ok, I entered the /boot/loader.conf to disable acpi and now my firewall 4000km away is not booting :(

You can do this by using Captive Portal.

1. Set captive portal to no authentication.
2. You need to allow your website through captive portal with "Allowed IP Addresses"
3. Upload a custome captive portal page with one of the following:

Custom page that looks like your website

A PHP or meta tag redirect

A frame or iframe to you website

Simple page that says what you want to say with a link to your website.

If you will have many users you might want to do the following to help Captive Portal scale better.
These performance improvements I have identified by running 100+ customers in Captive Portal with pfSense.

This prepares the pfSense built in web server for more concurrent traffic.
http://forum.pfsense.org/index.php/topic,8861.msg50280.html#msg50280

This helps optimize PHP so it doesn't hold web server resources for a long period of time.
http://forum.pfsense.org/index.php/topic,8878.0.html

The above performance enhancements will be included in pfSense 1.3.

You have to make the clients use the proxy (like proxy settings in webbrowser and so on). Simply add block rules at interface>lan so they really have to use it .

Thank you very much hoba and sullrich!

Yes the computer I'm using is really cheap. The 2nd NIC caused a Dell workstation to not even boot. Many of our computers are random clones that I don't trust too much, certainly not for a router. but I didn't much else to spare. But I was able to get a Dell with a decent 2nd NIC. Will try this all again. Thanks!

the last thing i test was disable the transparant proxy.n thn whn i connect to web it time out, actaually it quite close to wat i want….but it cant work wit the schedules

Unless you don't have a portforward to a ftpserver inside your lan you don't need the ftphelper at interfaces>wan. Turn it off. If it still is acting up I don't know what to say. You are the only one with that issue, so you have some kind of broken config. I would restart from scratch then.

@jasoneisen:

So this is a universal (only one allowed) thing.  I cant set up rules for specific networks or mac addresses to boot from different files?

Not at this time, it's a global setting.  Patches accepted, of course.

@t.A.t.t.:

Hi all,

I'm using embeded pfSense image and running it on Alix. So far everything was fine. But now I experience problems with PPPoE (mpd).

In pfSense's system log there appears the message:
Apr 15 08:40:11 mpd: Incoming PPPoE connection request via vr0: for service "" from 00:11:09:70:1e:f0
Apr 15 08:37:35 mpd: Incoming PPPoE connection request via vr0: for service "" from 00:03:0d:80:b1:49
Apr 15 08:25:17 mpd: 192.168.120.1 -> 192.168.110.123
Apr 15 08:25:17 mpd: IPADDR 192.168.110.123
Apr 15 08:25:17 mpd: 192.168.110.123 is OK

Since then all users (we have mostly Windows clients using XP and Vista) cannot authenticate to PPPoE getting "Error772: remote computer's network hardware is incompatible with the type of call requested."

The only solution I have found so far is:
i] I kill mpd by executing "kill -15 mpd" in pfSense command prompt
ii] I start it again by executing "/usr/local/sbin/mpd -b -d /var/etc/mpd-vpn -p /var/run/mpd-vpn.pid pppoe"
After this procedure PPPoE works again as seen in pfSense's system log:
Apr 15 12:09:55 mpd: 192.168.120.1 -> 192.168.110.138
Apr 15 12:09:55 mpd: IPADDR 192.168.110.138
Apr 15 12:09:55 mpd: 192.168.110.138 is OK
Apr 15 12:09:51 mpd: Incoming PPPoE connection request via vr0: for service "" from 00:0d:28:13:69:af
Apr 15 12:09:45 mpd: mpd: pid 29909, version 3.18 (root@freebsd6.geekgod.com 12:32 6-Jan-2008)
Apr 15 12:09:33 mpd: mpd: process 52693 terminated
Apr 15 12:09:30 mpd: mpd: caught fatal signal term
Apr 15 11:09:38 mpd: Incoming PPPoE connection request via vr0: for service "" from 00:11:09:70:1e:f0

The only thing I found here in forum is aldo's reply in http://forum.pfsense.org/index.php/topic,1935.0.html post.

But I don't think it is Windows issue as we have on our network Win2k, WinXP, Vista or Mac PPPoE clients. I was wondering if it couldn't be an MTU size issue?

I will be glad for any advice.

Thankx to all.

well, no one knows? will someno direct me?

I changed out my PS last night to an 18V 2.2 amp supply.  It seems to have stopped the random freezing I was experiencing, but time will tell.

lagreca,
I'm getting the same messages as you on my vr0, even with the new power supply but I think my vr0 is my lan inteface (need to check tonight).  I'm not sure what is causing it either but now I'm thinking it cold be a switch plugged into the vr0 port.

Yes , that's it !

thanks a lot

-Stefan

All IPs on the same interface (the real ones for each firewall as well as the virtual IP) have to be in the same subnet, so you can't use private IPs on the LAN-Interfaces if that .1-IP is a public one. It's the same on WAN. You'll need 3 IPs from the same subnet on WAN and on LAN. LAN and WAN have to be different subnets of course.

Do you have the traffic shaper on?!

If yes can you please give the model of you network cards.
If you are using pppoe or pptp and are shaping on the pppoe interface?
What is the config of you shaper like bandwidth settings etc

It took me less time to get used to osx than to get used to vista. For home use I already replaced my workstation and my notebook with apple stuff. Much less pain, it simply works and is much faster than vista.

done, i will try in some hours do some windows networking… hope it works then.

It seems that yes, my switches were not VLAN capable.
Finally i totally replaced the WAN1 router with a switch - it had 3 PC-s connected to its switch board.
And windows networking is up and running.

As we had dual wan, the users didn't eaven feel a thing.
Thanks for the help.

It is working perfect. Thanks a lot… This is just what I want...

I haven't posted to the list - I was waiting to see what kind of responses I got here first.  For the time being I'm okay, I took down one of the firewalls.

What I think could be happening is, the dedicated carp link between the two machines may be a bad cable.  Originally I didn't have spanning tree enabled on the bridges, because I wanted an instant failover, and the bridge would be down on the backup firewall anyway, so STP was pointless.  So, if there was a bad cable, I could easily see the two servers fighting over who's master, and who's slave, since they would be talking over that dedicated link with a bad cable.

The ideal scenario is getting the hosting company to let me control .1, which I'm in the process of talking about with them.  That would allow me to completely get rid of the bridge, and just use carp to handle .1 - done deal.

Anyway, thanks for the URL, I may set up a test environment just to check it out anyway.

By the way, if you're curious why this is such a huge deal to me, read http://forum.pfsense.org/index.php/topic,7668.0.html.  We've doubled in size since then.

I have a static IP, therefore I can disregard that. 
It is not a new asterisk install, I have been using asterisk for well over a year now.  It is plain old asterisk that I downloaded and compiled on my Slackware server.  Version was 1.4.19, but I have downgraded to 1.4.18.1 and it seems better, still times out sometimes, but it has been good for the last couple days.

Provider is icall (carriers.icall.com)
Not using the SIP Proxy, never have and never had issues.

Features: http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43

The embedded version can do everything the full version can, except packages.

If you want to use packages: –> Fullinstall !

You're on the right track with a microdrive :)