Thanks for the reply. I won't have the need to use all the 65k ports but want to give my users all the options as I assign them public IP addresses. However, yes there will be multiple HTTP servers which will have conflicting ports. I never explored 1:1 NAT. Would that disable my AON which actually makes my OpenVPN to run properly. Is NAT 1:1 for inbound only? or also effects outbound. Some general details about it would be great asset. Thanks

In order for that to happen, something has to be passing broadcast traffic between those two interfaces. The most common cause would be that both LAN and OPT1 are plugged into the same switch, or the same VLAN on managed switch(es). If both interfaces are properly segregated into different broadcast domains, DHCP traffic cannot bleed over.

Thanks for all your assistance. Much appreciated!

Hey! kern.timecounter.hardware=TSC in /etc/sysctl.conf resolved my problem. :D Thank You!!! Wikont

Watch that they're probably reporting different things.  You want high RAM usage because otherwise it's wasted.  You'll see the difference if you run the top command

Maybe your states table is getting full.  You could try increasing the size. (somewhere in system: advanced, I think)  That hardware should definitely be able to handle a lot higher than the default size.

This appears to be related to an almost 5 year old snapshot, moving off the 2.0 board. Douglas879: Upgrade.

Yes, it's definitely hardware. I replaced it with another computer (after doing a thorough RAM test on the new box), and now the first one won't even boot anymore. It looks like I got it just in time.

I'd be more worried about running 1.2-RELEASE than a zombie process. You should really be on at least 1.2.3-RELEASE.

You can install the dns server package and have the same functionality, yes, but the design philosophy of pfDNS was to be used standalone as an appliance, not a firewall/router. You could always have the same functionality (moreso on 2.0 since it can run OK with a single NIC) it was just more of a prepackaged setup.

Those host unreachables are coming back from your ISP probably because something inside your network is trying to access something on that private subnet, which you don't have internally so it gets routed out to the Internet. They shouldn't be getting blocked if that's the case though, could be any number of things, weird noise on the Internet is pretty much the norm. And yes, you should definitely upgrade. Though I doubt if it changes that.

Did you have any luck with this?

There is a way to set up a VPN using SSH, but the pfSense web gui doesn't support this, so you would need to do it manually if you wanted to do that.  It is something that is described somewhere in the OpenSSH documentation.

thanks for the link there - I've read over it but it doesn't really give me much more than i already understand. Basically, I know the function of traffic shaping exists but what i need to know is if my example of use is achivable?? Does that make sense? I don't understand the limitations or options available in traffic shaping and should someone tell me what i want isn't possible I don't want to take the time testing and researching into it for zero return. Having a 3yo daughter and full time job doesn't leave me much in the way of spare time to play with things so i'd prefer someone to give me an opinion if my config is acheiveable - then if i know its possible i'll do the research and testing knowing I'll get somewhere in the end :)