Please don't double-post.  I answered your same question here: https://forum.pfsense.org/index.php?topic=87881.msg485252#msg485252

@Moses_2015: Is there any way to export those graphs to word or excel ? Which ones, built-in RRD graphs or bandwidthd graphs?  Images or spreadsheet data? If you just want some occasional images, just right-click and choose 'save image'. If you want to grab some bandwidthd images on a regular on-going basis, you can use the graph images that are already generated as .png files for the web gui, plus some scripting of your own.  Check /usr/pbi/bandwidthd-amd64/local/bandwidthd/htdocs for the bandwidthd image files; these are updated regularly as long as bandwidthd is running. rrd graphs on the other hand are normally updated only when required by the webgui; these live in /tmp.  You can look through /usr/local/www/status_rrd_graph_img.php to see how you can generate specialized rrd graphs on your own. Generating  a spreadsheet file from the rrd data should be possible, but 'this is left as an exercise for the reader' :)

who said anything about spoofing mac - if you change the mac of the device connected to the modem.  You quite often have to power cycle the modem to clear its old cache and work with the new mac.  Or you can do what I do and use the same mac on your different copies of your pfsense vm (never on at the same time) but this allows to keep the same public IP.  This allows me to test with different versions, etc.  Even if playing with different distro I set the mac the same on the wan interface so I keep the public IP.

@Derelict: Considering all the "As long as you don't call it pfSense" talk, it would make sense to have a straightforward rebranding process. I know nothing about the FreeBSD boot loader but it looks like the files you want are /boot/brand.4th and /boot/beastie.4th.  At least on 2.2 (FreeBSD 10.1). I'd search on the FreeBSD boot loader for more info.  They're more than simple text files. Thanks, I will look into those files :-)

Apinger has issues hear are some bugs : https://redmine.pfsense.org/issues/4081 https://redmine.pfsense.org/issues/4311 https://redmine.pfsense.org/issues/4354 https://redmine.pfsense.org/issues/3859 https://redmine.pfsense.org/issues/3815

I am using NPS RADIUS in Windows server 2012 r2 Is there anyway to fix it.

It looks like that's it, many 'delay' entries in the log.  Thank you!  I've been having some latency issues, I guess I've had my head backwards on this, my thinking was one source of high latency might have been this reloading issue, but the causation is the opposite way! Oh well, thanks again, learning, too often it's embarrassing and painful, especially after all that banging my head on the desk.

Bump

well I manage to get major hosts of iDevices ! and to make none mistake alias``` 17.130.137.73 17.130.137.75 17.130.137.79 17.134.62.129 17.142.164.50 17.154.66.11 17.154.66.54 17.154.66.67 17.154.66.69 17.154.66.74 17.154.66.108 17.154.66.109 17.154.66.110 17.154.66.124 17.154.66.125 17.154.239.50 17.154.239.54 17.158.28.8 17.158.28.14 17.158.28.17 17.158.28.21 17.158.28.25 17.158.28.36 17.158.28.37 17.158.28.48 17.158.28.49 17.158.28.50 17.164.0.36 17.167.136.28 17.167.137.30 17.167.140.64 17.167.146.36 17.167.146.37 17.167.150.74 17.167.193.60 17.167.193.61 17.167.193.64 17.167.194.234 17.167.195.58 17.167.195.66 17.171.71.105 17.171.75.198 17.172.208.47 17.173.66.82 17.173.66.84 17.173.66.133 17.173.66.134 17.173.66.135 17.173.66.136 17.173.66.144 17.173.255.107 17.252.27.248 23.44.244.118 23.44.246.52 66.235.135.144 82.166.201.169 88.221.154.217 88.221.155.205 92.122.12.93 92.122.15.163 92.122.214.57 184.29.70.224 217.12.15.152

You are missing a local group with assigned privs on pfSense box. https://forum.pfsense.org/index.php?topic=44689.0 Also, if you want to query a particular LDAP group only, fix your extended query: https://doc.pfsense.org/index.php/LDAP_Troubleshooting#Extended_Query

