Yes, lease or rent a smart-bits unit.

It's a bridge so it's own IP is not needed. Assign an unused IP from an unused IP-Range to it. However then you won't be able to install packages, use DNS and so on at your pfSense.

install the dev version of pfsense that is freebsd 6.1 + pfsense gui + dev tools

pfsense is a version of freebsd with almost all of the freebsd lib and tools removed
and a gui

config.xml from /cf/conf/ stores ALL information related to pfSense and FreeBSD.

The only exception is /etc/sysctl.conf that I can think of of the top of my head.

Thanks for clarification.

Well, this is 1.0.1 RELEASE - I think you didn't see that first line of mine in the message  ;)

Installed on harddisk, from ISO/LiveCD, PC hardware, no CARP/IPSec/VPN/packages - just plain router/firewall config so far (evaluating performance and function).

Motherboard: ASUS P4P800-VM mATX
CPU: Celeron D, 2.8 GHz
Mem: 1 GB DDR400
Net: 2 * Intel Pro/1000 GT (82541PI chipset)
Most things otherwise disabled through BIOS settings.

em0 -> WAN
em1 -> LAN

This is what happened last time. Log from 30 minutes before and 30 minutes after prosmisuous mode was disabled. Promiscuous mode was disabled at 16:10:54.

system.log

Nov 24 15:10:13 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry. Nov 24 15:40:05 pfsense dhclient[24646]: DHCPREQUEST on em0 to 172.21.248.42 port 67 Nov 24 15:40:05 pfsense dhclient[24646]: DHCPACK from 172.21.248.42 Nov 24 15:40:05 pfsense dhclient[24646]: bound to XX.224.220.yy – renewal in 1800 seconds. Nov 24 15:40:09 pfsense check_reload_status: rc.newwanip starting Nov 24 15:40:12 pfsense php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - XX.224.220.yy. Nov 24 15:40:12 pfsense php: : Creating rrd update script Nov 24 15:40:12 pfsense php: : Creating rrd graph index Nov 24 15:40:12 pfsense php: : Resyncing configuration for all packages. Nov 24 15:40:12 pfsense check_reload_status: reloading filter Nov 24 15:40:12 pfsense php: : FTP proxy disabled for interface LAN - ignoring. Nov 24 15:40:13 pfsense check_reload_status: updating dyndns Nov 24 15:40:14 pfsense php: : DynDns: Running updatedns() Nov 24 15:40:14 pfsense php: : DynDns: updatedns() starting Nov 24 15:40:14 pfsense php: : DynDns: _detectChange() starting. Nov 24 15:40:14 pfsense php: : DynDns: Current WAN IP: XX.224.220.yy Nov 24 15:40:14 pfsense php: : DynDns: Cached IP: XX.224.220.yy Nov 24 15:40:14 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry. Nov 24 16:10:05 pfsense dhclient[24646]: DHCPREQUEST on em0 to 172.21.248.42 port 67 Nov 24 16:10:05 pfsense dhclient[24646]: DHCPACK from 172.21.248.42 Nov 24 16:10:05 pfsense dhclient[24646]: bound to XX.224.220.yy – renewal in 1800 seconds. Nov 24 16:10:05 pfsense check_reload_status: rc.newwanip starting Nov 24 16:10:07 pfsense php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - XX.224.220.yy. Nov 24 16:10:08 pfsense php: : Creating rrd update script Nov 24 16:10:08 pfsense php: : Creating rrd graph index Nov 24 16:10:08 pfsense php: : Resyncing configuration for all packages. Nov 24 16:10:08 pfsense check_reload_status: reloading filter Nov 24 16:10:08 pfsense php: : FTP proxy disabled for interface LAN - ignoring. Nov 24 16:10:08 pfsense check_reload_status: updating dyndns Nov 24 16:10:10 pfsense php: : DynDns: Running updatedns() Nov 24 16:10:10 pfsense php: : DynDns: updatedns() starting Nov 24 16:10:10 pfsense php: : DynDns: _detectChange() starting. Nov 24 16:10:10 pfsense php: : DynDns: Current WAN IP: XX.224.220.yy Nov 24 16:10:10 pfsense php: : DynDns: Cached IP: XX.224.220.yy Nov 24 16:10:10 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry. **Nov 24 16:10:54 pfsense kernel: pflog0: promiscuous mode disabled** Nov 24 16:40:05 pfsense dhclient[24646]: DHCPREQUEST on em0 to 172.21.248.42 port 67 Nov 24 16:40:05 pfsense dhclient[24646]: DHCPACK from 172.21.248.42 Nov 24 16:40:05 pfsense dhclient[24646]: bound to XX.224.220.yy – renewal in 1800 seconds. Nov 24 16:40:06 pfsense check_reload_status: rc.newwanip starting Nov 24 16:40:06 pfsense login: login on ttyv0 as root Nov 24 16:40:09 pfsense php: : Informational: DHClient spawned /etc/rc.newwanip and the new ip is wan - XX.224.220.yy. Nov 24 16:40:09 pfsense php: : Creating rrd update script Nov 24 16:40:09 pfsense php: : Creating rrd graph index Nov 24 16:40:09 pfsense php: : Resyncing configuration for all packages. Nov 24 16:40:09 pfsense check_reload_status: reloading filter Nov 24 16:40:09 pfsense php: : FTP proxy disabled for interface LAN - ignoring. Nov 24 16:40:10 pfsense check_reload_status: updating dyndns Nov 24 16:40:11 pfsense php: : DynDns: Running updatedns() Nov 24 16:40:11 pfsense php: : DynDns: updatedns() starting Nov 24 16:40:11 pfsense php: : DynDns: _detectChange() starting. Nov 24 16:40:11 pfsense php: : DynDns: Current WAN IP: XX.224.220.yy Nov 24 16:40:11 pfsense php: : DynDns: Cached IP: XX.224.220.yy Nov 24 16:40:11 pfsense php: : phpDynDNS: No Change In My IP Address and/or 25 Days Has Not Past. Not Updating Dynamic DNS Entry. Nov 24 17:10:05 pfsense dhclient[24646]: DHCPREQUEST on em0 to 172.21.248.42 port 67

