Yes, if you have to provide real performance, then don't use a USB Network Adapter.
If you have only 1 physical port available for LAN, then you are going to need VLANs - buy a VLAN switch and connect it to the LAN port… There is going to be downtime in changing over!

Thanks a lot for you help.I installed the healthd package tried all the parameters and i also get wrong temps.
I actually get 255.0 as a cpu temp.  :P
Well this ADM1025 is way too old to be monitored.Even the bios dont have a monitor utility.Anyway thanks a lot for your help.
Friendly Nick.

Thanks everyone I created two new rules

TCP LAN net * -> Routers 80 (HTTP)
ICMP LAN net * -> Routers *

Works a treat

Or install package crond and schedule reboot etc.

Is that working via port forward?

If so…
https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

Clear your browsers cache/cookies etc and try again.

@hackin8:

When opening the dashboard in IE8 everything appears to work, but the display never refreshes - just sits open on original view showing "CPU updating in 10 secs…"  but it never does. Manually refreshing gets a new date / time - but no CPU, just same message.

I am running 2.1 on an Alix - works fine from other computers, locally. I am trying to access through VPN - everything else seems to work, except this.

Any help appreciated

Sure thing :)

P.S.
You should really upgrade to 2.1 :)

P.P.S.
Lepo da je še kak Slovenc tle gor :)

Any ideas how to achieve this?

I don't know why your calling it a dmz?  You do understand that your dmz from your rules has full unfiltered access to your lan network as well as the internet.

And unless you need to do something really odd, the automatic setting for outbound nat will nat your other segments you create - there is rarely any reason to change to manual outbound nat unless you have to do something out of the norm.. Which having another lan segment or "dmz" as you want to call it is not out of the norm.

A "dmz" is normally a network segment between the public internet and the private secured network..  Or just a segment that has filtered access between the public networks and the private network.

In your above rules you have a firewall between your dmz segment and your "lan" segment - but your rule base is wide open.. Normally you allow traffic from your lan into your dmz, but you do not allow unsolicited traffic from your dmz into your lan - which is what your current rules are.

example my dmz segment can not talk to my lan or my wlan or networks via an alias that has those local networks in it.  Unless the lan or wlan IP started the conversation.

dmzrules.png
dmzrules.png_thumb

#Resolved

After a lot of thinking and poking around I found the issue.

Under System -> Routing (System:Gateway): I found that the default gateway was set incorrectly.

Many thanks for your time.

Mike

#Resolved

After a lot of thinking and poking around I found the issue.

Under System -> Routing (System:Gateway): I found that the default gateway was set incorrectly.

Many thanks for your time.

Mike

Thanks. It was a transient problem, I guess. It's working now.

Not entirely sure what you mean by 'doom2 source port master'. The last time I played Doom 2 it was over a very long serial cable!  ;)
What requirements does that server have? Does it require you forward ports? UPNP?
Do you have a link?

Steve

I don't think it's latency.  Logged on from the LAN last night… still no refreshing. :(

Can you post your RTT (pings should be fine) between those offices? I have noticed that IPSec is especially sensitive to congestion when there are long round trip times and bandwidth is higher (you can read a little about it if you Google "Bandwidth Delay Product"). There is a whitepaper that sheds a bit of light on the IPSec part here: http://www.academia.edu/694268/_TCP_in_the_IPSEC_environment

To work around this, you may seriously consider implementing an OpenVPN solution to replace IPSec. pfSense has an excellent implementation of OpenVPN point to point and can handle failover (via CARP).

Still no info on the "hang" problem, but I'm betting on the issue where you need to disable SMP in the BIOS for install and then reenable it later.  That seems to hit a decent number of Dell servers.

No problem mate :)
Glad to help because this community helped me a lot :)

@denask:

Any security gains are from having additional devices on a separate subnet anyway, I guess.

If you have two interfaces bridged into one subnet you can still apply firewall rules at those interfaces to filter traffic to some extent. So there some security gains if you need them. I would also just attach it to the switch though unless you really need filtering.

Steve

Thank you !!