I think we need the update for imspector 0.9 otherwise it won't log much since it doesn't know the new protocol?

Wouter

okay, glad it wasn't just me  :)
thanks for looking into it!

I see that now. Thanks.

What do those fields mean and how this be setup? :-) I have no clue now. Here is what I have from Aastra but this doesn't match the fields I get in pfSense DHCP extra options section:

Option 43 Redirection and Configuration Server (RCS) Bypass
DHCP Option 43 includes the ability to bypass contacting Aastra's Redirection and Configuration
Server (RCS), in addition to the previous support of setting the configuration server to contact.
A sub-option code 3 uses a boolean value (true or false) that controls whether or not the phone
should contact the RCS after a factory default. If this value is set to false, the the RCS is not
contacted. If it is set to true or is missing, then the RCS is contacted as per previous releases. This
can be used in conjunction with the existing code 2 sub-option to set the configuration server.
Configuring RCS Bypass via Option 43 on a Linux DHCP Server
The following example illustrates how to configure RCS bypass via Option 43 on a Linux DHCP
server.
option space AastraIPPhone;
option AastraIPPhone.cfg-server-name code 02 = text;
option AastraIPPhone.contact-rcs code 03 = boolean;
Subnet 192.168.1.0 netmask 255.255.255.0 {
#The 6757i phones do not contact the RCS but use the defined FTP server for
configuration files.
class "vendor-class-57i" {
match if option vendor-class-identifier="AastraIPPhone57i";
vendor-option-space AastraIPPhone;
option AastraIPPhone.cfg-server-name "ftp://username:password@10.10.10.1";
option AastraIPPhone.contact-rcs false;
}
#The 6757iCT phones do not contact the RCS.
class "vendor-class-57iCT" {
match if option vendor-class-identifier="AastraIPPhone57iCT";
vendor-option-space AastraIPPhone;
option AastraIPPhone.contact-rcs false;

Some clarification on above will be very useful to me. Under DHCP Advance, I have Name, Type, and Value and I am not sure what to insert there based on above code quote.

Thanks

@torontob:

Restart of the router fixed this. This is not good….maybe a bug?  ::) :o

its got to be a bug.  unfortunately in my case, a restart doesn't fix it.

try upgrading the firmware. saw that on the forums someplace and that worked for me once.

Ermal,
thanks for the reply, and very sorry to take so long to reply. (had to put this aside for a while)  I removed all the rules and kept things simple and have not been using limiters, but I will take some time this evening and setup the rules and tests again.  Will report output on those commands you listed.  Could be not an issue at this point, since I've updated to RC3 since. But will report back.

Thank you!

In that instance you can do it with quotes or without, the way you have it is fine. Not sure why that doesn't work in your case.

Thanks for the link, and found Split-DNS as solution to my problem.

Looks like this is the same issue as here:

http://forum.pfsense.org/index.php/topic,21656.15.html

Can anyone comment?

Thank you for the feedback.  I have not had a chance to actually test this (too many other things to do at the moment) but when I can I will test and share my results.  Thank you for the help!

I'm affected with this issue as well.

Can't use sticky connections without all internet outgoing being stopped after one or two minutes.

My config:

1x WAN PPPoE
1x WAN DHCP

1x LAN DHCP

@cmb:

You have gitsync after update enabled and it's still pointing to rcs/gitweb.pfsense.org?

hm, good catch :)

I had gitsync after update enabled, pointing to http://gitweb.pfsense.org/pfsense/gnhb-clone.git

as a result of this thread: http://forum.pfsense.org/index.php/topic,25465.0.html

So now I disabled this, and will upgrade to the next snapshot… Hopefully that will make the difference.

@focalguy:

@beo:

My idea is to run two linux apps that save me a physical machine.  ???

How about virtuals? You could install VMWare ESXi on the physical machine and then have pfsense and another linux machine all on the same hardware. This way you wouldn't risk compromising your firewall with other applications and you would still only be using one physical machine.

