Yeah speed is definitely not an issue with adequately sized hardware, two 100 Mb connections is nothing. The couple links posted are good resources, and there are many, many others on here who have pushed a lot more than 200 Mb. Yours truly included.

Thanks for the confirmation CMB  ;D

If you don't enter a keepalive IP it's on demand by default.

I think he might be refering to RouterOS that comes with RouterBOARDs from Mikrotik.

Here's a reference I found: http://www.mikrotik.com/software.html

Saw them at this supplier, http://www.xagyl.com/catalog/index.php?cPath=57_30 might be others too.

Anyway, it seems it is a linux based router/firewall. Seems somewhat similar to Vyatta, but there doesn't seem to be a free/community edition.

From what I can tell from a quick look at the demo, a lot of the functionality is only available from the telnet interface, with only a selected subset being available from the web interface.

I don't know how this would compare to pfSense, I'm sure someone around here might have a better idea though.

I had this issue when one of the CPUs in the Dell Powerline server would overheat, this was fixed by simply mounting a fan on top of the heatsink. Check to see if heat is becoming an issue. A ram check wouldnt do harm either so try that if you will.

Hope any of this helped,

Matt

pfSense doesn't support modemtype interfaces. Only ethernet. You could live with a single interface if you create vlans but that would require a vlan-capable switch to make sense for a firewall.

i am contacting our web admin that works with the softwarre to find out more how the software works and grabs the information.  I will post a reply with the new information in a day or so.

Ok, I applied the workaround, and so far so good. It works.

Change /conf/config.xml

<system>... .... <afterfilterchangeshellcmd>/usr/local/bin/reset_states.sh</afterfilterchangeshellcmd></system>

Create /usr/local/bin/reset_states.sh

#!/bin/sh sleep 60 /sbin/pfctl -F state sleep 40 /sbin/pfctl -F state

chmod 755 /usr/local/bin/reset_states.sh

@fredde:

this have been discussed several times, so best would be to just search for it on the forum
you can also check this link where tutorials and wiki are located
http://www.pfsense.org/index.php?option=com_content&task=view&id=50&Itemid=78

You can add the last 2 lines manually to your config.xml as hidden shellcommands. Search the forum, there are some examples on how to use hidden config.xml options.

The problem came back.

something made it restart and after the ISP PPPOe account (user and password) vanished .
Please not that there is a gap in 19:46 ,the system rebooted @ this time

