johnjces:
Some access points have a feature you can enable to do that and pfSense also has a simple checkbox to do it when it acts as the access point (with a wireless network card supporting access point mode in FreeBSD).  Any further discussion of this should probably go in a different thread.

What are these cards plugged into? All into the same switch or different devices? Anything show up in the system logs when it happens?

If all of the cards are going out at the same time, my first suspects would be the PSU in the box, the switch, the motherboard, or if they're all the same make/model of card, perhaps a driver bug.

It would just take some good old-fashioned troubleshooting and component swapping to narrow it down.

Hi sullrich,

The reseller subscription is something that I'd like to do in the future, however at the minute, a single subscription costs more than the total amount of money we are making on the project.

I have just bought the book from amazon though :)

As for reselling pfsense "as is", what constitutes a change? Is something like adding RADIUS support for OpenVPN a change? What about adding packages such as squid and squidguard?
And if it was classed as a change, is it just as simple as removing the pfsense logo? (I'd hate to do this though, as I do have a love for the project)

Thanks

In addition to that, you will likely need to leave the "Block private networks" box unchecked for WAN in this case.

Sounds like that's what I want kpa - you're probably right about it being a /29 too, was just before hometime yesterday so I did it quickly instead of checking it out properly!

Will give it a shot later on when I have a minute spare.

good tip…. had the book on my desk and did not look at it  :-[

thanks for the rtfm... ;)

In the web GUI of the local pfSense box, select Diagnostics -> Packet, select the LAN interface and enter as the host address the IP address of the destination system for a VOIP call and enter the destination port number for the H323 call (the people who support your phone system should be able to tell you that). Then attempt the call. You should see something in the capture. If you see only a single packet (no reply) then repeat on the WAN interface to make sure the packet goes through the pfSEnse box. If you see nothing then check the firewall logs to see if the packets is being blocked by the firewall, check the phone to make sure its routing correctly etc.

IMO everyone helping out a lot on a forum will after a while start ignoring the threads where the asked questions are selfexplaining (aka. read the description in the GUI) or explained in the howto's.

Thanks ,
That is what I have been doing, I edit out all the squid configurations and upload the file. After witch the system re-installs all the packages when it reboots. I find in my case that rebooting the system as soon as the packages re-install is a must. It only bothers Squid all the rest are fine. I also  deleted Squid's own configs from shell and restarted because they would not let me change the settings.

thanks.

:)

leaded,
I think if you follow clarknova's advice you may be able to narrow your issue down to a single point.

Also a suggestion is to reset the modem when you change firewalls or even install a new os on the same firewall hardware.

Do you have pfSense set for dial-on-demand?

Also, this bit:

Seems to imply the connection is being torn down deliberately for some reason, possibly from the ISP end.

They are already dropped after a period of inactivity.

Under the advanced options, you can set this so there is a more aggressive timeout (the firewall optimization setting).

If something is not being dropped, odds are it has some kind of keep-alive protocol happening that you don't see. Some things like IRC have constant client-server communication that is hidden from the user, so you may not see a message from a person in hours, but the connection is still technically active.

Polling doesn't buy you much on an ALIX anyhow :)

That is how polling works, though, it uses all available "idle" CPU time to poll instead of waiting for interrupts.

Ok. Thank you.

Why did you remove the auto-created rule?  That wasn't what I said.