Try to disable UDMA. See http://devwiki.pfsense.org/BootOptions for how to do that and how to make it default.

thancs tho HOBA, i have tried what you've wrote, and its work

i have new problem now, i cant open the web configurator. I cant ping the lan interface, always show messeges :

rl0 watchdog  timeout
rl1 watchdog  timeout
rl2 watchdog  timeout

all my ehernet interfaces doesnt work. i shows not a normal detection on my ethernet switch. i try to move the ethernet card to other pc, it works ok.

i don't whats the problem. i think my cpu is in trouble.

any idea

You may want to check the hardware compatability list to make sure your NICs are there - if not it is hit or miss...

gm...

Try here...

http://devwiki.pfsense.org/FullInstallOnWRAP

That will get you going in the right direction

gm...

25mb for a single client, with 2 clients it drops down to around 5-6mb, by the time 20-30 are simultaneously transmitting - not too good. I dont expect high speeds, just need to keep people from complaining, there are a couple of small apps they access on a local web server, and some misc web browsing for the rest. I use untangle content filter so internet bandwidth is regulated pretty well, just need to provide decent access to it for laptops - so if I can provide 1mb throughput to 20-30 clients, this would be great.

My experience is real-world.  I am the Network Administrator for a library system in Florida and we have implemented a Wireless Network for patrons and guests to use.  I have setup three AP's in each library location (17 libraries) running on different channels with the transmit power settings setup to minimize overlap while still getting a good signal for wireless clients within range of the AP.  Even with this configuration we normally do not have more than 12  - 14 people on the system at one time as the radio-collisions are such that the throughput drops to the point where the individual client may only get about 150 - 200 kbit/sec link speeds.

To "increase" the throughput would require running all the radios in a round-robin CTS/RTS scheme - that would relieve a good deal of the radio-collisions since each radio would require permission to send from the AP.  What this does is reduce the collisions and subsequent re-transmissions of the radio packets thereby increasing the overall throughput.  The round-robin scheme is the same as used by the old Orinoco Karlnet setup - of course that is proprietary in nature so you would have to write your own "system" to control the radios.

In my configuration it is not cost effective (nor do I wish to take on such a task) since a patron or guest machine would have to be configured to run in this mode and most barely understand how to turn on their laptops (remarkable how many people have laptops but don't understand how to use them) and software would have to be loaded into the laptops to implement the radio control.

If you are looking to cover 25 - 30 laptops with wireless connectivity at 1-mbit/sec throughput speeds then you will need a good number of APs running low power so as to keep the total number of laptops serviced by each AP to around 4 - 5 ...  Just the nature of 802.11.

Hope this helps...

gm...

Most likely not - have you tried a null-modem cable?

I use a USB to Serial adaptor on my laptop to "talk" to Alix boards all the time but have a Cisco serial cable between the adaptor and the Alix serial port - it is a null modem cable.

gm...

Yeah, firewalls were on 1950's, then today I upgraded them to 2950's, since I knew I was going to have to run snort, and I was moving more traffic over..

Will check out that link - thanks.

Side note - snort sure does like blocking Akamai

If you are running in a production environment you may also want to checkout:

http://www.freebsd.org/cgi/man.cgi?query=pae&sektion=4

Just a suggestion....

gm...

Hopefully I was not mis-understood when I stated "a three channel" separation - by that I mean if you are using channel 3 for one radio the next channel minimum to use would be channel 7 (you don't count the channel you are using in that three channel separation count... )...

gm...

When there's 8 gigs in the box, 4 gigs is a limit :>

Where's the kernel source?

Sheesh... Why not move half of that 'extra' memory to a second box then use CARP for redundant failover capabilities!

gm...

Doesn't this bring only a difference of 3 dBi ?
(--> half the power of the signal)

Normally - Yes - it is about 3dbi... but there is a bigger issue here...

If you run the radios on the same channel then you will effectively *reduce* the total throughput as only one radio can transmit at a time on the same channel!  Compound that with the fact the client radios will also be wanting to use the "air-space" so the total throughput will be even less...

The better way to go would be to run the radios on different channels, with at least a three channel separation to reduce crosstalk interference since the radios are so close - and use "stacked" antennas (one over top of the other separated by at least one wavelength (about 12-cm or so) to reduce crosstalk as well.  To keep all the clients from "selecting" one radio over the other you may want to consider using two different SSID names and telling half the clients to use one and half the clients to use the other - that will insure they are spread across the radios evenly.

As for OLSR - you could use it to "link" to remote repeaters then have the clients link to the repeaters - but now you are getting really complicated!

As for running two NIC wired interfaces - probably not going to gain much, if anything here as the radios will only give you about 18-mbit to 22-mbit effective throughput each.  I have yet to see a radio's throughput match the advertising hype (grin).   If you are running 10-mbit NIC wired interface cards then using both will make a difference but most NIC cards today are at least 100-mbits so will handle two radio channels without any problems.

gm...

Is it possible to use PF sense as a standard internet router, without having a WAN interface?  To connect 3 network subnets?

Yes - under the "System -> Advanced" tab just check the "Disable Firewall" selection and the pfSense acts like a POR (plain ole router).

as for the WAN port - it is just another port.

gm...

