1- squid proxy server is a good choice for caching pages and files 2- bandwidthD  traks usage of TCP/IP network subnets and builds html files… 3- lightsquid is High perfomance web proxy report. Requires squid 4- ntop is a network probe that shows netowrk usage i am using all the above, it is helping me find out who is doing what i hope this helped

It means link is up on the interface. In my experience, it doesn't seem to show up on vlan interfaces.

I have a wired LAN bridged with wireless LAN. It was pretty straightforward to set up. "First attempt was a no go" covers a wide variety of problems. Can you be more specific? Maybe one of the bridged ports didn't work. You might need a cross over cable there rather then a straight through cable. Maybe you didn't get DHCP assigned IP address on the OPTx port. You need firewall rules to allow DHCP traffic on the OPTx port. See discussion in the DHCP and DNS forum.

It seems when I delete the config.cache, it replaces it with one containing something like i:-1; From researching around, it seems that I can build an array with parse_config(true) and then overwrite the config.cache file with a serialize()'d config array, however I'm noticing that pfsense's parse_config() function creates an array which somehow loses some of the passthrumac entries, which is not good. Any suggestions on how to fix this behavior?

Go to a shell. Make a directory to mount the CD at: mkdir /tmp/cdrom Mount the CD: mount_cd9660 /dev/acd0 /tmp/cdrom CD is now mounted at /tmp/cdrom When finished unmount: umount /tmp/cdrom Note: If your cdrom device is not acd0, check the bootup messages for the proper device.

Yes handling of DHCP adresses based on in which class they belong and to which network they should have the adress….

hi Services > Captive portal > Pass-through MAC i think this is what you're looking for, i am using it for some vip's so they don't see the captive portal page, i am also using squid in transparent mode to make it easy on me. good luck

fast but not easy solution is to run PPPoE server and to make changes all clients to move over this service. Bad - have to go to all clients if they don't know how and what to set up… and believe me they don't. If you using DHCP, then create leases and give static IP's to all users. Create MAC filter in the router. Scan who send more than 10 ARP requests per second and lock it. (Better make new scope for IP's where you don't have any users and start it.) Segmenting the network is the only good, cheap and long term reasonable idea. Fastest way is to put few old WRT's with OpenWRT or DD-WRT. They support VLAN-taging, MAC filtering, port managing (ugh - but don't really support Layer 3 filtering). Next step is using L3 switches.

What are you trying to accomplish? Do you have a proxy installed on pfsense?

Yah, after reading this the next day I fully realize my mistake with the notation. When I checked my Linksys settings I found that I was using 255.255.255.0 [/24] anyway. You ever beat your head against a wall so many times figuring something out that you stop thinking clearly? LOL, I had such a hard time just getting pfSense installed on a machine that would detect all the network cards and this mistake happened towards the end of a very long day. I gotta remember to take a break sometimes. ;) Completely IMHO, I think it would be nice if you could put in the actual subnet rather than the / notation in pfSense. It is a little bit more user friendly as most people are used to that notation if they haven't had a ton of networking experience. Also, once you get beyond /24 it becomes a bit of a mental stretch to figure them out. Just my 2 cents.

@gloomrider: +1 on the advice for a standalone DSL modem in bridged mode.  Forgive the thread creep, but where would one purchase a Speedtouch? Thanks in advance. PS: I'm using a Netopia 2241N-VGx purchased from http://costcentral.com Don't think they sell it in the States but almost any modem will do the job. A D-link DSL-2320B will do the job (possibly better reliability because it doesn't run as hot as the Speedtouch modems).  Available on Newegg @ http://www.newegg.com/Product/Product.aspx?Item=N82E16825112003 It is capable of acting as a gateway but has the option to be switched into a bridge.

No interface with a matching IP means what it says, you don't have an interface IP matching that subnet, which means it won't add that CARP IP. CARP IPs must be within the subnet of the interface IP where you're adding them. Could be you're using the wrong subnet mask, or just trying to add a CARP IP that isn't valid.

Mine was really easy.  Assign a static IP to the slingbox (through static DHCP assignment), add a port forwarding rule (and the accompanying firewall rule) for port 5001 to the static IP assigned, and enjoy!

Found part of it. Just neede to open my eyes http://doc.pfsense.org/index.php/Static_Port

@chpalmer: It would be interesting to know why and if its normal for the box to do that…   I cant imagine all the problems this kinda traffic could cause to a cheap WalMart bought broadband router... Keep us updated on what they tell you after you get past level 1 support... It'd cripple most consumer routers within minutes.  Even those the higher-end models.  I've tried the more powerful models like the D-link DGL-4300, Linksys WRT-350N so on and so forth.  They will rapidly slowdown at 3000+ connections and just freeze up at about 6000 connections.