Sounds to me like it's not so nice and stable as you say…
Perhaps this behaviour is fixed in the current release?. Maybe you should test that in a lab?

Glad to "contribute" in some way with pfSense  :D

Ahh, well thank you gentleman. I have learned even more!

@stephenw10:

You need to modify your firewall rules to prevent outbound port 80 connections. By default all traffic on LAN is passed.

Steve

WoW !!! Yes Steve, I got it, many thanks, I'm really greatful, you saved me from a lot of troubles ;)

I'm fairly sure that by default you entire disk is partitioned and mounted and most of that will be available to the squid cache. However it's been a long time since I used a full HD install.
To check you can run the command:

df -h

Either in the console or in Diagnostic:Command Prompt in the GUI. You should see something like:

$ df -h Filesystem          Size    Used  Avail Capacity  Mounted on /dev/ufs/pfsense1    443M    139M    268M    34%    / devfs                1.0K    1.0K      0B  100%    /dev /dev/md0              38M    2.9M    33M    8%    /tmp /dev/md1              58M    12M    41M    23%    /var /dev/ufs/cf          49M    1.6M    44M    3%    /cf devfs                1.0K    1.0K      0B  100%    /var/dhcpd/dev

The above is a NanoBSD install so your output will look different. Squid stores it's cache in /var so that's what you want to be big.  :)

Steve

Yeah, that kicked it back into gear.  ;D

Now my log is flooded with:

dhclient[5428]: DHCPREQUEST on re0 to 10.252.48.1 port 67 dhclient[5428]: SENDING DIRECT

Messages every minute or so again.  :o

Cheers.

There are no build tools included in pfSense as this would only serve to reduce security.
If you need to compile new drivers (it may not be possible) you need to do it on a FreeBSD 8.1 install and then transfer the file.

Steve

Just want to say something to the Squid Proxy point:

It would be able to install a squid proxy on each tower and another one at the main office. Then you have to enter the proxy at the main office as the upstream proxy for the tower proxies.

But I think this would only make sense if the bandwidth between the towers and the main office are to small.

Get all the easy stuff out of the way first:

Test your memory with memtest

Test your hard-drive with the manufacturer's utility

Install pfSense 2.0 Release, it's been out for a while now (do your config from scratch for best results and do not install ANY packages)

Make sure your hardware (especially your nic cards) are on the freebsd compatibility list

You either will need to swap out your production machine for this, or do the work after hours. Once you have done everything above, come back and let us know how it goes.

Yeah I'm more or less wanting something that is done via the web interface or the ssh shell to do it for me.  Then keep that config going forward with out having to redo it every firmware upgrade.

PFSense can do this for you.  Look at the wiki for VPN instructions.

http://doc.pfsense.org/index.php/VPN_Capability_IPsec
http://doc.pfsense.org/index.php/VPN_Capability_Overview

@clarknova:

Check the firewall rules on the interface that the laptop is connected to. If you have a Pass All rule then nothing will stop it from reaching hosts on other networks.

If you want to prevent that then try creating a LOCAL alias for all your local networks and modify your Pall All rule to include the destination !LOCAL.

Makes perfect sense.  I'll get that setup and retry.  Thanks!

squid + squidguard.  Read the packages forum.  This question gets asked a lot.

Search is your friend..

I also see this error once in a while, although it is not flooding the log.
2.0-RELEASE (i386)
built on Tue Sep 13 17:28:43 EDT 2011
I am not using Unbound.
Packages are only squid, squidguard, ligthsquid and imspector.

