So do I unwind the FreeBSD mods after I install TFTP?

Probably should have gone to Jim so I'll do that. ;)

If you use server grade network interface chips/cards that support SR-IOV and your CPU/Mobo supports IOMMU then you can have almost (like 95%) native performance. Without knowing your specs I don't know if it will work, but you could definitely do it with a fast CPU.

It's not important why it seemed to have worked in the past. Johnpoz already described how to set it up correctly. Use that and create a working system, don't you think? BTW: you can create your "groups" with "aliases" in pfSense.

Excellent news, thank you!

thank you replying to me  guardian , i'm using pfsense 2.3.1-RELEASE-p5 (amd64)  as web content filter. there is a requirement when any user access youtube and play a video we want to know what is the url that user access.i'm using authentication this squid config.  when i monitor that youtube url it's looks like this " video-sit4-1.xx.fbcdn.net:443 " this is the output of lightsquid package..please let me know how get real url that user access video.

@johnpoz: … 10/100 ... These Y-Adaptors use two of the 4 pairs in a CAT5 cable for each jack. This gives a maximum of 100Mb per host and that's why I linked such a switch. That's all. This is probably such an adaptor: [image: 41-hOHtyEyL._SY300_.jpg] and that's how it's wired: [image: YS-U11-D.JPG]

@heper: Diagnostics/Backup & Restore/Config History click the + on Configuration Backup Cache Settings. you can adjust the number of backups to keep. Thanks for that. Assuming the default is 30 backups and that is what was taking so long to process during boot, I've changed it to 5. I only had 1 previous configuration history recorded here (from yesterday), presumably because I deleted all the others. I'm not sure if an excessive boot delay caused by cleaning the backup cache is normal or not (my router has an SSD so it shouldn't be due to slow disk IO). Surely, there would be more complaints if this was a usual occurrence. Anyhow, I'll see if 5 backups helps boot times.

I did a Services / Snort / Update Rules - Force Update and that seems to have fixed it.

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Here's my comments: 1. You are going to be doing double NAT. Once through pfsense, and again through your DSL router. While this work for many applications, it will break some. You'd be far better off to put your DSL router into bridge mode, if possible, so that it is basically operating at layer 2. 2. Using your DC for DHCP and DNS is not a problem. Just configure DNS on your DC to forward unresolved DNS requests to some DNS server that has access to public DNS. You could point it to your pfsense box, or straight to something like google DNS (8.8.8.8) 3. You can access your DSL router's admin page at 192.168.1.254 (provided you haven't put it in bridge mode) by going into pfsense and disabling the WAN check for bogus networks since pfsense, by default, would block access to a private 192.168 IP address on its WAN side. 4. No DHCP relay needed.

Well is your switch config. If your going to put a vlan on your lan interface (eth1) then what is the ID of this vlan?  You configured that switch port to carry that vlan tagged.. What is the native or untagged vlan on the port for your normal "lan" network? So does your dmz also connect into this switch? But sure lets call your lan network using vlan 1, which is common default vlan for managment/data etc..  Then you create a vlan 100.. So switch port connected to eth1 would have untagged or native vlan 1, with tagged vlan 100.  Then if you wanted some device on your network to be in this vlan 100 that switch port would be configured for untagged or native vlan 100 and that is it.

