That is a good article depicting the problems of restricting Skype, Messenger, and P2P traffic.

You only can disable the console completely at system>advanced

interfaces.inc

thanks,

/gbosco

winscp will return an error to the caller if it fails.  Check for a failure code.  This is all possible on windows shell scripting.

modified /var/etc/mpd.conf, and set a more generous timing when MPD determines LCP echo timeout.

set link keep-alive 30 300

(it was: set link keep-alive 10 60)

I didn´t loose the connection for more than 24 hours now - which is a record!

I would wish pfSense had a feature under PPPoE, where it is possible to set those values.

Thanks to anyone who participated to this thread.

/gbosco

We're finishing up the website this week.

Per the transparent firewall doc, and per my set up, I do not have block private networks enabled.
I've reverted my pfSense ips from the same subnet as my private internal network behind ISA. here's the current traffic path, I'm assuming this may be more of an ISA issue and I'll have to look elsewhere =/

[]Cablemodem–-------->[10.0.0.1pfsenseWAN]=[10.0.0.2pfsenseLAN]–-------->[64.176.xxx.xxx public ip ISA]=[10.0.1.1]–------->internal network (10.0.1.0/24 subnet)

I guess my question would be, how can I configure pfSense to route it's own internet access directly out, rather then having to go into ISA, and back out... ie

Current default gateway on pfSense WAN is 10.0.1.1 the internal adapter/address on my ISA server, so traffic has to go into ISA, be routed back out thru ISA for pfSense to get internet, aswell as the DNS servers (per the doc) are my internal DNS servers, thus it tries to go into my network thru ISA and back out to pfSense.

I've tried setting up the default gateway to my public IPs gateway I get on the public address of my ISA box, same with the DNS servers, but of course it fails as the adapters are IPed with a 10.0.0.0/24 subnet.

Again, I'm pretty new to routing and the like, so maybe what I'm wanting to do isn't possible how I'm trying to do it, just basically get pfSense to have internet access with out having to go into my private network, then back out.

@gbosco:

mpd version 3.18

is this version containing the patch available on m0n0 1.3b2, regarding TCP MSS clamping?

from m0n0 1.3b2 changelog:

"…back-ported MSS clamping fix from MPD 4.0b5 to MPD 3.18 (fixes MTU problems with PPPoE client)"

/gbosco

No it doesn't as it's not needed.  We run PF, not IPF which the patch was required for IIRC.

Tnx ,DanielSHaischt … dcd works fine,tnx again  ;)

Thank you ;D

We already are in sync on -HEAD.

Concerning per user speed limits and such, that is not doable as long as a dummynet + pf rdr bug persists.  All traffic stops after setting up a dummynet queue when pf rdr's are in place.

Shuffling the NIC's in their slots I got them from the same IRQ 10 (even the IDE controller was using IRQ 10). Now they are on different IRQ's of 10 and 12; but 10 is still shared with the IDE controller and one of the NIC's.

iperf now reports numbers in the 90-100Mbps range; so there's a bit of an improvement there. The reason I was concerned about speed is I was thinking of stuffing a couple drives on this and using it as a file server as well. And I like to know how well things are working; and that they are working as they are supposed to.

Ehhhh…. just went to test the cpu usage again; and I see that my rates have dropped back to the 10Mbps range again.  Odd....

Oh - just realized if I start the iperf server on the main PC the rates are in the 8Mbps range; but if I start the iperf server on my pfSense box the rates are in the 100Mbps range.  I'll take a closer look at the bios; maybe I missed something.

EAP-TTLS on wired wan ??? I guess you need to start doing some serious hacks, npd nods most likely, not sure how complex this will be, but i have a feeling this will not be a easy task. You can probably "borrow" a lot of code from HOSTAPD. The big part here would probably be the backend code. Frontend is allways easy to make.

CPU-Load will be calculated incorrectly due to changed timings. The CPU-meter won't be correct with the tweaks. The question is, does it work better?

I'm using generic Realtek NICs, so I think looking at some Intel ones will be the next step then

If this is about the traffic shaper queues you might need to trigger enable_rrd_graphing(); from the command prompt page which is in the diagnostics menu.

Run /etc/rc.filter_configure_sync from the shell.