10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] pausing 7 seconds before open
10.6.30.254 04/05/08 19:45:13 04/05/08 19:45:07 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] pausing 2 seconds before open
10.6.30.254 04/05/08 19:45:20 04/05/08 19:45:14 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] pptp originate option is not enabled
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state OPENING
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] link: DOWN event
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] pausing 9 seconds before open
10.6.30.254 04/05/08 19:45:22 04/05/08 19:45:16 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] pptp originate option is not enabled
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state OPENING
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] link: DOWN event
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] pausing 9 seconds before open
10.6.30.254 04/05/08 19:45:31 04/05/08 19:45:25 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] pptp originate option is not enabled
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state OPENING
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] link: DOWN event
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] pausing 9 seconds before open
10.6.30.254 04/05/08 19:45:40 04/05/08 19:45:34 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] pptp originate option is not enabled
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state OPENING
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] link: DOWN event
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] LCP: Down event
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] pausing 7 seconds before open
10.6.30.254 04/05/08 19:45:49 04/05/08 19:45:43 pfsense system Info mpd [pt0] device is now in state DOWN
10.6.30.254 04/05/08 19:47:06 04/05/08 19:47:04 system Info mpd mpd: pid 229, version 3.18 (root@freebsd6.geekgod.com 12:32  6-Jan-2008)
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:05 secur/auth Error sshlockout[243] sshlockout starting up
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] ppp node is "mpd229-pppoe"
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] exec: /sbin/ifconfig fxp0 up
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] using interface ng0
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: peer address cannot be zero
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IFACE: Open event
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: Open event
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: state change Initial –> Starting
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] IPCP: LayerStart
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] bundle: OPEN event in state CLOSED
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] opening link "pppoe"…
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] link: OPEN event
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: Open event
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: state change Initial –> Starting
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] LCP: LayerStart
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 secur/auth Info sshd[242] Server listening on :: port 22.
10.6.30.254 04/05/08 19:47:07 04/05/08 19:47:04 secur/auth Info sshd[242] Server listening on 0.0.0.0 port 22.
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] pausing 4 seconds before open
10.6.30.254 04/05/08 19:47:16 04/05/08 19:47:13 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] pausing 2 seconds before open
10.6.30.254 04/05/08 19:47:20 04/05/08 19:47:17 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:47:22 04/05/08 19:47:19 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] pausing 6 seconds before open
10.6.30.254 04/05/08 19:47:31 04/05/08 19:47:28 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:47:37 04/05/08 19:47:34 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] pausing 4 seconds before open
10.6.30.254 04/05/08 19:47:46 04/05/08 19:47:43 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:47 04/05/08 19:47:45 local 0 Info pf tcpdump: WARNING: pflog0: no IPv4 address assigned
10.6.30.254 04/05/08 19:47:47 04/05/08 19:47:45 local 0 Info pf tcpdump: listening on pflog0, link-type PFLOG (OpenBSD pflog file), capture size 96 bytes
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Warning openvpn[349] Use –help for more information.
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Error openvpn[349] Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_server0.conf:14: lport (2.0.6)
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] pausing 2 seconds before open
10.6.30.254 04/05/08 19:47:50 04/05/08 19:47:47 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:47:51 04/05/08 19:47:49 system Warning openvpn[353] Use –help for more information.
10.6.30.254 04/05/08 19:47:51 04/05/08 19:47:49 system Error openvpn[353] Options error: Unrecognized option or missing parameter(s) in /var/etc/openvpn_client0.conf:14: remote (2.0.6)
10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:47:52 04/05/08 19:47:49 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:48:00 04/05/08 19:47:58 system Notice snort2c[520] snort2c running in daemon mode pid: 520
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Notice pftpx[530] listening on 127.0.0.1 port 8021
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Notice pftpx[538] listening on 127.0.0.1 port 8022
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] PPPoE connection timeout after 9 seconds
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device: DOWN event in state OPENING
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] pausing 4 seconds before open
10.6.30.254 04/05/08 19:48:01 04/05/08 19:47:58 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd Internet Systems Consortium DHCP Server V3.0.5
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd Copyright 2004-2006 Internet Systems Consortium.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd All rights reserved.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:01 system Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Internet Systems Consortium DHCP Server V3.0.5
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Copyright 2004-2006 Internet Systems Consortium.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd All rights reserved.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 0 deleted host decls to leases file.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 0 new dynamic host decls to leases file.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Wrote 10 leases to leases file.
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Listening on BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Sending on  BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 local 7 Info dhcpd Sending on  Socket/fallback/fallback-net
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] started, version 2.39 cachesize 150
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] compile time options: IPv6 GNU-getopt ISC-leasefile no-DBus no-I18N TFTP
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] reading /var/dhcpd/var/db/dhcpd.leases
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] reading /etc/resolv.conf
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] using nameserver 208.67.222.222#53
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] using nameserver 208.67.220.220#53
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info dnsmasq[626] read /etc/hosts - 2 addresses
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd mpd: pid 639, version 3.18 (root@freebsd6.geekgod.com 12:32  6-Jan-2008)
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt0] ppp node is "mpd639-pt0"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd mpd: local IP address for PPTP is 0.0.0.0
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt0] using interface ng1
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt1] ppp node is "mpd639-pt1"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt1] using interface ng2
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt2] ppp node is "mpd639-pt2"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt2] using interface ng3
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt3] ppp node is "mpd639-pt3"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt3] using interface ng4
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt4] ppp node is "mpd639-pt4"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt4] using interface ng5
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt5] ppp node is "mpd639-pt5"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt5] using interface ng6
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt6] ppp node is "mpd639-pt6"
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt6] using interface ng7
10.6.30.254 04/05/08 19:48:04 04/05/08 19:48:02 system Info mpd [pt7] ppp node is "mpd639-pt7"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt7] using interface ng8
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt8] ppp node is "mpd639-pt8"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt8] using interface ng9
