Not currently, you could always raise a bounty.

What's about ntop? I've heard there is a package for pfSense? Is it still working?

Nope,

the used dnsmasq is a relative simple forwarder.
If you wan to support DNSSEC, you have to install a "real" nameserver. And for DNSSEC do not underestimate memory and crypto performance. I would prefer a real DNS-Server inside my boundaries…

Thx :)

You obviously haven't read the hardware sizing page ;)

Thanks guys. That sounds good. Everything is working fine I just wanted to double check ;)

I am also seeing sort of similar problems with 1.2.3 (also tried 1.2.3 RC snapshot)…

I am trying to do inbound load balancing in front of 7 servers with different services, with 2 of them completely idle.

I keep seeing: "slbd[327]: TCP poll failed to start to 10.1.1.106:143 in default (Operation now in progress)" and the service gets marked as bad.  10.1.1.106 is one of the idle servers.

So I am not sure if OP's problem is just related to FTP or an incoming load balancing problem in general.

well i see …its at the moment more a generell freebsd problem on the most USB1.x adapters  if i am not wrong

SSH on to your pfSense host and enter vi /etc/crontab.  You may want to learn how to use vi first ;)

The issues that loader.conf can cause/resolve are so pronounced that you would HAVE to modify it to even use the router at all.  If you're seeing >10% of your bandwidth come through the pfSense box/proxy, then you're likely not affected.  Most of the issues have been corrected with more recent versions of the squid package as well as bumps in the underlying FreeBSD versions.

Hi dreamslacker, wow..  very good!

I'm testing in lab on IBM xserver x226 - 1 Intel Xeon /1GB ram/sas 150GB mirror raid
with on board broadcom (wan interface) and a old 3com 10/100 (lan interface)

I have to configure pfsense for obtain bandwidth management,
I must allocate equals bandwidth for each Vlan..
I'm testing this… but unfortunately ..don't wants apply my rule..

pls.. tell me if is correct:
menu -> firewall -> traffic shaper -> pfSense Traffic Shaper Wizard
and go to Setup network speeds ( interface: vlanXX and set adequate download/upload kbs)
this for each Vlan interface... is ok?

thx !!

I look forward to your kind reply.
Robert

Would be nice to have the top bandwidth users at a glance, tested rate but it only show one line, with the public IP of the firewall, not the real users inside… Should I change somewhere the interface being monitored?

I'm using transparent proxy by the way...

Firewalls!. The pfSense firewall rules can be used to control communication between interfaces/subnets. The pfSense firewall capability is based on the BSD pf firewall facility so you could do some reading on that to better understand what can be done with pfSense.

Never used the freebsd firewalls before, I only am familiar with iptables. I will do reading :D

From which IP 172.16.x.x are you trying to ping which IP 10.x.x.x?
Your second rule in NAT will be never applied but this is not a problem now.

What exactly does bridging do?

if you set it to "bridge" it basically creates a Layer 2(data link) type connection. however, i know you can create filtered bridges also… (someone please correct me if i am wrong here...)  i've always thought of bridges as switches with fewer ports or in your case, one port.

Does it just allow two interfaces to see each other?

it allows them to act as if they are connected to the same switch.

For example, without bridging my laptop (wireless) and desktop (LAN) couldn't ping each other.  However, with it enabled then they could?

makes sense… you either needed firewall rules or you had a routing issue. prolly firewall...

Also, I had to enable a bridge between Wireless and LAN so that my wireless could use the LAN DHCP server.  I guess that makes sense but is that a common way to set it up?

if i understand you correctly, it sounds like you have a wireless access point or router connected to an interface on your pfsense firewall. personally i would not set it up that way. (assuming this SOHO WAP)for security reasons, disable bridge, keep the wireless access point on a seperate interface (i think this is how you have it now), disable the dhcp server on your WAP, set a static IP for the LAN on your WAP, then move your ethernet cord so that it's on a switch port and not the WAN port.  this way your WAP should act like a switch with wireless enabled. then set dhcp server on your firewall accordingly and your wireless hosts should pick up the dhcp from pfsense.  be careful the order at which you do this or you'll lock yourself out of your WAP.  set the LAN static IP first. then disable the dhcp server on the wap.

once you have that all working and have enabled dhcp on pfsense for your WAP then configure firewall rules accordingly to permit access into your LAN. if your only using the subnets which reside on the pfsense interfaces then you shouldn't have to mess with NAT either..

hope this helps…

Great! Thanks, brah.  :)

Captive Portal

You'll find a forum on the subject further down.

Weird! seems to be symantec endpoint protection talking to a bunch of FTP sites… 69.22.137.48 is what i gather to be a symantec ip. Very strange as we are all locally managed for symantec updates.