@ermal:

It's not a bug nor a feature its customization. You're onyour own noatime does not bring anything to pfSense in general so why use it?

It is not the "noatime" that bothers me - it is in a more general consideration - i think it is a problem that the /etc/fstab contents are not respected.

This means that it is quite difficult to add extra disks and have them automatically mounted at boot time.

I know that pfsense it an "appliance" - but it is still *nix beneath the surface - IMHO there should be some kind of (similar) mechanism that sould allow such.

The web server in pfSense is lighttpd in pfSense 1.2 it is configured by default for 1 maybe 2 connections only. This is okay for just standard firewall config on a limited resource box. This is bad for captive portal especially if you have more than one person connecting to captive portal at the same time.

pfSense 1.3 addresses this issue when captive portal is enabled the lighttpd is given more resources so it can handle more connections.

If you want to manually add these changes now to your pfSense firewall take a look at the following links.

This prepares the pfSense built in web server for more concurrent traffic.
http://forum.pfsense.org/index.php/topic,8861.msg50280.html#msg50280

This helps optimize PHP so it doesn't hold web server resources for a long period of time.
http://forum.pfsense.org/index.php/topic,8878.0.html

A workaround for now that will automatically remove the lock file after it is older than 3 minutes.
http://forum.pfsense.org/index.php/topic,8152.msg57899.html#msg57899

After making these changes I have supported over 130 people behind captive portal with no further problems.

Yep!

Heres a good over detailed explanation in case your curious…    ;D

http://www.usr.com/support/6000/6000-ug/two.html

@onhel:

Ottawa and Kentucky are a bit out my ways.  Next time something is setup within a 3 hour drive of New York City, I'm there!

I'd be up for a session that was near NYC too.  Otherwise, a virtual environment/webinar would be cool.  I wouldn't mind paying if it was done well.

Best,

make a second machine for the file server.  freeNAS is build for this kind of thing, its similar to pfsense  http://freenas.org

What GruensFroeschli linked is appropriate if you're using the DNS forwarder. If you're using the DNS forwarder, what it's reporting on is your ISP's DNS servers.

pfSense has by far the best capabilities of any open source firewall, and better than a bunch of commercial firewalls, when it comes to DoS protection. DDoS you likely can't do anything about unless you have an extremely fast Internet connection. Most DDoS attacks will knock you off the Internet unless you have at least 50 Mb of Internet connectivity, and at times even that isn't enough.

Check the advanced options on the firewall rules add/edit screen, several options there for controlling things.

Thank you!

creating a rule for HTTPS access for WAN interface resolved the problem. thanks

Based on the timestamps in your screenshot, it would seem that these are recent activity.  It would seem like you have something going on in your network that is unintended.

Vnstat might please you
http://forum.pfsense.org/index.php/topic,8460.0.html
http://pfsense.site88.net/packages/All/vnstat-1.6_2.tbz

You can install FreeBSD packages (details in the forum) but you're on your own.  As the package says, don't rely on it - if it's simply wanting to be less visible, it (and all the other packages) are fine.  If it's a matter of staying out of legal trouble, you need to consider the risks for yourself after you read the research others have done.

It's been a while since I've looked at an interface page for wireless, but I believe there was an option there for allowing clients to communicate with each other directly. Do you have that set?

I wrote in the 2 IPs to OpenDNS that Perry gave me. And it seems to be working  ;D

I would like to just bring this up again since we have 1.3 available to us. Can I see an example of an entry? I am not sure that I am getting it right. I make the alias, it saves, but when I make the rule it gets upset. I am going to plug away a bit more at it, but if someone has an example I can work off I would love it. :)

EDIT:
Okay, I found that I was just being dumb. I have it sorted now, but I am wondering if there is a size limit to the number of lines in my alias import?

Okay, I just tried to feed it this list. And it's just sitting there and the DNS Forwarder stopped working. Once I get more info I will let you know.

EDIT AGAIN!: oops… List to long, broke my post.

@submicron:

Or you can look at the spamd package, which is still in development, but works quite well.

quite a few of us are using the spamd package with great results..

The latest 1.3b12 and 1.3b13-pre releases of M0n0wall contain changes to bring in full (?) IPv6 support.

Is it worth looking to see if these changes can be ported into pfSense ?

I ran into exactly this problem too. My connections were all physically stable, and established connections (downloads, VoIP calls, etc) were reliable. But new connections were intermittently flaky, and packet loss was appearing while pinging the router's internal addresses.

A quick look at the RRD graphs showed that I was hovering around the 10k default state limit. So I doubled the state table size (in System / Advanced).

Thanks for the thread. Love those graphs.