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt9] ppp node is "mpd639-pt9"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt9] using interface ng10
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt10] ppp node is "mpd639-pt10"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt10] using interface ng11
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt11] ppp node is "mpd639-pt11"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt11] using interface ng12
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt12] ppp node is "mpd639-pt12"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt12] using interface ng13
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt13] ppp node is "mpd639-pt13"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt13] using interface ng14
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt14] ppp node is "mpd639-pt14"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt14] using interface ng15
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt15] ppp node is "mpd639-pt15"
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pt15] using interface ng16
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] pausing 1 seconds before open
10.6.30.254 04/05/08 19:48:05 04/05/08 19:48:02 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:48:06 04/05/08 19:48:03 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd Internet Systems Consortium DHCP Server V3.0.5
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd Copyright 2004-2006 Internet Systems Consortium.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd All rights reserved.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 system Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Internet Systems Consortium DHCP Server V3.0.5
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Copyright 2004-2006 Internet Systems Consortium.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd All rights reserved.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd For info, please visit http://www.isc.org/sw/dhcp/
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 0 deleted host decls to leases file.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 0 new dynamic host decls to leases file.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Wrote 10 leases to leases file.
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Listening on BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Sending on  BPF/fxp1/00:d0:b7:81:7c:75/10.6.30/24
10.6.30.254 04/05/08 19:48:10 04/05/08 19:48:08 local 7 Info dhcpd Sending on  Socket/fallback/fallback-net
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] possible netmask problem between rl0:10.6.0.0/17 and fxp1:10.6.30.0/24
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] Send mcast sendto(rl0, 224.0.0.9.520): Network is unreachable
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:08 system Error routed[934] Send mcast sendto(fxp1, 224.0.0.9.520): Network is unreachable
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000000 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl  1, id 5839, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.9: igmp v2 report 224.0.0.9
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 001638 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl  1, id 52372, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.9: igmp v2 report 224.0.0.9
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000319 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl  1, id 60666, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.2: igmp v2 report 224.0.0.2
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 000173 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl  1, id 32222, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.2: igmp v2 report 224.0.0.2
10.6.30.254 04/05/08 19:48:11 04/05/08 19:48:09 local 0 Info pf 716251 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl  1, id 29876, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.9: igmp v2 report 224.0.0.9
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PPPoE connection successful
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] device: UP event in state OPENING
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] device is now in state UP
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] link: UP event
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] link: origination is local
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: Up event
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Starting –> Req-Sent
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: phase shift DEAD –> ESTABLISH
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: SendConfigReq #1
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM bd4093e9
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: rec'd Configure Request #153 link 0 (Req-Sent)
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd AUTHPROTO PAP
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM 3283f015
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: SendConfigAck #153
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd AUTHPROTO PAP
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM 3283f015
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Req-Sent –> Ack-Sent
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: rec'd Configure Ack #1 link 0 (Ack-Sent)
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd MAGICNUM bd4093e9
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: state change Ack-Sent –> Opened
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: phase shift ESTABLISH –> AUTHENTICATE
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: auth: peer wants PAP, I want nothing
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PAP: using authname ""
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd mpd: empty auth name
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd Warning: no secret for "" found
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] PAP: sending REQUEST
10.6.30.254 04/05/08 19:48:12 04/05/08 19:48:09 system Info mpd [pppoe] LCP: LayerUp
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd [pppoe] PAP: using authname ""
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd mpd: empty auth name
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd Warning: no secret for "" found
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:11 system Info mpd [pppoe] PAP: sending REQUEST
10.6.30.254 04/05/08 19:48:14 04/05/08 19:48:12 local 0 Info pf 2. 999542 rule 448/unkn(8): pass out on fxp1: (tos 0x0, ttl  1, id 16795, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.30.254 > 224.0.0.2: igmp v2 report 224.0.0.2
10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:12 system Info dnsmasq[626] reading /var/dhcpd/var/db/dhcpd.leases
10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:13 local 0 Info pf 199981 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl  1, id 12970, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.9: igmp v2 report 224.0.0.9
10.6.30.254 04/05/08 19:48:15 04/05/08 19:48:13 local 0 Info pf 200003 rule 449/unkn(8): pass out on rl0: (tos 0x0, ttl  1, id 9978, offset 0, flags [none], proto: IGMP (2), length: 32, options ( RA (148) len 4 )) 10.6.35.254 > 224.0.0.2: igmp v2 report 224.0.0.2
10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd [pppoe] PAP: using authname ""
10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd mpd: empty auth name
10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd Warning: no secret for "" found
10.6.30.254 04/05/08 19:48:16 04/05/08 19:48:13 system Info mpd [pppoe] PAP: sending REQUEST
10.6.30.254 04/05/08 19:48:28 04/05/08 19:48:25 system Error snort2c[520] SIGTERM received - exiting
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'fxp1_ADDRESS' defined, value len = 23 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 10.6.30.0/255.255.255.0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'lo0_ADDRESS' defined, value len = 19 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 127.0.0.0/255.0.0.0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Parsing Rules file /usr/local/etc/snort/snort.conf
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'AIM_SERVERS' defined, value len = 132 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,205.188.5.0/24,205.188.9.0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] /24]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HTTP_PORTS' defined, value len = 2 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 80
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SHELLCODE_PORTS' defined, value len = 3 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = !80
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'ORACLE_PORTS' defined, value len = 4 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 1521
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HOME_NET' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'TELNET_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SQL_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Error snort[1074] command line overrides rules file alert plugin!
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Error snort[1074] command line overrides rules file alert plugin!
