Yup!

I have 1000/1000 and speed betwen around 70 MB/s :)

i know.

lack of time and some private stuff.
have not worked on pfsense for a long time so i am starting from the  beginning.

OK, that's why I thought. This is a regression before our previous FW but all other stuff on pfsense make this nothing.

Thanks you.

@Jason:

@ilaurens:

No idea, I do not have much experience with pfsense, nor how it works.

But as far I know you can use pf_ring with snort to use multi cores.

Why not give it a try, if you have 10gbit stuff laying around.

https://www.google.nl/search?q=pfring+snort&oq=pfring+snort&aqs=chrome.0.69i57j0l3j69i62.1732j0&sourceid=chrome&ie=UTF-8#fp=aba73ede39cbb7b9&q=pf_ring+snort&safe=off&spell=1

Interesting.  Would this work with FreeBSD?  If so, I'd be in for a bounty on anyone who would be willing to integrate this into the pfSense package for Snort.  I'm actually less interested in this for 10Gbe speeds than I am for running on low-power hardware with multiple cores.

Anyway, I think I've decided to go with a pair of Cisco Nexus 5548UP switches with the L3 modules to solve my routing issue.  I've talked to a few people who have installed them and they've all had solid experiences.

I did read something about SnortSP Beta

Shell-based user interface with embedded scripting language
Native IPv6, MPLS and GRE support (This feature is now included in 2.9.x)
Native support for inline operation (This feature is now include in 2.9.x)
More subsystem plugin types such as data acquisition modules, decoders and traffic analyzers
Multithreaded execution model - multiple analysis engines may operate simultaneously on the same traffic (There are certain subsystems of 2.9.x that are now multi-threaded)
Performance increases
The purpose of this program is to

Source: http://www.snort.org/snort-downloads/snortsp/

Pretty standard stuff.  Looks fine, though I haven't actually tried sticking vLANs on a LAGG before.

One thing to note is that depending on how much traffic passes between those vLANs you might find yourself bandwidth starved on 1Gbe links.

@apfusertoo:

@rjcrowder:

@apfusertoo:

Third, I am used to the root shell in FreeBSD being csh, and would like to use that - is it safe for me to simply use vipw and change the root shell to /bin/csh ?

I just changed the shell that gets executed for option 8 on the menu. Changed to (had to install first) Bash and it works fine…

Ack … ok, this does work - it appears NOT to work, since .tcshrc will get executed no matter what, as long as it is there.

So, if you want to change frmo tcsh to csh, you need to alter rc.initial and you need to remove your existing /root/.tcshrc file before your actual .cshrc file will get sourced...

Thanks :)

Ugh.  So that worked just fine … until I rebooted.  Now /etc/passwd file is back to /bin/sh for root, and the .tcshrc file was recreated for me.  The changes to rc.initial stuck, but I still don't get a csh shell because .tcshrc is recreated...

How can I keep pfsense from recreating it ?  Other than maybe creating an empty file and chflagging it schg ??

Normally in those cases the ISP will route that block to whatever IP you receive on WAN. So you can use them internally on an interface or via 'other' type VIPs.

FYi. I re-assigned interfaces creating LAN addresses in made up 10.1.1.x range , restarted and got the webconfigurator to work. the rest would be reading and learning pfsense . thanks to NOYB who answered and to all who may have read.

Its a tweaked version of freebsd, so yeah those commands are pfsense commands

Recharged the UPS and now with halt (-h) command everything works as expected :)
I`m posting this just in case someone should have same problem as me …

As noted here; though clearly the other way round for you. NFC what's up with the logging timezones.

@stan-qaz:

Would it be possible to plug a GPS or other clock into the pfSense box to serve as a stable time source?

Yes, of course, serial NMEA GPS is supported.

You should have a look on "Captive Portal" on pfsense. When a user connects to the ethernet and wants to open a webpage like google he will be redirected to the CaptivePortal page. You can designe this page as you like.

User can login with username/password oder with a voucher or you do something with freeradius (additional pfsense package) + mysql with a self registration page.

Perhaps have a look at this documentation:
http://doc.pfsense.org/index.php/FreeRADIUS_2.x_package#CaptivePortal_Self-Registration:FreeRADIUS.2B_MySQL

172.16.8.3 is in private IP address space. I guess that IP address was a DNS server for some/all of the internal VPN-based network. The domain that is pointed to that is obscured in the screenshot, but I guess it is a private domain within the internal network? Without the override, the DNS  requests will be forwarded up to the DNS server/s that pfSense is using by default. Maybe those are somehow able to resolve the names. Without more detail of your internal network and where the internal DNS server/s are, it is speculation from me.

If 172.16.8.3 is/was a gateway, presumably that gateway also had a DNS server or forwarder that could help resolve names. Maybe that functionality is no longer enabled on the gateway. Again, a bit of speculation from me.

I don't think there's anyway of doing that using the default options but you could use a cron job. Install the cron package (to make it easier) and write some very simple scripts that bing up your connection or kill it. Run them at appropriate times.

Steve

Finally got a chance to sit down and take a deeper look at this issue…

Turns out that it's squid3 package (Proxy Server) that is blocking GTV's youtube from functioning properly. After I disabled squid proxy everything started to work.

Or do something really scary…

http://code.google.com/p/win-sshfs/

:-X

Yep.