Perry,

Have a look at the shutdown/startup code for the RRD graphs, you could probably do the same thing they do. At shutdown, they are tarred up and saved under /conf/ and at startup they are untarred and restored to the proper location.

Thanks, reported to the guys working on gettext

My WAN is a /21 and IP-MIB::ipAdEntNetMask shows the correct mask on that IP. ifconfig shows it as a /21?

Well, it tuned out that a BIOS update did fix the problem.  No thanks to Jetway for labeling the BIOS update as the same version number that I already had installed, to make it seem like I was already up to date.

Anyway, thanks for the help, and things seem to be working OK, now.

Right I saw that open issue, but I wasn't sure if it was the FreeBSD UDP checksum issue. I thought FBSD resolved that.

DPD doesn't work correctly in the underlying ipsec-tools at the moment, so that would be the expected behavior (until the SA times out).

@savago:

What accounting/billing software they are using ?

CPDI, Platypus, and home brew custom systems, of the ones that I know what they're using.

@savago:

I would like to increase interim update value (60 ) to 300/600,where to look for this ?

I believe in radius.inc.

@sankarklm:

What ever IP i am providing it calculates the starting IP based on the users to be connected, Even if i give 192.168.1.1 it get changed to 192.168.1.0. The problem is even its allocating 192.168.1.0 to users too.

That's how it's supposed to work, if you want them to be within a /24 with a valid IP, you'll have to start higher in the subnet. 192.168.1.0 is a perfectly valid IP in general, just not usable within a /24 network.

That blocks the traffic, it doesn't not log the traffic. Add a rule to block and not log, and disable block private networks, if that's what you want it to do. Usually in such scenarios I add a rule to block and not log any broadcast crud (source * dest 255.255.255.255), then add my own block private networks rule with logging.

looks like the gathering process hasn't been running

it should work, it has for me.

but reliable wireless isn't

I think, whenever it will be ready. There is much to do, even when lots of things run good. Sometimes one funktion which was/is working nice, can break with a new snap. Please be patient. :-)

hi,

this is correct with the beta. under the update options you can select to allow the unsigned updates.
after that the update works fine

Okay got it working now.
It was indeed the firewall rule that killed it all.

For others looking into this, i had to do the following.
1. Add an interface alias to the nic with an ip on the modem's lan range (eg 10.0.0.6/29).
2. Set outbound NAT to advanced and add a rule to get any traffic with the modem's lan range as destination (eg 10.0.0.0/26) trough the virtual ip.
3. Add another outbound NAT rule to let the normal traffic (any) with destination any go trough not interface default ip.
4. Add a firewall rule to get traffic for the internal range (10.0.0.0/29) use the default gateway instead of the FailOver.

The settings now look like this:
Virtual IP:
Virtual IP address  Type  Description 
10.177.255.254/20    [IP Alias] M01 Subnet 
10.0.0.6/29       [IP Alias] M02 Subnet

Outbound NAT:
Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description 
WAN  any               *     10.177.240.0/20         *       10.177.255.254     *           NO          Outbound for M01 
WAN  any               *               *                 *                 *             *            NO                Default Outbound WAN01 
WAN02  any               *         10.0.0.0/29         *             10.0.0.6     *            NO          Outbound for M02 
WAN02  any               *               *                 *                 *             *            NO          Default Outbound WAN02

Firewall Rules:
ID  Proto  Source  Port  Destination  Port  Gateway  Queue  Schedule  Description 
*      GREEN net * 10.177.240.0/20 * *      none                 Modem 01 Route 
*      GREEN net * 10.0.0.0/29 * *      none                 Modem 02 Route 
*      GREEN net * *                * FailOver none                 Default allow LAN to any rule

I hope i helped someone else by posting it  ;)

grts, Marcus

@Efonne:

http://redmine.pfsense.org/issues/96

Efonne, I did see that enhancement request, but that does not seem like the same thing I am talking about.  That specifies adding "All local networks" to the firewall rule source/destination dropdowns.  I would like to see all the entries in that dropdown, like Lan network, Wan network, automatically added as aliases so they can be included in other aliases.

Say I have 10 local networks, LAN01 to LAN10.  I would like to create an alias that includes a subset of those networks, so I only need to create one rule to block/allow traffic from one LAN to a certain number of other LAN's.  Otherwise I need to add 9 firewall rules to block traffic from LAN01 to LAN02-09, or create an alias that I have to keep synchronized manually with the the local LAN's network info.  It would be nice for everything to just stay up to date when I change interface ip settings.

I will add my request to that enhancement.
Josh

Yeah, I meant to say that I have leased a subnet (hypothetically), so rather than route that subnet in the traditional fashion, as per my first example, what if I assigned them out as pppoe clients. Would this allow me to use all of the addresses in the subnet instead of losing the first and last, as I would in a typical routed scenario?

Only if you install a syslog server on the firewall. Some people use syslog-ng for that, you can pkg_add it.