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'HTTP_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SMTP_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'DNS_SERVERS' defined, value len = 54 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = [10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'EXTERNAL_NET' defined, value len = 55 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = ![10.6.30.0/24,208.67.220.220,208.67.222.222,127.0.0.1]
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'SSH_PORTS' defined, value len = 2 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = 22
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Var 'RULE_PATH' defined, value len = 26 chars
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] , value = /usr/local/etc/snort/rules
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Detection:
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Search-Method = Low-Mem
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] ,–---------[Flow Config]–--------------------
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Stats Interval:  0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Hash Method:    2
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Memcap:          10485760
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Rows  :          4099
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] | Overhead Bytes:  16400(%0.16)
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] `–--------------------------------------------
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 global config:
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Max frags: 8192
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment memory cap: 4194304 bytes
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 engine config:
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Target-based policy: BSD
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment timeout: 60 seconds
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment min_ttl:  1
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment ttl_limit: 5
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment Problems: 0
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Frag3 engine config:
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Target-based policy: LAST
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment timeout: 60 seconds
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment min_ttl:  1
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment ttl_limit: 5
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Fragment Problems: 1
10.6.30.254 04/05/08 19:48:31 04/05/08 19:48:29 system Notice snort[1074] Bound Addresses: 0.0.0.0/0.0.0.0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 global config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track TCP sessions: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max TCP sessions: 8192
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Memcap (for reassembly packet storage): 8388608
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track UDP sessions: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max UDP sessions: 131072
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Track ICMP sessions: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max ICMP sessions: 65536
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 TCP Policy config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Reassembly Policy: BSD
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Min ttl:  1
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Options:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Static Flushpoint Sizes: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Reassembly Ports:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 0 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 1 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 2 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 3 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 4 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 5 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 6 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 7 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 8 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 9 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 11 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 12 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 13 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 14 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 15 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 16 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 17 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 18 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 19 client (Footprint) server (Footprint)
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Bound Addresses:0.0.0.0/0.0.0.0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 UDP Policy config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Stream5 ICMP Policy config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Timeout: 30 seconds
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] HttpInspect Config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] GLOBAL CONFIG
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max Pipeline Requests:    0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Inspection Type:          STATELESS
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Proxy Usage:      NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map Filename: /usr/local/etc/snort/unicode.map
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map Codepage: 1252
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] DEFAULT SERVER CONFIG:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Server profile: All
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ports: 80 3128 8080
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Flow Depth: 0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Max Chunk Length: 500000
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Inspect Pipeline Requests: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] URI Discovery Strict Mode: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Allow Proxy Usage: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Disable Alerting: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Oversize Dir Length: 0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Only inspect URI: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ascii: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Double Decoding: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] %U Encoding: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Bare Byte: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Base36: OFF
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] UTF 8: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Multiple Slash: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Backslash: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Directory Traversal: YES alert: NO
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Web Root Traversal: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Apache WhiteSpace: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Delimiter: YES alert: YES
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Non-RFC Compliant Characters: 0x00
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Whitespace Characters: 0x09 0x0b 0x0c 0x0d
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] rpc_decode arguments:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ports to decode RPC on: 111 32771
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_fragments: INACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_large_fragments: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_incomplete: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] alert_multiple_requests: ACTIVE
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Portscan Detection Config:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Protocols:  TCP UDP ICMP IP
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Detect Scan Type:  portscan portsweep decoy_portscan distributed_portscan
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Sensitivity Level: Low
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Memcap (in bytes): 1048576
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Number of Nodes:  3869
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] Ignore Scanner IP List:
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 10.6.30.0 / 255.255.255.0
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 208.67.220.220 / 255.255.255.255
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 208.67.222.222 / 255.255.255.255
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074] 127.0.0.1 / 255.255.255.255
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: authorization timer expired
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: authorization failed
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: CLOSE event in state UP
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state CLOSING
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: DOWN event in state CLOSING
