Beware, wall 'O text ahead:

Dell PowerEdge 2850's are all SCSI, and at this point, they're old and I wouldn't trust the drives to run too long (and they're expensive for what they are.)  1850's are also SCSI, and with only 2 drives.

Either one could easily take an IDE or SATA card and find a place to mount a CF card with adapter, but I'm not sure how they'll deal with booting from an "add on" card.  And you'll need to find a way to power the CF adapter (no loose power in a 2850, maybe a small one by the Floppy bay.)  If I wasn't mid move I'd test on the 2850's I have at home, but It'll be a while before I'll have free time to try that.  They will boot from USB, though.  I do that for a few old Dev/Test VMWare hosts.

I have run m0n0wall on a 2850 before, did the CD option and kept the config on a floppy.  Since it rarely needed a reboot, the floppy path worked fine.  You could do that here, keeping the config on floppy or USB.

Keep in mind, Dell 2850's take up a -LOT- of power, even when idle.  They don't spin down the drives when not in use.  The SCSI drives will mostly likely be 10K or 15K RPM, they get hot, hot = power use. (Although, if not installing to the internal drives, pull 'em.)

2850's and 1850's have single core CPUs, although dual sockets and often both are populated.  They'll take about 12GB of RAM easily, 16GB with 4GB DIMMS (do not try to populate all 6 slots with 4GB DIMMS for 24GB, doesn't work.)  They can run VMWare fine if you want to also use the hardware for other uses, but even though the processors are 64bit capable, they don't support VT, so no 64 bit VMs.

2850's and 1850's have PCI-X slots, they're the long 64 bit PCI slots, but they'll take regular PCI cards (not PCI-Express.)

2950's and 1950's have SAS backplanes, as such, they can support SAS or SATA drives.  They should have a PERC5 SAS card, they can support both SAS and SATA drives, but not mixed in a single array (you can't mirror a SAS and SATA drive together.)  While the drives are getting old in these machines, they're easily replacable with commodity hard drives or SSDs (or SATA to CF adapters, if you have a bracket to get it to fit in the hot swap tray.)  They'll boot from USB just fine.

2950's and 1950's take a good chunk of power, not quite as much as 2850/1850's.  They'll be dual or quad core processors and there's 2 sockets on the board (maybe both are populated.)  PFsense doesn't seem to benefit much from more than 2 cores, so a single dual core proc may be your best power/performance sweet spot.

2950's will take 32GB of RAM, not sure about 1950's, maybe similar.  (In theory some 2950's will take 64GB, there are reported success stories, but it's a gamble.)  They can run VMWare fine, the processors do support VT-x, so they can run 64 bit VMs.

2950's have a few PCI-Express slots.  I think they're mostly x8 slots, but they may be wired as x4, can't remember off the top of my head.  1950's may have 1 or 2 PCI-Express slots.  Neither should have standard PCI or PCI-X slots.

Of course, going further back, there's Dell 2650's, they're also SCSI based, so you have the same hard drive worries.  They're P4 Xeon based, dual socket, up to 12GB of RAM, dual Broadcom GigE, no x64 support at all, PCI-X.  Not sure if they'll boot from USB.

1750's were also SCSI based, Hyperthreadding P4 Xeon, PCI-X, up to 8GB, dual Broadcom GigE, dual power supplies.  Maybe they'll boot from USB.

1650's weren't the 1u version of 2650's, btw.  They were PIII based, mostly an upgrade from the 1550, takes 4GB RAM, SCSI, etc.

If I recall correctly, 850's and 750's weren't much more than a motherboard in a 1U case, SATA or IDE on board, or SCSI via optional card, but no redunant power or anything.  850's were either a PentiumD or P4, up to 8GB RAM, dual Broadcom GigE, could be had with PCI-X or PCI-Express.  750's were single P4 or Celeron, up to 4GB RAM, dual Intel GigE.

1550's are PIII based.  I actually have a few at work that we still support (not by choice.)  Dual Intel 10/100 Ethernet, 2 PCI-X slots, and 3x SCSI drives.  They'll take up to 2GB of RAM, dual power supplies (when equipped.)  Expect to replace the BIOS battery (cheap.)  Again, you might be able to put in a SATA card to boot from, or hack up the IDE CDROM cable for a CF card.  Don't expect to boot from USB.

2450's and 2550's were dual PIII based, some socket, some slot, all SCSI.  Takes 2 or 4GB of RAM, PCI or PCI-X slots, dual power supply (optional.)  Maybe boot from a card, etc.

So, choosing a low cost server that, at least used to be, enterprise level I'd probably do a 1950 with dual power supplies, single socket (dual or quad core), and a dual port Intel PCI-Express NIC.  The onboard nics should be Broadcom, but they're decent Broadcom nics.  I'd use 2 small SSDs and mirror them with the PERC 5 (might be a 5ir, which only does mirror or striping, doesn't do R5, which should be fine for you.)

