You can also disable filtering entirely from the command line with a 'pfctl -d'.  Alternately, we leave the loaded ruleset in /tmp/rules.debug, feel free to edit it to fix your connectivity issue and reload with pfctl -f /tmp/rules.debug, then do whatever work you need to do in the UI to make the fix permanent.

–Bill

This could also be a thermal problem.
You could try to clean all the fans and passive heat sinks.

http://forum.pfsense.org/index.php/topic,7011.0.html
found with a search in Virtualization installations and techniques
search word vlan

plz search http://forum.pfsense.org/index.php/topic,14207.msg75330.html#msg75330

if my internet speed is not getting close to being maximized

Try with a ubuntu torrent, If you don't download with full speed on that it could be your client. For me deluge and torrentflux work better that transmission and vuze does.

aka I don't want to load balance http traffic and have to login twice on each site since it's different IPs

you could just load balance torrent traffic. I don't see how you can avoid logging in twice.

i just meant that you allow LAN(private)-> WAN and LAN(public) -> WAN in the Rules section (Source/Destination) but disallow LAN(public) -> LAN(private). If you want to access LAN(public) from LAN(private) then allow it, otherwise block it.

This turned out to be an issue with cacti 0.8.7c, upgrading to 0.8.7d fixed it.

Thanks , it works more simple than than i thought.

Best regards

pfSense 1.2.2 is the current release version, and 1.2.3 is in pre-release beta.  You're running and outdated version of pfSense.  Upgrade.

Thank you both for your comments and direction,

I am facing a lot to consider in evaluating the benifits of using BSD vs. a linux pre configured linux firewall/router system or a dedicated Debian box.

Although I've already downloaded, read the faqs and installed previous versions of PFsense,
I'm still having a difficult time acessing the merits of PfSense (other than a higher history of security),
in comparing it to a devoted Debian box or another linux pre configured firewall/router solution.

Sens

Thanks, I appreciate all of the feedback.  I upped the value on all of them.  One of them went from 18K up to 32K pretty quickly.  I am checking with the developers to see if this eased the timeout problem.

Thanks again.

I wonder if you've got a broken DNS server somewhere that responds to DNS lookups of the relevant hostname with an address, or if you've got one doing wildcard resolving of anything (like OpenDNS does for certain domains).

What does "host 172.200.85.209.bl.spamcop.net" (on the Postfix server) show?

No.  The firewall does packet-level filtering, not application level filtering.

What you need is pretty much a basic setup.

Your publicly available computers indeed should be setup in a DMZ. That is a third interface (originally called OPT1 unless you rename it) with a proper rule set.
If one of your switches is manageable you could use VLANs but the logical layout will be the same. Only physical layout would be different.
Avoid Realtek NICs if possible and go with Intels. If you need to troubleshoot something you know where not to look…

Depending on your friend's router is the choice of VPN. It probably does not support OpenVPN, otherwise give it a try. IPsec is not an alternative as long as both ends use dynamic IPs.

Since you have the hardware just go ahead and play around a bit. It's not that difficult.