Contact me and I'll be more than happy to work with you. :)

MODS:

Please erase this thread as i will start a new one with a more "appropriate" title
Thanks

$100 usd donated!

Major benefits to removing packages is for auditing, risk mitigation, and certification.

Less modules means less screens and configurations to verify on every audit (Is VPN turned off?  OpenVPN, yes.  IPSec, yes, etc. etc.  Every bloody audit.)

Risk mitigation: You aren't vulnerable to a flaw in the X module if it's not even present on the media (see the recent OpenSSL issue).

Certification: If you need to pay for certification for some reason, then less things to certify takes less time and can be considerably cheaper and easier.

i am not familiar with the bounty section and this is just my first time posting here (accidentally :D)

i think you need to read this first: http://forum.pfsense.org/index.php/topic,23514.0.html

Configuration help bounties

There are a lot of bounties for people asking for configuration help.  For those of you who need help getting your system set up in a specific way, consider paying for a commercial support package.  Its a great way to support pfSense and pay the developers for their time, plus you can be assured that you're getting someone who really knows this system to look at your network environment and help you configure pfSense properly.

It is better to pay for a commercial support package and let the support team do its job.
Sorry but i am not part of the support team and i am not an expert of pfsense.

Definitely glad to see Microsoft, NetApp and Citrix stepping up on this. Once they make that available, we'll need to look at incorporating it and keeping hyper-v a first class citizen. We'll need the funding at that point to get a server to run hyper-v long term (if someone would like to contribute something, donations welcome), and to put developer time towards integrating the patches, testing, etc. Virtually all development comes from people on our payroll and we have to have some way to meet that payroll. Once we get to that point, I'll follow up on this thread to see what we can put together.

@romulous:

I've been working commercially with netflow for some years now and have implemented systems which cope with billions of flows per day, calculating hundreds of customers data plans. While those systems run from cisco routers, this can be done under FreeBSD fairly easily and can monitor all the interfaces individually and then filter/aggregate them based on subnets, IP's, ports etc. The only failing currently with flow tools is no IPv6 support. I have built netflow v9 gernerator/capture software (which supports IPv6) in php to gain an understanding of it. Based on all of this knowledge, I am sure I can contribute something to the pfSense project, if so desired.

I would love to load this even if it were outside of pf.  Chris B suggested nfsen  - what is yours based upon?

I wish I could say I fully understand what's happening here, I don't!
I look forward to reading the traffic shaping chapter in the next definitive guide.  ;)

Steve

do you have your problem sorted, please post if someone sorted it for you

AFAIK it'll be very difficult to do proper QoS on a 756Kbps link, without reducing the MTU size.

You can read about some of the issues involved in
http://forum.pfsense.org/index.php?topic=15508.0

Sure, send credentials to me and i will give you the setup :)

Well send the money for donation to pfSense ;).

Duplicate the limiters indcated by cmb and create rules with schedules for the different hours you know there will be slower speed.
Configure the limiters for your desire.

It is difficult to estimate bandwdith speed without proper infrastructure and your budget :)

Have you looked into the HAProxy package instead? I just did a bunch of bugfixes on it and am working on getting those made available to the public:
http://forum.pfsense.org/index.php/topic,43188.0.html

The 1.2.3 parts are covered in the book already, which would cost much less than the bounty :-)

There are docs on the wiki for 2.0 as well, but some places do need updated yet.

I'm not sure if this is of any help to you guys, but I use mac address cloning and haven't yet had any issues with it shrugs

according to the ticket, need to sue multiple hostnames but how do i do that on a windows system as i had put the same ip for my wired and wireless mac id under dhcp server but as soon as i disable the wired conenction and switch on the wireless then wireless connection goes in a endless loop of release/renew ip

The main goal is a ban user's NAT on LAN

$50.00 From my side.