@podilarius: I know how passive ftp works. I'm connecting from a LAN side client to a WAN side passive ftp server that is listening for incoming connections on a HIGH port >1024 – NOT port 21. For this to work I'd have to open the port on which I connect to the server (e.g. 30000) + all ports >1024 for PASV data transfer on the LAN interface and thats exactly what I DON'T want to do. As mentioned FTP Helper would help with this, but since it doesnt track FTP connections on high ports (as Ermal mentioned) it's useless in this scenario. @ermal: thanks for clearing this up. Already thought that FTP helper would only work when using port 21. === My solution for now: Connecting to the FTP through a socks proxy which isn't restricted as much as the LAN side clients. === Please let me know if there's any "better" way to do this.

@michael.jesse: I tried to access the GUI through a Web interface again and it did not work. I tried to ping the gateway (192.168.1.1) and it failed. I rebooted the router and ping is successful, but still cannot access GUI. I tried to get on through HyperTerminal, but that connection failed as well, both through Winsock and SSH connections. Is there any other way to access this short of reformatting? Can you get on via keyboard and monitor? If you can, you can go into /cf/conf/config.xml and remove the errant NAT entries. Once that is complete you must reboot for it to take effect. This might allow you get in, otherwise you if you can get into console, you can set it back to factory defaults and reload from last known good backup.

If only your webmail service uses port 443 then you can get around it with HA Proxy or similar. Otherwise yes, for all services other than HTTP you need one WAN IP for each service you want to share a port.

You can report issues via the pfsense bugtracker at http://redmine.pfsense.org/ and code patches via https://github.com/bsdperimeter

@pf2.0nyc: temps in the room are 69-70* F and humidity is acceptable. That's nice but the significant temperature is the one in the CPU die. Perhaps you don't have enough air flow through your box, maybe the CPU heatsink is too small etc. There has been some discussion recently (in the hardware forum if I recall correctly) about use of the coretemp kernel module to monitor CPU temperatures. You might find some useful ideas in that discussion.

The DHCP server is on the PFSense box and clients connecting to the switch on any vlan will sometimes send 2-3 discovers to the DHCP server and the PFSense log will only see one of them or sometimes none at all. OK, for the ARP table, I think I found the problem. For some reason or another, my laptop's MAC address is the same as the PFsense box's interface. I'm going to try changing my MAC address and run some tests.

Hi, I am using the 2.0 final version and avahi is eating my CPU… any idea why?

Manual outbound nat means that you will specify how and wen pfSense will nat. If you delete all outbound nat rules, you are telling pfSense to just route outbound traffic.

Hi, same here. Do you have solved the problem?

@ozric: when i connect to the apo the notebook gets the right ip via dhcp, but there no portal. Is the pfSense OPT1 interface connected to the AP WAN interface or one of its LAN interfaces? Does the notebook get its IP address from pfSense or the AP? (Perhaps the AP has a DHCP server running.) What does the notebook use as its gateway? What does the notebook use as its DNS?

yes only serial part of putty isn't working - very odd but probably my issue. I'm not using a USB dongle - when I put hdd with XP pro in the same exact machine with same exact cable hyperterminal works fine so its something software related. I figured out a way to use hyper terminal on W7 so i'm all set… Thanks for the help & answers. Interested in trying to get that fixed but not the end of the world if it can't be fixed.

Yes you could. I had some routing problems when using bridge + routing but you can try. If you need more options, you can set all public ips at wan and Forward(or balance, or filter) the traffic To internal or dmz servers using: nat pfSense load balance apache+mod_security varnish haproxy And then apply traffic shape

@m4rcu5: When can we start testing with 2.1? Running stable is not so exiting as running beta  ;D so true…so anti climatic now... its not the kill, its the thrill of the chase...bring on 2.1 :)

You should use Site-to-Site VPN to achieve this. How to do that is described here: http://doc.pfsense.org/index.php/OpenVPN_Site-to-Site_%28Shared_Key,_2.0%29

I have experienced one or two boxes going doing because of power fluctuations and multiple restarts (which is another bad thing to Alix boards - no ON and OFF switch). The issue is not me being lazy but rather the client being totally dumb when it comes to the hardware and of course I would have to spend hours on the phone to get them to change the CF card. So, if I could have a USB back-up of the OS, I can give that to the client along with the box and then can simply replace the USB to get operation running which would not require me to fly down to their location :-) What boards similar to Alix do support USB booting? Or would it be an Intel Atom board? Thanks

If it's any solace I have the exact same issue on XenServer 6 beta and my 2.0 RC3 box is performing flawlessly as well.

SOLVED! Found some old config file - couple of days old, restored from it and after some time, so far the system is working, and connected from LAN to Internet. So I am sorry for making a lot of noise for no-thing. Anyways, thank you very much indeed for attention, and keep smiling, guys and girls! :)

Sorry i have no answer for you, but you have struck interest in me here.. i have just been wondering how i can go about creating a second mirrored pfsense for redundancy.. is that actually possible?  I have 1 physical pfsense box currently.. but i do have a VMWare ESXi server that i can run multiple VM's on..

Please post a snapshot of the output of pfSense shell command top -S -H when the system is 100% busy.