You can utilize commands to turn on/off/blink lights in hidden config.xml commands on bootup or on filter reload:
http://faq.pfsense.com/index.php?action=artikel&cat=10&id=38&artlang=en&highlight=hidden  ;)

like make it blink with earlyshellcommand and switch to sold with shellcommand after it's up…

Just tested this and it works (insert below your <system>tag in your downloaded config.xml and restore it again):

  <earlyshellcmd>echo 1 > /dev/led/led2</earlyshellcmd>   <shellcmd>echo 1 > /dev/led/led3</shellcmd>

This will do the following on a wrap (like a progressmeter):

light 1 turns on when system is initializing bios light 2 turns on early in the boot process light 3 tunrs on when the bootup is nearly finished

In case you have only one LED (soekris) you can try this:

  <earlyshellcmd>echo f4 > /dev/led/led1</earlyshellcmd>   <shellcmd>echo 1 > /dev/led/led1</shellcmd>

This will make the first LED blink when early in the bootup process and switch to solid when it's nearly done.</system>

You can give it a try but if things break don't say you haven't been warned. We have introduced several performance improvements that eat some ram as pfSense is targeting at bigger systems. Maybe you would be better served using m0n0wall (depending what features you need and use). m0n0 doesn't have that high requirements.

@hoba:

First you should try to get a board with the fastest available pci bus with some good nics (intel preferred). Keep in mind that all traffic has to pass pci and cpu. As you want to run snort too make sure you have enough ram in there and also a good cpu (I wouldn't go with a celeron but that's more of a "feeling" rather than experience or benchmarks). Unfortunately I don't have the possibility to bench such systems under that load though I'm interested in the results. Please post back any findings if you do tests.

Thanks, Hoba.
There was 2 hardware platforms in my firewall.
1. Celeron 400 slot 1 (m/b Abit bf6)/256Mb RAM/2Gb HDD Fujitsy/1xIntel pro/1000 desktop NIC on DMZ & 3xRealtec Nics on LAN, WAN & OPT2. Polling was used. Snort was used with almost all rulesets checked on except nearly 12 rulesets (i.e. nearly 36 rulesets), snort was set to "lowmem". Also i used ntop. There was 10 rules on WAN interface, 8th rule was used in test. In this case i have 12Mbit/s output (on traffic from DMZ to WAN).
2. Athlon 1600+/512Ram. Other hardware was the same as in 1st case. In this case i have 50-55Mbit/s output. Then i leave only 18 rulesets in snort (vs nearly 36 in 1st case), snort was set to "ac" - the result was 100Mbit/s. I think with ntop turned off it would be 120Mbit/s.
Now i am planning to upgrade my firewall and will post back my results.

I reinstalled pfsense and it works fine now.

Thanks :)

@hoba:

Check your Bios for the settings mentioned in this mail: http://www.mail-archive.com/support@pfsense.com/msg03811.html

Sometimes it seems to have problems detecting the correct diskgeometry.

Thanks man, I had packetmode off, but the Bios settings were in Auto, so that's why it happened.

Thanks again.

It will boot up to fully working state on 64 mb BUT you will encounter random process killing later when you push it too hard or use too many features. If you get it booting you should add some RAM to make it run fine.

yeah, it wouldn't just be for routing heh, of course it'd be doing other tasks, and these are xeon MP's, more like hyper threading than dual core, but still shows up as 8 heh

thanks for the input

Josh

The driver has to support altq and the axedriver simply doesn't. See http://forum.pfsense.org/index.php/topic,16.msg35.html#msg35 for a list of compatible drivers. With this nic you can't do trafficshaping but it will be fine when using without trafficshaping (besides that usb is pretty slow and might cause some other issues; freebsd's usb support is not that great atm).

thanks jeroen234
I'll bet that is what I am seeing.

I upgraded from RC2 to RC3 using the full upgrade and I had done the same for RC2.

