Definitely something you want to drill down and figure out.  It could be something running on a laptop (assumption based on the fact that traffic was seen in your wifi network and then your LAN) that's causing the traffic.  It may be benign or it may be malicious.  Better to chase it down with wireshark as jimp (forum question answerer supreme) recommended.  Please post back with whatever you find.

please tag resolved issues in the subject line so people don't keep reading your post :)

I would probably suspect RAM more than HDD with a panic like that. Though the current process was "da-popb4smtp" - that does not exist on pfSense. I'm not even sure if any packages would include that. Was that something you installed?

Please do a little searching before asking questions: http://doc.pfsense.org/index.php/How_do_I_block_instant_messengers

ok… here's a weird fix that stop the "disconnected from chat server" problem. in my case what you can see in my setting... i just change the rule in port 11031 TCP (the hon chat server) to default gateway. at this point its weird because the game server port 11100-11500 UDP will pass trough gateway 192.168.1.254 and the port for chatserver 11031 TCP will go trough gateway default which is 192.168.1.251 set in wan link. the game works fine and the log seems to be clean and not much of port 11031 log problem. what i found out is that if i use the firewall rule to force port 11031 to go trough gateway 192.168.254. my firewall log will have a lot of port 11031 block by default ending with TCP:P / F / A... and game seems to DC almost every 3 minutes. i did try to play around with the firewall rule under "Advance option" -> state timeout in second of 24 hours(in second) and the game will dc from chatserver longer than before this setting is applied. if i dont do any loadbalancing in pfsense and leave the game to go trough the default port. no problem in firewall log with any port 11031 get to log. that's where i try to leave the tcp port 11031 to go through default gateway. and it seems to fix it. i guess the game server will log your ip in its table for the game purposes and the chat server will have a separate table of its own to log ip. it makes sense if we see theses servers as a separate objects in the network world (obviously they have different ip) and they works differently. one is for the whole game where it will receive mouse clicks, keyboard short cut and in game chat system and all of this are recorded and can be played in the replay links. and the other one is just the chat server the IRC for the client and some more advance command where you can follow or join game. as for garena messenger. when you login garena messenger click on hon game, garena will send and update the config of the game where the game will auto log you when the game runs. and after the game runs. you can kill the garena. and nothing happens. now i have different problem... sometime during in game... my character will run back to fountain and then DC... :-( this is bad... have you got this kind of problem?

I have seen traffic last for a whole day before. Some Anti-P2P groups may even try to connect to your IP several times over the next month. The best thing you can do is to drop that traffic.

Also, this has been asked, and answered, many times before.  Please search the forum before posting.

If a connection is started from the LAN then the responses will automatically be allowed.

@Panix: Will pfSense do all the DNS records required for a AD domain to function?  I'm leaning towards no…. I have my network setup as client->pfsense->MS Server and I don't have any problems. It may relay the DNS requests for lookups properly, but perhaps not some of the other special things that AD seems to rely on happening via DNS for updates. (Someone more intimately familiar with AD would probably be more helpful for the details).

Yes.. that did the trick !! Thanx

http://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

What are the netmasks for the 3 interfaces configured with 192.168.253.x. What are your firewall rules for the source interface in question?

The default deny rule already does that.

I just realized the firewall in subject is 1.2.3-RC1. I will upgrade that first. I tested the package on an vSphere server an hour ago - works exactly as it is designed to. This feature makes things so much easier for me :D Thank you for your work!

Update: I got this working with Wall Watcher running on my Windows 7 machine. Question, Wall Watcher support is set to expire in February 2011. I would like to build a Linux VM and use it for syslog server / dev box. My linux is weak and I'm using this as a project to learn the OS. I'd like some recommendations or a link to a HowTo on what is the easiest way to set this up. Wall Watcher has a great feature that summarizes the syslog data in a more easily readable output. I'd like to have the same capability in Linux. Is there a package out there that can do this? Or script recommendation?

For doing it only with the pfSense box, it is only possible if it is a wireless interface acting as an access point or if you only use one port on the box per client that connects to it.  The former can be done by disabling the "allow intra-BSS communication" option and the latter probably isn't practical to do on the pfSense box itself.

If the VPN connection is working properly, this can probably be safely ignored. It may be that the server side is sending a GRE packet before the GRE state is active, but if the connection works normally after that log entry, I wouldn't worry about it.