Personally I just keep the raw logs and if I want something, I grep for it (or zgrep, or bzgrep, if the logs have been rotated/archived) :-) I realize that's not ideal for most people, but I rarely have to go back to old logs, it's just nice to have them handy. To do some of what you want requires a system like Splunk that would put the logs into a database and give you a nice GUI to wrap them up in. If others have suggestions for similar (hopefully free) products it would be nice to know. We are working on a central management system for pfSense that will include central logging functions, but that will not be a free product when it happens

I would prefer to use bridging if that was an option so you can leave natting and anything else to device which handles those very well. and ofcourse loadbalancing+failover when you have several lines to use.

I was using a WRT310n with DDWRT mini. Sometimes DD got frozen and I have to reboot it manually. This makes a lot trouble for me. [image: M.png] Now I switch to Pfsense because my ISP is going to provide the fibre-optical connection. It's much faster than before(it was 2M/4M, Now it's 10M/20M/100M).. DD may also work with this fast speed network but I am sure that a ROS system like Pfsense will be a better choice. Since I am running a small personal server at home. I just installed the Pfsense as a virtual machine within Vmware. WRT310n will be  a Access Point and HUB which connect to the Pfsense. [image: M.png] It takes some time for setting up Pfsense, but it still worths a shot.

thank you sir for your answer. Yes i understand. but the picture i submit here. it was when i just check with one computer on my network. but when all workstation goes full it goes way high 100/500. :( if i speed test from direct modem i gets 12/13 MBPS from my each modem. but when i speedtest from pfsense with load blance i only gets 19/20 mbps. Is it ok? On mY other shop we are not facing this kind of problem…. and about 2.0 pfsense actually i could't configure. Loadblance setup. I already spoke with one of pfsense commercial team member for for help. But i know its charge high for me at this moment. i asked him for documention for this kind of setup. i will pay for this. he told me to ask on the forum. so it will be great help if some one do this for me. i will pay for this. but not 600 dollar. thank you...

Add the iftop program.

it is not problem, when i finished my work, i am changing permisson with "chmode -w"

I had a PFS box that with similar(if not exact) problem as what you described, all the settings are okay, webGUI okay, captive portal radius auth okay, even package info display nicely(if internet down it will say sth like can't access server), but just no internet connection on the user side. The issue fixed by reinstalling the squid package. My squid is on transparent mode. Did you try to reinstall the squid package to see if it can help your issue? Your squid is in transparent mode so it is capturing all port 80 traffic automatically but it is not proxying them out. Did you see anything funny in the squid cache.log? Did your squid use any disk cache? What is your hdd usage? Or apparently the most direct way backup your settings, factory default your PFS, and restore them back, the squid would reinstall itself and settings will retain(once an internet connection hooked up to WAN), be warned that I never try this on any snort. Better if you have another spare machine, set it up as PFS, and try on that. So you won't ruin the old PFS further.

@jimp: You can have multiple users for the GUI in 2.0, but permissions are given on a per-page basis, not a per-setting/per-interface basis. So if you give someone access to the interfaces page, they can get all of the interfaces not just "theirs". Thanks for the reply. I have VZN FiOS 150/65 with 5 external static IPs (same ONT and shared bandwidth) and one TWC static 50/5 backup (which I will try to load balance/failover tomorrow). We have 5 businesses in our office, all of which have seperate compliance, risk, etc. I would ideally like to have 5 logins who can each see only their "stuff" (and access shared resources I put on an additional "common" interface). Additionally (and I haven't tought this out fully yet), since I only have one backup IP (not a corresponding block of 5 external IPs) is it possible to setup isolated blocks of port forwarding on the failover line and keep those seperate or if my primary ISP goes down will everyone be able to see eachother on the secondary ISP? (I understand Rules Vs. NAT and internally they will stay seperate… I'm asking about external access in.) re: multi user logins... 2.0 is the only option? with 123 only one admin is possible? Thx very very much for the responses and help so far. It is much appreciated.