Just curious - do you have all four ports connected to a hub or switch so they are active???

I have run into the situation where the interface had to be active before it was detected - especially if all the ports were on the same interrupt (I have not worked with that card so I don't know if it is the same)...

gm...

if i klick on the "apply" button at the "general settings" -tab, these errors occurs

Warning: Invalid argument supplied for foreach() in /usr/local/pkg/squidguard_configurator.inc on line 540 Warning: implode(): Bad arguments. in /usr/local/pkg/squidguard_configurator.inc on line 320 Warning: Cannot modify header information - headers already sent by (output started at /usr/local/pkg/squidguard_configurator.inc:540) in /usr/local/www/pkg_edit.php on line 35

Greetings
Heiko

Sounds like "direct" output to web server from the PHP scripts instead of "buffered" output.  I have not looked at the php  configuration in the pfSense system - is it set to buffer output???

Just wondering...

gm...

Hmmm - There was some mention a little while back about creating a driver for the mini-box.com ( http://www.mini-box.com/picoLCD-20x2-OEM?sc=8&category=490 ) display used in their M-200 and M-300 cases.  Would this driver be applicable???  If not - how hard would it be to adapt???

gm...

[YOU CAN NOT USE PACKAGES WITH THE EMBEDDED INSTALL]

Better?

before:

If you want to use packages you need to use the full version --> install to a HD. Alternatively you can use a Microdrive (Harddisk in CF format).

after:

If you want to use packages you need to use the full version --> install to a HD. Alternatively you can use a Microdrive (Harddisk in CF format).
--> YOU CAN NOT USE PACKAGES WITH THE EMBEDDED INSTALL

definitely more succinct. 

gm...

I want to shutdown my Alix board when I have to do some kinds of maintenance which is not possible through a SSH connection.
I've just set up my Alix, but I don't understand how can I safely shutdown it: if I choose "Shutdown", it reboots again:

Code:

*** FINAL System shutdown message from root@pfSense.local ***
System going down IMMEDIATELY


#
System shutdown time has arrived

pfSense is now shutting down ...

Waiting (max 60 seconds) for system process `vnlru' to stop...done
Waiting (max 60 seconds) for system process `bufdaemon' to stop...done
Waiting (max 60 seconds) for system process `syncer' to stop...
Syncing disks, vnodes remaining...0 0 done
All buffers synced.
Swap device ad0s1b removed.
Uptime: 29m36s
ukphy0: detached
miibus0: detached
ukphy1: detached
miibus1: detached
ukphy2: detached
miibus2: detached

The operating system has halted.
Please press any key to reboot.

PC Engines ALIX.2 v0.99
640 KB Base Memory
261120 KB Extended Memory

...

The thing you have to remember about an embedded installation is the filesystem is normally in the read-only mode - it only switches to read/write mode to make changes that carry across reboots (such as updating the config.xml file that contains the configuration information).  The "rest" of the "filesystem" is in RAM and if power is lost it is not anything critical, such as log files and temp files... to power off the system you just pull the plug

If, on the other hand, you do a full install then you are running in a true filesystem on disk that is read/write and you could corrupt the filesystem by just pulling the plug - there you would need to perform an orderly shutdown.

How can I understand when is it safe to switch off electricity to the board before pfSense loads data from CF again? There is no beeper and the three LEDs are unused at this time.

Yea - if would be nice if the LEDs were put to use - I may look into it as some point later on but I am now buried in a kernel mode in a different environment (linux) for a different project... argh

When I chose "Halt system" from console or SSH, I expect FreeBSD syncs all cached data to disks and to see a message like "It is possible to power off" and it stays there without rebooting, as the old Win98 screen if you ever used it.
It will be obvious for you, but I am new to these new amazing hardware...

Think of it as a appliance - much like the way a Linksys wireless router works - all of it's filesystem is contained in a compressed filesystem file and is "clooped" up with links to the RAM - the kernel uses the links to read information and program files in the filesystem and runs everything in the RAM - pfSense works somewhat the same way but is not using a "compressed" clooped filesystem (I think - could be wrong but I am sure someone will correct me here ).  Being a read-only system it is rather very hard to "corrupt" the filesystem!

Another question: is it true 12RC-4 embedded images are broken? Have I to use 12RC3 ones?

I don't know - have not worked with the 1.2RC4 image yet

gm...

Thank you.  I've read the requirements.  I should have been more clear, when I said small I mean in inches. 

I think you are limited depending on the number of NIC interfaces you need.

Probably around 3.5 X 5 is the smallest that I am aware of - of course you application (bandwidth and filtering capabilities will play into the board size as well - memory and what not, and if you are looking to make it a full install you have to take into account the hard drive size as well).  Of course you will need to house the board in a case so that will increase the size some - the Alix boards work out to about 6-in X 6-in X 1-in for the Alex2 series and the Alix3 series comes in around 4.5-in X 6-in X 1-in (measurments are in a case using the embedded version of PF in a compact flash).

I guess, if you can program a cell-phone pda you could get it smaller but then that would definitely increase the cost too (grin)...

Just some observations....

gm...