now http://blog.pfsense.org  :)

That's the place to watch for news, updates and other info. A must-read for all users.

Also, subscribe to the announcements list. email announce-subscribe@pfsense.com to subscribe. We've done a poor job of announcing releases there, but will do so going forward.

I've installed pfSense numerous times and never seen that. My guess would be a corrupt file. Since your running the embedded version it would be easy enough to flash another compact flash card, using another box or live cd, restore your config to the compact flash card. Then just swap the card out. Downtime would be just the time it takes for the box to boot.

Sounds good, Heiko and anyone else interested I started up a Bounty.  Please go there and give your input and post your amount and I'll update the subject with the values total.

Check it out here: http://forum.pfsense.org/index.php/topic,6024.0.html

In addition, if anyone here decides to work on it, I'd be more than happy to test and/or assist.

I

@Perry:

Just to be sure. Did you add a rule on lan2 like the default rule on lan

There is no smiley hitting his head with his hand ;-)

That was the point, that solved the problem, thank you!

Buffers are smaller on 10 megabit.  100 or gigabit will show better performance.

Check duplex as well.

@dear arno:
you success to  use pfsense pptp sever + windows IAS (radius server), plain windows xp vpn client - it works perfect since installed .

but I got problem:pptp server with radius
1.enable pptp server with local aaa,that's all ok!
2.only change aaa from local to radius server(such as evolynx radius server),success to in ,and get subnet ip,it seems all ok,but problem comes:can not ping any ip ,public ip(such DNS ,gateway of wan) and LAN ip of pfsense.(Tips:that's can ping when AAA with local,firewall peimit any IP any protocol).
3.return aaa to local,all become ok.
only change just local or radius server. Pfsense exist bugs on working with radius server or I wrong configuration? I NO IDEAR ?WHAT'S WRONG?can you help me?
thanks
yours yasian
my email: yasian@163.com

Yeah, if you're dealing with fibre then you won't want to be trying to cut corners on costs - it will come back and bite you later (from experience).

If you go wireless then you may want to look at a UK company http://www.solwise.co.uk/.  They have a page all about kit for linking buildings and have a PDF document about setting it up.

I have the following in /etc/rc.initial, just before the line /etc/rc.banner:

REMOTE_IP=`echo ${SSH_CLIENT} | awk '{ print $1 }'` if [ "${REMOTE_IP}" = "10.11.12.13" ]; then            /bin/tcsh         exit && exit && logout fi

Replace 10.11.12.13 wit h the IP of the system you want to be able to bypass the menu.

Hello,

You right , pftop is the right tool :)

thanks,
B.

yes, I did (using the web interface): <disablechecksumoffloading>yes</disablechecksumoffloading>

For my system it seems that the options doesn't have to be explicitly activated (as the original code does), but deactivated (what the code did not). At least this was my observation, ymmv of course :)

imwondering if i can use the traffic prioritizer to set priority based on IP range.  then i could set the DHCP scope to be less priority, and the servers and SAP workstatsions to have higher priority (and well, the bosses laptop too).

i was playing with the traffic shaper, and even tho it wasnt listed, when i turn on the catch-all-p2p, ftp is limited as well.  the penalty box feature is kinda cool… is there a way to add more than one computer (or, is just copying the rule and putting in another IP the way to do it) ?

No and this has to be one of the worst security practices ideas I have heard yet.  It's a firewall, leave it be and deploy another server for this task.  No offense.

It's an easy mistake to make, from personal experience :)

you could do it by dns, by adding a entry to 127.0.0.1, se when people try to access www.eviladdress.com they will be redirected to 127.0.0.1, but no logging features support this and it's pretty easy to bypass

These things are not supported.  Have fun :)

AFAIC this is supposed to be done by the switch (if its able to do so) where's pfsense is plugged.

Regards from Rio de Janeiro.

I guess it's possible that the clock was way off to begin with and just hasn't been able to sync with a time server yet.

Usually NTP protocol don't do big jumps in time.  It has some limit to the automatic time change.  If the time shift is greater than XXX seconds / minutes, it will not update.

Have you tried to config the clock manually to the closest as possible and then asked pfsense to then, sincronize ?

Also, sometimes time settings is not change on the fly on some process.  Sometimes it is necessary to restart the service.  If it is something related to kernel, usually a reboot will make the time to be correct (if the hardware clock is correct at boot time).

Regards from Rio de Janeiro.

use the Squid package?