You are quite correct in  saying that Hollander however I don't think that's what haleakalas meant. I read his comments more along the lines of it's just not worth bothering with for a home network. Certainly a lot (most?) of the malicious traffic Snort looks for is that coming from a compromised server or of tools attempting to compromise a server. If you're not running any servers at home much of that is just never going to happen.
I do not run Snort at home. The last time I did the false positives outweighed any advantage it gave me. I realise that's quite subjective though, many people here would tell you you're not properly protected unless you're running IDS/IPS. At the other end of the scale are people who say that firewalls are a just a fudge anyway and that everything should be publicly addressable (IPv6) and inherently secure. Certainly there have been security exploits discovered in software/hardware to which the manufacturer has responded 'this isn't a problem because it should be behind a firewall' which is unacceptable in my view. The ubiquitous presence of firewalls promotes this attitude to some degree.

Steve

Thanks Jim. That's what I was looking for.
Thanks Charlie for the correction. My mind was elsewhere thinking about SSD optimization rather than pfSense and FreeBSD. To tell you the truth I didn't even know that they were not available in FreeBSD, it's good to know. We have been dealing with another batch of zapped SSD drives lately after less than a couple of years of field use and when we tried to get to the bottom of the problem this was one route that we investigated. Anyway… Thanks for the correction and info.
Halea

Another vote for I350…T4 in mine, and its excellent!

@docwho76:

Hey gonzo, when will the C2XXX retail box be ready? I want to give Netgate more money. :)

early 2015

@blinkenlights:

@gonzopancho:

The C2k parts are rated to 90C (some of the smaller ones are now rated to 100C).

The SoC will throttle itself to prevent any damage to the CPU.  56C is fine.

It is good to know that the C2k chips will take high ambient temperatures and keep ticking.  However, I had my eye on the published specs for the SMC mainboard (60 *C) when I made the hasty wiring update.

I always design a system or application to outperform expected conditions, as I hope the SMC engineers also do - but I also would not put it past them to trigger a thermal shutdown at 60.9 degrees and leave the system in a funky state at the next power cycle.

or you could just buy from a vendor that doesn't do this.  IJS…

So, basically you are trying to setup a plain vanilla pfSense and additionally you want a wifi access point in bridge mode with your LAN subnet.

Start by setting up pfSense and make it work. If your hardware is right, your install is right you should have it up and running in no time.
At that point you should have nothing but a WAN cable from your pfSense box to your Internet Modem, and a LAN cable to the network switch box. (and a computer connected to the network switch with an ethernet cable - NO WIFI YET, that you would also use to run the WebConfig on pfSense)

You may want to check that pfSense's console shows your public IP on the WAN side and your LAN private subnet address. You should be able to ping any public server out there assuming that they are willing to respond. Try to ping www.grc.com, it should resolve to a public IP address and give you ping feedback. The same way, you should be able to ping any computer on your LAN by IP address.

If any of these is not working your pfSense is not properly set. Go back and check your dynamic ip settings on the WAN, the static IP setting on the LAN, the DNS server addresses, your DHCP server settings on the LAN side (if you're using DHCP for your LAN side computers/devices)

Again, until everything said above is working flawlessly do not even touch to wifi, access point, etc. You are in the wired ethernet world right now.

Once you're done with the above, it's time to leave pfSense alone!

Now, setup your wifi access point whatever that is. Linksys with dd-wrt in bridge mode I understand.
So, you should have only one single wire connecting your wifi A/P to the network switch box. It might go to the WAN side or to the LAN side of your wifi box (Linksys) depending how the bridge is built with dd-wrt.

Work on it until it is fully functional, meaning that with a wifi connected computer you should be able to ping, and access any computer on your local network.
If you're not there yet your problem is isolated to dd-wrt and Linkysy wifi box. Just focus on it, do not change anything with your pfSense config. Do not waste your time trying to access public servers on the internet, etc. You should be able to see your own LAN first before you get any internet traffic.

When this much works, you should also be able to ping the LAN side of your pfSense router.
So try to ping your static LAN IP address on pfSense. If everything is done, next try to ping some outside, public servers like www.grc.com (from your wifi connected computer/laptop).

Well, you should be done by now.

Edit / Addition:
If you get to make everything work and after a while you notice that you can no longer access the internet via your WAN, check pfSense's console for dynamic IP loss with your internet provider. If that's the case try to reboot and try to figure out if it is going to loose its IP again and how much time after reboot. Repeat your test a few times until you have a firm idea that this is happening over and over and within a certain time-frame. Meanwhile do not change any other parameters/components in your overall system. If you consistently loose your IP, it's likely that you have a NIC problem (hardware or device driver -wise). Install a new, maybe different type of net interface, reconfig pfSense's interfaces and start testing again.
The WAN dynamic IP loss scenario is what I experienced repeatedly when I was trying to use a USB/Ethernet adapter.

Hope this helps.

Halea

I'm studying the mating behaviors of squirrels now. Stupid A.D.D.

