, it's far too early to say.

There is a board just for CARP here, that would be the best place.

Thanks for replying. My ISP is plusnet.  I'm not LLU, I'm on a normal BT exchange with 21C, but not ADSL+ as I'm too far from the exchange to take advantage of it. On plusnet's forums I can see that other folks are using PPPoE just fine with them. They use the standard BT VPI/VCI 0/38. Yup, using PPPoE means my MTU has to be a little less than 1500.  I'm using 1492. I'm on the latest non-US firmware for the DG834Gv4.  It's currently in dumb-modem/bridge mode via the standard url hack. So far, my old d-link dgl4300 gaming router is working fine with the DG834Gv4 in PPPoE mode.  No uncompleted page loads. However, I'd far rather use pfsense.  That's why I'm here :) I'm not pegging the CPU on the 533mhz Via chip that I can see.  Downloading 20 SSL connections from my usenet server works a dream.  Going full rate. It just seems to be spikey web pages loads… like loading a new web page with lots of images that causes things to get lost/go wrong.  Things like page loads aborting... or image loads hanging.  Just regularly enough to be annoying. Note I did have to disable DMA on IDE for the CF chip, or pfsense wouldn't boot. I'm wondering if the network chips need a workaround.  They seem to be that model that everybody's complaining about.  realtek?  I tried disabling the checksum offload, but that didn't make any difference.  I tried device polling, and neither did that. -- gyre --

We've roughly 70 employees; I guess that's big.  Thanks for the link mhab12.  I will check it out.

You probably just need to copy /usr/bin/tip from a suitable FreeBSD host of the same vintage, and then from the shell you could run: # tip com1 Which would connect you to the serial port. To disconnect, press enter, then type ~. cu might work but I'm partial to tip. If you have a blue "Cisco" serial cable like they include with the router you do not need a null modem adapter.

It's a long ways off from that. 2.0 is getting better and better every day, but in many ways it is still a beta. In most cases it should not be used in production still, but lots of things do work properly (at least for the time being :)) There is no schedule or time frame. It will be ready when it's ready, but hopefully it will be sometime yet this year.

Thanks jasonlitka, that worked

That'll be it  ::) I'll go edit that post (if I still can).  Thanks.

Awesome, thanks for the information!

It periodically checks, yes, depending on whatever settings you have configured. Things don't live in the cache forever, especially for dynamic content pages.

@jimp: Probably due to this: http://wiki.squid-cache.org/SquidFaq/SquidMemory#I_set_cache_mem_to_XX.2C_but_the_process_grows_beyond_that.21 Thanks for the link.  I looked around but never came up with that link.

Yeah the attacks come from the same IP over and over and there are zero alerts in snort.  The SQL Server is exposed because I develop outside the local network.  However you are correct…I have got the VPN working now, so maybe I'll close it down and connect via VPN.