Uhm… I'm not sure if the infos you gave help at all.

Bandwidth: 512mb,   mb = ? MB (as in MegaByte) Mbit (as in Megabit) ?
What kind of line is that? ATM, PPPoE, Fibre, multiple Ethernetlines aggregated?

Rules: "allow all" or "no rules" ?
No rules means everything will be blocked, so kind of the opposite of "allow all".

Nat: none.
Do you have public IPs in your subnet? How did you disable the NAT? (via the AoN?)

Still standing question: What is in the system log (when you loose your connection)?
How is your setup (ASCII art appreciated)?

cheesyboofs!

Problem solved!

Due to the nature of the environment I had limited time to perform thorough experiments, so I don't have anything conclusive to report, other then I have the system working.

What I did:
-I changed card to Intel Pro 100/1000 GT.
-I added a cross-over cable and changed cable port placement to new corresponding ports(8thport(A) to 8thport(B).
-I first connected the switches then turned them on, with nothing else connected - then I added the pfsense box, which had also been turned off.

At this point the whole thing works fine, clients are able to connect to captive portal quickly and download files at 2-300 kbytes, from either switch.
Another change was the uninstallation of squid as it turned out we didn't need it anyway and it allowed a means to bypass the captive portal easily.

"Also you shouldn't assume its pfsense just because it is new, unless you can put back the old modem and the speed returnes…"
Yep that's what we did. If I had time to peform experiments I think I would have found it was the old 3com card, that caused negotiation issues, that probably muddled the auto-midx mechanism.

Can't thank you enough cheesyboofs, solution to the problem and so many nice tips and tricks

Mostly because VLAN 1 is treated differently by a lot of switches. I've seen some that won't tag VLAN 1 traffic no matter what you set in the GUI, and some other strange & incorrect behaviour. It's easier to just avoid using it altogether. Also because it's the default VLAN, it's pretty easy to inadvertently end up with untagged traffic all over the place that you weren't expecting, or ports that can get on networks they shouldn't, ARP broadcasts crossing VLAN boundaries etc.

There appear to be some issues with reflecting any UDP services. I've been working on a patch to help the situation, but it's too soon to tell if that would fix the issue you are seeing.

Split DNS is the better way to go for DNS issues, but it if there is a bug in the code somewhere, fixing it would also help in the long run with other UDP services.

no … i wouldnot to disable squid
since it's have solved
just ... how to prevent ultrasurf utility ?
because that access by ip address ...
any idea ...

There are no automated ways to do that (that I'm aware of).

What you'll need to do is make a note of the existing rules and port forwards, and the business reasons behind those rules, and then recreate them in pfSense.

Thanks so much!

A /24 would mean that you have .1 - .254 addresses to use yourself from the subnet (.0 and .255 reserved). If you have only 6 addresses then you probably have a /29 but it looks like your setup may not be a standard one. I second what submicron says, ask your ISP for details.

Did you restart Squid after you cleared it's cache by hand?  If you didn't then all the cache files are still open and therefore still using disk space.

Provide the logs of MPD about this.

Thank you for the reply.

I don't have load balancing enabled, only failover. Do I have to update?

Update:

I bought a new ADSL2+ modem (a Netcomm NB6 modem/router, configured in full-bridge mode, i.e. used as a modem only), and substituted it for the Draytek Vigor 2600Plus.

What a contrast!  The complete pfSense PPPoE connection and login sequence was successfully completed in under 6 seconds - everything first time.  The "power on" to "internet available" time was less than 45 seconds.  Now that's more like it. :)

I think that proves beyond reasonable doubt that there's nothing wrong with the pfSense PPPoE client and that my problems were 100% related to interference from the Draytek's PPPoE pass-through mode.

Still seems like it's overheating or power related since both boxes are doing the same in the exact same location, but works fine else where.
Voltage drop or spike maybe not enough for the ups to kick in. Can you raise the tolerances on the ups to kick on battery if there is any power spikes or drops. Some UPS's won't trip on battery until well below 90 volts.

You have 4 packages including one of the most resource intensive ones installed on an embedded box with barely the required memory for pfSense itself.  Enough said.

All of these questions have been answered in more detail if you search the forum.
The hardware you have described should be plenty powerful.  Search the forum for more on hardware sizing, try the hardware forum.
I would replace your current router and have the pfsense box be your only NAT and firewall.  Will simplify things.
Almost any network card will do, but see the HCL on www.pfsense.org and know that Intel cards are the best, and Realtek cards are the worst.