Looking at your diagram it seems more likely that your existing device is configured as transparent firewall.
Does that seem possible?

Steve

No not right now. But i would like to.

@jimp:

Maybe not 2.1, but perhaps for 2.2. Feel free to open up a feature request ticket at http://redmine.pfsense.org - target: future

Thanks jimp!  Per your request, I've submitted this future feature req #2630.

https://redmine.pfsense.org/issues/2630

@alancaster:

During 4 hours of each day I can download as much as I want and it does not count toward my quota for the month.

Four consecutive hours with a fixed start time? If not, which four hours?

stephenw10,

thank you very much, I think it's working now.
I did the Load Balance and it seems OK.

Doubt: it's necessary a rule to interface receive the pings request, isn't? Otherwise, the gateway status will appear offline.
Well, I made a rule that allows them (pings). Because I had a problem when I took the ethernet cable away. The gateway was offline even the interface (OPTx) status online.

Sorry the English…

not sure why it wouldn't. do you have vlans in place or anything like that?
i have my pfsense 2.1_x64 on esxi 5 and it runs flawlessly. my setup is slightly different in that my vdsl modem is physically connected to my switch and is vlan'd from there which frees up a nic on the esxi server as it doesn't have a dedicated wan. the virtual switch on esxi (which the nic is allocated to) is set to allow all vlans and the vlan's are set up in pfsense (rather than pfsense just have wan, lan and the vlans set on the virtual switch)
pppoe is set in pfsense so it definitely works a all i've done in effect with the above is change where the physical connection for the modem resides

Steve,

That worked thanks. I redid the pkd_add and noticed it says wput is already installed. Time to find an anonymous ftp server for uploads….

Are there any other ways I can collect stats other than checking the RRD graphs using fetch and wput?

Thanks again

usb_modeswitch is an executable. You may have to issue a rehash command if you've just installed it so FreeBSD knows where it is. However it isn't the complete solution that it is under Linux. The FreeBSD port is basically a utility for sending the USB codes to your modem. It doesn't load up drivers or get called automatically when the modem is inserted.

See: http://forum.pfsense.org/index.php/topic,46329.0.html

Steve

on pfSense add VLANsvia Interfaces: VLAN

on the switch:
add all the same VLANs
make sure the port that goes to pfSense has a T (for tagged) for all those VLANs
then on each other port, have a U (for untagged) for one VLAN and set the PVID to the same

Setting it up with ssh and cron would be more secure and require no hacking. Have the firewall push its own config off to a box using an account that does ssh key only auth and upload the config to a write-only directory on the backup system. ACB isn't required, it just makes things easy/automatic.

Limiters in pfSense use dummynet, so presumably can support anything it can. Though not all of it via the gui I suspect.

Steve

@jimp:

Alternately, just login as root and have your ssh client execute a shell directly such as tcsh. Only the admin user is locked into the menu.

Sometimes one fails to see the forest for the trees… :-[

Thank you jimp, much appreciated!

If you have a router between your pfSense and the Internet you MIGHT need to configure a port forward in the router and appropriate firewall rule so the access attempt gets past the router. Then you need to configure a port forward on pfSense. A search on the pfsense forums for phrase "port forward" posted in the last 30 days should turn up at least entry with some more detail.

clog files don't need rotation, they never grow in size.

The newsyslog binaries aren't there on the firewall, even if the file is in /etc  (most of our config files are in /var/etc actually)

Looks like I failed to mention that the policy based rule must go above the default rule in order to catch packets first.

Steve

A quick way to reduce power consumption on a GX280, aside from what Steve mentioned about the CPU swap, is to run pfSense from a SSD or Compact Flash card.  Run the nano/Embedded version to reduce wear on the SSD/CF card (Will they go in to sleep in pfSense? If so, even just running that with a spinning drive could spin down the drive to save power.)

Also, disconnect the CDROM, you're not using it, same with the floppy if it's so equipped.  Also disconnect the keyboard (and mouse if one is connected.)  All these things are small, but they add up.

GX280's have a PCI-Express slot, and often a video card occupying it.  Take it out, use the onboard video (there may be a small grey cover over the onboard video port.

The down side of a GX280 is that it's (assuming you can't get a P4-M) still a P4 with Hyperthreadding.  This was previous to much of any power saving features.  A GX280 can't reduce the clock or FSB speed through the BIOS (well, I think there's some kind of compatibility mode that's crazy slow, you don't want that.)  So, if you can't take out the CPU, you're stuck with the core of your system being power hungry.

I really should take some measurements of the systems I have hanging around my house.  I'm pretty sure my old PII Celeron based GX100 is right around 35 watts, but I need to test it.