Well in pfSense you can only balance clients AND IT IS POSSIBLE.
With limiters you can balance sessions too if you want but its not exported on the GUI.

For what is worth you can use queues in combination iwth limiters to achieve best traffic QoS.
Like limit every client with limiters but prioritizing ACKs in the  link etc…

Actually it looks like I already fixed that. If you update to a more recent snapshot it would be OK.

The collapsed graphs have always been drawn.

What changed recently is that there was a very nasty bug that caused every interface update to be staggered with an ever-increasing counter so every interface was getting updated less and less frequently, causing the ones at the bottom to always be farther and farther behind the upper graphs.

Now the graphs are kept in line with each other, but that will cause increased CPU usage. No matter how you try to stagger the graph updates they will always align at certain intervals.

It may be possible to disable the minimized graphs, though I'd have to look at the code to confirm that. There are several files involved in making the graphs, though mostly you'd want to look at the files in the /usr/local/www/widgets directory for the graphs, and also /usr/local/www/index.php /usr/local/www/getstats.php and /usr/local/www/javascript/index/ajax.js

Depending on the widgets you want them to use, you may need some other permissions as well. I believe there is an open ticket for that.

I have resolved this by updating to the latest snapshop:

2.0-BETA4 (i386)
built on Mon Nov 1 02:02:45 EDT 2010

and by also setting the WAN OpenVPN is running on to default under System -> Routing.
Not sure if this is by design or not?

Thanks to both of you, this might explain a lot. I'll revert to an older build and try some things out, I'll report back in this thread in a few days.

::Trym

on 2.0 Beta4 there is a custom graph feature, you select the start and end time and it will generate a graph for you.

startdate and enddate are unix timestamps (seconds since epoch)
You, sir, are proably looking for a bargraph with gigabytes per day for a month period I'd guess.

I understand your question and I don't think that rrdtool has such a feature. There are other graphing libraries that might be able to do that but I have no idea if that's possible in the time frame.

Hey there,

There are apparently issues with Multi-WAN and NAT for the past while.  I believe this is probably part of the same issue which is already known - so it is likely nothing to do with an error on your part.

Basically it seems that the reply-to is always going out WAN1 even if the request was made via WAN2.  Anyway - I'm sure there is way more to it than that…

A lot can be gleamed from looking over the bugtracker :

http://redmine.pfsense.org/issues/958

and

http://redmine.pfsense.org/issues/969

-- Phob

Thanks for clarifying, that is what I concluded after having messed about with it a bit, hence the firewall rule mentioned in the previous post. It is far from clear if going by the wording on the setup-page though. "By default deny access to UPnP & NAT-PMP?" surely sounds like it controls which clients should access it, not which clients can be forwarded to.

To Tikomotel: Thanks, the dnsmasq link you gave me had the information I needed, the correct location of dnsmasq.conf, which is: /usr/local/etc/. It also turns out that editing the service.inc file probably works as well, it looked like it didn't work because dnsmasq has a hardcoded limit of 10000 as cache-size.

::Trym

Thanks for the quick reply. Just found it myself.

this sounds like xen breakage.  i have pfsense and freebsd8.1 servers running on amd opteron host using virtualbox with no problems.  what is the panic message?

@Efonne:

If you want access through WAN on both subnets, you will need to add another allow rule on LAN for the other subnet and I think you need to manually add another outbound NAT rule for the other subnet (change to manual outbound NAT).

Exactly!  It took a few minutes to get it working but it works great now.  Just for future reference (so I can remember), to add a secondary/additional IP for the LAN segment:

Click Firewall–>VIPS and create a new IP Alias for the gateway IP Address (ie: 172.16.155.1/24)

Click Firewall-->Rules-->LAN and add the new subnet (Proto: *; Source 172.16.155.0/24;  Port *; Destination *; Gateway *)

Click Firewall-->NAT-->Outbound NAT and enable Manual Outbound NAT.  Click Save/Apply.  Then, add a new NAT rule using Interface: WAN;  Source 172.16.155.0/24; Source Port *; Destination *; NAT Address *; NAT Port *; Static Port: NO

Thanks to everyone for helping get this working!

-Ron

Of course, the only way you wouldn't be able to update from the other slice should be if you had flashed the card with an image that can't update from either slice - in other words you would be unable to overwrite the slice that can successfully perform an update from one that cannot update (there may be exceptions to this, but generally it holds true).

The main reasons an update fails either do not even start to write to the other slice (update file didn't pass checks or ran out of space downloading update) or overwrites the other slice but leaves one that is still capable of doing updates.  Of course, you can run out of space by installing packages, filling up the drive with files created by packages, or uploading files and become unable to update, but that is something you can resolve, likely by uninstalling the packages or deleting the uploaded files.

A little late reply, but should be useful for anyone who wants to know.  On NanoBSD, run the command /etc/rc.conf_mount_rw to remount the file system as read/write.  When you are done making changes, run /etc/rc.conf_mount_ro to change it back to read-only.

ok thanks guys i will give the 12th oct a go

You mighttry  compiling the u3g driver with just the new ids.