The default, at least on my boxes, seems to be 1200s (20m). You can set it temporarily (until reboot) with the command

If you want to make it permanent, add a line to /etc/sysctl.conf

@wallabybob:

In /boot/loader.conf you could add the line

vm.kmem_size="768M"

to set the physical memory available to the kernel to 768MB.
Forget about monitoring vm.kmem_size; it won't change. I was confusing it with something else. Sorry! The other commands are still useful for monitoring how much of the available memory is in use.

TNX. Will try.

BR

Sasa

@ktims:

Wondering on the rationale for this. It's currently being set larger than the total memory on my ALIX box and I'm concerned that something stupid is going to happen when/if the allocator ever tries to use this extra memory.

There is no point setting vm.kmem_size larger than physical memory size. You probably don't want the kernel growing to use all of physical memory and leaving nothing for applications.

On my pfSense box which has had multiple upgrades through the 1.2.1 series and is now running the released 1.2.1 /boot/loader.conf contains

autoboot_delay="1"
kern.ipc.nmbclusters="0"

I don't remember making any changes to this file. I wonder how your /boot/loader.conf got an entry for vm.kmem_size. I suspect you could safely delete it. I wonder if there is any other "junk" in there.

Got my questions answerd by cmb (thanks again!) on the support mailing list.  Here they are for the archives and anyone else searching the forums:

For the FTP helper to be started on the WAN interface, you need have the FTP helper enabled for that interface, a NAT rule for server port 21 defined and if not NATing the WAN IP, be using a CARP Virtual IP address (not ProxyARP or Other).

Anything can be entered for the CARP VIP password, group and frequency.

The FTP helper is started by code in /etc/inc/filter.inc.

I had actually tried messing with that, it didn't help.

After getting incredibly frustrating and going around turning absolutely everything off it turns out it was OpenVPN causing the problem. I have no idea how or why, but if I disable the tunnel I can access the site. It makes no sense why a VPN tunnel would effect such particular sites.

I have an Alix 2c3 running 1.2.1 with dhcp and dnsmasq without problems. Does the service just die randomly, can you restart it? That message is what you would see in the logs if you stopped the service via status, services. It says the service received a SIGnal to TERMinate- if it was crashing, I would expect a different message logged.

My dns server was my primary DC and it still is.
Sorry to say.. i have installed isa 2006 configured it. and now all my problems are gone.
Thanks for all your help anyway!

Port 21 on LAN interface is not the same as port 21 on WAN interface.

It is open on LAN interface because of the ftp-helper, if you really want to close the port you can turn off the helper at:
Interfaces->LAN->"Disable the userland FTP-Proxy application",
but doing so will break outbound ftp unless you configure firewall rules yourself for outbound ftp.

Thanks for your advice! I am going to do that SNMP things.

As jahonix said: try not to use the MAC as something to bill/identify your customers.
ANYONE can sniff on your network, fake their MAC and have pretty fast full access.

IMO you're better off if you assign each office a subnet and restrict by IP/subnet.
To control access you could use the Captive Portal and/or a FreeRADIUS server.
You allow per customer only his own subnet/IP's. If he uses other IP's of other customers he's simply blocked.

To counter NAT-able devices this thread might help you:
http://forum.pfsense.org/index.php/topic,10392.0.html

@BRuTAL_HiTMAN_:

maybe this question was answered before, if it was i was unable to find it altho i wasn't 100% sure of what to look for, but ok here it goes:

i have a computer connected wirelessly, and it has shared folders, it's a windows machine, and when it'd plugged into my wired LAN,192.168.1.xxx i can view the shared files by going start->run \LANIP, but when it's connected to the wireless subnet, 192.168.2.xxx, i can't find it, and when i try remote connecting it using ultraVNC it can't find it either, but i can use remote desktop connection, i don't get why one remote tool works, and another doesn't on different subnets, any help is appreciated thanks!

Hi,

Yes, under Windows, at least XP this moment, you can not browse another Windows box residing on different subnet through it's default sharing. That sharing can only be done for the machines in the same subnet and with same workgroup name. Unless you are running samba or active directory something like that. (Please correct me if there is easier tool may help!)

For the ultraVNC problem, you should better check with your firewall setting first to make sure your firewall is not blocking UltraVNC.

Hope this can help.
Aldo

You are kidding, aren't you?
Top menu, right hand side of 'Status'…

BTW, which theme are you using?

@ermal:

Sponsor it. It can be added but its not on priority list.

That's a great idea.  I'll definitely put a bounty on it when I'm ready to go.