Try to look carp

thanks for the solution, got it done by making a rule in the pppoe tab in firewall , works great Thanks

I created a IP alias as VIP. Entered the gateway in the gateways page and entered the DNS servers on the general page, and it works now. Now working on CARP…

I have been facing mysterious server hangs recently, and it doesn't always happen during high usage, the thing could die without anything touching it, or it could survive a peak usage lunch break. When it died, it just died, ping timeout, the console frozen, even the crontabbed auto-reboot script failed to execute. A reboot will fix it but it will come back again. Recently I have got another rig and swapped in one of the server which has been hanging like hell, it has been running for about a week till now without any issue(at least from my point of view). Therefore, I too agree with Peter, if it is something wrong, check the a) network, b) hardware. –- Check out the latest post in my thread: http://forum.pfsense.org/index.php/topic,34563.0.html

Of all the imaginable settings I believe has been all tried out. I am still new and still feel like didn't even figured out how 10% of PFS works, anyhow here is my set up: 8 PFS(1.2.3) on different subnets in one single LAN, providing wifi to a group of university students of some 20k from several campuses spread over different geographical location, CP is enable and auth'ing on windows server RADIUS so everybody login with their AD accounts. Squid is on transparent mode. Of course, the DHCP range won't be enough for all of them, I am getting maximum some 400 concurrent CP users logged in. I am interested to know that of all the scale you guys have here, how do you keep track of your servers and total bandwidth usage? Who downloaded most ahemm cartoon? Total connected users? Server load… etc NMAP and Nagios is one way to find out if your servers are alive and how well they are doing. But here is how I did it: From a dedicated linux box, have all the ssh keys set up, then make a bash script that looks something like: get_stat=$( ssh $host "grep -c "192.168." /var/db/captiveportal.db; grep -c "192.168." /var/dhcpd/var/db/dhcpd.leases; grep -c "active" /var/dhcpd/var/db/dhcpd.leases") Then make it into a function so you can do something like: getpfsstat "pflondon" getpfsstat "pfnewyork" getpfsstat "pfkinabalu" And arrange the output nicely on the screen with simple printf: Server: London Status: up users: 98, dhcpd: 269, active: 180 Server: New York Status: up users: 78, dhcpd: 384, active: 172 Server: Kinabalu Status: OMG SERVER DOWN HIT PANIC BUTTON NOW Run# watch -n20 ./servermonitor.sh And then you can happily counting how many total users you got over your network :D Optionally you can also output to a html file, host it on lighttpd. Then you can access to that webpage and brag about how many people is using your servers now. Now, seriously, has this been a common practice or I have been doing a simple thing complicated way... @dnky_bones: Fun to see a thread I started so long ago still kicking :) Fun to see that the TS is still kicking too :) @elalcaudon: 'm actually in the middle of this argument with one of my bosses.  He wants Cisco, mainly because of paid support - which I completely understand.  I told him I'm more comfortable with pfsense, I know what it can and can't do.  I don't know anything about Cisco IOS. You can fire your boss, Cisco won't, that's why. :p

The packages along those lines aren't for finding the cause of network connectivity issues. They can under some circumstances help show there is a problem, but they do nothing to tell where that problem is. Network issues along those lines can't be automatically analyzed by anything. The best option is getting something in place that allows you to capture traffic, and doing so both at the host initiating the traffic, and via a tap or span port outside of the last piece of equipment on your network that you're responsible for (your router/firewall). If your router or firewall has the ability to do packet captures of traffic as it's seen on the wire the way pfSense does, then you don't require a span port or tap generally. Comparing those two points of reference will confirm or deny whether you're actually passing that traffic in or out, and exactly what latency is induced by your equipment. Also if your current router or firewall has the ability to tell you how much bandwidth is being used, that can be very helpful - the most common cause of high jitter and/or latency is exhausting your available bandwidth, especially on the upstream side where you have an asymmetric connection (much faster down than up).

Maybe smarter ones can answer that does this work. i would use vlans in wan side to have multiple ppoe logins.