http://letmegooglethatforyou.com/?q=+max+throughput+of+the+PFsense

Thanks for the info.

Out of curiousity, why is the broadcast only occurring on the apps interface on both firewalls?  None of the machines in that subnet should be using multicast.

@chrish:

What I’m thinking about starting out with is a perimeter firewall. 
[CableModem]–>[pfSense FireWall]–>[DIR-655 in AP mode].
The HTPC and NAS would be plugged into the DIR-655 Gigibit Ethernet ports
I have the following requirements.
-HTPC and NAS must work at Gigabit speed.

That's down to the DIR-655

@chrish:

-Need to be able to VPN into work network using laptop with wireless.

That's just down to firewall rules (though there's a limit of one PPTP tunnel).

@chrish:

-Ability to block outgoing access to specific websites by ip and/or url.

Install Squid and SquidGuard

@chrish:

-Ability to block incoming requests by ip/url/ and port.
-Bit torrent should work from my NAS.
-Unreal Tournament should work from wireless connected computer.

Basic firewall rules ;)

@chrish:

-Requests from WAN port 8080 should make it to the web server on my NAS on port 8080.

Port forwarding - easy ;)

@chrish:

-Whatever hardware I purchase must pass girlfriend approval.  Her requirements are simple.  She doesn't want to see or hear it.   This means it needs to be as small as possible since it will be living under my TV in the living room.

Take a look at the FX56xx series (see here - they're passively cooled, have multiple Gbit ports and can run off of 2.5" hard disk (low noise), Microdrives (very low noise) or CF (no noise).  If you wanted to you could drop in a WiFi card and replace the wireless router ;)

You can also go down the built it yourself approach with the mini-ITX platform.  You can build a very low noise box to your own specification in a case that won't look out of place under the TV - but it'll probably cost you more than off the shelf kit of the same spec.

@chrish:

I guess i would be ok with hardware that has 2 10/100 Lan ports.  My concern is I may want to put the NAS on a separate Gigabit port… so I would need the cable modem plugged into a 10/100 then the DIR-655 and NAS in a gigabit port.

Any suggestions on feasibility and hardware are greatly appreciated.

Do search the forum - there are few dozens threads on the subject of hardware.

Hello,

Just let your pfbox handle it all.

cheers,

ohh lol i totaly misread that.

Thanks.

@Perry:

Don't know if it helps….
A quick google search gave me
http://lserinol.blogspot.com/2009/01/freebsd-network-tuning.html
http://marc.info/?l=freebsd-net&m=122936905304215&w=2
commands
systat -mbuf
vmstat -z | grep -i mbuf

@http://forum.pfsense.org/index.php/topic:

This might be helpful: http://www.google.com/url?sa=t&ct=res&cd=5&url=http%3A%2F%2Fwww.bsdcan.org%2F2004%2Fpapers%2FNetworkBufferAllocation.pdf&ei=95ttR6jfBJfIhgKWvOU1&usg=AFQjCNE0FZjhZBOghCEY3a8icvugBtNDnQ&sig2=Byab07C9geQ-1Qric8fAxw

You might add more ram to the machine if you are really worried about it.

Do you use intel nic's?

This is output from systat

/0  /1  /2  /3  /4  /5  /6  /7  /8  /9  /10
    Load Average

/0  /5  /10  /15  /20  /25  /30  /35  /40  /45  /50  /55  /60

And this from vmstat

mbuf_packet:              256,        0,  117963,    5685, 795130678,        0
mbuf:                    256,        0,  117455,    1087, 451249037,        0
mbuf_cluster:            2048,        0,  123650,      508, 136946898,        0
mbuf_jumbo_pagesize:    4096,    12800,        0,      104,    4085,        0
mbuf_jumbo_9k:          9216,    6400,        0,        0,        0,        0
mbuf_jumbo_16k:        16384,    3200,        0,        0,        0,        0
mbuf_ext_refcnt:            4,        0,        0,        0,        0,        0

Yes I have Intel em0 cards which I have used before without any trouble. My firewall's are mostly on Intel 1U servers.

There is only one different thing - this server have a bridge between WAN card and DMZ on VLAN. Normally for DMZ I have separate card.

I don't think that RAM is problem - there is 2 GB inside.

Sasa

my test upnp-enabled units are one PS3, one PSP, ne XBOX360..

If i connect the xbox or ps3 via ethernet on vr0 (LAN), upnp works as expected, the xbox and ps3 reports successfull config.

I have added the rule you mentioned, both on WAN and WLAN.

If i try to add upnp on WLAN i see a message in logs saying upnp was started on LAN but no WLAN, since WLAN has no ip address (remember it's bridged to LAN ..)

If i unbridge WLAN, and set it to a static IP, upnp works fine.

Conclusion, upnp listens to LAN but not bridge0 (?)'

So basicaly, my rules are now :
On Lan: allow all proto from any source,port to any source,port
On Wlan (OPT1): allow all proto from any source,port to any source, port

And as you advised:
On Lan: allow all proto from any source, port to 239.255.255.250/32,anyport
On Wlan: allow all proto from any source,port to 239.255.255.250/32,anyport …

Note, i upddated my setup to 1.2.1-rel and 1.2.2-rel, but this issue is still not fixed.

So more than likely whatever hardware is acting as the WAN is more than likely having an issue is what your saying?  I removed the WAN NIC and replaced it, going to see what happens.

Two things to consider:

Look at the logs from pfSense to see what the DHCP client is logging - this may give you more information

If it's happening with 2 completely different devices, it's probably nothing you can fix.  The problem lies with the ISP (the cable modem or the DHCP servers I'd guess).

The webgui runs on a port.
Usually on port 80 (or 443 in case of https).

You can not forward the port the webgui uses to an internal server and have the webgui on the same port at the same time.