Hi again, Under 1.2.3-RELEASE, it seems that when I edit the config.xml with the following : @bb-mitch: TO MAKE THE CHANGE PERMANENT ADD COMMANDS TO CONFIG FILE (DOWNLOAD, EDIT, RESTORE) JUST BEFORE SECTION <shellcmd>/sbin/ifconfig fxp0 10.0.0.1/24</shellcmd> OR <shellcmd>/sbin/ifconfig fxp0 alias 10.0.0.1/24</shellcmd> AND <shellcmd>/usr/local/bin/redir –lport 8989 --cport 80 --caddr 10.0.0.138 &</shellcmd> … the SNMP daemon fails to start properly.  If I stop then restart the daemon from the GUI, all returns to normal, but ideally I'd like to be able to have the additional IP and the REDIR happening on startup without any other complications. It also occurs to me that if this interferes with SNMP, it might also interfere with other processes I haven't yet detected. Any thoughts? -- Phob

Thanks makes perfect sense. Thanks. I should be getting the book delivered this week. The install wouldnt be til Aug so I have some time to test everything out. Know a little about VLANs but correct me if I am wrong, I could get switches that have vlan capabilities so I dont have to buy those little switched right? Each Cat5 feed would go to a separate switch with the power going to a APC7750 for redundant power. IPs arent a problem, I have 16 priced in and adding more is only a few more bucks a month. Thanks again Jon

Help Please. i have 2 pfsense servers with CARP enabled…failover and VIP works fine but can't get squid to work with VIP. I have squid installed on both servers and it works when sending traffic to the individual IP's but doesn't work with VIP. Is there anything i'm missing here ? your assistance will be much appreciated. Thanks

The problem (question) is I can't see this automatically added rule but CARP works. # pfctl -sr | grep vlan16 block drop in on ! vlan16 inet from 10.29.252.0/24 to any block drop in on vlan16 inet6 from fe80::211:aff:fe53:4460 to any pass out quick on vlan16 all flags S/SA keep state label "let out anything from firewall host itself" pass out quick on vlan16 proto icmp all keep state (tcp.closed 5) label "let out anything from firewall host itself" pass out quick on vlan16 all flags S/SA keep state (tcp.closed 5) label "let out anything from firewall host itself" ... user rules ... pass in quick on vlan16 inet proto tcp from any to 127.0.0.1 port = 8039 flags S/SA keep state label "FTP PROXY: Allow traffic to localhost" pass in quick on vlan16 inet proto tcp from any to 127.0.0.1 port = ftp flags S/SA keep state label "FTP PROXY: Allow traffic to localhost"

I didn't do anything and it works today. OK i to be exactly truthful i did hard reboot yesterday before i went home. :-)

Is there any solution for this problem ? or any work around , i want to test my settings before moving to production . should i expect save behavior from VMware as well ?

It's a non-issue on 2.0, where IP aliases are handled in the GUI as a type of Virtual IP.

Hi Jimp, Thanks for the advice, I will schedule a window for next week, in the mean time I will try removing the affected addresses and re adding them. Have a good day,

Great, thanks again for the help.

If you are not using CARP type VIPs, then the IPs will not be pingable. Look at the wiki-page to VIPs for more information. You dont need to do anything (like creating a 1:1 forward) for the VIP to function. The VIP will bind to the interface on which you create it –> Not necessarily on WAN. You set the subnet on the same page on which you create the VIP. You can use CARP-VIPs even if you dont need CARP functionality. If you set up a VIP (any type) and forward stuff from it  (and allow it with firewall rules) to a server behind it should just work. I'm not sure i understood what your problem was. Did you test from the outside? Did you try to access it from within your LAN? Did you look at the pfSense wiki ( http://doc.pfsense.org )? There are quite a few howtos.

They were definitely both using HTTPS on port 443 with identical passwords. The weird thing is that there were no errors indicating success or failure in the System Log.  If it claimed bad password or can't connect, then I would have something to work with. Instead, I'd make a change and nothing would happen. Also strange was that it would work for a while after a reboot, so it wasn't completely non-functional, it just stopped working after a while? shrug

I believe so, what I do know is they have HSRP configured on their end, which from what I understand is just VRRP, but Cisco's rendition. Thanks for your help JimP, you are a good man.

Doh!  I read that you're not supposed to define sync settings on the backup so I didn't try that.  It must have meant to not define the other settings near the bottom.:( Thanks a million, everything works great now.

we basically couldnt get any configuration to work with the opt1 output. so we gave up on that. currently we have it configured back to the cable modem smc 8014. that has 1 cable go to the pfsense. and 1 cable go to a switch with the xbox's on it. using static ip's. this way has intermittent issues with allowing the xbox's to stay connected. they always have to retry connection to get it to work. so now i had an oceanic tech replace the modem. but it is still having the same problem. where it does not always pull the static ip's correctly. they tell me anything after the modem is not their problem. even though all im doing is adding a switch to the modem to allow more ip's to be pulled. basically i want them to put it in s pseudo bridge mode with statics. this disables everything on the modem/router to allow my devices to pull everything how they want. but oceanic does not support this mode and will not allow the user to put it into this mode. so im at a loss of what to do. so the tech was cool, and we actually are neighbors. so maybe he will find the right level 3 tech that can help me with my problem

Firewall –> Virtual IPs --> CARP Settings Is what gets synced.

Read the text by 'subnet mask' carefully. I doubt your WAN is a /32…