filter.log

Nov 24 16:07:06 pfsense pf: 079260 rule 56/0(match): block in on em0: xx.224.148.26.4806 > xx.224.220.yy.5900: S 2505059968:2505059968(0) win 53760 <mss 1460,nop,wscale="" 3,[|tcp]="">Nov 24 16:07:12 pfsense pf: 6\. 315120 rule 21/0(match): block in on em0: 10.244.131.145 > 224.0.0.1: igmp query v2 Nov 24 16:07:33 pfsense pf: 20\. 800644 rule 56/0(match): block in on em0: xx.224.132.138.3911 > xx.224.220.yy.6129: S 3767522767:3767522767(0) win 64240 <mss 1460,nop,nop,sackok="">Nov 24 16:08:04 pfsense pf: 30\. 780613 rule 56/0(match): block in on em0: 130.115.120.81.30504 > xx.224.220.yy.1026: UDP, length 488 Nov 24 16:08:21 pfsense pf: 17\. 251424 rule 56/0(match): block in on em0: xx.224.189.107.1229 > xx.224.220.yy.1433: S 17473609:17473609(0) win 64240 <mss 1460,nop,nop,sackok="">Nov 24 16:08:24 pfsense pf: 2\. 989892 rule 56/0(match): block in on em0: xx.224.189.107.1229 > xx.224.220.yy.1433: S 17473609:17473609(0) win 64240 <mss 1460,nop,nop,sackok="">Nov 24 16:08:37 pfsense pf: 13\. 077269 rule 56/0(match): block in on em0: xx.224.221.60.4293 > xx.224.220.yy.139: S 4064406984:4064406984(0) win 64240 <mss 1460,nop,nop,sackok="">Nov 24 16:09:11 pfsense pf: 33\. 767767 rule 56/0(match): block in on em0: xx.224.222.197.3821 > xx.224.220.yy.445: S 4222053908:4222053908(0) win 53760 <mss 1460,nop,wscale="" 3,[|tcp]="">Nov 24 16:09:13 pfsense pf: 1\. 942637 rule 56/0(match): block in on em0: xx.224.222.197.3821 > xx.224.220.yy.445: S 4222053908:4222053908(0) win 53760 <mss 1460,nop,wscale="" 3,[|tcp]="">Nov 24 16:09:16 pfsense pf: 3\. 011120 rule 21/0(match): block in on em0: 10.244.131.145 > 224.0.0.1: igmp query v2</mss></mss></mss></mss></mss></mss></mss>

And then the logging stops.

Anything else I can supply or do to help any further investigations?

Maybe.
But it is new mainboard,cpu,ddrram,2 new lan cards, 4 used but except problems I guess with routing/firewall and freezing ( maybe I should wait longer), generally everything is ok.
I don't have enough knowledge about *BSD systems so I don't want dig to much and damage something by accident.

Regards,
Hans

yes, back the day, i had several 3com superstacks, and they all supported vlans.  i didnt really have a good understanding of what i was doing, but i had it working well enough that i had the far right 6 ports blocked off completly from the other 18, and used it like 2 seperate switches.

hindsite 20/20, the vlan tagging now sheds light as to how you can have specific ports respond to more than one vlan (and also why the pfsense tags vlans as it does in the setup).

There is no way to do this without setting up your own local copy of the package repository and making pfsense use this afaik.

Install a developer ISO. That contains a lof of things that is stripped out of the release image.
You can add binaries from a stock freebsd 6.1 installed on another box, just copy them over with SCP.

i have my own setup for pppoe and i've patched ppp with Session-Octets-Limit attribute but as i can see pfsense is using mpd i think you can try this patched version to limit session based on traffic: http://www.foggy.ru/soft/mpd/

Regards

hi,
thanks, OK, I will do it!

hi,
yes, I will do it and sorry, for the delay….

In my system log was often written "failed: could not allocate llinfo" and I was looking, whet the reason and the problem for it is. The configuration of the pfsense box(es) is as follows: There are two pfsense boxes (A) and (B) which have a virtual IP and are connected with carp. All interfaces (WAN, LAN and SYNC) have static IPs.

The problem for the system log entry was, that from both boxes (A) and (B) the LAN interface was not coming up correctly. Therefore, the did not work correctly and the system log entry was written. After "ifconfig down" and up, it works and the system log is not any more posted.

At this time, I did not figured out, why the LAN interfaces does comes up correctly. Currently, it is only a test environment and when the pfsense boxes are changed with the right machines, I will see, if the problem exists any more....

Yes, but it's unsupported deep water with no lifeguard  ;)

Some Graphs

status_rrd_graph_img.php.png
status_rrd_graph_img.php.png_thumb
status_rrd_graph_img2.php.png
status_rrd_graph_img2.php.png_thumb
status_rrd_graph_img.php.png_thumb
status_rrd_graph_img2.php.png_thumb

Thanks I found it status_rrd_graph_img.php  ;)

Yes, this is some kind of invalid trafficshaper configuration. Sounds like your parent queue has X bandwidth and you created some childqueues 1,b,c,… with a+b+c+... > X  ;)