at interfaes/wan turn on

Block bogon networks
When set, this option blocks traffic from IP addresses that are reserved (but not RFC 1918) or not yet assigned by IANA.
Bogons are prefixes that should never appear in the Internet routing table, and obviously should not appear as the source address in any packets you receive.

It's open from LAN by default and blocked on any other interface like WAN, OPT1,… If you want to simply open it up to the firewall at WAN for example create a rule at firewall>rules,WAN. If you want to forward it to an host on one of your internal subnets create a portforward at firewall>nat, portforward and let the firewall rule be autocreated (the box for this is enabled by default).

I know just a bit about layer-7 shaping abilities, and for know pfsense layer-4 scheme is working for me; but I'm sure that layer-7 in pfsense would bring the firewall into a new land where the most modern p2p programs change their ports to scape trafic shaping or the most commons firewalls that block well known p2p ports…

But as I said, pfSense scheme is doing the job for me now, it saves more than 30% of my bandwitch that are being used by p2p programs in users boxes... it's amazing!

Already fixed in cvs.  Thanks.

Your changes will get overwritten each time.  Seriously, you really need to use something else if you want to have custom pf rules.  Sorry!

Ok, sad to hear it but I have to live with it.
Cheers

lowcypl,

your config seems to be okay. But beside that it is kinda hard to understand …

what you were trying to accomplish regarding your setup?

what is/was your issue (i.e. what does not work)?

Regards
Daniel S. Haischt

1.0-RC3 is now out, you really should update.

Show a screen shot of your custom rules and then run cat /tmp/rules.debug | grep USER from a shell/command prompt.

sorry i didn't get round to answer yesterday. I changed the setup after having these annoying problems with the bridge i was in a hurry had a customer waiting for the firewall. When i have some time i will do some testing with the bridge setup and post my results.

If you are running polling then the share of userland vs kerneland needs to be altered.

On a really busy dns server that would mean that the split between kernel workload and userland workload needs to be about 50/50.

I cannot recall what our defaults are but I would suggest as hoba did to not run polling unless you spend quite a bit of time "tunning" it for your workload.

I'll retest bridge this evening with latest snapshot but I bet it's something else (tested it not too long ago already).

Thank you for the quick reply.

I think I will just install Pound (http://www.apsis.ch/pound/) at a central point and forward all web traffic to it for redistribution based on requested URL.

Again - thank you for the quick reply :-)

If I ever learn how to create packages I will attempt a pound package.

Cheers,

jk

hmmm I found the problem … It seemed to be dns.
Sorry guys and thanks for the help :-[

Thanks

:D  find the solution

My modem is not ugly

My provider is ugly ;D  (tele2)

it refuses all connection to smtp server except for its smtp server (smtp.tele2.fr)  .

Sorry for the problem.

thanks all.

Firewallrules are first match wins from top down. You can't pass anything below that you already have blocked on the top. Just use your brain to evaluate your ruleset. Finally, if something is still blocked visit status>systemlogs. firewall and click on the small block icon in front of an undesired block to see what rule triggered the block.

After some more digging, a lot more digging. It seems that the problem is related to our fiber provider. Sorry if i implied that there was anything wrong with pfSense, I've been using it for months now in our school system and love it.

Brian

Somethings that you could do to speedup the gameplay.

1. Make sure nothing is running on half-duplex
2. If your using a hub, get a switch (gig is overkill for xbox)
3. Adjust your MTU size
4. start running ping/traceroute tests and see if there's anything messed up with your internet connection

As fire as the firewall optimization goes unless your trying to run a bit torrent client while playing xbox adjusting the settingsd from normal to agressive probably won't show much of an improvement. Try it though, if you can run with aggressive and nothing starts acting up the better as the firewall needs to keep track of less connections in this mode.

as hoba said, need more info. If you are running the traffic shaper make sure you set VOIP to the highest priority and make sure the rest is a lower priority.