The challenge with trying iperf is that I have to reconfigure some things to test it. I am currently router-behind-router with a twist. The Motorola NVG589 in front of my pfSense system has a hybrid NAT as well as public IP, because I am paying for multiple IP addresses. So I have 5 IPs on the public subnet and then a private 192.x.x.x subnet. PFSense sits on one of the public IPs and I can use VIPs for the additional and NAT them in to a given host. The issue is putting iperf out on one of those 192.x.x.x IP addresses, between pfSense and the AT&T router (actually sitting next to pfSense, but "outside" my firewall). iperf can generate only 10's to 100Kbit/s in that situation, from inside my LAN to that immediate WAN before the AT&T router. I can get better iperf performance to a system I have at a colocation than a system sitting on my Motorola router just outside pfSense! So to test my pfSense router I'd have to reconfigure it entirely, do the test, and then put it back so my family can get their internet back :)

Hmm, looks like it's correctly finding and reading the tjmax value from the CPU then.  :-\ Those license warnings are nothing to worry about. You can add the ack values to loader.conf.local to make them go away if you want. Steve

You are right, 2.1.5, I did accidentally hit the 8. I haven't updated to 2.2 yet because when I did I was having issues with packages not working or installing so I thought I'd skip for a little while and wait for things to catch up. Internet is 25Mb and it get's 100% saturation though I'm not exactly sure why while my LAN is only pulling 3 to 10Mbps. Last night when I was looking at what was saturating the connection it seemed squid was pulling from wxdata.weather.com and www.google-analytics.com while at the same time I was trying to get some iso's downloaded though I was only getting about 200 to 300KB/s (2 to 3Mbps) but my internet connection was 100% saturated. I'm not caching to RAM. I'm actually caching to the drives in the server. I figured I might be able to increase hit rate by keeping the cache around longer. I am also aware of the cache exclusions under the "Local Cache" and have been adding to it slowly. I'm just wondering why it seems like squid is trying to download the whole entire site. I had this exact same thing happen at a client's place. One of the accountants ran an update for QuickBooks and squid saturated one of the internet connections and was downloading from the QuickBooks update server. It seemed like it was trying to download ALL the updates, not just the one.

@Kartoff: Hello again, I have little question i cant find an appropriate answer in search… I have pfsense with NAT and port forward active and i bought a domain... When i type "x.x.x.x:port" i end up where is supposed to go behind a NAT and it also work with "something.net:port" But i want "x.x.x.x:port" to be resolved as "something.domain.net" so when i type "something.domain.net" to reach target machine behind NAT... Can this be done ? Thank you :) So for example, you might have a webserver or other similar site you are trying to host but your ISP blocks port 80… so you set up pfSense with a NAT to forward port 8888 (for example) to your internal web server's port 80... and now you want www.mydomain.com to resolve to your WAN xxx.xxx.xxx.xxx:8888?? When you type www.mydomain.com:8888 the website resolves however when you type www.mydomain.com[without a port number] it does not resolve? This is because without specifying a port basic http protocol uses port 80 and it seems that you or your ISP do not allow access to port 80. I think that's going to be at your external DNS provider. I know that freeDNS does not offer that service however some paid services do. I believe that this is something outside of pfSense. OR You could get a business class connection with static IP that has no ports blocked to you. Call your ISP. I would bet they tell you that the port you are trying to use is blocked to retail customers.

https://forum.pfsense.org/index.php?topic=87700.msg482549#msg482549

you'll have to change the pfsense webgui to different ports if you wish to portforward 80/443

High end switches support multi-pathing for the layer 2 and can fail an interface when errors start to happen. The original question asked how to fail over "like the WAN". The issue is easier on the WAN because you just say "This route is bad, fail over to another route". The problem with the LAN side is you have only one route. Clients have only one gateway, that is one route. That is a layer 3 issue. LAN failures is a layer 2 issue. It's best to handle it at the Layer 2, which is the switch. I'm wondering why an interface would have loss and why failing over would fix the issue. There is a "raid 1" for Ethernet. I forget the protocol name, but packets are duplicated on all interfaces in a group.

on most firewalls this is called vpn passthrough. any ideas? Thank you!

Thank you so much for your kind and helpful response. No CD or DVD in the drive so I shall ignore the warnings as you suggest. Btw, I just love pfSense.  :)