I made a patch for 2.3.2  pfSense version for a CPU temperature graph for the above mentioned old thread. I used a lot of it but changed some things. I am not a programmer so things could be better. ;) This patch is for a quad core N3700 CPU. --- /etc/inc/rrd.inc 2016-08-21 23:05:29.707358000 +0200 +++ /etc/inc/rrd.inc.modified 2016-08-21 23:44:15.376961000 +0200 @@ -242,6 +242,7 @@ $spamd = "-spamd.rrd"; $proc = "-processor.rrd"; $mem = "-memory.rrd"; + $cputemp = "-temperature.rrd"; $mbuf = "-mbuf.rrd"; $cellular = "-cellular.rrd"; $vpnusers = "-vpnusers.rrd"; @@ -274,6 +275,7 @@ $rrdlbpoolinterval = 60; $rrdprocinterval = 60; $rrdmeminterval = 60; + $rrdcputempinterval = 60; $rrdmbufinterval = 60; $rrdcellularinterval = 60; $rrdvpninterval = 60; @@ -291,6 +293,7 @@ $lbpoolvalid = $rrdlbpoolinterval * 2; $procvalid = $rrdlbpoolinterval * 2; $memvalid = $rrdmeminterval * 2; + $cputempvalid = $rrdcputempinterval * 2; $mbufvalid = $rrdmbufinterval * 2; $cellularvalid = $rrdcellularinterval * 2; $vpnvalid = $rrdvpninterval * 2; @@ -733,6 +736,49 @@ /* End Memory statistics */ + /* CPU Temperature */ + /* the CPU Temperature gathering function */ + /* This is for a Pentium N3700 and coretemp which reports 4 cores */ + /* CPU Temp, create the CPU Temperature database */ + if (!file_exists("$rrddbpath$ifname$cputemp")) { + $rrdcreate = "$rrdtool create $rrddbpath$ifname$cputemp --step $rrdcputempinterval "; + $rrdcreate .= "DS:cpu0temp:GAUGE:$cputempvalid:-273:5000 "; + $rrdcreate .= "DS:cpu1temp:GAUGE:$cputempvalid:-273:5000 "; + $rrdcreate .= "DS:cpu2temp:GAUGE:$cputempvalid:-273:5000 "; + $rrdcreate .= "DS:cpu3temp:GAUGE:$cputempvalid:-273:5000 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1:1200 "; + $rrdcreate .= "RRA:AVERAGE:0.5:5:720 "; + $rrdcreate .= "RRA:AVERAGE:0.5:60:1860 "; + $rrdcreate .= "RRA:AVERAGE:0.5:1440:2284 "; + $rrdcreate .= "RRA:MIN:0.5:1:1200 "; + $rrdcreate .= "RRA:MIN:0.5:5:720 "; + $rrdcreate .= "RRA:MIN:0.5:60:1860 "; + $rrdcreate .= "RRA:MIN:0.5:1440:2284 "; + $rrdcreate .= "RRA:MAX:0.5:1:1200 "; + $rrdcreate .= "RRA:MAX:0.5:5:720 "; + $rrdcreate .= "RRA:MAX:0.5:60:1860 "; + $rrdcreate .= "RRA:MAX:0.5:1440:2284 "; + $rrdcreate .= "RRA:LAST:0.5:1:1200 "; + $rrdcreate .= "RRA:LAST:0.5:5:720 "; + $rrdcreate .= "RRA:LAST:0.5:60:1860 "; + $rrdcreate .= "RRA:LAST:0.5:1440:2284 "; + + create_new_rrd($rrdcreate); + unset($rrdcreate); + } + + /* enter UNKNOWN values in the RRD so it knows we rebooted. */ + if (platform_booting()) { + mwexec("$rrdtool update $rrddbpath$ifname$cputemp N:U:U:U:U"); + } + + /* the CPU Temperature gathering function */ + $rrdupdatesh .= "CPUTEMP=`$sysctl -n dev.cpu.0.temperature dev.cpu.1.temperature dev.cpu.2.temperature dev.cpu.3.temperature | "; + $rrdupdatesh .= "cut -c-2 | tr '\n' ':' | sed 's/.$//'`\n"; + $rrdupdatesh .= "$rrdtool update $rrddbpath$ifname$cputemp N:\${CPUTEMP}\n"; + + /* end CPU Temperature gathering */ + /* mbuf, create mbuf statistics database */ if (!file_exists("$rrddbpath$ifname$mbuf")) { $rrdcreate = "$rrdtool create $rrddbpath$ifname$mbuf --step $rrdmbufinterval "; For easy implementation use the "patches" package. [image: CPUtemp.png] [image: CPUtemp.png_thumb]

My 3.1ghz Haswell i5 with an Intel i350-T2 NIC is getting 2Gb/s(1Gb bidirectional) with NAT and traffic shaping out of the box PFSense, while hovering about 10% CPU. If I disable traffic shaping, it's about 5% CPU. When it comes to a firewall, the NIC is the most important part. You must get a high quality one that has good driver support.

This seems to be signal monitoring and statistics collection process. Do not have PPP configured right now, so cannot compare CPU usage.