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] error writing len 12 frame to bypass: Network is down
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] link: DOWN event
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: Down event
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: state change Opened –> Starting
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: phase shift AUTHENTICATE –> DEAD
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] LCP: LayerDown
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] pausing 4 seconds before open
10.6.30.254 04/05/08 19:48:32 04/05/08 19:48:29 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Tagged Packet Limit: 256
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dcerpc_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_dns_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ftptelnet_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_smtp_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor//libsf_ssh_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Finished Loading all dynamic preprocessor libs from /usr/local/lib/snort/dynamicpreprocessor/
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_ftptelnet_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Loading dynamic preprocessor library /usr/local/lib/snort/dynamicpreprocessor/libsf_smtp_preproc.so…
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] done
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTPTelnet Config:
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] GLOBAL CONFIG
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Inspection Type: stateless
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Encrypted Traffic: OFF
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Continue to check encrypted data: NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP CONFIG:
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP Server: default
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ports: 21
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Telnet Cmds: OFF
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Identify open data channels: NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] FTP Client: default
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Bounce Attacks: OFF
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Check for Telnet Cmds: OFF
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Response Length: 100
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] SMTP Config:
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ports:
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] 25
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Inspection Type:            STATEFUL
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Normalize Spaces:          YES
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore Data:                NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore TLS Data:            NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Ignore Alerts:              NO
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Command Length:        0
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Header Line Length:    0
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Max Response Line Length:  0
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] X-Link2State Alert:        YES
10.6.30.254 04/05/08 19:48:33 04/05/08 19:48:30 system Notice snort[1074] Drop on X-Link2State Alert: NO
10.6.30.254 04/05/08 19:48:34 04/05/08 19:48:31 system Error routed[934] Send mcast sendto(rl0, 224.0.0.9.520): Network is unreachable
10.6.30.254 04/05/08 19:48:34 04/05/08 19:48:31 system Error routed[934] Send mcast sendto(fxp1, 224.0.0.9.520): Network is unreachable
10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] pausing 1 seconds before open
10.6.30.254 04/05/08 19:48:36 04/05/08 19:48:33 system Info mpd [pppoe] device is now in state DOWN
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device: OPEN event in state DOWN
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device is now in state OPENING
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] rec'd ACNAME "far-br1"
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] PPPoE connection successful
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device: UP event in state OPENING
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] device is now in state UP
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] link: UP event
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] link: origination is local
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: Up event
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: state change Starting –> Req-Sent
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: phase shift DEAD –> ESTABLISH
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd [pppoe] LCP: SendConfigReq #2
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:34 system Info mpd MAGICNUM ba7fe929
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: rec'd Configure Request #202 link 0 (Req-Sent)
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd AUTHPROTO PAP
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM 4d0c018b
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: SendConfigAck #202
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd AUTHPROTO PAP
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM 4d0c018b
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: state change Req-Sent –> Ack-Sent
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: rec'd Configure Ack #2 link 0 (Ack-Sent)
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MRU 1492
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd MAGICNUM ba7fe929
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: state change Ack-Sent –> Opened
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: phase shift ESTABLISH –> AUTHENTICATE
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: auth: peer wants PAP, I want nothing
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] PAP: using authname ""
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd mpd: empty auth name
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd Warning: no secret for "" found
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] PAP: sending REQUEST
10.6.30.254 04/05/08 19:48:37 04/05/08 19:48:35 system Info mpd [pppoe] LCP: LayerUp
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Error snort[1074] OpenPcap() device fxp0 network lookup:          fxp0: no IPv4 address assigned
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Error snort[1075] OpenPcap() device fxp0 network lookup:          fxp0: no IPv4 address assigned
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074]
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-config]–--------------------------------
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | memory-cap : 1048576 bytes
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-global]–--------------------------------
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | none
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] +–---------------------[thresholding-local]–---------------------------------
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=10183      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6128      type=Limit    tracking=src count=1  seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=9839      type=Limit    tracking=src count=1  seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6223      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6489      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=5990      type=Limit    tracking=src count=1  seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6336      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=5835      type=Limit    tracking=src count=1  seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6241      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7646      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=5978      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6324      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7547      type=Limit    tracking=src count=1  seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7535      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6122      type=Limit    tracking=src count=1  seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6271      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7142      type=Limit    tracking=src count=1  seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6176      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=12693      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=12485      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=12679      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=5945      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6483      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=6365      type=Limit    tracking=src count=1  seconds=600
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7732      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=7739      type=Limit    tracking=src count=1  seconds=300
10.6.30.254 04/05/08 19:48:39 04/05/08 19:48:36 system Notice snort[1074] | gen-id=1      sig-id=8073    &

