Ntop/NtopNG would do the trick for showign individual host usage, though it probably can't do emailed reports - unless you can script something yourself.

As long as the service is running, that config's fine. That error happens during boot because the DHCP lease registration process wants to HUP dnsmasq upon certain changes, but at that time during boot it may not be running. It's safe to ignore.

We are thinking of moving from Untangle (Free) to Pfsense.  Basically, all I want Pfsense to do initially is filter web traffic content (ie. Facebook, Port etc).  I don't want it to do any routing, firewall-ing, or anything like that. But why not only a CentOS system with a Squid + SquidGuard then? Is this possible? For sure it will, but only with Squid + SquidGuard it will be much easier to administrating. To look out of a window, you don´t need building a skyscraper, a normal house will do it also!

Have a look at Ruckus Wireless Zoneflex 7363 APs on eBay. They regularly sell for something like 120,- to 170,- Eur, are dual-band and offer great coverage due to their beam steering technology. I live in a high density WLAN area as well (approx. 30 APs around) and still manage to get streaming audio to 8 or so Squeezeboxes wirelessly - unfortunately they only support 2.4GHz.

Yes.  Should be fine.

Thank you everyone. I'll try it.

Put more than what would ever be normal. e.g. if you are doing a big download then you might see the ping times go quite high on satellite but still the link is up. Maybe 2000 to 3000ms? Then do some stuff to load down your link and see what happens to ping time and packet loss, then increase the thresholds to exceed that sort of "loaded use" pattern.

What's the capture look like? The purpose of that was to analyze the traffic to see where the delays are occurring. If you can upload it somewhere and PM me a link I'll take a look. Or if it's under 25 MB, attach to email to cmb at pfsense dot org with a link to this thread.

