What happens is that the internet is slow and doesnt finish loading pages. It goes at like 1Kb/s instead of 3Mbit! This sounds almost as if you have MTU problems. pfSense lowers the MTU on PPPoE links automatically so it shouldnt be a problem. But maybe you could try to lower the MTU manually to something very low like 1000 and try it again.

@submicron: The git repository isn't for public consumption at this time. It sure makes it harder to contribute if the source isn't available! [ Update ]  Ah, the instructions on http://devwiki.pfsense.org/DevelopersBootStrapAndDevIso appear to still be valid.  I've updated the GitInfo page to make that clear. It's not clear which branch in CVS has the latest code though…?  Help! Is there an ETA for git access for the rest of us?  It is, as you know, much much much nicer to work with than CVS. - ask

it is also the same sysctl -a | grep net.inet.ip.fastforwarding net.inet.ip.fastforwarding: 1

Right, the result of yet more testing. To answer my own question 3. "testing the performance of a network drive" you can use a program called  PerformanceTest v6.1 which enables you to test the performance of network drives and compare them to previously saved baseline for comparison. Download Credits [image: linkstation-performance.jpg] To answer my own question 4. To set the MTU under Vista you can use a command prompt command called netsh Credits netsh interface ipv4 show subinterfaces to show current MTU netsh interface ipv4 set subinterface "Local Area Connection" mtu=7418 store=persistent to set a new MTU of 7418 Cool - Now I have my router set to 7418, my Vista PC and I know my NAS has a drop down that supports it. So I set the NAS and rebooted and hay presto I can ping the NAS, SSH to the NAS but can't bring up the web interface or browse the windows shares held on it. So knock my PC back to 1500 (netsh interface ipv4 set subinterface "Local Area Connection" mtu=1500 store=persistent) and it all instantly springs into life. So I do an # ifconfig eth0 on my NAS to make sure it is set for 7418 and sure enough it says MTU is 7420 (two more than it web interface) With all three devices set to 7420 they can ping each other with a fat packet (ping -l 7420 under windows ping -s 7420 under linux/freebsd) except that the windows PC can not ping the nas with a fat packet only with one of 1500 but the NAS can ping the PC, so I think that the NAS is lying and not capable of running with JUMBO frames even though it says it should so I will be giving the Qnap guy's an ear bending on their forum. Anyway, in summary Jumbo frames are supported and quite easy to implement and when I get my NAS playing ball I will be able to confirm the increase in speed. Cheers and hope this has given some people food for thought.

Reading the multi-wan forum would be helpful: http://forum.pfsense.org/index.php/board,21.0.html Also from the documentation: http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing Basically any old machine you have lying around will be able to handle your bandwidth.  The main load on these machines would be if you have multiple incoming VPN connections (i.e. employees, remote workers, etc.), traffic shaping, squid proxy, snort, etc.  Your config probably won't need anything fancy.  Just make sure the box has three network cards and you should be good to go.

It isn't practical to identify the motherboard by running commands in the OS.  The best you can achieve is a list of the devices identified, and then use that list to compare against the spec of motherboards you think it might be, until you find a number of matches - and then guess which one it might me ;) The only realistic option is to pop open the case (you may be able to do that while it's running) and look.

To add to this… yes it is definitely a public IP subnet (PI space issued by RIPE).

As far as i can tell 1.3 allows to do all this on a single box, it would be nice if you can give it a try and report if all went well! Remember that to loadbalance squid on 1.3 you have to add on the Floating Tab rules with out direction and selecting the quick option and selecting a gateway as you do for other loadbalancing.

Okay great, thanks for the check.  Now I will get busy on figuring out how to get it working! Thanks again…

cheers  ;)

If you are using port forwarding and you are trying to access your servers from the inside using the external IP address, you will need to enable NAT reflection. Go to System>Advanced and clear the checkbox that says disable NAT reflection.

ok. Thanks for the help cconk01

@GruensFroeschli: Only if you want the subnet behind your second router NATed (which you probably want). http://forum.pfsense.org/index.php/topic,7001.0.html Not even in that case. All locally connected subnets, whether locally attached or configured via static route automatically have outbound NAT rules created for every WAN interface. This is true in 1.2 RC versions and newer at least, probably some 1.2 beta releases prior to RC. I don't recall exactly when it was added but it's been that way for a while. You only need AON if you require static port or have some complex NAT needs requiring you to disable the aforementioned automatic behavior. I updated the linked page to reflect this.

PPPoE is typical terminated by a small (home use) router. I don't know if it is possible by windows itself

that's great info, thanks.

Antivirus as a whole is exceptionally overrated, and its effectiveness today is very poor. People put far too much weight into the value of antivirus in any role. Malware changes too quickly today for it to be effective. Back in the days when email virii were the biggest concern it was effective - the executables didn't change as they were spread by infected machines. Now that the most common means of distribution is the spamming of URLs where you download infected files it's nearly useless because those who are spreading this stuff will change the file as soon as most AV is detecting it. AV vendors can't put definitions out quickly enough to stay ahead. I frequently download the exe's from virus spammed links and run them through virustotal.com. After doing that on 100+ occasions, virtually all of them are detected by fewer than 10% of the AV engines and the few if any that detect it will vary greatly from one piece of malware to another so no vendor is always protecting you. Would I mind seeing it in pfSense? Not at all. I wouldn't use it though. One it's not effective, two it's a significant performance hit, look at Untangle's hardware requirements. For a network of 50 users they recommend the same class of hardware that people run 1000+ users on with pfSense. On the networks I run I force outbound connections through a proxy and block executable downloads from all but a very few trusted users. Vastly more effective than antivirus, and significantly faster. To sum up a comparison between Untangle and pfSense, Stoutman put it best - they are both good, at different things.