I created a IP alias as VIP. Entered the gateway in the gateways page and entered the DNS servers on the general page, and it works now. Now working on CARP…

I have been facing mysterious server hangs recently, and it doesn't always happen during high usage, the thing could die without anything touching it, or it could survive a peak usage lunch break. When it died, it just died, ping timeout, the console frozen, even the crontabbed auto-reboot script failed to execute. A reboot will fix it but it will come back again. Recently I have got another rig and swapped in one of the server which has been hanging like hell, it has been running for about a week till now without any issue(at least from my point of view). Therefore, I too agree with Peter, if it is something wrong, check the a) network, b) hardware. –- Check out the latest post in my thread: http://forum.pfsense.org/index.php/topic,34563.0.html

Of all the imaginable settings I believe has been all tried out. I am still new and still feel like didn't even figured out how 10% of PFS works, anyhow here is my set up: 8 PFS(1.2.3) on different subnets in one single LAN, providing wifi to a group of university students of some 20k from several campuses spread over different geographical location, CP is enable and auth'ing on windows server RADIUS so everybody login with their AD accounts. Squid is on transparent mode. Of course, the DHCP range won't be enough for all of them, I am getting maximum some 400 concurrent CP users logged in. I am interested to know that of all the scale you guys have here, how do you keep track of your servers and total bandwidth usage? Who downloaded most ahemm cartoon? Total connected users? Server load… etc NMAP and Nagios is one way to find out if your servers are alive and how well they are doing. But here is how I did it: From a dedicated linux box, have all the ssh keys set up, then make a bash script that looks something like: get_stat=$( ssh $host "grep -c "192.168." /var/db/captiveportal.db; grep -c "192.168." /var/dhcpd/var/db/dhcpd.leases; grep -c "active" /var/dhcpd/var/db/dhcpd.leases") Then make it into a function so you can do something like: getpfsstat "pflondon" getpfsstat "pfnewyork" getpfsstat "pfkinabalu" And arrange the output nicely on the screen with simple printf: Server: London Status: up users: 98, dhcpd: 269, active: 180 Server: New York Status: up users: 78, dhcpd: 384, active: 172 Server: Kinabalu Status: OMG SERVER DOWN HIT PANIC BUTTON NOW Run# watch -n20 ./servermonitor.sh And then you can happily counting how many total users you got over your network :D Optionally you can also output to a html file, host it on lighttpd. Then you can access to that webpage and brag about how many people is using your servers now. Now, seriously, has this been a common practice or I have been doing a simple thing complicated way... @dnky_bones: Fun to see a thread I started so long ago still kicking :) Fun to see that the TS is still kicking too :) @elalcaudon: 'm actually in the middle of this argument with one of my bosses.  He wants Cisco, mainly because of paid support - which I completely understand.  I told him I'm more comfortable with pfsense, I know what it can and can't do.  I don't know anything about Cisco IOS. You can fire your boss, Cisco won't, that's why. :p

The packages along those lines aren't for finding the cause of network connectivity issues. They can under some circumstances help show there is a problem, but they do nothing to tell where that problem is. Network issues along those lines can't be automatically analyzed by anything. The best option is getting something in place that allows you to capture traffic, and doing so both at the host initiating the traffic, and via a tap or span port outside of the last piece of equipment on your network that you're responsible for (your router/firewall). If your router or firewall has the ability to do packet captures of traffic as it's seen on the wire the way pfSense does, then you don't require a span port or tap generally. Comparing those two points of reference will confirm or deny whether you're actually passing that traffic in or out, and exactly what latency is induced by your equipment. Also if your current router or firewall has the ability to tell you how much bandwidth is being used, that can be very helpful - the most common cause of high jitter and/or latency is exhausting your available bandwidth, especially on the upstream side where you have an asymmetric connection (much faster down than up).

Maybe smarter ones can answer that does this work. i would use vlans in wan side to have multiple ppoe logins.

just reset states

pfSense works great for the home, too. :-) The main different is the target hardware. <x>WRT/Tomato and friends are meant to run on APs and tiny embedded platforms that don't have much in the specs department (low storage, low ram, small ARM or similar CPU). pfSense runs on x86/x64 hardware and has a lot more features because the hardware is a lot more capable. That said, you can do plenty with WRT for the home, and some small businesses, and pfSense can do the same and more. It's really a question of what hardware you have available and what your needs are. At home I use both, pfSense as my edge router, doing multi-wan, VPNs, etc, and I use Tomato on my WAP.</x>

That would usually be a limitation of your BIOS. Check with the manufacturer and see if there is an update available.

It means no new connections will be allowed. You'll need to increase under System>Advanced if that's the case. Can check how much you're using historically in RRD graphs

See this post for a good explanation. Steve Edit: Interesting that your value for max mbuf clusters is 0. Hmmm.

np, clad to hear that you got it.

Sorry to disturb,the problem is resolved.I had to change the dns ip in centos. thanks

i haven't tried modsecurity in months..

Sounds like the first thing I should do is upgrade to 2.0 as it also includes some other features I like the look of.  I could then have the SPA3000 on its own interface and Untangle on its own. Reasons for this config: In the past I've found pfSense to be the best I could get in terms of QOS for VOIP when downloading via torrents and the like. Other QOS works okay but to my mind really struggles with the high jitter that torrent downloading seems to cause. With 3 kids I wanted something that would filter websites. We're actually Untangle partners so have a full license for all their products. So makes more sense to use their web filter than pay extra for Net Nanny or something like that.  I also really like their version of OpenVPN and the absolute ease of installing clients. (I believe this is now also the case with pfSense v2 but haven't tested).  I also use the Anti-virus on Untangle. So I've been running Untangle with high success, but finding my VOIP is suffering. I'm not sure if this is the dodgy RIM my Internet hangs off or not, but I do know that Untangle suffers when I'm downloading via uTorrent.

Yeah if it's going to stay broken it should probably be disabled.