Michel, Web surfing happens on port 80 and tcp only. There should be no udp port 80 traffic going out. I think I read it in the pfsense book which just came out.
I am suspecting type of traffic also. Tried controlling per IP states to 20, 30 , 50 and it seems that is not the solution. I am floored at how many states open up when someone goes to Ameritrade with Java turned on. I am talking a hundred or so states! Is this normal? Asian soap site: desitvforums.net is evil as far as the number of connections/states which open up. When two people are watrching a soap, forget using the Internet and I am suspecting it is maxing the pfsense box. I see a bunch of port 137 NetBIOS blocks on the LAN from a 10.6 OS X laptop and a Windows 7 laptop. Mehma === On Sun, Jan 31, 2010 at 2:17 AM, Michel Servaes <[email protected]> wrote: > I suspect my Alix embedded appliance (500 MHz 586 class with 256 MB RAM) is >> getting maxed out via either heat or traffic. >> >> e. Rejecting UDP port 80 on LAN >> f. Rejecting TCP 6667 (IIRC), 135 (MS RPC) on LAN >> g. Rejecting TCP/UDP 445 (SMB/CIFS), 137-139 (NetBIOS) on LAN. My imac >> and a PC laptop generate a lot of 137 traffic that gets blocked. >> h. Doing Vonage VOIP traffic shaping >> i. I use the Internet mainly via a D-Link N wifi router connected to a HP >> Procurve switch. The firewall is also connected to that switch. >> >> >> Mehma >> > > Why rejecting port 80/UDP on LAN ? I'm just curious, as I don't do that - > and it might be a good idea :) > I also have an Alix 2D13 (same specs like yours I guess) - but with some > packages installed, and three VPN IPSEC. > Also traffic shaping is active, though only for one dedicated LAN IP > only... (for VOIP). > > The only time the Alix gets some trouble (seems to me), is when doing > torrents... vr0: promiscous mode enabled/disabled all the time then. > > But for normal http traffic (even when downloading service packs or > whatever that is large enough to test sustainibility) I have no troubles > whatsoever... > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > >
