Controlling outgoing traffic with just firewall rules is really hard because of the multitude of TCP/UDP ports used for different applications and many of them are not officially allocated. The worst are filesharing applications such as BitTorrent that can use almost any port imaginable. You're much better off using a proxy with whitelist/blacklist techniques if you want to control outbound.

Thank you for your help.

For a new user I would recommend keeping it simple and organizing your rules per interface.  Leave the floating rules for traffic shaping.

@heper: You can set a timeout for a single firewall rule (advanced section when editing) Thnx i found it, dint know that option was there, the limit is 3600 seconds.

that is a link to the iso, its have been gzipped, just un gzip is.. And then you have the iso file. http://www.gzip.org/

hey thank you for your reply, very interesting, I am now consistently seeing my line speed again 900mbps with a clean signal graph on the speedtest, I have attatched the top output now when at around 870mbps let me know if you think there is something that looks wrong still thank you so much for assisting me XD [image: topoutput.jpg] [image: topoutput.jpg_thumb]

It's possible your performance has actually improved. Bufferbloated networks have this peculiar characteristic that sometimes being faster makes you slower. If your ISP or drop box service has suddenly increased in performance, you may be pushing up against your max bandwidth, which can trigger many issues with bufferbloat, like high pings times and packetloss. Like kpa mentioned, give traffic shaping a try. Even something as simple as enabling Codel and setting your upload bandwidth may be enough. Very easy. It may be something else, but give the easy fixes a chance.

"even a full duplex link can handle this easily." Still bad design plan and simple… No hairpin is not a "NAT" term.. Yes you can hairpin with NAT, ie NAT "reflection".  The term hairpin means in and out same interface.. And it should be avoided if possible.  When you have multiple vlans on the same physical interface and vlan A talks to vlan B this is a hairpin, and not best for performance.  If possible if you have vlans that send a lot of traffic to each other, these vlans should be on different physical interfaces at the device making the routing decision. You say your windows machine is fast, the way you drew it - looks to be coming in different path than the interface you have your vti on?  Is that the case?  Again you state this is hosted on VM, what interface in vm are physical in the drawing what are virtual? This is esxi, where is your vmkern?  Same interface?

Did you get this working in all situations? What happens when the network connection fails? Does the WAN interface go down or does pfSense still think it's connected? Does it reconnect automatically or must you send the AT commands again? If so, have you automated the reconnection? It is also possible to enable legacy PPP mode for this model: http://blog.asiantuntijakaveri.fi/2015/07/convert-huawei-e3372h-153-from.html

Thanks Jorge!

Unusual, but it happens. Some devices don't play well with certain others. In those cases, you're generally always fine with the switch in between. Where that works at all, it'll generally stay stable.

just a standard client great ill try to set it up then :) thanks again

@sherkas: You should be able to connect directly to the TOR network or just open required ports. I know this reply isnt too helpful. Thank you, but I tried following tutorial more without result. https://turbofuture.com/computers/How-to-Set-Up-a-Tor-Proxy-Server-on-pfSense http://www.malwaretech.com/2015/08/creating-ultimate-tor-virtual-network.html Not install.

I've been going round and round in circles trying to get my Sure GPS to work. No matter how many times I set the speed to 9600 in the config screen the system logs always say it opened the serial port at 4800, which obviously doesn't work. If I tell it to connect at 19200 then the system logs say it opened the serial port at 19200. If I go to Custom GPS and set it to 9600 and save when the page reloads it will still be showing 4800. I even tried setting it to speed 16 directly in the config.xml and reloading the page but when the page saves it still resets the serial port to 4800. If it helps - the page shows 4800 has a value of 0, and 9600 has a value of 15, whenever the page is saved with 9600 selected it saves the value 15 not 16 in the config.xml file. I hope I have provided enough information. System Version: 2.3.1-RELEASE-p1 (i386) built on Wed May 25 14:53:12 CDT 2016 FreeBSD 10.3-RELEASE-p3 Andy EDIT: OK I managed to get it working by forcing it to post speed value 16 by editing the page live in Chrome. services_ntpd_gps.php needs line 281 fixing. [0 => '4800', 15 => '9600', 32 => '19200', 48 => '38400', 64 => '57600', 80 => '115200'] should be [0 => '4800', 16 => '9600', 32 => '19200', 48 => '38400', 64 => '57600', 80 => '115200']

The following documents on the wiki may be helpful in assisting you to fix the problem: https://doc.pfsense.org/index.php/Low_Throughput_Troubleshooting https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards Also, it might help to know what network adapters you're using.

Hi, Thank you to all who respond to my plea. I followed your instructions and am now receiving mail. I had not read as far into the manual as I should have and set up manual rules without port forwarding. So, RTFM in future my lad. Thanks and kind reagrds, jB  8)