Or, if you want to maximize your use, and I don't know your situation, take one of your 2950's, virtualize whatever was on it, run VMWare ESXi on it and run PFSense as a VM alongside the original "server".  But, that's just me seeing your world as another nail for my VMWare hammer.

After looking at it the BIOS reports the CPU as an Intel Pentium D 2.80 GHz with two cores.  Guess that's plenty.  Thanks for the replies guys.

The apinger process periodically pings the WAN gateway (by default) in order to monitor the quality of the connection. If it sees excessively high pings times or packet loss it flags an alarm. If either metric become very high it will mark the interface as down. If you are using fail over this is used to determine which WANs are good.
Usually I would expect to see a warning in the logs about either 'delay' or 'packet loss' before the WAN is marked down however if the condition is extreme enough it may go straight to 'down'.
If the quality of your WAN connection is such that apinger is being triggered too early you can tune the thresholds in System: Gateways: Edit gateway: Advanced. You can also disable gateway monitoring completely if you don't need it fail over or load balancing (if you only have one WAN).

Steve

firewall, vpn for sure.

but utm, i can't seem to find from the features page http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43

Thank you, Steve.
I have one more question here, can you please help me?

Noted and thanks, I'll give it a try :)

Seeing those PHP errors often means some file is missing or corrupted. Have you installed/uninstalled any packages?
If there is nothing helpful in the system log then it would a matter of digging in the code to see what is being passed to the php code that it can't handle and why.

You may have found a legitimate bug of course.

At this point, unless you really have a need to know why this happened, I would probably reinstall and see if it is repeatable.

Steve

Edit: You could look in /tmp/PHP_errors.log

@matguy:

I say to go Low-Fi and get a bull horn to announce it loudly.

I might end up with a few dozen strays at my door waiting to start a fox's chase with this system…..
However, these kind of approach might even resolve a long standing problem i had with my firewall, as some buckets full of water can ensure a pass through better than any sophisticated rules, with a bang  :D

pfSense 2.0.1 (the most recent release) is based on FreeBSD 8.1 and hence supports hardware listed here:
http://www.freebsd.org/releases/8.1R/hardware.html

It looks like you have an express card slot which would be the best expansion option for you though I've never tried that with FreeBSD.  :-\ USB NICs are generally regarded as poor performers both in terms of reliability and throughput. Some people are using them with no problems though so YMMV.

Another possibility is to use a VLAN capable switch to create VLAN interfaces. In this situation you only need a single NIC.

Steve

There were some conditions when squid(2) and squid3 could leave the filesystem in RW on nanobsd. I fixed these up a week or 2 ago. If you have reinstalled squid or squid3 recently then you should have got these fixes, even on 2.0.1. Now squid/squid3 should always leave the "/" and "/cf" filesystems in RO on nanobsd after finishing its installation/configuration/startup. This is a good thing for nanobsd.
If anyone was relying on the previous (undesirable, accidental) RW behaviour, then they will notice that they can no longer write to places like "/usr". In that case, on-the-run/temp files need to go in "/var" somewhere. When something really needs to be saved and survive reboot, then it needs calls to conf_mount_rw() and then conf_mount_ro().
I am not a Sarg user just yet, so I am not familiar with what it is doing with saving reports on nanobsd.

Problem was on side of ISP

You can bond DSL connections from the same provider with MLPPP (if your ISP supports it), but you can't bond VPNs.

We tried a few different ways to make that work before, using lagg and such but never did get it working in a way that was functional in a usable way.

It's something we've thought about before but unless some major funding shows up for it, I doubt it'll happen any time in the near future.

It might be possible to do something like a tap vpn on three separate WANs and then a pppoe server on one side and a bonded mlppp client set for the tap interfaces. Just a guess there though, no idea if that would actually function.

Yes that's right it makes one interface per potential client.

just my $0.02, it seems like a MB issue to me. realtec is some subpar nics imo. I have been burned by alot by the cheaper realtecs and some by the higher end.

Hi,
Eight moths later, I'm having the same issue with 2.0.1-RELEASE (i386), using just one layer7 rule (httpvideo), sending this traffic (mostly youtube) to a low priority queue.  I'm getting:

ipfw-classifyd: unable to write to divert socket: No buffer space available

…about 10 times per minute, with CPU load never reaching more than %20, and near 5% most of the time.
I have 3GB ram, although it seems nothing to do with this problem.

While seen these errors, the filtering seems to be working fine... and the queue is getting the expected traffic, but only after a while, when the entire VLAN will lost connection.  After removing the layer7 rule, everything works fine again.

I have spent days and weeks searching and reading about this error, but I have found no solution yet.  If my cpu and memory are resting most of the time, why I'm still getting this error? what other system/kernel parameter I should look at?

Thanks in advance....

Try to follow this guide for either UPnP or Port Forward, personally I use UPnP.

http://forum.pfsense.org/index.php/topic,13887.0.html

I am interested in this too.

It has been announced that CODL will be finding its way into the Linux kernel very soon.