can i restore my 32 bit config to a new 64 bit build?

Hmm, Ok.
My own box is not hidden behind NAT the WAN interface has my public IP. Thus it does not have to use a service like checkip.dyndns.org to discover the public address. The address doesn't change so it it does nothing and after about 18 days I get emails. After 25 days it will send the update information even it's still the same but it seems that interval is now too long, for No-IP at least.

Steve

You can also try adjusting the timecounter on pfSense, search around the forum for "kern.timecounter.hardware" you should find some info on changing it. (It's also covered in the book)

The server in .nl is back up, there was an AC issue at the colo and that box didn't get powered back on. Should be OK now.

I think you're referencing Status -> System Logs -> Firewall Tab but the section I'm concerned about is Status -> System Logs -> System tab. Unless I'm misunderstanding what you mean. None of my firewall rules that allow or block IGMP are set to log.

Messages like this are flooding the system tab:

Dec 20 19:00:46 igmpproxy: Note: RECV V2 member report from xx.xx.xx.xx to 224.0.0.252 (ip_hl 24, data 8)
Dec 20 19:00:46 igmpproxy: Warn: unknown Mode in V3 report (10502176)
Dec 20 19:00:46 igmpproxy: Note: RECV V3 member report from xx.xx.xx.xx to 224.0.0.22 (ip_hl 24, data 16)
Dec 20 19:00:46 igmpproxy: Note: RECV V2 member report from 10.0.0.111 to 224.0.0.252 (ip_hl 24, data 8)
Dec 20 19:00:42 igmpproxy: Note: Adding MFC: 207.228.xx.xx -> 232.239.0.10, InpVIf: 0
Dec 20 19:00:42 igmpproxy: Note: New origin for route 232.239.0.10 is 207.228.xx.xx, flood -1
Dec 20 19:00:40 igmpproxy: Note: RECV Membership query from 10.0.0.1 to 224.0.0.1 (ip_hl 24, data 12)
Dec 20 19:00:40 igmpproxy: Note: RECV Membership query from 10.0.0.1 to 224.0.0.252 (ip_hl 24, data 8)
Dec 20 19:00:38 igmpproxy: Note: The IGMP message was from myself. Ignoring.

I had thought it was automatic, but it's apparently not (at least on the version you're using, I don't know about 2.1)

Using multiple subnets on a single interface in that was is still mostly an edge case. Most people put distinct subnets on separate VLANs or interfaces.

You can, though I'd keep an eye on it, especially after the next reboot, to make sure it doesn't come back.

gonna need more info:

what pfsense version are you running
generally i'd think if any tcp protocol is working, then all tcp protocols could work if there is no firewalling issue.

Post screenshots of interface config / firewall rules on LANS / routing table / traceroutes / …

With transparente mode, only http if filtered.

Are you trying all downloads on eicar site?

There's a thread about that here: http://forum.pfsense.org/index.php/topic,54971.15.html

Steve

@heper:

is the gateway filled in correctly on the KVM box ?

yes, in fact ping works fine…

If you just need to make the virtual screen bigger to make the text more legible, just tap right-ctrl + f to maximise the screen.

Can anyone advise which of these packages consumes the least CPU resources. I am running pfsense on a PII-350 with 128MB memory and CPU utilisation is already averaging around 60% when any significant traffic is flowing.

I did previously try bandwidthD on another more powerful setup - but it appeared to "break" the existing traffic graphs - resulting in 503 error message when trying to view OPT1 interface - which did not recover even after uninstalling bandwidthD.

Before trying again I would like to hear from anyone with experience of the various packages to try and determine the one to use minimal resources but still be able to give a breakdown of bandwidth use.

TIA

That's all feasible. It's not exactly something where someone can write out what you should do in a post, it'd take dozens of pages to explain. Read http://pfsense.org/book for the best source of in-depth instructions. Lot of other info on doc.pfsense.org and elsewhere too.

Thanks for the reply Steve

After some thought i came to the conclusion that if i set a rule for torrents and Youtube that it will really only affect the port that is requesting the data. The rest of the network would not really notice it. (i assume) Leaving WAN access unmetered, i can update and download on 9 machines before latency surpasses 65ms. I am quite happy with that but i want to see if controlling bandwidth in a more granular manner can put that back down into the 40's or less.

That for the answer, I wasn't aware of the options you could use with it. Pressing 1 makes it show the same output with the GW field I was seeing.

As for someone pressing it on the keyboard, I'm the only one here and had been nowhere near the keyboard for a couple days prior to when I noticed it. I'm so used to seeing it I'm sure I would have noticed it before then if that's how it had been since I originally brought up the screen. That's obviously what caused it though.

Thanks again.