@tubaguy50035: Wow.  I also discovered that if I turn of UPnP, the connections drop a lot. Yes.  uPNP is an easy way to punch through the NAT for torrenting if you don't have access to the router or don't know how to configure port forwarding for torrenting.

OK so the only way is to upgrade to 2.0  but is it enough stable? 1.2.3 still has some bughs but it is pretty stable like for small or mid size componies. Thank You

Hi, It's solved. I just copied the binary from a freeBSD 8.1 to my pfSense. It works…  ;) It's a nice tool... In 5 minutes I duplicate a Good slice to a second one. So I can continue testing without any stress, I will always be able to start my firewall.

Keep in mind at least around here Comcast provides a "gateway" device to its Commercial customers. This is a router device and will usually respond to pings… If your a residential customer then would depend on the modem you use... Good Luck!

Thanks, yes, you are right. I will try that tonight and post back. Would it be possible to provide LAN-1 as discussed with the /27 public IP address and LAN-2 (interface vr2 on Alix board) with DHCP from private IP pool (RFC1918)? I will look into buying a managed switch which can do vLAN so certain ports will be used for the /27 public IP and certain ports to be used for private local IPs on the switch. Do you think that is possible? Budget switch Linksys SLM2024 (anything better you have in mind for the switch?) info: Manageable:  Yes Management:  DHCP IEEE 802.1p QoS IEEE 802.1Q Tag-Based VLAN Built-in Web UI for easy browser-based configuration (HTTP) Thanks

Thanks for the information, Jim. One of my failures here was in not understanding that the forum search limits the results to the section being browsed.  Before I posted and while viewing this topic, I copied 'pfflowd' and pasted it into the search field – I found only the posts in this thread.  After I read your information, I did the same search while viewing the main page of the forum -- this time I found all of the threads on pfflowd.  Another lesson learned.

@Cry: You may want to review this thread which is discussing a similar setup. Thanks much.  Slowly–maybe too slowly!--I'm picking up this new app.  FWIW, it turns out (according to my pal) that I have to have active the IP's that I want to use.  ...Still scratching my head, but understand a bit more. gary_kline [[ AKA: chaos  ]]

Apart from the fact that now it's not only 1 single IP. If check the log I posted they are different and I am wondering if as a DDoS (if it qualifies) there is something to deter this or if this also falls under there is no tool to do this yet. Thanks

Here is what I got using clog - basically not working: [root@151-redbox.local]/var/log(20): clog lighttpd.log [1.2.3-RELEASE]                                                  ```                                                                                          [root@151- While the file size is more than one line why do I get only one line? redbox.local]/var/log(21): ls -la total 1584 drwxr-xr-x  2 root  wheel    512 Nov  8 00:20 . drwxr-xr-x  12 root  wheel    512 Nov  8 00:20 .. -rw–-----  1 root  wheel  65535 Nov  9 00:31 dhcpd.log -rw-r--r--  1 root  wheel    4278 Nov  8 00:19 dmesg.boot -rw-------  1 root  wheel  512144 Nov  9 00:31 filter.log -rw-r--r--  1 root  wheel  65535 Nov  8 00:19 ipsec.log -rw-r--r--  1 root  wheel      28 Nov  9 00:28 lastlog -rw-r--r--  1 root  wheel      98 Nov  9 00:16 lighttpd.error.log -rw-r--r--  1 root  wheel  65535 Nov  8 00:19 lighttpd.log -rw-r--r--  1 root  wheel  65535 Nov  8 00:19 ntpd.log -rw-r--r--  1 root  wheel  65535 Nov  8 23:29 openvpn.log -rw-------  1 root  wheel  65535 Nov  8 00:19 portalauth.log -rw-------  1 root  wheel  65535 Nov  8 00:19 slbd.log -rw-------  1 root  wheel  512144 Nov  9 00:29 system.log -rw-------  1 root  wheel    1500 Nov  9 00:16 userlog -rw-------  1 root  wheel  65535 Nov  8 00:19 vpn.log [1.2.3-RELEASE]                                                                                                                                            [root@151-redbox.local]/var/log(22): Thanks

@EddieA: @jimp: No, not a port number, that's a number of open files. Are you sure.  Isn't it the uid of the user who is trying to open all the files:  "nobody".   ;D Cheers. Yeah it is, read it too fast :-)

If that is the case, its lack of presence in the ARP table is probably not the cause of the issue, but another indicator that it is not communicating properly on the network. If it were actually sending packets to the firewall, it would show back up in the ARP table. arping wouldn't help.

Thanks a lot Jimp. It's very interesting, and it will be very usefull. I'm going to try playing with it…  ;)

@Cry: However, all clients now have an IP they can't reach as one of their DNS servers… My mistake, I didn't see him set the WAG200 as a 2nd dns server (the function would not work on the WAG200 in bridged mode anyway). However, his pfsense box is the primary DNS IP.  So I don't quite see it as an issue unless the pfsense box goes down or if he disables the DNS forwarder service for some unknown reason. In any case, bad choice and the backup dns ip should be removed or changed to say, an opendns server IP.

There is a wide range of possible causes for "slow connection", some you might have a degree of influence on, others are entirely out of your control. There is nowhere enough information here to give grounds for suggesting a single cause. Here are some approaches you could take to investigate. Ask the people reporting "slow connection" when they observed it and to what site(s)? (Maybe the site(s) is/are heavily loaded.) Has the first page of a browsing session been slow to load and then subsequent pages loaded comparatively quickly? Maybe your DNS is slow. Take a look at the pfSense RRD Traffic graphs (web GUI: Status -> RRD Graphs, click on Traffic tab) for your WAN connection - maybe your WAN connection is heavily loaded for sustained periods. Take a look at the pfSense RRD System graphs - maybe your CPU is very busy for sustained periods. Edited to remove accidental overstrike. (I should use preview more often.)

Okay, this is not cool. Seems like a disease. It has spread out now to my other router on a different site that I was there today. One of the phones connect to a switch and then the Router lost it's IP and then I went to check the router and it's HTTPs is not responding. I did a telnet 192.168.0.1 20443 and it works fine and Escape Charecter comes on. All ports are fine. All functions are fine except for one device that lost it's IP. Once restarted it picked up the IP again but when I connected directly to the router I still couldn't browse the SSL GUI. Where are the logs for these types if misbehaves? Thanks