hey there, I know it sounds like a step backwards but it may be worth replacing your card and drives with something very generic and SATA based. Chances are it will be more compatible and you can reuse the card and drives elsewhere since having fast disks is of no use at all to PFsense.

i have obtain an ZyDAS adaptater but when i setting it, i go a reboot and all time the machine gone the loading again reboot …

Oops! I phrased that badly.  :-[ The CPU in the Xbox 360 is indeed an [url=http://en.wikipedia.org/wiki/Xenon_%28processor%29]IBM Xenon, as you originally wrote. It is Power PC architecture. I was pointing out that it is very different from Intel's Xeon processor which is X86 (64) architecture. Steve

@stephenw10: @luckylinux: Do you think I could run the phone along these two wires too or the phone needs more ? Sorry, I'm not an expert, and normally there are the phone plugs but here … no, just two wires  :D. Furthermore I'm not sure it's worth to call an electrician that I'd have to pay. You are more likely to get a phone connection down some old wires than DSL. The speed of DSL is very dependant on the signal quality which in turn is dependent on the length and quality of the wiring between you and the exchange. It can be badly effected even by one bad connection. However you definitely only need two wires to get both phone and DSL connections. I should point out that I'm in the UK so although this stuff is generally applicable across the pond the socket wiring scheme is different. There's plenty of US info out there though, e.g.: http://www.wire-your-phones.com/ Steve Thank you and sorry for my late reply. I think at the moment I do not want to spend extra money for a secondary connection. Maybe in the near future, but I'd like them to confirm me the DSL works good enough.

That's all true. The PCI bus is limited to 133MBps as you say. There are quite few P4 systems that use a PCI-X bus (64bit at 66MHz) for this reason, some systems have a special bus for network cards. I would only use a P4 if I happened to have one already (I have several  ::)) the cost of much faster machines is now so low it's not worth it. Thanks for the shout!  ;D Steve

Just an update, I ordered this kit yesterday, went for the isk 300-65 in the end so it's silent and should serve my needs for power. I'm sure once the kit arrives I will be needing lots more help!

@stephenw10: Robi's two year experience was, I think, running a standard install from a flash drive which is not recommended, at all! That actually was not a pfSense installation. It was an Optware package system added to a DD-WRT router, extending the capabilities of an Asus WL-500GP router with standard DD-WRT firmware to lots of clever things (including Asterisk). Dropped that setup mainly because it wasn't able to handle the increasing WAN bandwidth available (Asus WL-500GPv1 has a 266 MIPS CPU with 32MB of RAM and 8MB of NAND Flash). Now I'm planning to re-use these Asus routers with DD-WRT-based Linux firmware as OpenVPN clients to pfSense, on smaller remote sites. For this I won't need any USB sticks at all, OpenVPN binary is already compiled in the fw, and there's about 500kB of free space in the NAND which can be mounted as JFFS partition to hold custom configs. Disabling logging and it will run just fine for a couple of years…

8 Intel Gigabit NICs, $30.  :o Nice! Steve

Sadly I ended up goign the MikroTik way.  I frankly spent far too long messing with the kernel etc. attempting to get additional performance.  All those efforts failed :(

Did you replace this with another alix board? I'm having a similar issue with mine. It doesn't want to auto negotiate to the cable modem. Well, it tries, but the link goes down after about 10 seconds. It tries again, and the link again goes down. I can get it to connect by forcing the interface to 100mbps half or full duplex in pfsense. What's weird is that it auto negotiates on boot, and works just fine. However, if you unplug the cable while pfsense is running, then it'll never auto negotiate again until the next reboot.

Monitoring your gateway is fine. If it's something that is generally very steady over long periods of time, like as shown in the quality graph, and only changes when you change things local to your end, then it is probably safe to pinpoint that back to local changes you've made. I didn't realize you were referring to the quality graph over long periods of time, sounded like you pinged things on occasion and were accounting a 1-2 ms change as something you did - even for your gateway you'll commonly see more than 1-2 ms variance from one time of day to another depending on many different factors, but that won't necessarily always be the case. Checking a ping time on occasion is much different than comparing repeated ping history like the RRD graph shows. So you probably do have that kind of difference from going to ESX in that case. Why I don't know, there isn't that much difference generally. Pinging from the physical server this site runs on, through a firewall in ESX, out of ESX up to the datacenter's router, adds 0.2-0.3 ms vs. pinging the LAN IP of the firewall (and has response time in the neighborhood of 0.5 ms, close to what LAN to LAN pings commonly are), and that's nothing more than adding the ~0.2-0.3 ms response time from the firewall's WAN to that router. That's more or less the same as a fully physical network would see, so it's not typical of ESX.

read: http://www.pfsense.org/index.php?option=com_content&task=view&id=45&Itemid=48 http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49 http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43 That answers everything except whatever you're referring to by "MAC vulnerability", you'll have to explain that one. In general, anything bad you can do at layer 2 is impossible for any router or firewall to prevent, must be done on the switches or APs for wireless.

hmm thats true cmb considering the box was a rare find @ the auctions, i cant complain might look for 2 intel gigabit pci-e cards, the board supports them

I figured it out, I found in another FreeBSD forum (lost the link) that I need to add: hint.acpi.0.disabled=1 hw.ata.ata_dma=0 to the /boot/loader.conf. Once again, I am a noob, but I would imagine this would be because I cannot modify the bios settings for acpi etc. Now it boots perfectly!

Certainly i would give this test if i had the test hardware, which i don't. If someone wants to donate an IX… for testing it certainly would help.

If you want to use a firebox use either the X-Peak, which has all Intel NICs, or the X-e box, Marvell Gigabit NICs. Both are far more powerful than the X700, both are way less powerful than a PE1850. There are plenty of people using the X700 (or equivalent models) without issue but the Realtek NICs in them are flaky: @rl(4): The RealTek 8139 PCI NIC redefines the meaning of 'low end.' This is probably the worst PCI ethernet controller ever made, with the possible exception of the FEAST chip made by SMC. ::) Steve

Ok, you've put my dreams to manage the entire connection in one device to sleep. Thx Jimp.  :D @jimp: I've seen way too much DSL equipment fried by power surges/lightning strikes, even when it's been properly grounded, to ever put a DSL or Cable modem directly in any piece of equipment I care about. (Worked with a DSL ISP for years) DSL CPEs are a dime a dozen. There are really no good reasons to put a DSL card in a pfSense box that are not offset by the disadvantages. Replacing a DSL CPE may cost you $20 or so. Replacing an entire box because the card fried the entire system can be a couple hundred.

Snapshots are here: http://snapshots.pfsense.org/     (currently seems to be down for me  :-) In fact though the Intel NIC drivers in 2.0.1 are backported from newer versions of FreeBSD for this exact reason. There's a good chance it would be supported in 2.0.1. (Edit: Looks like it isn't) Steve

Yes, that's what I would do. To minimise hardware and hence power consumption it may be possible to do something clever. If you are running OpenWRT/DD-WRT on the wrt54 (if not why not!) you can probably have a VAP running to support your guest wifi. Then you could route each wifi AP via VLANs in the wrt54 and send all the traffic via a vlan trunk to the pfSense box. One cable, two devices. Probably a nightmare to get right!  ;) Steve