search the forum. This has been discussed trillions of times

see: http://forum.pfsense.org/index.php?action=search2;params=YWR2YW5jZWR8J3wwfCJ8YnJkfCd8M3wifHNob3dfY29tcGxldGV8J3x8InxzdWJqZWN0X29ubHl8J3x8Inxzb3J0fCd8cmVsZXZhbmNlfCJ8c29ydF9kaXJ8J3xkZXNjfCJ8c2VhcmNofCd8ZmFjZWJvb2s=

Hmm, I don't know why that isn't working. I use an almost identical setup at home and it works no problem. Did you change the protocol to 'any'?

How do you have external access setup to the CCTV system?
You would normally use port-forwarding on one WAN to do it. In that situation The URL on which external clients connect to the CCTV box will only ever point to one WAN. It should not make any difference to external clients even if you can't use policy based routing.

And the reason you're using 20.0.0.* is…..?

Steve

thanks for this valuable info.

by installing from pfsense web interface, zabbix_agend restarts automatically after reboot.

You should be okay with the 2.1 beta, but it is a beta, so keep that in mind.

I chose the 2.0.3 update to minimize any risk I may be inflicting on my network.  However, there are people using 2.1 in production with excellent results.  I am too risk averse and stayed conservative with the 2.0.3 release.

Thanks so much!

Unselecting any interface under "Services –-> NTP" solved the Unreach/Pending issue and my clients are able to sync with the pfSense NTP Server.

you are going to have to supply a lot more info. (logs / hardware info / …)

@dhatz:

The Open ERP server may eventually have to be carefully public facing if I need to review data from home once the business is running, but I might be able to do this with VPN.

Always go the VPN route.

So far I am able to access the internet from LAN, and Wifi. I can print to all of my printers from LAN, but not wifi yet. I've been hitting my head against the wall with the captive portal setup, but I haven't spent much time trying to get it to work yet.

For your Wifi needs, use an external Wireless Access Point that will allow you to setup two WLANs / SSIDs (one for your own use and the second one for customers/CP) and pass them two separate VLANs. Unless you're doing this for educational reasons, you might consider avoiding the setup of a CP, and just change the password on the customers' WLAN once every few weeks.

I will go the VPN route, thanks for confirming that's the best way.

The Wireless access point is http://www.versatek.com/products-and-solutions/wireless/indoor-access-points/vx-ap400pro-high-power-400mw-wireless-ap.html
So I guess I should source a cheap managed switch from Ebay and figure out how to use it after all. Major problem is that finding a reasonably priced wall wart for that access point is proving to be a challenge, and POE injectors I can't seem to find anything but very expensive ones that say they are fully 802.3af compliant. All the cheap ones I can find don't seem to list their specifications. And of course my POE switch isn't managed, so I don't think I can run multiple vlans through that for the access point.

I'm almost hell bent on using the captive portal to limit bandwidth usage, terms of service agreement, hard time limit, device logging, and so on so they would have to reconnect, etc. just to help prevent abuse and help limit my liability if someone managed to do something nasty over my network. It will also be instructional for me, in case further business ventures require that knowledge such as a net-caffe or something like that.
Sorry I'm all on about "cheap" but right now my financial situation calls for that, because business funding is not available at the moment.
(Edit: I probably should have checked Versatek's site before saying that about the POE injectors. They have one that will work for my needs at a very reasonable price)

On WAN alone is adequate, we enable MSS clamping to prevent TCP from being bigger than that.

I've been noticing the same issues, due to the unconstrained growth of the tcpdump process.    I'm running the Feb 4th snapshot, so I do have the -S flag.

I filed a bug report: https://redmine.pfsense.org/issues/2819

i asked for fish and you slapped me with a blue WHALE.
Thanks

but i want to ask ,
how will a proxy server will hand  3000 users with the same ip???

i mean if one of the 3000 users did a spam , he will block with him the other users !!!

doesn't dat  right ??

i mean that tproxy is very very important for the isps that has alot of users

plz advice for dat .

regards

@dotdash:

The config is common between slices. You should be able to switch back to the previous slice if you have problems with 2.0.3.

Thank you very much for your quick reply. The common configuration makes things even easier.

Peter

Hi Stephen,

Thanks for the reply. Yes, I'm aware of the different modem codes available, I was on 332201_A the recommended one for the UK.

Unfortunately, the low throughput came back again with the 12v PSU, so I did try reflashing to 321311_A which is recommended normally for poor lines, mine is a good line but I thought it was worth a try anyway, but it made no difference. When I've tried different modem codes before on other lines, the difference has usually been fairly minor - worth doing (perhaps 10%), but not a massive difference, so I haven't tried any other codes as I don't expect that to be the problem.

I've gone back to the 9v 500ma PSU to ensure I don't kill the Vigor 120 and have contacted Draytek asking them to replace the whole thing. I do think the bad PSU is quite likely the cause - I suspect the reason the problem has come back later with the 12v supply is that the modem seemed to be running hotter (as could be expected) on 12v, so I got the full potential of the line at first, then after a while I think a processor inside the Vigor 120 has throttled to prevent overheating, reducing throughput. A bit of a wild guess, but it's the best I can do.

I'll update the thread once I've got a replacement to confirm if it's fixed the problem.

old pf: Asus P5B-E 4x2Gb ddr2
3Com 3C940 Gigabit Ethernet>
Marvell 88E1011 Gigabit PHY
sk0=WAN and age0=LAN
and for fun. Adaptec ANA-62044

use a 120Gb sata disk as boot drive
and i have a 120Gb ide for squid cache

the new main board i'de like to have is Asus P8C WS that gas 2 Gbit on the board so i dont need to use a slot for that.

but yea its 99% for home use but i like to play around with stuff logs,graphs and meaningless other stuff
and if it will happen i'll try to get a SSD for pfSesne system and a 500Gb+ just cache or log storage.

is there room for stuff its allways fun to test it out. without sacryfice security

i'm going to need a better switch to. my netgear 5port isnt great in anyway,

but any input prople do is nice then i can get a bit wiser "or not" :)

thx again

i'll get 8-16Gb ram for the new server do. that can help out with squid i've been told. squid=mem then cpu in that order

I guess steve is right.

It does not hurt to test so i will try that. But many of my problems does not fit, ithink, since it seems that it was the lan interface that in that case went down.

ill be back