Anyway thanks for your help. I'm wondering of there wasn't something in the old image that triggered the Complex Programmable Logic Device to stay on. I may come back to it later, right now I'll just play with it as it is. It has four gigs of memory and plenty of storage. Maybe I can move the components to a smaller form box and

Realtek 8111G should work just fine with pfSense. Can't vouch for its performance but it works.
As for Gryphon Z87, although I have been an adept of the ASUS brand for a long time, I think that super-duper military grade motherboard is a major(-general) joke!  ;D Stay away.
Actually I wouldn't fancy either mobo to build a router around.
Halea

Ha, I'm clearly not hanging around the right places on-line.  ;D

Steve

@haleakalas:

I realize this is very old stuff, but I am curious if the original posters have any fresh input on this subject.

I've been looking for the same thing, i.e. being able to monitor the AC loss on a laptop running pfSense and shutting it off gracefully when it happens. My understanding is that there is no package or patch capable of doing it with pfSense or FreeBSD. Although it's my understanding that PC-BSD can do it but then PC-BSD has a ton of additional software…

Btw, I am currently using an old SmartUPS electronics card to monitor the AC presence and the nut package to alert pfSense, but I want to eliminate the SmartUPS board in the cookie box before it became a fire hazard or worst - killed me, as unwittingly, once in a while I reach into the box trying to fetch a cookie to no avail except for the nasty shock  :P

Halea

I was working on a laptop widget and package to provide for battery monitoring, and possibly allowing inserting entries to /etc/devd.conf to perform a graceful shutdown on low battery threshold the admin sets.  I've been running pfsense off laptops for a long time now, and am working some new deployments on Dell laptops.  I will try to get back and see if I can spend more time on this.

Note that the laptop must support ACPI, etc and that information must be accessible via sysctl.  From what I can tell, most Dell laptops circa 2008 or newer (Core2) should be fine.  The few HP laptops I have tried also seem to be OK in what is reported, though I've decommissioned any HPs I was using a few years ago so I have nothing to test against.

For now, visit my post from last year: (screencaps in post)

https://forum.pfsense.org/index.php?topic=69807.msg382229#msg382229

64-bit allows for easier addressing of large memory space but it also offers protected memory space. In addition, the WAY in which memory is allocated is different.

Overall, 64-bit architecture will almost certainly offer you AT LEAST as stable and efficient of a platform compared to what you are used to.

@Wolf666:

Yes, now you should be ok.

Great, thanks for the help!

One more questions, will this USB serial cable allow me to configure pfsense on the APU board:

http://www.ebay.co.uk/itm/281329973320?_trksid=p2055119.m1438.l2649&ssPageName=STRK%3AMEBIDX%3AIT

@haleakalas:

I don't have experience with such a high bandwidth configuration although I played with many modest gigabit configurations.
But the point on which I would like to comment is about VLANs.

Contrary to some belief out there VLANs hardly add any overhead to the packet processing capability of a switch or router. In fact from a router's perspective it's a lot better as some of the traffic (not intended to the router) never actually makes it to the router as the switch does the presorting of packets. So, in a VLAN environment the apparent router performance goes up a bit, and generally speaking VLANs are actually very good for the layer 2, layer 3 processing.
In any event, if turning on VLAN functionality on your router suddenly makes your router look like it's overworking, it means that your hardware is underpowered or border line. But I bet it won't happen in your case given the hardware that you are contemplating.

Halea

Hi Halea,

You make a good point re: VLANs.  If 2.2 can handle the kind of pps I'm talking about, then the processing of the extra 32 bits (where applicable) probably won't make a difference in a negative manner.  If I can make sure that pfSense can handle this kind of traffic, I hopefully can do some really sweet performance testing and report back with pretty graphs.

Thanks!

Thank you Halea for your detailed response.

I'd like to build a pfsense box just to familiarize myself with pfsense capabilities.

Greetings,

I had my share of such HDD/FlashUSB resizing needs/issues and I usually proceed as follows:
I happen to own Paragon Hard Disk Manager 2010 Server Edition which has a built in "rescue disk creation" function.
Using that, I created boot CDs and Flash USB disks to startup any intel/amd based hardware.
When I boot with the rescue disk I have access to the full Paragon Disk Manager functionality which includes drive partitioning resizing, etc.
I use the resizing function to change my partitions. This version of Paragon is Linux aware and moves things around properly.

To the best of my recollection only once I had problems and I believe it was on a flashdisk for beaglebone black (not pfsense related obviously).

Historically I was successful in doing the same with other commercial software such as PartitionMaster, etc.

If you don't have one of those, you may want to check if they have free versions as "rescue disks". (Paragon and EASEUS websites)

Finally, as a completely free linux product you might want to try bitdefender's rescue disk. I believe they have a gparted version capable of doing the same. I hope I am not mistaken as I haven't used it in a while.

Hope this helps.
Halea

Hi Nicolas,

did you find a solution? For now I'm facing the same issue. 4G as Backup using the embedded SIM and miniPCI Express lot.

Thanks for your replay!

Oliver

I can't find any direct reference for the UTM5 but the UTM10 seems use a CN5010 and they share the same firmware so it seems likely.
I'm sure it would please quite a few people to have pfSense running on those Netgear boxes but it seems like it would require significant work for zero return.  I'd love to be proved wrong though.  ;)

Steve

@gonzopancho:

You guys know we have a C25x8 mini-itx board coming, right?  :-)

Yes I know….I just opted to buy a Gold subscription and built my unit....cannot wait  more to have my pfSense gear ;)