@iorx: I there a way to jump out to shell and edit files while booting the Live-CD? I don't know of a way to do what you describe (unless what I describe below qualifies). Especially since you can't "easily" permanently change the files on the CD. Clearly you have a problem creating the initial configuration with VLANs. If there were two NICs in your system (you could temporarily add a supported USB wired NIC or WiFi NIC or maybe even assign the parallel port as an interface) you could boot from CD, install to hard drive, edit the file, reboot and assign interfaces from the console menu and then setup your VLANs. From memory, pfSense 1.2.3 requires two interfaces. During the "install to hard drive" phase you don't need functioning interfaces so you could leave the VLAN configuration until after you have installed to hard drive. From memory, pfSense 1.2.3 includes drivers so the parallel port and firewire ports can be used as IP interfaces if the necessary hardware is present in your system. Therefore it might be pretty easy to configure two interfaces to get through the initial install to hard drive, even if your system doesn't include two more conventional NICs.

All gone, sold. Mods may delete thread.

@netphreak: But I don't like it though… Only manual firmware update to future firmware releases Wasn't that also the case with pfSense prior to 1.2.3 when the images were still known as "embedded". Cheers.

Thanks ClarkNova! Clears things up a bit.

Try using an external syslog server.

The stated numbers are very conservative, depending on what NICs you have and which CPU, you may be able to get a lot more than 50 Mbps. But if you expect to get much over 100 Mb, you're going to need something faster.

@Cry: You may want to read this sticky at the top of this forum about minimum memory requirements. Yes, I have. That's the first thing I read and also made me post. It says: "It works fine under some limited circumstances" which implies that it works albeit with come caveats. Hence my question. I'm sure somebody has tried that already and found out the problems were and could report them. I would have tried already, but I'm having immense trouble making it boot from USB (it boots up to the menu, and depending what I choose I get different crashes :) ) and I ditched optical drives a long time ago, duh.

I couldn't find D-Link that falls under supported hardware in BSD, so I bought ASUS WL-130g. Problems gone. It works in WPA, WPA2, same subnet, different subnet and bridged. 7 clients connected simultaneously (some of them even have the F5D7000e PCI cards) no problems so far. I guess that Belkin F5D7000e just doesn't work as it should in pfsense no idea why. All 4 of them were giving the same problems and I did test them on other machines with Ubuntu and Win XP they are working fine there. Cheers and thanks for the help.

I kind of gave up on this.  Its a shame as its a nice device but I needed to get a replacement for the old PC I've been using up and functional and didn't really have time to mess with it.  If anyone is interested in buying it, send me a PM and make me an offer I can't refuse.  It should fit in a large flat-rate box with adequate padding for shipping in the lower 48 states.  I'll include the original hard drive and the CF-IDE adapter, but not the CF card.

Thanks.  I ended up ordering one of the Jetway mini-ITX boards with an Atom, 1GB RAM and the 3-port NIC.  mini-box.com has a nice looking case with a front mounted bootable CF slot.  All of that cost me only about $100 more than buying an Alix from Netgate.  I figure this is more future-proof

I just helped someone out last week with a similar issue, on 1.2.3 the bce network cards would never get link above 10Mbit. Upgraded to 2.0 and it worked great at 1Gbit.

@P3cca: I am contemplating on attempting to cache everything that my users browse to firstly speed up the network and secondly lower my ISP expenditure by throttling back on bandwidth oh, hopefully tricking my clients into thinking that they have a more powerful ISP than what is really able to supply. Caching is great, but it's not a cure-all. Some pages and objects don't cache. Not all your customers will be looking at the same stuff, so many (most) page requests will be cache misses. Nevertheless, it does help, particularly on update Tuesday if you have squid configured to cache Windows updates (this doesn't happen automatically, but it's easy to set up if you google it). I am looking into http://cachevideos.com/. I'm not familiar with that one, but I believe there is a cost-free way to cache youtube using a combination of squid and some downloadable package. This too is trivial to find with your favourite search engine. Should I get the best motherboard, processor and a ssd drive for the initial pfsense and plugins then add several large capacity hdd? Consider the following facts. 1. squid requires RAM as well as HDD capacity. It is generally recommended that you set your squid RAM/HDD caches in a ratio of 1/10. 2. It is generally recommended that you dedicate not more than 50% of your system RAM to squid cache. 3. pfsense 32-bit will not utilize more than 3GB of system RAM. So if you're using a 32-bit version of pfsense with squid, you will have at most 3GB of system RAM, and if you follow recommended settings, you will have at most 1.5GB of RAM cache and 150GB of HDD cache. Don't get to crazy buying hard drives just yet. Ok, so if you really want more cache, you could hypothetically go with a 64-bit install of pfsense, but now consider this. 1. 64-bit installs are available only on version 2.0beta of pfsense. It's pretty good, but there are still issues. 2. Speaking of issues, squid will currently not run on pfsense 2.0. I'm sure that will soon be fixed, but right now it's broken. As of right now, the only way you're realistically going to run squid on pfsense is with 150GB of disk cache or less. That may change in the future. How do I add to the pfsense hardware setup a couple of months down the line when Ineed to add more hard drives? A good start would be to edit /etc/fstab to have /var/squid mount on a separate device. Then you could replace this device (ie, a separate hard drive or RAID volume) in the future without interrupting your pfsense install (other than shutting it down, if you don't have hot-swap drives). You could even use NFS or something similar and have your squid cache hosted on another machine. One more thing: with 10 users, even up to 50, I expect a hard drive would perform well, but for more users, and for increased realiability and reduced noise and power consumption I would recommend considering an SSD. The biggest benefit here with many users is the superior random read and write performance of an SSD. While most hard drives top out at around 1MB/s @4k reads and writes, a $240 120GB Vertex 2 will do something like 50MB/s or more. I don't know what kind of bandwidth you'll have available to your clients on the LAN side, but with squid set up and properly tuned, your hdd activity will certainly involve a lot of random seeks. That said, I've never been able to push more than about 200mbps (20MB/s) with squid, so don't bother going too high-end. Most modern SSDs would do well, I think.

As wallabybob implied, the data rate is more important than the number of tunnels. The ALIX 2D13 on its own can only handle about 18-20Mbit or so of IPsec, and that's with Rijndael (AES 128). With 3DES it's only about 8. You can filter IPsec however you like, so that shouldn't be a problem. pfSense 2.0 beta would probably be a better start for that kind of task instead of 1.2.3, primarily due to the improved IPsec GUI and the ability to have multiple phase 2 definitions per IPsec tunnel. Bonus for the switch: You can use OpenVPN instead of being stuck with only IPsec.

Hi, You shouldn't have too many problems, a few other people have done it before and documented their experiences. Have a search on the forum. The 550e, 750e and 1250e are all identical internally (the 550e didn't have the extra ports card) so any of those are applicable. Really nice hardware in the newer 'e' boxes too, lots of upgrade potential!  8) Steve Edit: Here for instance: http://forum.pfsense.org/index.php/topic,20095.0.html

Thank you both, I have ordered it. :)

BUMP It's still available, make me an offer.

I bought my systems directly from them.

Ok thanks. Bob