The only way it can tell whether a device is "active" is by the ARP table. If you're using static ARP, the IP is always in the ARP table.

Thanks for not removing bash during the upgrade then I guess ;).

Thanks for the responses everyone. I have replaced the CPU and it seems to have fixed the issue, currently at 10 days uptime without crashes. The old CPU would crash anywhere between 3-7 days of uptime.

Just remember that your edit to the PHP file may not survive an update. If that file is updated in the repository your change will be overwritten.

Put a switch into the ethernet port provided by my ISP. Connect Xbox-es to that switch directly. Also connect pfSense's WAN port to that switch. Connect a second switch to pfSense's LAN port. Connect the rest of the clients to the second switch. You need to run all the cables from all the devices in the rooms one by one to the location where these switches are. If you have only one single cable to each room, and you use local switches in each room to split the network to multiple devices, you're in trouble. You either lay new cables, or you buy lots of small VLAN-capable switches everywhere. For a VLAN-ed setup, you need this: a master (core) VLAN-capable switch at the place where the ethernet port provided by my ISP comes in. smaller VLAN capable switches everywhere else in each switch, create two VLAN, say VLAN 10 and VLAN 20 in the core switch, assign both VLANs as tagged, to ports going to the other smaller switches on the other switches, assign both VLANs as tagged, to the port which connects to the core switch in the core switch assign VLAN 10 to at least 2 ports, one for the ISP cable and one for pfSense's WAN port (yes, VLAN10 will carry the ISP's 192. 168.x.x network) in the other switches assign VLAN 10 to the port going to XBOX. in the core switch assign VLAN 20 to at least 1 port, and connect pfSense's LAN here (and this way VLAN 20 will carry your pfSense's LAN network) in the other switches assign VLAN 20 to the other ports for devices which are not XBOXes. Example of VLAN-capable small switch (gigabit, 5-ports): http://www.tp-link.com/lb/products/details/cat-41_TL-SG105E.html Example of VLAN-capable bigger switch (same as above but 16 ports): http://www.tp-link.com/lb/products/details/cat-41_TL-SG1016DE.html These are cheap, but smarter series are http://www.tp-link.com/lb/products/details/cat-40_TL-SG2008.html and http://www.tp-link.com/lb/products/details/cat-40_TL-SG2216.html respectively. Good luck!

I got two huawei b315. Get the manual of this LTE router and then set each of them into the so called "bridge mode" that they are acting as a pure modem if this will be able to realize it is the best on shortest way, but also the most common one, you can walk through. How to use them both in pfsense? I personally would try out to go the way with a proper load balancing and fail over configuration, but this can be also different in your case based on the entire use case or what you want to reach or what is you entire goal. In normal you create then two gateway groups and do a load balance over this two WAN ports and modem in front of them. Please answer some other questions here to get a better help; What kind of hardware you are using? What kind of pfSense version is installed? (32Bit or 64Bit and version number please) What is the "line" speed of the both internet connections? (such as 1 x 100 MBit/s + 1 x 50 MBit/s or perhaps something likes 2 x 100 MBit/s) What is the connection art and wise of your Internet account? Home or business? Static IP or dynamic one? PPPoE or another art? Here is a small configuration thread that is explaining it really nice. But please read it slow and carefully. multi-wan [dual] and policy based routing with failover How to Setup Failover and Load Balancing in PFSense

@heper: you need to read up on vlans. untagged from isp = normal interface (forget about it being a vlan, for your client it ISNT) for tagged vlan you add the vlan to your parent (wan) using interfaces->assign->vlan then you assign an interface to that vlan using interfaces->assign | click the dropdown and select parentinterface_VLANx & click "add" now you have an new OPT interface. configure it as you wish/need Ok, thanks Heper, just needed a little guidance. That will do. Thanks much again. :-)

just encounter an issue with this setup: when donloading torrents or anything alse, it starts fast (like 20 MB/s) then the flow goes down alot till it heats 2 MB/s. cpu and ram usage are exactly the same. any clue?

https://forum.pfsense.org/index.php?topic=110219.msg615120#msg615120 If your goal is to block any data going to any Facebook-controlled servers, this list is a good start: http://pastebin.com/raw/eKi3jABf

I can answer the question now.  ;) pfSense boot normally and after you connect the USB 3G modem the WAN interface goes up. Try it with pfSense 2.2.6 and 2.3. Perfect, pfSense is really awesome!

1gb ddr2 ram Only a guess of mine, could it be that you are running out of RAM?

thank you, cmb

You can't do altq shaping with Xen PV NICs period.

I was shocked to see that at bare metal I would max out at 550Mb. Me too, but more pending on what you are doing and how do you it are doing. In a VM you haven´t only one CPU core or SoC core for the WAN part, its multi core threated! And on a bare metal installation it is so, that the modem is put at the WAN port and there fore and on top of this together with PPPoE you are now single CPU threated!!!! please don´t forget this. When I install centos on this same machine I get 980Mb off the same interface that under pfsense would only push 500. Where the hell CentOS is doing in any kind of direction NAT / SPI and performing firewall rules? It don´t do that all!!! And there fore on top of this it is multi CPU core usage and pfSense together with PPPoE single treated again. So it can´t be really the true doing that. Its like I have 2 cars one is a Mercedes 600S AMG and the other is a Fiat500, but both have a motor 4 wheels and burning benzine. Forgot to mention no services are enabled this is a fresh install of 2.3 with only pfsense added. This will be really good but only one step of two that should be done! do a fresh install of version 2.3 64Bit configure WAN and LAN part connect the modem and the WAN port to a smaller switch and on top of this a PC or Laptop as iPerf server connect now to the LAN port a switch that is connecting too a PC or Laptop and then acting as a iPerf client. Now do some speed or throughput tests! This would be showing you the real throughput of your pfSense box and nothing more or less. SCP and other programs should not be in usage! Please try out iPerf or NetIO. If the results are not matching you should be tune the NICs, by high up the mbufs size to 1000000. The SG-4860 is similar to the A1SRi-2558 and is able to push 500+ MBit/s over IPSec together with AES-GCM. And your board is able to push nearly 1 GBit/s over the WAN Port as I see it right but perhaps you should understand that a test is not likes other tests. If you own a router with an integrated modem and you will be put your pfsense behind of that it would be more using the static IP instead of the PPPoE and then you will be getting more throughput or speed.

That has worked flawlessly. I am really impressed. Just imaged 2.3 on a spare CF card and imported the old config. Will move on to the next box now. thanks!

There are a lot of changes in the Intel Gigabit Ethernet drivers em(4) and igb(4) in 10.3-RELEASE. I believe all of them appear in pfSense 2.3-RELEASE (which is based on 10.3-RELEASE). It would be unwise to single out this one change from the many.

It requires specifying an IP address there and always had, though it shouldn't anymore. https://redmine.pfsense.org/issues/6239 Fixed in 2.3.1 to allow hostnames there as well.