Thanks for the info. Using gparted, I can see the "partitioning" for pfSense on that card. When I try to reload gparted with the IPSO card in the reader, I get an error: "Invalid partition table - recursive partition on /dev/sdb." Doing some research on your INT13h and CHS comments, I decided to run command "sfdisk -l" IPSO card: Disk /dev/sdb: 1011 cylinders, 4 heads, 62 sectors/track Warning: The partition table looks like it was made   for C/H/S=*/256/63 (instead of 1011/4/62). For this listing I'll assume that geometry. Units = cylinders of 8257536 bytes, blocks of 1024 bytes, counting from 0   Device Boot Start    End  #cyls    #blocks  Id  System /dev/sdb1          0      -      0          0    0  Empty /dev/sdb2          0      -      0          0    0  Empty /dev/sdb3          0      -      0          0    0  Empty /dev/sdb4  *      0      3-      4-    25000  a6  OpenBSD end: (c,h,s) expected (3,25,41) found (1023,255,63) Disk /dev/sdb4: 201 cylinders, 4 heads, 62 sectors/track Warning: The partition table looks like it was made   for C/H/S=*/256/63 (instead of 201/4/62). For this listing I'll assume that geometry. Units = cylinders of 8257536 bytes, blocks of 1024 bytes, counting from 0   Device Boot Start    End  #cyls    #blocks  Id  System /dev/sdb4p1          0      -      0          0    0  Empty /dev/sdb4p2          0      -      0          0    0  Empty /dev/sdb4p3          0      -      0          0    0  Empty /dev/sdb4p4  *      0      3-      4-    25000  a6  OpenBSD end: (c,h,s) expected (3,25,41) found (1023,255,63) pfSense card: Disk /dev/sdb: 1009 cylinders, 32 heads, 62 sectors/track Warning: The partition table looks like it was made   for C/H/S=*/16/63 (instead of 1009/32/62). For this listing I'll assume that geometry. Units = cylinders of 516096 bytes, blocks of 1024 bytes, counting from 0   Device Boot Start    End  #cyls    #blocks  Id  System /dev/sdb1  *      0+    914    915-    461128+  a5  FreeBSD /dev/sdb2        915+  1829    915-    461128+  a5  FreeBSD end: (c,h,s) expected (1023,15,63) found (805,15,63) /dev/sdb3      1830    1931    102      51408  a5  FreeBSD start: (c,h,s) expected (1023,15,63) found (806,0,1) end: (c,h,s) expected (1023,15,63) found (907,15,63) /dev/sdb4          0      -      0          0    0  Empty I think that the CHS route is indeed the right track. So I have narrowed it down to something to do with the MBR. Using the following command, I was able to extract the MBR for both cards: dd if=/dev/sdb of=mbr bs=512 count=1 I then "converted" them to text with the following command: xxd mbr > mbr.txt IPSO MBR: 0000000: eb1b 9090 161f 666a 0051 5006 5331 c088  ......fj.QP.S1.. 0000010: f050 6a10 89e5 e8be 008d 6610 cbfc 31c9  .Pj.......f...1. 0000020: 8ec1 8ed9 8ed1 bc00 7c89 e6bf 0007 fec5  ........|....... 0000030: f3a5 beee 7d80 fa80 722c b601 e867 00b9  ....}...r,...g.. 0000040: 0100 bebe 8db6 0180 7c04 a675 07e3 19f6  ........|..u.... 0000050: 0480 7514 83c6 10fe c680 fe05 72e9 49e3  ..u.........r.I. 0000060: e1be 7c7d eb52 31d2 8916 0009 b610 e835  ..|}.R1........5 0000070: 00bb 0090 8b77 0a01 debf 00b0 b900 ac29  .....w.........) 0000080: f1f3 a429 f930 c0f3 aae8 0300 e981 13fa  ...).0.......... 0000090: e464 a802 75fa b0d1 e664 e464 a802 75fa  .d..u....d.d..u. 00000a0: b0df e660 fbc3 bb00 8c8b 4408 8b4c 0a0e  ...`......D..L.. 00000b0: e853 ff73 21be 797d e813 00be 817d e80d  .S.s!.y}.....}.. 00000c0: 0030 e4cd 16cd 19bb 0700 b40e cd10 ac84  .0.............. 00000d0: c075 f4b4 01f9 c32e f606 8a08 8074 21bb  .u...........t!. 00000e0: aa55 52b4 41cd 135a 7216 81fb 55aa 7510  .UR.A..Zr...U.u. 00000f0: f6c1 0174 0b89 eeb4 42cd 13b0 ffe6 80c3  ...t....B....... 0000100: 52b4 08cd 1388 f55a 72cc 80e1 3f74 c4fa  R......Zr...?t.. 0000110: 668b 4608 5266 0fb6 d966 31d2 66f7 f388  f.F.Rf...f1.f... 0000120: eb88 d543 30d2 66f7 f388 d75a 663d ff03  ...C0.f....Zf=.. 0000130: 0000 fb77 9e86 c4c0 c802 08e8 4091 88fe  ...w........@... 0000140: 28e0 8a66 0238 e072 0288 e0bf 0500 c45e  (..f.8.r.......^ 0000150: 0450 b402 cd13 5b73 0a4f 741c 30e4 cd13  .P....[s.Ot.0... 0000160: 93eb eb0f b6c3 0146 0873 03ff 460a d0e3  .......F.s..F... 0000170: 005e 0528 4602 7788 c352 6500 426f 6f74  .^.(F.w..Re.Boot 0000180: 0020 6572 726f 720d 0a00 0090 9090 9090  . error......... 0000190: 9090 9090 9090 9090 9090 9090 9090 9090  ................ 00001a0: 9090 9090 9090 9090 9090 9090 9090 9090  ................ 00001b0: 9090 9090 9090 9090 9090 9090 9090 0000  ................ 00001c0: 0000 0000 0000 0000 0000 0000 0000 0000  ................ 00001d0: 0000 0000 0000 0000 0000 0000 0000 0000  ................ 00001e0: 0000 0000 0000 0000 0000 0000 0000 8000  ................ 00001f0: 0100 a6ff ffff 0000 0000 50c3 0000 55aa  ..........P...U. [/code] pfSense MBR: [code]0000000: fc31 c08e c08e d88e d0bc 007c 89e6 bf00  .1.........|.... 0000010: 06b9 0001 f3a5 89fd b108 f3ab fe45 f2e9  .............E.. 0000020: 008a f646 b720 7407 804e b740 8a56 b688  ...F. t..N.@.V.. 0000030: 5600 52e8 f200 bbc2 0731 d288 6ffc 0fa3  V.R......1..o... 0000040: 56b7 7318 8a07 84c0 7412 bf84 07b1 08f2  V.s.....t....... 0000050: ae81 c706 008a 0d01 cfe8 bd00 4280 c310  ............B... 0000060: 73d9 582c 7f3a 0675 0472 0548 740d 30c0  s.X,.:.u.r.Ht.0. 0000070: 04b0 8846 b4bf ae07 e89e 00be 7207 e8b3  ...F........r... 0000080: 008a 56b5 4ee8 a500 eb05 b023 e8ac 0030  ..V.N......#...0 0000090: e4cd 1a89 d703 7ebc b403 e8a0 00f6 c401  ......~......... 00000a0: 7511 30e4 cd1a 39fa 72ee 8a46 b580 4eb7  u.0...9.r..F..N. 00000b0: 40eb 0bb4 02e8 8500 3c0d 74ee 2c31 3c05  @.......<.t.,1<. 00000c0: 7502 cd18 73c4 980f a346 1073 bd88 46b5  u...s....F.s..F. 00000d0: 89ee 8a14 89f3 3c04 9c74 0ac0 e004 05be  ......<..t...... 00000e0: 0793 c607 8053 f646 b740 7508 bb00 06b4  .....S.F.@u..... 00000f0: 03e8 5000 5e9d 7506 8a56 b480 ea30 bb00  ..P.^.u..V...0.. 0000100: 7cb4 02e8 3e00 7282 81bf fe01 55aa 0f85  |...>.r.....U... 0000110: 78ff 56e8 1200 5eff e30f ab56 10be 8007  x.V...^....V.... 0000120: e80a 0089 fee8 0c00 be82 07eb 07b0 3100  ..............1. 0000130: d0e8 0700 aca8 8074 f824 7fb4 0152 31d2  .......t.$...R1. 0000140: cd14 5ac3 8a74 018b 4c02 b001 5689 e784  ..Z..t..L...V... 0000150: d274 19f6 46b7 8074 1366 6a00 66ff 7408  .t..F..t.fj.f.t. 0000160: 0653 6a01 6a10 89e6 4880 cc40 cd13 89fc  .Sj.j...H..@.... 0000170: 5ec3 0a46 3620 5058 450d 0a42 6f6f 743a  ^..F6 PXE..Boot: 0000180: 20a0 0d8a 83a5 a6a9 0607 0b0c 1013 1205  ............... 0000190: 0403 01bf 5769 ee4c 696e 75f8 7066 5365  ....Wi.Linu.pfSe 00001a0: 6e73 e590 9090 9090 9090 9090 9090 4472  ns............Dr 00001b0: 6976 6520 0000 8083 9090 9090 b600 8001  ive ............ 00001c0: 0100 a50f ff92 3f00 0000 9112 0e00 0001  ......?......... 00001d0: c193 a50f ff25 0f13 0e00 9112 0e00 0000  .....%.......... 00001e0: c126 a50f ff8b a025 1c00 a091 0100 0000  .&.....%........ 00001f0: 0000 0000 0000 0000 0000 0000 0000 55aa  ..............U. [/code] So I figure I could probably mess around with these MBRs and re-image the cards as necessary... Only problem is, I don't know what each "partition" is for pfSense. There really only appears to be 1 "real" partition in IPSO, so I would like to try to replicate that with the pfSense MBR. Can anyone point me to any kind of documentation as to what the "partitions" are in pfSense? Any pointers on how to move forward with this?