Thanks hoba. I always keep a copy of the original "last known good" config file just in case I screw up the config file. Of course worst case scenario is a short truck roll, reinstall from scratch, upload last know good config, and we are back in business.

I am really enjoying working with pfSense. Next project is going to be another NIC with auto-failover to our secondary WAN. If I can get that figured out properly, then it will be time to go redundant… Another pfSense box next to our existing gateway catching automatic backup of the existing, and CARP failover to it. I am sure I will have a question or two once I get into that, lol.

You guys are doing a great job! I have recommended pfSense to quite a few other operators out there. Please keep up the support.

You could use the captive portal with radius accounting for this. Other option is to use the bandwidthd package or something external that receives information from the pfflowd-package. Search the forum, this has actually been discussed a lot and solutions are around.

finally now it is working .  with this config :

<pfsense><version>3.0</version>
  <lastchange><theme>nervecenter</theme> <system><optimization>normal</optimization>
  <hostname>pfSense</hostname>
  <domain>local</domain>
  <dnsallowoverride><username>admin</username>
  <password>$1$GCmX2tUH$tublAsTINLcuehl9l6AJ9.</password>
  <timezone>Etc/UTC</timezone>
  <time-update-interval>300</time-update-interval>
  <timeservers>0.pfsense.pool.ntp.org</timeservers> <webgui><protocol>http</protocol></webgui>
  <disablenatreflection>yes</disablenatreflection>
  <dnsserver>196.192.x.x</dnsserver>
  <dnsserver>213.200.xx.xx</dnsserver></dnsallowoverride></system> <interfaces>- <lan><if>rl0</if>
  <ipaddr>192.168.1.1</ipaddr>
  <subnet>24</subnet>
  <media><mediaopt><bandwidth>100</bandwidth>
  <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> <wan><if>vr1</if>
  <mtu><media><mediaopt><bandwidth>100</bandwidth>
  <bandwidthtype>Mb</bandwidthtype>
  <spoofmac>00:1d:60:25:30:72</spoofmac>
  <disableftpproxy><ipaddr>172.30.x.86</ipaddr>
  <subnet>30</subnet>
  <gateway>172.30.x.85</gateway>
  <blockpriv>on</blockpriv>
  <dhcphostname></dhcphostname></disableftpproxy></mediaopt></media></mtu></wan> <opt1><if>vr0</if>
  <descr>OPT1</descr></opt1></interfaces>
  <staticroutes>- <pppoe><username><password></password></username></pppoe> <pptp><username><password><local></local></password></username></pptp> <bigpond><username><password><authserver><authdomain><minheartbeatinterval></minheartbeatinterval></authdomain></authserver></password></username></bigpond> <dyndns><type>dyndns</type>
  <username><password></password></username></dyndns> <dhcpd>- <lan><enable>- <range><from>192.168.1.10</from>
  <to>192.168.1.245</to></range></enable></lan></dhcpd> <pptpd><mode><redir><localip></localip></redir></mode></pptpd>
  <ovpn>- <dnsmasq><enable></enable></dnsmasq> <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd> <diag>- <ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
  <bridge><syslog>- <nat><ipsecpassthru>- <advancedoutbound>- <rule>- <source>
  <network>any</network>
 
