I think my 2.1.x versions used swap, but cant say I have noticed 2.2 using swap yet. Perhaps the latest bsd version spots ssd in use and just doesnt use it now?

Different companies offer different amounts. Some ISP give you their unthrottled bandwith throughout the use of an allowance, but anything over the allowance amount and the bandwidth can be throttled back to a lessor amount of their choosing. Others might just disconnect you once your allowance is reached like PAYG mobile phone data plans do. Holiday parks and hotels work much like PAYG mobile data plans, so its a case of either doing as others in your area of business do, or do something different if you fancy it.

Those RRD logs are symptomatic of a system that ran out of RAM at boot time. Only circumstances where I can recall seeing that are systems with 256 MB or less RAM, running nano (so a chunk of the RAM is taken by rw filesystems), and more packages or other services than should be run with minimal RAM.

NICs are named by their driver type. They can't be renamed. There's no way you reinstalled and ended up with different NICs unless you switched hardware in the process. Just re-assign the NICs either manually in the config, or after you restore the config. That's very easy and trouble-free. Where you have complex interface scenarios, like VLANs and lagg and bridging, things can be a bit more complicated. Editing the config manually is definitely the easiest route there. If you do edit the config manually, be careful, and never do a blind mass search and replace. Verify every replacement is actually an interface (granted there will only be 1 instance unless you have a more complex interface scenario). There's a good chance you have certificate or other data that happens to contain, say, "em1", and if you replace every instance of "em1" you'll break things.

Yes.  i217/218 was added to the em driver.  /var/log/dmesg.boot will contain all the boot device sensing logs. 2.2's in beta.  It will, at some point (presumably when there are no more known bugs marked as blocking (or tagged as a known issue)) go to RC1.  Then maybe RC2. Maybe to RC3+.  Then it will go to RELEASE when it is ready.  Church bells will ring across the land. I usually hold off here at home until RC1.  In production I wait until RELEASE and then only if I need a feature/fix.

@KOM: If I'm not mistaken, don't you have to use the Embedded nanoBSD install for those ALIX appliances? I want to see the actual traffic that is going through the pfSense Interfaces, I think that's called RRD? Are you looking for live, realtime data or reports & graphs?  Traffic graph will give you realtime views, while packages like Bandwidthd, RRD Graphs and Darkstat give you historical details. I thought the Embedded Version is for SD Cards because the system is loaded into the RAM instead of writing it on the Card to protect the limited writing cycles of the Card. I'm looking mainly for live and realtime data but reports and graphs are also great.

You'd be better off using the alc(4) driver from 10 stable. Unfortunately it just missed being included in 10.1. https://svnweb.freebsd.org/base/stable/10/sys/dev/alc/ Steve

Perfect, waiting on RC :D Still stable for now, but I can't restart the server, but its not something we do anyway.

With a PPPoE connection the gateway is allowed to be outside the subnet of the interface where as other types, static/DHCP etc, it is not. If you try to define the gateway manually pfSense will complain as you've found. This is not a problem. The fact that your pfSense VM can check for updates proves that it has WAN side connectivity. When using a virtual machine host and bridging interfaces I do not normally expect the host OS to use those interfaces. I can see how it might use the WAN NIC but there seems to be no reason that it should be using the LAN NIC. I would not expect that to have an IP. If you want to pfSense VM to firewall connections to the host as well then the host should not have an IP address on either WAN or LAN. Instead you add a further virtual NIC that the host OS uses to talk to the pfSense VM. VirtualBox has a special interface type for doing that but I have to admit getting that setup right has tripped me up the few times I've used VirtualBox. Steve

Update 2 Some further progress - purely by chance I unchecked "Skip rules when gateway is down" and I have now got back the behavior expected with LAN policy rules being followed. I set this rule so that traffic was NOT sent to the default gateway when the openvpn link is down - this worked fine in 2.1 but the behavior here has changed. Also, I have a dual openvpn setup, that was nicely load balanced - in this latest version only one of the VPN links is ever used with all the connections going out on the one link. I am struggling to take this further without some help.  Will revert to previous VM for now.

Ah. Hadn't considered that could be an issue. Thanks for coming back with that.  :) Steve

Thanks a lot

new install 2.1.5-RELEASE (i386) built on Mon Aug 25 07:44:26 EDT 2014 FreeBSD 8.3-RELEASE-p16 Dell optiplex GX 270 st-1023 gigabit ethernet cards Disabled onboard nic on install it shows stage 0 and 1 …... Sundance ST-1023 Gigabit Ethernet also seeing this in log kernel: ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior. trying to find where to change. Thanks for Help.. Jerry

Yes, if you limit an IP address to 96Kbps then pfSense gives it downloaded packets at only 96Kbps. So if it does torrents it will get them at only 96Kbps and will slow down only its own work. For example, I have my user's private mobile phones in a static mapped section of private address space that has a slow limiter like that - they get their mobile phone app updates and fun, but only slowly.

Potentially it could be more reliable and faster than the router. You would have to ensure that you're using only the switch hardware in the wrt54g and it's not doing any routing. That probably means you can't use it's WAN port as that's usually connected directly to the SoC, not the switch. It varies by platform though. Edit: Looking at this diagram it appears you can use the WAN port. The wifi interface is on the separate internal NIC. Steve

https://doc.pfsense.org/index.php/Traffic_Shaping_Guide#Limiter More info, please search at the "Traffic Shaping" forum section ;)

@Mike.Preslicka: I'm having an issue where my pfsense server is randomly crashing and restarting.  I am running running version 2.1.5.  I just submitted a crash report within the last hour.  Can anyone help me to resolve this issue? Thanks, Mike What kind of Atom was it? Was it a C series by chance

Yes, and if you want to run anything else, like Squid or Snort, you'll need further processing power. To give you some idea an Atom D510 is capable of pushing ~50Mbps of encrypted traffic with no other packages running. Steve

Here's an invaluable tool for figuring out your network IP address layout, especially when an ISP gives you a /28, /29, or /30 somewhere in the middle of a /24: http://www.subnet-calculator.com/cidr.php It converts CIDR to netmask and back and shows you your IP address range, of which the first (network) and last (broadcast) IPs are not usable.