There's a thin mini-itx standard with half height I/O sheilds.
http://www.intel.co.uk/content/www/us/en/hardware-developers/thin-mini-itx.html

Leasing rack space in U increments seems common. I've never done it though.

Steve

Thanks wallabybob.. you da man  8)

Correct all along.. router caching the MAC address from the IPCop in its arp table/cache, so clearing it made it work.  These very bytes will be flowing to the forum via the pfsense appliance flashing prettily under my desk.

Great work friend.. I really appreciate your time and patience as I was at the point of sending the boxes back while I could still get a refund.  So pleased that I don't have to now and that I can retire my poor old IPCop before its hardware gave up the ghost once and for all.

Take care,
Darren.

Would you not be better off using pfflowd to export traffic data to some netflow analyser running on the Pi?
I imagine you would end up with a set of pretty screens!  :) I don't know if the Pi has enough horsepower to do that. Fortunately there are so many people using them I'm sure someone has already tried.

Steve

Hmm, interesting.
Incoming DNS queries should be blocked by default anyway (like anything else). I assume you hadn't opened port 53 deliberately.
Perhaps it's related to the on going record breaking DDOS against Spamhaus. They are using DNS amplification with open DNS servers, check you don't have some misconfigured dns server internally.
Interesting that the linksys router appeared less susceptible.  :-\

Steve

Light failure means power failure.

Install the widescreen package and then uninstall it. Then it works again…

Hi,

i am attaching my network diagram.Please check help me to configure the pfsense( the sip adapter-phone system working perfectly without the pfsense
).I need to replace this with softphones.

123.jpg
123.jpg_thumb

The free version of Smoothwall seems see little attention form the company, users have tried to support it, even forking to add features and fix problems. Active users working on fixing problems haven't gotten much if any support from the company in the last couple years. It does appear that they are working on an upgrade from 3.0.x to 3.1 but that has happened since I switched.

Add on packages are a major pain there, again users do what they can but support by the company is minimal and many packages are abandoned by their maintainers. Upgrades if you have packages installed can be a huge hassle, uninstall everything, update, reinstall everything.

Sad because they had a good base system back when  the company cared about building their reputation using the free version.

I still have SmoothWall loaded on a couple boxes but as I get better at using it they will be moving to pfSense too.

No real definitive cause in there that I'm familiar with. Is the crash the same every time? Or do the processes and backtrace change?

i also unable to reproduce the error but it happened consistently on a daily basis.  my environment was a vm running on the kvm hypervisor
the physical nics are  e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI
the hypervisor os is  Ubuntu 11.10 (GNU/Linux 3.0.0-16-server x86_64)

Just an up date say I have finally got the logs to be mailed out direct from PFSense.

After going down the complete wrong track with setting up a syslog server, trying external syslog servers (splunk) and generally having a play with the system the solution I was looking for was a simple installation of a known package.

Once I found mailreport from packages and installed it it took 5 mins to configure and now the logs (and a couple of graphs) are automatically mailed for storage.

Thank you all for the information and suggestions. Responding to mikeisfly's question on the camera.

The camera contacts the remote dd-wrt router (camera at a fixed ip on the lan) when it senses movement in the camera field of view and initiates an ftp transfer of that jpeg image file to the home ip address. The camera operates at a specific port and uses the dd-wrt router to contact the home ip address over the internet. This allows manual remote access to the camera.

Set admin's password so it sets root's. Admin cannot be fully disabled since root can't be disabled.

Is your state count anywhere near the maximum when it happens?

Are you getting ARP replies still, and is the MAC in hosts' ARP cache correct?

I love PfSense and I'm telling everyone that I know about it. I'm using it in a lot of applications that prior to the project I would have used a Cisco Router. I will be making a donation today! Thanks PfSense for all the hard work that you do.

Another thing that you need to check is that all your Windows machines have their firewall setup as home or private. If you have the firewall set up as public then that could be a potential source of your problems. You might want to try to disable all firewalls to see if this will help you.

Also just for anyone referencing this post, you don't need a dynamic routing protocol when you want to route across two different networks/subnets when those networks are directly connected to the router that is doing the routing. As long as you have a rule allowing traffic out of those interfaces you are good. So if you have any rip going on disable it

192.168.1.1 /23 is in the middle of your IP scope and is not good form, you could potentially assign that IP out to a host and that would cause your internet issues a well. You should make your WiFi Lan interface 192.168.0.1 that is the first useable IP on the 192.168.0.0/23 supernet.

Tried those.  Don't recall the exact result but it did not work.

From some network captures it looks like pfSense always insists on "wrapper mode".  After the TCP connection is made pfSense immediately sends client hello and then ignores the initial STMP 220 response.

@stephenw10:

The fact that that traffic is reaching the pfSense box shows that some thing is setup incorrectly, probably the client machine. If it has its subnet mask set wrong it might send packets that should go directly to the switch instead to it's configured gateway, probably the pfSense LAN interface. Then pfSense has a problem because it can't route in and out of the same interface. I'm not sure which firewall you are seeing there, could be an internal rule to prevent this sort of thing happening.

Steve

i restarted the problematic pc and change the ip; now it is working

I use Skype almost everyday (since my sister moved to the US) and have no problems other than Skype's usual variability.  ;)
I had trouble narrowing down any recommended settings. I'm sure a large proportion of people here must use it but no one had any advise last time I asked.
Anyway, Skype is a peer to peer protocol it works best when both ends of the connection are publicly addressable. For that reason if you want to get good quality video calls you need Skype to be listening on your public IP. To do that you can either forward the incoming port to your internal machine manually or use UPNP to do it for you. I have used both methods successfully.
If you are using UPNP you need to enable NAT-PMP (ironic since Skype is owned by MS). Here is what my UPNP status looks like when Skype has signed on.

Port Protocol Internal IP Description 53753 keep state udp 192.168.2.22 NAT-PMP 53753 udp 53753 keep state tcp 192.168.2.22 NAT-PMP 53753 tcp

When you are in a call you can bring up the call technical info window and it should have listed: local:good remote:good.
If it does not then one side of the conversation is going via a skype node and not directly which is much slower.

If anyone else has any insight on this I'd love to hear it. Despite my best efforts I often see 'local:bad'  :-\

Steve