  <sourceport><descr><target>196.192.xx.x</target>
  <interface>lan</interface> <destination><any></any></destination>
  <natport></natport></descr></sourceport></rule> <rule>- <source>
  <network>any</network>
 
  <sourceport><descr><target>196.192.xx.x</target>
  <interface>wan</interface> <destination><any></any></destination>
  <natport></natport></descr></sourceport></rule> <rule>- <source>
  <network>192.168.1.0/24</network>
 
  <sourceport><descr>Auto created rule for LAN</descr>
  <target><interface>wan</interface> <destination><any></any></destination>
  <natport></natport></target></sourceport></rule>
  <enable></enable></advancedoutbound></ipsecpassthru></nat> <filter>- <rule><type>pass</type>
  <interface>wan</interface>
  <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
  <os><protocol>tcp</protocol> <source>
  <any>- <destination><any></any></destination></any></os></statetimeout></max-src-states></max-src-nodes></rule> <rule><type>pass</type>
  <descr>Default LAN -> any</descr>
  <interface>lan</interface> <source>
  <network>lan</network> <destination><any></any></destination></rule> <rule><type>pass</type>
  <interface>lan</interface>
  <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
  <os><protocol>tcp</protocol> <source>
  <any>- <destination><any></any></destination></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter>
  <shaper>- <ipsec><preferredoldsa></preferredoldsa></ipsec>
  <aliases><proxyarp>- <cron>- <minute>0</minute>
  <hour></hour>
  <mday></mday>
  <month></month>
  <wday></wday>
  <who>root</who>
  <command></command>/usr/bin/nice -n20 newsyslog <minute>1,31</minute>
  <hour>0-5</hour>
  <mday></mday>
  <month></month>
  <wday>*</wday>
  <who>root</who>
  <command></command>/usr/bin/nice -n20 adjkerntz -a <minute>1</minute>
  <hour>3</hour>
  <mday>1</mday>
  <month></month>
  <wday></wday>
  <who>root</who>
  <command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh <minute>/60</minute>
  <hour></hour>
  <mday></mday>
  <month></month>
  <wday>*</wday>
  <who>root</who>
  <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout <minute>1</minute>
  <hour>1</hour>
  <mday></mday>
  <month></month>
  <wday>*</wday>
  <who>root</who>
  <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update <minute>/60</minute>
  <hour></hour>
  <mday></mday>
  <month></month>
  <wday>*</wday>
  <who>root</who>
  <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot <minute>/60</minute>
  <hour></hour>
  <mday></mday>
  <month></month>
  <wday>*</wday>
  <who>root</who>
  <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c <minute>/5</minute>
  <hour></hour>
  <mday></mday>
  <month></month>
  <wday>*</wday>
  <who>root</who>
  <command></command>/usr/local/bin/checkreload.sh <minute>/5</minute>
  <hour></hour>
  <mday></mday>
  <month></month>
  <wday>*</wday>
  <who>root</who>
  <command></command>/etc/ping_hosts.sh <minute>/140</minute>
  <hour></hour>
  <mday></mday>
  <month></month>
  <wday>*</wday>
  <who>root</who>
  <command></command>/usr/local/sbin/reset_slbd.sh</cron>
  <wol><installedpackages>- <revision><description>/firewall_nat_out.php made unknown change</description>
  <time>1207288229</time></revision> <rrd><enable></enable></rrd> <virtualip>- <vip><mode>proxyarp</mode>
  <interface>wan</interface>
  <descr><type>single</type>
  <subnet_bits>32</subnet_bits>
  <subnet>196.192.xx.x</subnet></descr></vip></virtualip></installedpackages></wol></proxyarp></aliases></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense>

tried a lot on NAT outbound + virtual ip then worked .  thanks for helping .

Good to hear it's working now  :D

Hi fredde,

Thanks for the tip.  No - I hadn't looked at that because it seems like there is already a database within pfSense which tracks this information… the RRD graphs must be getting their data from somewhere.

Your suggestion does allow one to see daily summaries which is cool, but all I really want to do is to define a custom period to view the existing RRD traffic graph output - ie. Feb 21 - March 21... possible?

-- Phob