I have an optional interface running, traffic shaping, and a separate package (ntop) running.
I'm betting this is just using the extra memory.  It stays around 60% so I'm not worried.

thanks for the input

@box_l:

hi,

for those of you who are interested, the type of null modem cable required to see the BIOS is shown on

http://www.lammertbies.nl/comm/info/RS-232_null_modem.html

about half way down "Null modem with partial handshaking"

i had to make my own as i tried about 8 cables from colleagues and friends to no avail.

very satisfying when it worked, i can now boot from a cd on a dual connector ide and should be able to install direct. (if the installer outputs to the serial console correctly!)

BoX

Nice to know. Didn't know there was soo many different kinds. I just bought one off ebay for a few bucks and it works great. Can get into the BIOS too.

@Phusho:

My problem is overpowered CPU on 266 Mhz ;) must change the system if have problems with more traffic for now it is not issu\

Edit: the numbers from the previous post are time 10 bigger it is for 30 Mbit/s when pfsense is at 100 % not 3 with m0n0wall top speed with the same system is about 50-60 Mbit/s. 30 Mbit/s is more than enough for the current use :) 10x for reading.

A 266 MHz, if we're talking about a WRAP or Soekris 4801, will push about 30-32 Mbps with pfsense, and 40-45 Mbps with m0n0wall.  If it's a generic PC with a 266 MHz proc, numbers will vary depending on what type of machine, what NIC's, etc.

Those numbers are for an optimal transfer - single TCP stream, optimal packet size, etc.

Depends, you won't get a bios labeled year 2006 but in case you get an old version that is still newer than the one you have I would give that a try.

I used http://netgear.com/Products/RoutersandGateways/WiredRouters/DG632.aspx?detail=Specifications several times already. Supports Bridgemode, bridgemode with router doing the pppoe only (probably what you need though I have not tested this yet) or routing mode including DMZ IP.

DMZ (opt1) : Bridge with none, 10.1.1.1 / 24
LAN : Bridge with DMZ, 192.168.2.1 / 24

wai is the lan bridged with dmz ?, this will make from 2 subnets only 1?

There are quite a few ARM board resellers, here's one without mini-PCI:

http://www.embedian.com/index.php?main_page=product_info&cPath=1_17&products_id=181

And a selection for AP's:

http://www.compex.com.sg/home/OEM/product_ap.htm

Expensive developer board:

http://shop.directinsight.co.uk/catalog/product_info.php?products_id=799

So its probably more of a wait and see which manufacturer has a reliable and popular yield at reasonable price similar to WRAP.

@Willem:

I am getting no carrier on the WAN, right after plugging in WAN it loses connection. I have tried to change config.xml like;

<media>100 base TX
<mediaopt>full duplex</mediaopt>

Looking at ifconfig its says autoselect none</media>

I doubt that these options are correct. Did you run ifconfig -m to see the valid options for your NIC?
For example, a sis interface on a wrap shows these options:

sis0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500 options=8 <vlan_mtu>capabilities=48 <vlan_mtu,polling>inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::20d:b9ff:fe01:2c8%sis0 prefixlen 64 scopeid 0x2 ether 00:0d:b9:01:02:c8 media: Ethernet autoselect (none) status: no carrier supported media: media autoselect media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP</vlan_mtu,polling></vlan_mtu></up,broadcast,running,promisc,simplex,multicast>

You have to enter the options in exactly the same way they are output here, without spaces.

But first do what Scott recommended, use a crossovercable and see if that makes a difference. Hardcoding settings usually causes just problems if not both sides are hardcoded.

@lsf:

But even with 2x cloaking (20mhz channel) it does 100mbit +.

Now that's impressive  :o.
Thanks for clarifying the Atheros 802.11N ;).
Anyways I've made up my mind.
I'm going for a net4801-60 and a CM9.
Maybe it's not THE mean machine but it sure will do the dirty work here at home.
In the future I may look out for 802.11N.
Cheers

Having the hard drive power down would only cause you a delay when it was needed and had to start back up. Hard drives really arn't loud these days. I ran an old 233 dell box with hard drive and it was barely audible unless up close.

However if you want it dead silent get an IDE to compact flash adapter and a compact flash card. I have this setup in my nokia ip330 box, costs around 30 bucks for the card and adapter. Works great.

Yes, we will look at adding this in a future version.

If someone wants to create a package, go for it and we'll commit it.