@Derelict: I would like to know how would you do with using pfsense as your main ISP router / firewall. Do you need any support from the ISP ? The absolute best/proper thing to do is have the ISP assign a /29 to your WAN interface then route the /28 to an address on that. That address being your WAN interface address. (If they need you to justify the /29 tell them you need at least 3 addresses there for your High-Availability setup.) Then you just number the DMZ with the /28 (or a smaller subnet of that, leaving the rest for other purposes) and disable NAT for it. And you're done. Any other solution involves yucky things like Proxy ARP, 1:1 NAT, and bridging. Thank you very much this was the answer of my question.

Have you looked at the ntopng package? I find it quite comprehensive in telling me who did what etc.

In normal there are three common ways to solve this out. PBX like Asterisk inside of the DMZ (APU2C4, Raspberry PI,….) STUN Server outside in the Internet or on the ISP side SIP-ALG inside of the Router or Firewall (likes the SIP-Proxy package for pfSense) Asterisk VoIP Siproxd package VOIP configuration PBX VoIP NAT How-to Here are some other peoples speaking about they get it right done! Overview on configuring pfSense Firewall/NAT for VOIP SIP phones?

I´m not pretty sure about what´s happening, do it is necessary some kind of optimization, some parameters need to be modified?? In normal you will getting out something between 2 GBit/s and 4 GBit/s from a real 10 GBit/s connection, pending on the used protocols and services and yours 3,7 GBit/s will be then optimally placed in there and underfeed that clearly fine. So if you want to tell us more about your real hardware that is used, we might be able to come more to the one or other point. As an example, if you are installing a Chelsio T520 NIC that is really good driver sorted under FreeBSD or pfSense, it would be perhaps showing up other results then yours. If you are using Intel Xeon E5 dual CPU set up it could really be that you will have a good chance to handle that amount of speed fine. But please don´t get me wrong here at this point, it will be nice to know what throughput you will archive through the pfSense firewall using NetIO or iPerf v3. Is this pfSense installation a native install or inside of a VM? What CPU @0,0GHz and cores is that installation build? Can we achieve 10 gigabit speeds using OpenBSD or FreeBSD ? [flow 1]  0.0-30.0 sec  32.7 GBytes  9.35 Gbits/sec [flow 2]  0.0-30.0 sec  31.8 GBytes  9.12 Gbits/sec To get 10 GBit/s in a test environment let you get out in the real life perhaps between 2 GBit/s and 4 GBit/s pending on the use protocols and/or offered services. For sure this can be differ each from another based on the used hardware and the done tunings in the software. Perhaps if you have the luck and they (pfSense team and/or developers) helps you out you could be doing some real life tests for them, because not all cases and environments are identically and so they are able to get also more out about that!?

Thanks for the info. I didn't realize that was possible. For now, since I can relatively easily accomplish my objective using mirroring to another virtual host, I'll stick with it, but it's nice to know there are better solutions.

RMA the shitty modem. Absurd.

And this happens only on networks with both IPv4 and IPv6… Probably phone with crappy wifi chip or firmware...

I should add my WAN is PPPOE, does that account for it ?

Thanks very much working great now appreciate your help  ;D

What sort of firewall/router exists at the remote office? What softphone are you using? What about the firewall on the softphone PC?

check .profile  and .shrc in the root directory. copying those to the other users might do the trick

Best Practices - father of 6 4) still in the house and I need to monitor bandwidth per IP or mac. Do a fresh and full install, install Squid and SquidGuard, SARG pfBlocker and perhaps Snort! Create user accounts in Squid with MAC and IP addresses. Install also Radius Server using certificates on the wireless or mobile devices from your family. Im not a geek Im trying to lock down our internet to provide a safer browsing experience in the house and liked pfsense I have it force filtering all DNS req to opendns and limiting browsing with that. Got to OpenDNS and create an account matching your family members. Is there a easy way to track daily/weekly/monthly all the data a specific ip or mac address are using? If you are using squid and user accounts you will see for each family member and each of their devices logs that can be watched with SARG, and pending on the OpenDNS service they would be only see things matching to their ages. Ive seen bandwidthd tossed around but heard that it got pulled. any other ideas for a NOVICE at this? What you want to do really? Watch what all family members were doing or handling their bandwidth? You could try out to; set up a small Mikrotik router behind the pfSense and work it out with queue regulation to handle the bandwidth you may also be able to set up a small Layer3 Switch likes the Cisco SG300-10 and work it out with QoS

Setting the MAC address on the bridged interface looks like it will do exactly what I want - thanks! Note that you can change the "Network 30" name to whatever you want by following the instructions here: https://www.tenforums.com/tutorials/28375-network-profile-name-rename-windows-10-a.html

I'm using speedtest.net, and I assumed as well that it would go through a single session, so by the same gateway. I don't have problems in testing the single WAN, I was just trying to find the reason of this behavior. thanksß