The better option is limiters if you are OK with giving them a fixed pipe.  There is a burst option in there for allowing people to exceed that limit for a short amount of time.

https://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter

To limit each device to a specific amount of bandwidth you'll need two limiters, one for download and one for upload.  When setting up the limiters, the download one should be set to "Destination addresses" and the upload one set to "Source addresses" in the "Mask" setting.  You'd then apply those limiters to your pass rule on the LAN firewall rules.

Glad to see you have the top man on the case.  ;)

Steve

hey there,
I contacted them about 2 weeks ago, they replied pretty fast so yours might be lost in the spam filter..?

@smildev:

Hi,

http/https filtering: http://www.youtube.com/watch?v=C1jNEC8QmL4
Port Forward: very easy, menu -  firewall > NAT > first tab Port Forward

Hi,

I cant seem to find how to do captive portal at the same time configure the WAN-LAN to be under bridge/transparent mode…. the video only shows the proxy aspect, which I was able to follow.

With the latest releases of pfsense (2.1.1 and 2.1.2)… When 'Allow ipv6' is unchecked there is an implicit QUICK rule that goes before any floating rules that blocks ipv6.  If 'Log packets blocked by the default rule' is also checked then those block rules will also log the ipv6 packets.  No floating rule with ipv6 will change that behavior because floating rules come after the implicit.  I don't know why you are not seeing the same behavior if 'Allow ipv6' is unchecked.

if(!isset($config['syslog']['nologdefaultblock'])) $log = "log"; else $log = ""; if(!isset($config['system']['ipv6allow'])) { $ipfrules .= "# Block all IPv6\n"; $ipfrules .= "block in {$log} quick inet6 all label \"Block all IPv6\"\n"; $ipfrules .= "block out {$log} quick inet6 all label \"Block all IPv6\"\n"; }

If default logging of blocked packets is enabled and 'Allow IPv6' is unchecked the following rules will be inserted before any user configurable rules…

# Block all IPv6 block in log quick inet6 all label "Block all IPv6" block out log quick inet6 all label "Block all IPv6"

This comes before any user rules (floating or otherwise) so no user rules should be able to change the logging when both of those conditions are met ('Log packets blocked by the default rule' checked and 'Allow IPv6' unchecked).  If 'Log packets blocked by the default rule' is not checked then all ipv6 packets would be blocked without logging.  You could not add any floating rule that would change the implicit QUICK behavior rules.

Loved the slides. That guy knows how to make a technical presentation entertaining.  :)
Worrying though. Obviously not that worrying for me.

Steve

After the reboot, sysctl did show eee_setting as 0.

Edit: I tried changing the link speed and duplex of the connecting PC, and that made no difference.

There are some tests included in the Windows nic driver that I ran, and during the time the problem occurs, they all succeed except for the connection test.


There is no easy way of clearing disk space in the pfSense webgui. However using 11% is not a problem. 
3GB is more than a normal install as Johnpoz said above. Are you running Squid?
Even if you manually remove any surplus caching etc you won't get to 0%. pfSense requires ~500MB to run.

Steve

You could give me a hand? Case ever with the screen shots

thank you very much

According to this post I just found the alerts are not configurable. The developers have hard coded certain things to notify on and once you configure your SMTP server you will start receiving those alerts.

https://forum.pfsense.org/index.php?topic=60906.0

@eiger3970:

With pfSense connected, computers can ping others on the network, can ping pfSense, can ping the modem, but can't ping the Internet.

A common cause of that is adding a gateway to the LAN interface. You should have only one system gateway and it should be on WAN and set as default. Check in System: Routing Gateways:

Steve

I used Filezilla and Notepad++.  Seems to have worked fine.  Now to stop the DHCP entries in friend's syslog.

Yeah, I noticed there was no GUI check box for that.  If it isn't broken…

Thanks again.

Doesn't matter, since access to that is limited. What are they going to do? See what IPs I'm blocking  ;D

Security through obsurity is perfect for this.

No i did not bypass Captive portal, Captive portal is working however page for authentication is missing. I test it by removing my mac address in the list and i was not able to go to the internet and when i put my mac again then i can surf the net.

On gateway, I have multiple gateway for vlan but not all of them are under PFSense Vlan IP.  For my test I am using pfsense as gateway so I can use captive portal, again if i use pfsense as gateway my printing does not work.

on DHCP yes windows handle all the IP connecting to Pfsense, and I think this is not DHCP issue.

When printing is not working I can reach all vlan without any problem.

i am testing this off my network before i put this in production on my home network

so specs wise:

archer c7 is home router
its giving pfsense the 192.168.0.120 address
i gave the pfsense box a lan ip of 192.168.1.1

i can connect to the box without my spare router(i use for tests occasionally) connected to the pfsense box. i am able to get online and everything. like it should. i gave the spare router an ip address of 192.168.1.2. hooked it up on the pfsense box, hooked up my laptop to the router. flushdns released and renew ip.

now not getting anything. no yahoo news no techbargin. typed the 192.168.1.1 to get into the web interface of the pfsense box. as well and still nothing.

so it works until i hook up a router to the box. then everything goes dead at least on that network.

any ideas or suggestions?

Something that i would worry about is putting pfsense on that SSD, unless you're installing the embedded version you may end up reducing the life of the SSD greatly because pfsense will write a lot to the drive with logs and etc.

@kambiz:

I saw something on the ESXi documentation:
"ESXi does not support using local, internal SATA drives on the host server to create VMFS datastores that are shared across multiple ESXi hosts"
What exactly doest that mean?

Also, do I need to reserve one physical port on the box, on which to assign the static IP for the ESXi for management? Because I did say I would have 4 interfaces, 2 of which will be assigned to pfSense and the other two to the other OSs. Pardon my, obviously noob question, but it's going to be my first time doing this.

First thing, that means that you can't share a virtual machine volume to another ESXi machine. So if you add another host later than it will have to have its own storage or use other network storage. This is more of a concern if you have more than one host, such as with my system, virtual machines cannot migrate between esxi hosts if the storage is local only, this is why my storage is accessed over the network with a NFS mount.

Second, you do not need to reserve a NIC just for ESXi, you don't even need to reserve NICs for pfsense. In the case of my setup pfsense and all the other VMs on my LAN use the same LAN NIC and i have no problems with this.

@johnpoz:

So what your saying is your messed the mask on the interface, or prob set a gateway on it? while doing it from cmd line ;)

You might have wanted to mention that you were not using the default IP, etc.

Good point, sorry, I didn't think that was relevant.  I guess too much information is better that not enough.  The subnet I was setting was a /8 BTW

@stephenw10:

If that is the case it would be great to know exactly what happened. There have been many instances recently of people misconfiguring internal interfaces but I've not been able to replicate it.
Also I'm not sure quite how that would explain the promiscuous mode.

Steve

Yeah, it was definitely a strange problem.  Is there a log or something I could send to help you figure out what happened?

https://redmine.pfsense.org/issues/3501
https://redmine.pfsense.org/issues/3597

Probably others.