It's a Pentium 4 - 2,8Ghz - 1GB RAM - 40 GB HDD

Very Bad for ESXi

Any one?

download queues go on the LAN interfaces, upload queues go on the WAN interface.  I guess you have a LAN interface and OPT1 interface for the LAN side?  You should have an entry for each interface on the traffic shaper "by interface" tab.  You can set the limit of each interface on that screen.  LAN1 bandwidth=800Kbps, LAN2=534kbps, WAN=1540kbps… that should split the download bw the way you want but the upload will be shared, not caring which lan the traffic comes from.  To split the upload, you would create two new queues on the WAN interface, say q1 and q2.  (i'm using hfsc because that's the one i'm familiar with)  Set both q1 and q2 to the same priority, set the bandwidth=1% or anything so long as they are the same, set an upperlimit m2 value to 534kbps and 800kbps respectively (by the way there is something wrong with the math here!).  All the other blocks can be left blank...  Then you would make a couple simple firewall rules to send the upload traffic to the two queues you made... on the rules page LAN tab, add a rule, pass, LAN, Protocol=any, source=LAN1 address, dest=any, ports=any, then at the bottom set the ackqueue/queue to q1.  The other rule would be source=LAN2 address (or OPT1, whatever it's called), and queue q2.  But now I realize there is a problem with this because you can't make the ackqueue and queue the same, so you'll have to make a qACK and a qDefault on each lan interface, and a qDefault on the WAN interface, because each enabled interface has to have a default queue...  so anyway, make all the queues and then set the ackqueue/queue to qACK/q1, etc.  I think this would be the minimum queues and rules you would need:
WAN(1.5Mb)
---->qDefault(bw=1%, default box checked)
---->qACK(bw=1%, realtime m2=30%)
---->q1(bw=1%,upperlimit m2=800Kb)
---->q2(bw=1%,upperlimit m2=534Kb)
LAN1(800Kb)
---->qDefault(bw=1%, default box checked)
---->qACK(bw=1%, realtime m2=30%)
LAN2(534Kb)
---->same as LAN1

On the WAN you could leave off the qDefault and mark any of the others default, so long as you have something marked default, but this is a bit more organized.  The realtime for the qACK makes sure that the ACKs will always get through to keep traffic flowing, even when traffic is full, up to 30% which is more than they would ever need but it doesn't matter it will only use what it needs, the rest is available to the other queues. Firewall rules:
PASS, LAN, proto=any, source="LAN1 address", any any any, qACK,q1
PASS, LAN, proto=any, source="LAN2 address", any any any, qACK,q2

Ok, i'm new at this and have never had 2 lans, but bored right now since my little pfsense box is working well!  Now someone can tell me where i'm wrong, but this should give you some ideas.  If you want the two LANs to share the bandwidth, able to use whatever the other lan doesn't, then it doesn't really work, you probably have to bridge them together, making them like a built in 2 port switch.

Check to see if any upstream security appliances are blocking.  I had the same issue and noticed that my SA was blocking 'WEB-PHP xmlrpc.php post attempt' when attempting to connect to 69.64.6.21 for list of Available Packages.  The Firmware updates were working fine but the Available Packages were being blocked.

hmmm… I don't think i have that situation, nothing that should change the mac... it's like the pfsense box just "forgets" one or more entries until i manually re-add it, then it "remembers".  Actually i'm not positive it's ever done more than one at a time, but for some reason i think it has.  If there is something flaky in my network, something misbehaving, it shouldn't fix it to re-save the pass-through-mac entry.

Too bad i can't find any log that would have any entry about a user being allowed or denied by the pass-through-mac!

I just shut it off for now, can't have users suddenly unable to access the internet.

Does anyone know of something, a log deep inside perhaps that i can check out if this happens again so that i can give more information on the problem?  Now the only thing i can say is, "Sometimes the pass-through doesn't work until the entry in question is re-saved."  Oh, also, it did seem to happen after I had added a new entry (failure happened with an old entry), but not sure if that was always the case.

@photonman:

@Nachtfalke:

In actual snapshots there is an ability to change duplex modes.

what does this mean in "actual snapshots…"

It means recent/newer snapshots. Don't forget to re-select the update server URL for snapshots after July 4th per the post at http://forum.pfsense.org/index.php/topic,38687.0.html as well to make sure you get the most current version.

That sounds a lot like the Realtek quirks inherent in Watchguard hardware, they can drop offline under a variety of conditions.

all in https://github.com/bsdperimeter/pfsense-packages

July 8 is doing the same. I'll try with july 15 and let you know.