@stephenw10: You can adjust the size of /tmp and /var in System: Advanced: Miscellaneous: as long as you have ram spare to do so. Steve Wow, I completely forgot that they were RamFS. Thanks. Ben

Netgate is in a unique position where they can do custom images. I'm sure they put work into optimizing the image. If you don't like it, then roll your own. What's the problem?

Well it allows you to set higher power on the surface. The lower layers still make sure no illegal levels are transmitted. Unless you connect a power-meter and measure what's getting out you only get shown a number which might or might not be correct.

Never would have thought of that. Thanks for reporting back. Steve

Yes you could do a MITM style intercept and replace images a-la 'Upside-Down-Ternet'. You could, more easily, have the captive portal leases expire after an hour forcing users to login again and be subjected to advertising. However that still won't push anything you have to wait for the clients to pull something you can intercept. I would think there is no way to this without some client side plugin. Steve

I gonna try thanks. As i do not want to mess up anything, may i use a gmail.com account of mine to create a certificate from startssl. If not, i ve got a real domain name as well blablabla.eu Thanks for help. "It won't be an "MS Windows Logon" or a popup" I was speaking about freeradius..section 2) Why radius is so hard to implement on W7 ?

Yeap, that did it. Reenabled Squid, found and checked the "Disable X-Forward" option, and now it seems I have a cache without sharing my private IP addresses. Thank you again.

Yeah Gotta gotta have it… no matter the bandwidth... although queuing is good until is bad...

@sjim: Here is my pfSense setup. I setup a NAT so that all TCP/UDP traffic coming to any ports on the WAN interface (from port# 1 to port# 65535 except port# 443 for the pfsense webui) will be forwarded to the IP address of my NFS client. AFAIK the only difference between the secure and insecure option on NFS is that the server will only accept mount requests from the client if they come from a port less than 1024. I suspect that you may not be using 1:1 NAT and so pfSense is choosing it's own source port for the translated request from the client. One solution would be to use 1:1 NAT since you are already mapping all the ports anyway. You would need to create a special port forward if you need 443 to point to pfSense (by default it should be processed before the 1:1 NAT [1]). Another option would be to create a special case NAT rule for just the NFS client to server request using the Translation: Static-port [2] option. [1] https://doc.pfsense.org/index.php/Do_NAT_port_forwards_override_1:1_NAT [2] https://doc.pfsense.org/index.php/Static_Port

That wouldn't be a "cron" job since those are periodic. To run a shell command after bootup in a way that would work across upgrades and such, look at the shellcmd package which runs shell commands at boot time.

If the rules pass the traffic, and outbound NAT is set to NAT them out, it should work. Though there is not enough detail to say for sure. Make sure the rules pass all traffic, not only TCP. Some other things to check: Try to ping the firewall (their gateway), if they can't, then rules are probably to blame Try to ping an Internet host by hostname, such as www.google.com, if it can't translate the name to an IP address, check your DNS Try to ping an Internet host by IP address, such as 8.8.8.8, if the other parts work but that does not, it's likely outbound NAT

I second a fanless solution, something like an alix board etc.. You'll go from ~60watts to ~10watts. Spec wise you'll just want 1-2gb of ram unless you want a crap ton of firewall rules / snort rules or something of that nature.

Win!  ;D Steve

Looks like it's well covered in the thread but worth repeating in summary: Internal ADSL cards are: 1. Difficult to locate/source 2. Expensive 3. Unsupported 4. A bad idea from an electrical/surge point of view Working in PC repair years ago, I saw dozens of DSL modems fried over the years, and countless more entire PCs fried because of internal dialup modems. Replacing a DSL modem is probably on the order of $25-50, if that. Replacing your entire firewall (and the DSL card!) would be significantly more expensive. Surge protectors aren't perfect… It's not worth it.

This is an odd setup you have. What are you doing with the various machines on each side of the pfSense box? Normally to access services running on machines behind pfSense, a web server for example, you would use port forwarding. Each of the services you want to access would appear to clients on the WAN side to be running on the pfSense WAN address. If you actually want to be able to access to machines behind pfSense directly you need to have pfSense act purely as a router. You'd need to disable NAT, add firewall rules and then give the clients a route by manually adding routes to them. Steve

@twp01: This is the full script I am trying to run through CRON, it is the one the link went to, but here is it posted in its entirety. Thanks _#!/bin/sh #===================================================================== pingtest.sh, v1.0.2 Created 2009 by Bennett Lee Released to public domain (1) Attempts to ping several hosts to test connectivity.  After #    first successful ping, script exits. (2) If all pings fail, resets interface and retries all pings. (3) If all pings fail again after reset, then reboots pfSense. History 1.0.2  Added turn dhclient on for the interface. (Dice81) 1.0.1  Added delay to ensure interface resets (thx ktims). 1.0.0  Initial release. #=====================================================================_ The script is working but If it runs from pfsense Cron package, it needs the full path of the /sbin/ping executables as well, otherwise it reboots the pfsense every time.

This thread over on Broadband reports in pretty educational regarding QoS. … - Latency and QoS - ... http://www.dslreports.com/forum/remark,27252457?hilite=comcast

Thank You so much guys!!!!!!….Its a Usb keyboard,And I replaced the Removable Battery And it noticed the keyboard in which I booted into Bios and I Overwrited my Linux distro. over PFSense and all Is working as needed! PROBLEM SOLVED.