Hello, I'm not familiar with your actual setup of kvm and promox but i'm sure pfsense will be easy to fit in there. I don't understand what's not working exactly, specially when you talk about the public ip given by a router?  a router usually provide only a private ip, or a DMZ environnement that will make the workstation (PfSense in our case) think that he's outside the private network. I would need more details of your step by step procedure to understand at what point you'r stuck. Thanks, Zikmen

I'll be glad to assist you with this. In order to help, i will need some more details about your configuration to figure out the case. Internet line downspeed and upspeed measured with only 1 pc connected directly to the modem (speedtest.net), do a few test on different servers and grab an average. how many hosts or subnets hosts usage or purpose (download workstations, doctors watching youtube all day long, just checking meal recipies) Cable or DSL ISP Thanks, Zikmen

What are you trying to cache? Which Squid version are you using? What isn't working? What did you expect? This question would be better asked in the 'packages' subforum. Steve

Just a follow-up… I fixed it by plugging the cable modem right into the ESXi host vmnic, as opposed to plugging both cable modem & ESXi host in to switch ports in the same VLAN off the 2960. CDP/LLDP/keepalives were off, so not sure what caused it, but it's resolved.

Holy moley GhostBSD is really nice! And worked perfectly, thanks!

This: https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

@jwelter99: I'd setup at least two vlans - one for the pc's and another for the VOIP traffic.  Once you have it setup to break this traffic across the 2 plans you may find other logical groups your want to segregate onto a vlan. This allows you to be more selective on your firewall rules - e.g.: voip has a different footprint versus desktop pc's, etc. As for switches you want to reduce hops when possible.  So I'd have a root switch that plugs into the PF sense box, and all your other switches plug into that switch. That's exactly how I would do it also.

Did you ever get to the bottom of this? I am getting the same error message in dhcpd.log (unable to add forward map REFUSED) and DHCP leases aren't getting registered in DNS. EDIT: Looks like I had some DHCP reservations on an old unused interface that were conflicting. I removed the reservations, restarted the DHCP service, then new leases seemed to get their reverse maps properly added. To force update all the existing leases I un-checked "Register DHCP leases in DNS forwarder" under DNS Forwarded, applied, then re-checked it and all my leases showed up. My apologies for the necro-post, but I couldn't find hardly any info on this issue except this thread. Hopefully this will help someone else. :)

If you can see traffic going, approximately equally, on all 4 WANs then the load balancing is working correctly. It may be that you are hitting some other limit further upstream. The modems you're using appear capable of 150Mbps if the correct data network is available. Do you know what data network type your ISP is providing? I don't have much experience with mobile broadband but when I have used it I found I was able to get close to the advertised bandwidth only at times of day when nobody else was using it. You might be better trying to use either different cells for each modem (directional antennas?) or different networks. Steve

@voxmagna1: Hi, I was wondering if members could say which USB NICs are working with pfsense? I have one which configures o.k with zeroshell bound to PPPoe, but pfsense will not autodetect it. The strange thing is I can see it getting picked up in the boot screens and if I unplug and replug it I get the line ugen4.4 <realtek>at usbus4 (disconnected)</realtek> so pfsense knows something is there. It is a clone of something and has no NIC name in its firmware. Works fine for me, dont need anything faster as our broadband is not very fast. http://plugable.com/products/usb2-e100

do your lan clients have their gateway set to pfsense ? does your openvpn-client-device have a route for the lan-subnet by the tunnel (the defaultv openvpn client for windows, needs to be run "as administrator' to be able to SET the routes) did you try turning off windows-firewall (for testing). It is known to block pings outside its own subnet.

Same error here with a new install. Any ideas out there?

A lot more info please.  ;) Where is pfSense in this setup? Is it running Squid? Squidguard? What firewall rules do you have? Where are you testing from? What do you see in the firewall logs when the "app" in blocked? Steve

what was the solution here? can someone update?

I've come across this problem once. I had left the network cables plugged in and it just hung on 38%. Only figured it out when I backtracked to what I had done before and what I was doing now and realized that the network cables being unplugged/plugged in were the only difference.

You don't want the memstick version. That acts exactly like the install CD, it will run live but won't remember any changes. Use the NanoBSD version. Steve

bump. Do you want to use squid cache on a separate disk (msata) ? If so im also looking for the answer. im running the enbedded version on a SD card but would like to use my msata disk for cache. Does anyone know how to achieve this?

Noting the version of Firmware for the Raid Controller between the 2 systems. The working system was running Perc 6i Integrated with firmware 6.3.3-0002 The non working system was running Perc 6/i Integrated with firmware 6.3.0-0001 and 6.3.1-0003 However when i tried to find 6.3.3-0002 for a Perc6i on Dells Support site under PowerEdge 1950, i could not find it. I then searched Dells site specifically for Perc 6i firmware, and found the proper version 6.3.3-0002 (note NOT for a PERC 6E, but PERC 6i). Booted to a live CentOS disk, upgraded the firmware and viola, success! Below is the link to the proper firmware: http://www.dell.com/support/home/us/en/19/Drivers/DriversDetails?driverId=F96NR This can be marked as Solved.  I see that many people out there find this same issue, and i hope they find this.

Thanks.  Flashing a spare 4 GB Transcend 300x CF to the 2.1.5-RELEASE worked fine.  I imported the configuration I had saved before I started, and I was off and running.  Two mistakes I made that slowed me down were 1) to forget to expand the image before flashing it, and 2) to flash the upgrade version, when I should have flashed the full install.  As a backup during this process, I kept the original Kingston 4 GB 133x CF that shipped with my unit.

Just as an example figure an Atom D510 will push ~50Mbps of VPN traffic. That's software only. Steve