Nov 22 09:02:11 apinger: Starting Alarm Pinger, apinger(11693) Nov 22 09:02:10 apinger: Exiting on signal 15. Nov 22 09:02:10 php: /system_gateways.php: Removing static route for monitor 208.67.220.220 and adding a new route through x.x.x.x Nov 22 09:02:10 php: /system_gateways.php: Removing static route for monitor 208.67.222.222 and adding a new route through x.x.x.x Nov 22 09:02:10 check_reload_status: Reloading filter Nov 22 09:02:10 php: /system_gateways.php: ROUTING: setting default route to x.x.x.x Nov 22 09:02:09 check_reload_status: Syncing firewall Nov 22 09:02:01 check_reload_status: Syncing firewall Nov 22 09:01:45 check_reload_status: Reloading filter Nov 22 09:01:45 php: /system.php: OpenNTPD is starting up. Nov 22 09:01:45 dnsmasq[52145]: read /etc/hosts - 396 addresses Nov 22 09:01:44 dnsmasq[52145]: read /etc/hosts - 396 addresses Nov 22 09:01:44 dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Nov 22 09:01:44 dhcpd: All rights reserved. Nov 22 09:01:44 dhcpd: Copyright 2004-2011 Internet Systems Consortium. Nov 22 09:01:44 dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1 Nov 22 09:01:43 dnsmasq[52145]: read /etc/hosts - 396 addresses Nov 22 09:01:43 dnsmasq[52145]: ignoring nameserver 127.0.0.1 - local interface Nov 22 09:01:43 dnsmasq[52145]: ignoring nameserver 127.0.0.1 - local interface Nov 22 09:01:43 dnsmasq[52145]: using nameserver 208.67.220.220#53 Nov 22 09:01:43 dnsmasq[52145]: using nameserver 8.8.4.4#53 Nov 22 09:01:43 dnsmasq[52145]: using nameserver 208.67.222.222#53 Nov 22 09:01:43 dnsmasq[52145]: using nameserver x.x.x.x#53 Nov 22 09:01:43 dnsmasq[52145]: reading /etc/resolv.conf Nov 22 09:01:43 dnsmasq[52145]: compile time options: IPv6 GNU-getopt no-DBus I18N DHCP TFTP Nov 22 09:01:43 dnsmasq[52145]: started, version 2.55 cachesize 10000 Nov 22 09:01:43 dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process. Nov 22 09:01:43 dhcpleases: Could not deliver signal HUP to process because its pidfile does not exist, No such process. Nov 22 09:01:42 dnsmasq[1092]: exiting on receipt of SIGTERM Nov 22 09:01:42 dnsmasq[1092]: read /etc/hosts - 396 addresses Nov 22 09:01:42 dnsmasq[1092]: read /etc/hosts - 396 addresses Nov 22 09:01:42 dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Nov 22 09:01:42 dhcpd: All rights reserved. Nov 22 09:01:42 dhcpd: Copyright 2004-2011 Internet Systems Consortium. Nov 22 09:01:42 dhcpd: Internet Systems Consortium DHCP Server 4.2.1-P1 Nov 22 09:01:42 dnsmasq[1092]: ignoring nameserver 127.0.0.1 - local interface Nov 22 09:01:42 dnsmasq[1092]: ignoring nameserver 127.0.0.1 - local interface Nov 22 09:01:42 dnsmasq[1092]: using nameserver 208.67.220.220#53 Nov 22 09:01:42 dnsmasq[1092]: using nameserver 8.8.4.4#53 Nov 22 09:01:42 dnsmasq[1092]: using nameserver 208.67.222.222#53 Nov 22 09:01:42 dnsmasq[1092]: using nameserver x.x.x.x#53 Nov 22 09:01:42 dnsmasq[1092]: reading /etc/resolv.conf Nov 22 09:01:40 dnsmasq[1092]: read /etc/hosts - 396 addresses Nov 22 09:01:40 dnsmasq[1092]: read /etc/hosts - 396 addresses Nov 22 09:01:40 check_reload_status: Syncing firewall

@clarknova:

@ccb056:

port 22 forwarded to the pfSense box's local address.

Except for the above line your configuration sounds correct to me. You don't need to forward port 22 anywhere from pfsense, you only need to allow that port in the firewall rules as appropriate for your connecting clients. Try killing the port forward rule and see what happens.

winner winner chicken dinner

removing the forward but keeping the rule fixed it
thanks!

Actually, that is what I was thinking of. Few years ago, I did something like that. There was a parallel-port-based ISA card that we were able to access any of its 23 ports directly, turning them ON or OFF at will. I did a simple PCB with switching transistors that reset the modems and hung computers. Working with less than 12V, we didn't have to deal with complicated 120v regulation, certification, etc… May be it was sophisticated but it was a lot cheaper ;)
I am currently serving few small customers who can't afford few hundred dollars just to rest the modems. I'll use a simple timer that power cycle the modem every morning for the one that is having troubles right now.
I do not know how much difficult or simple it is to write a script that uses the router parallel (or serial) port as I do not have much experience programming under BSD.

Than you for the explanation, cmb!

I had never expected saving/importing/exporting ONLY the RRD data can be so troublesome…

The packages that I tested does not have this capability as well.

A few years ago I wouldn't even care to look at the RRD Traffic graphs as it didn't affected me, I guess time has definitely changed.  But now with monthly CAPS imposed by many-to-most major ISPs around the world, who can afford NOT to ignore how much traffic one uses.  Overages can be quite expensive!