the public wifi will need access if possible to parts of the private network (the rooms have automation controls for lighting, audio, TV, shades, etc. that is controlled by Crestron system, and they want to give guests ability to BYOD and connect and control room functions. What you do is dependent on whatever security measures are in place by these Crestron people.  How do the users authenticate so they can only control their own room?  Last name/room number on a web page?  Are they expected to install an app?

it's more than likely it's builtin the kernel and not a module. kldstat shows that it isnt loaded seperately: [2.2.2-DEVELOPMENT][root@pfsense]/root: kldstat Id Refs Address    Size    Name 1  10 0xc0400000 1f3c660  kernel 2    1 0xc4d45000 20000    ipfw.ko 3    1 0xc475b000 d000    dummynet.ko it also shows that the ones that are loaded are in the directory you've been looking in: [2.2.2-DEVELOPMENT][root@pfsense]/root: find / -name ipfw.ko /boot/kernel/ipfw.ko [2.2.2-DEVELOPMENT][root@pfsense]/root:

@phil.davis: A couple of things were fixed as per this forum thread: https://forum.pfsense.org/index.php?topic=88956.msg491905#msg491905 Those would all be in 2.2.1-RELEASE Thank you! Post #4 in that thread made it.

For front-end devices like this they are not going to have routes back to places inside your network that you might be coming from. So I put Outbound NAT into hybrid mode and add a rule that has all the source subnets that I ever come from and NATs those out WAN. That way if I come via some site-to-site OpenVPN links, road warrior OpenVPN or… I always get NAT applied out to the WAN. The front-end device sees the connection coming from pfSense WAN IP and can respond to that. Screen shot attached from my home system (that has a bunch of rubbish subnets from testing various VLAN crud... over time, I should clean up one day) [image: Hybrid-Outbound-NAT.png] [image: Hybrid-Outbound-NAT.png_thumb]

I agree that it would be awesome if it did that.  Loosing VLAN's and tunnels is pretty major, as are rules, aliases, etc. As a work around, it's pretty simple to boot up, figure out what the new interface name is, edit the config file to replace the old interface name with the new, copy the config into place, reboot and roll along.  Generally it can be done in less than five minutes IF you expect it and have already figured out where the config file is and backed up before hand.

Most stupid idea contest?

What are you IP address, netmask and gateway for your pfSense WAN and LANs?  What is your local network, e.g. 192.169.1.0, 10.0.0.0…?