It's a long ways off from that.

2.0 is getting better and better every day, but in many ways it is still a beta. In most cases it should not be used in production still, but lots of things do work properly (at least for the time being :))

There is no schedule or time frame. It will be ready when it's ready, but hopefully it will be sometime yet this year.

Thanks jasonlitka, that worked

That'll be it  ::)

I'll go edit that post (if I still can).  Thanks.

Awesome, thanks for the information!

It periodically checks, yes, depending on whatever settings you have configured. Things don't live in the cache forever, especially for dynamic content pages.

@jimp:

Probably due to this:

http://wiki.squid-cache.org/SquidFaq/SquidMemory#I_set_cache_mem_to_XX.2C_but_the_process_grows_beyond_that.21

Thanks for the link.  I looked around but never came up with that link.

Yeah the attacks come from the same IP over and over and there are zero alerts in snort.  The SQL Server is exposed because I develop outside the local network.  However you are correct…I have got the VPN working now, so maybe I'll close it down and connect via VPN.

Be aware that this is a UIO card and will only fit properly in SuperMicro motherboards with a UIO slot. UIO is apparently just a PCIe slot that is physically reversed, so if you remove the backplate you can mount it 'backwards' (I haven't tested this myself), but it's less than ideal, especially for a NIC where you want the external connections.

That said, if you're aware of that, I think this card should work fine. It's basically just a PCIe switch chip (which is standard and 'invisible' to the OS) and a pair of Intel NICs which are well supported in pfSense.

You could do this, but pfSense is definitely an appliance distribution and doesn't provide any support for this kind of setup. Just getting it installed might be tricky.

I would suggest that you either virtualize pfSense and a separate VM for a standard Linux/BSD server to run your Postgres server, or use the routing/firewall facilities of a standard Linux/BSD box instead of pfSense, e.g. a script like Shorewall is fairly nice to use for this.

Try testing from outside.  If it works you need to search the forum for "NAT reflection" since this has been discussed many times before.

The two OS slices are independent, but their intention is to be used as alternates for the same master configuration.

The layout of the NanoBSD filesystem is thus:

Slice 1: pfsense0 - First OS slice
Slice 2: pfsense1 - Second OS slice
Slice 3: cf - Configuration slice, also has some other persistent files (e.g. ssh keys, rrd graph backup, and so on)

The config is always used directly off slice 3.

Well its up ruining  working ok now.
  Thanks :)))

I'm more use to using PF on a old desktop so if i messed up I just reload and the restore  my saved backup.
The embeds are all new to me.. saved some bit of worry, specially when someone else paid 200 some for the device.

@danswartz:

To be honest, you would be better off setting up a minimal server on your LAN using some linux distro and install a supported DNS server there as a secondary.  While you might be able to get pfsense to do what you want, it is really not intended to work that way, and you are (IMO) setting yourself up for problems down the road.

I've actually got is setup as follows now

Server NIC 1 = Primary DNS
PBX = Secondary DNS
PFSense = Tertiary DNS
Server NIC 2 = Quaternary DNS (in case the first server nic was simply non-responsive)

So I basically have 3 servers distributing DNS.  This is working quite well and dns resolution is very speedy.

I downloaded and installed the current 2.0 snapshot. Can I test this functionality with the current release? I would love some hints on how to set this up  :D

Ooooh…...thanks  ;D

Knowing me I just plugged it into any ole SATA port.

Thanks again!

Alright.  Thanks, I appreciate it.  I've watched the logs before didn't remember ever seeing it.

You can do exactly what's shown there that on a per-rule basis with the advanced options that are available.

I've identified the issue,

we have a cat5 connection from the service provider. I had that plugged into our main switch on it's own VLAN with the WAN setting on the router. The main reason for this is the physical length of the cable that was run from the service providers plug to our computer room.

This morning I tried moving those two cables to a desktop switch that I had. I still have the DHCP resetting issue, but the speed is working at the full 100Mbit.

I'm not sure why having a switch in linw would cause a speed issue like that, and a asymmetrical issue at that.

I know our ISP is assigning the IP based on MAC, all I can think is it has something to do with that.

Any one have any comments? is this normal?

jades,

There is a lot of info on the pfSense site about this:

Hardware Sizing:
http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49

Hardware Vendors:
http://www.pfsense.org/index.php?option=com_content&task=view&id=44&Itemid=50

It depends more on throughput, the type of traffic you have, and what services you expect to run on pfSense (VPN, proxy, etc)

@jimp:

You can filter traffic on bridged interfaces, so that would work fine, but the other concerns noted by wallabybob are valid. There will be increased CPU usage with traffic between interfaces, but that would be the same regardless of them being bridged or routed. You would also need to be careful to have each of these segments on their own layer2 broadcast domain – either separate switches or separate VLANs.

Thanks to wallabybob and jimp for your posts. On the CPU usage, not an issue, we have a dual core 3 gig of ram system to do the job. This network is only 30 users so network usage should be reasonable. Mostly just telnet traffic to a set of AS/400's and web traffic. The segments will be on there own physical switches so that should be OK.

Wallabybob, I fully agree on your comments about DNS/naming verses using IP address. I have been pushing that for a wile but now hit the wall and need to make the network changes.

Is it fare to say that as long as I through enough hardware at PFSense it can scale up to fairly hi volumes? Do we have any examples that I can show the boss if needed?

Thanks guys!

Rich