Have a look at the states table and see if they are all originating from one LAN IP. I had an issue with some sort of DoS program on a machine that one morning started sending out thousands of requests to weather.com. Tied up the entire state table. I pulled that machine and all was back to normal.

We are considering creating a similar Sydney, Australia - based position if there are any Aussies looking. Cheers Andy C1, Sydney

Thanks for your quick reply I have now figured it out after some trial and error I am a pfsense noob but will learn quickly

Old configs are stored in  /cf/conf/backup Check if a previous version has been written there. The time stamp on the file might give you another hint.

awesome…..I'll check that too. I actually used another method to confirm the ports opened correctly.... Netcat on both rigs. (awesome program) The ports are forwarding just fine. Thanks !

I followed the advise and turn load balance feature off. I deleted the pools, firewall rules, and disable OPT1. User reports positive result … and has been stable for 5 hours now without experiencing random disconnect. That makes me wonder, whether or not I made configuration error for load balancing. :- But if there were configuration error, I'd assume the load balancing won't work. In my case it worked beautifully, doing fail-over without missing a beat! I turned off modem1, it automatically goes to modem2. I turned off modem2, it automatically goes to modem1.

Not "htop" explicitly, but there have been many threads about installing non-pfSense packages. Here's a few posts to help: http://forum.pfsense.org/index.php/topic,6386.msg36771.html#msg36771 http://forum.pfsense.org/index.php/topic,7636.msg43728.html#msg43728 http://forum.pfsense.org/index.php/topic,2904.0.html http://forum.pfsense.org/index.php/topic,2828.0.html

Don't worry! Unless you want to dive under the hood no OS knowledge is needed. All configuration stuff is done in the webGUI and shouldn't even be done in the file system. If you have a spare machine to test pfSense on you can d/l a live CD. Boot it, configure the interface(s) and access it from a host on the same subnet. Unless you actually install pfSense on that machine (doable with the same Live CD) no changes to a previously installed OS will be made!

Thanks sullrich. Add more ram to the machine Thanks once more. EC

I think all that's needed is a plugin to force a carp event should a specified host be unreachable, there used to be one IIRC, but it's been missing for a while…

Are you doing PPP authentication on the modem, or on the firewall?  You could try having the modem do your PPP auth, and then set pfsense to just use the same IP you seem to always be issued.  Or, if you're already doing auth on modem, try letting pfsense do it. That's all I got for ya. -M@

Added the line: sysctl hw.syscons.kbd_reboot=0 at the end of the file /etc/sysctl.conf and it worked like a charm. Thanks for the tip.

rm /tmp/config.cache if it exists before issuing reload_* commands.

dotdash, thank you very much for your promp reply.

Any thoughts on setting up a DHCP relay agent on your Checkpoint firewall?  You could then create a new DHCP scope and leveraging your existing DHCP infrastructure.  I like to see networks managed centrally - depending on how they are setup this is not possible sometimes (branch offices, etc…).  I don't think you can create/use different scopes with the PFSense box, I'm not sure what it uses behind the scenes I'm just starting to play with it to see how I can use it.

FreeBSD 6.3-STABLE and up has bether support for this: http://www.freebsd.org/cgi/man.cgi?query=lagg&apropos=0&sektion=0&manpath=FreeBSD+6.3-stable&format=html But as i know PFsense 1.2-RC4 and below are 6.2-RELEASE-P? based so i guess we have to wait a little..

I've been playing with ALIX 2c3s in my lab.  Without shaping turned on or anything I've managed to get north of 90 mbps through 'em with a single TCP stream.  Was getting over 42 Mbps through an IPSEC tunnel (had Soekris VPN1411s in them for crypto acceleration of course) between a pair of 2c3s. It does shaping but I haven't played with it (much), so I can't speak to the cpu impact.  Shaping does in fact exist in the embedded images, and I'd guess that given the performance I've seen you'd probably be just peachy on a 30/5 connection. -Rob