If someone will find this topic I've got one remark.
Initializing the monitor mode in 'separate lines' (like in the post above) didn't work for me.
I had to do it in one line with:

ifconfig wlan create wlandev ath0 wlanmode monitor ifconfig wlan1 up

Interface options for reference:

wlan1: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500         ether 00:80:48:64:63:57         inet6 fe80::280:48ff:fe64:6357%wlan1 prefixlen 64 scopeid 0xb         nd6 options=43 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <monitor>         status: running         ssid "" channel 11 (2462 MHz 11g) bssid 00:80:48:64:63:57         regdomain ETSI country NL ecm authmode OPEN privacy OFF txpower 30         scanvalid 60 protmode OFF wme burst</monitor></performnud,accept_rtadv></up,broadcast,running,promisc,simplex,multicast>

$ file /usr/local/lib/libiconv.so.3 /usr/local/lib/libiconv.so.3: ELF 32-bit LSB shared object, Intel 80386, version 1 (FreeBSD), dynamically linked, not stripped

Sounds like you should reinstall.

Yup – more hassle than any possible benefit that is for sure.  Your printer support jumbo?  All your switches, do the devices even agree upon the same jumbo size.  From what I can tell the makers of the nics and drivers come up with their versions of what the actual size is.. So nic X might not be same as nic Y in computer Z.

Do you really see benefit in the majority of the traffic, dns queries, your gets for your websites.  If you look at the types of traffic that flows around your network - where do they make sense.. Unless all you were doing is moving LARGE amounts of data all day long I juts don't see the point of them.  Shoot many office networks and homes are like 50% or more wireless these days anyway.

My cheap nics can do 800+ Mbps over the wire at 1500 mtu..  Bottleneck is the drives in moving the data normally, so what performance boost would using jumbo get me?

Thanks for the reply.

I actually figured out a workaround … I created another 1:1 NAT rule with OpenVPN as the interface.  Otherwise the rule is the same for the 1:1 NAT rule that sends public traffic to the private IP.

NB: for OpenVPN clients who do not use the "send all traffic over the VPN" option, accessing the public IP is no problem, but for clients who DO send all their traffic over the VPN, this is necessary to connect to public IPs.  In a few critical scripts which we share with our customers the public hostname/IP is configured, so staff who might use those scripts from a hotel/airport/conference while tunneling all traffic to the firewall make this configuration requisite.

@compy:

I clicked over to the "Traffic" tab after Steam downloaded 13.6GB of new games (Thanks humble bundle!), and none of the WAN numbers were even close to this. I'm guessing I'm either looking at the wrong graph, or just missing something.

The traffic RRD graphs show bandwidth consumed (bits per second). Its not clear to me how you compared "bits per second" with bytes and determined they "weren't even close".

The attached traffic RRD graph from my system shows (mostly) 2Mbps download for about 24 hours on Friday and Saturday. 24 hours of 2Mbps gives a a bit under 22GB which is probably "close enough" for a download of a 17GB file (and possibly other files as well).

Is it possible you downloaded compressed data and the report showed uncompressed data?

status_rrd_graph_img.png
status_rrd_graph_img.png_thumb

Seems highly unlikely to be honest. What theme are you running?  What version did you install exactly? 32 or 64 bit?

What browser are you using?

You actually do want all those things, you just want an add-on module that creates them all for you for that one simple use scenareo you described.  Alas…  I'm no dev.

@stephenw10:

I presume at that point the console is completely non-responsive, it's not possible to login?
It doesn't matter what shell the admin user is set to run if you can't login as admin.

Yeah, the shell is correct, I just wanted to check whether toggling the GUI checkbox does actually does something or not… Sounds like completely different problem. Rather then hunting for gremlins, a quick reinstall and backup restore should sort it out if it worked before.

Here's what I finally did on my setup: I created a subinterface (VLAN interface) with a "random" VLAN ID on one of my physical interfaces and assigned a /32 to it. It can basically be used the same way as a loopback can, but the benefit is that you can assign it and use it in menu selections such as GRE tunnel source in my case.

Fixed!

Changed:
Interfaces : Wan
Static IP config: changed the  "/1" to "/24"

I hope this helps someone!

Using VMs you are effectively using the same NIC/driver combination for every case but I guess that includes pfSense. Interesting that m0n0wall shows less latency. It's based on FreeBSD 8.2 last time I checked. pfSense 2.0.x is build on 8.1 and 2.1RC on 8.3 so all different versions. You could try an older pfSense, 1.2.3 was built on FreeBSD 7.3 (I think). It can only support one PPPoE session though so limited. You could try PC-BSD which is easy to setup. Various versions built on various FreeBSD versions are available. I agree though that testing a VM of FreeBSD 8.3 is probably the best test you could do. I've no idea how to setup a PPPoE session directly in FreeBSD though.  ::)

Steve

This works perfectly.

FYI, anyone who is doing this, you must disable any previous NAT & firewall rules for 443 aside from the OpenVPN 443 rule.

So far so good, all exchange services are working. (Exchange 2013*)

made an SH script to accomplish what I needed. thought I would share it.

#! /bin/sh timeout=$1 sleeptime=$2 command=$3 # test pid is still around PIDActive() { pid=$1 test=`ps -p $pid | grep $pid` if [ -z "$test" ]; then return 1 fi return 0 } # run command & capture pid $command& commandpid=$! # What happens first? pid exits or timeout counter=0 while PIDActive $commandpid && [ "$counter" -le "$timeout" ]; do     sleep $sleeptime     counter=`expr $counter + $sleeptime` done # if we get to this point and the pid is still active, kill it PIDActive $commandpid && kill -s KILL  $commandpid

Exactly. I'm sure the dev team have thought about doing this before (the last time I suggested it perhaps!). There would be no point in starting anything without some sort of official sanction I think.

Steve

ok, makes sense, it is leaving the lan interface OUT to the lan PC/client like you said.

yes, there is a vlan interface that i didnt add the statistics for since it is rarely used.

Yeah - Don't go too crazy with how much RAM you give squid cache.  The Docs recommend no more than 1/2 and I've tried it higher and it was sort of flakey.  I'm only running 4GB on my home router.  Perhaps if you have 8 or 12 GB or more, you can allocate alot more than half.  Not sure.

No on 2.0.1.

You can do that on 2.1 though. (System > Advanced, Misc tab, box is right under the sticky checkbox)

If you're using the built-in load balancer, it's unlikely to work in that way.

You'd be better off with a package like HAproxy that has several different methods of maintaining a persistent client-server relationship.

You probably need to check System > Advanced, Firewall Tab, "Bypass firewall rules for traffic on the same interface"