What's coming in on WAN cannot come in on LAN as well. It has to leave the unit, doesn't it?
If traffic enters on both interfaces then you have a NAS.

@Spectrum48k:

I suppose it's future proof - my ISP here in the UK keeps doubling my speed at no extra cost. Its going up 50Mbps to 100Mbps soon, so I'm guessing in a year or two an i3 might be ideal, although they do a J1900 Celeron too? Might check out the TDP figures and see what's the best fit.

Tried looking for just a motherboard with dual intel LAN which ARE about, ie the H270N and H270M from Asrock and Gigabyte, but then you need to find a low TDP processor and looking through the latest Skylake and Kaby Lake, they all seem to start at 35W. Why did Intel abandon the Atom? I wonder how long til we see an ARM based board with dual LAN, pushing 100Mbps?

In 10 years it'll still be overkill.  The specs in my sig were running 2 x 1Gb LAN links, and 2 x 100Mb WAN links.  A persistent SSL site-to-site VPN tunnel, VPN connections, several web servers, and dozens of users behind it.  Several pfSense packages and some creative policies/routing too.  The CPU never went above 15% at any time.  And it was a dual-core CPU.

If you use pfsense as your internet router and not only some captive portal setup - then yes it would need to be on to access the internet ;)  But why would you want to turn it off every day?  Unless you have it on some way over powered machine it would use very min power.  Something like the sg-1000 could be used for a small office and its power draw is

Power Consumption 2.5W (idle)

Its bigger brother the sg-2220
Power Consumption 6W (idle)

Even bigger brother the sg-2440
Power Consumption 7W (idle)

There should be little reason to not leave any of these on over night..  Your talking less, like half that of the power draw of LED bulb…  At the 7W mark, and high cost of 0.12 cents per Kwh your talking like 7 dollars a year to run...

If the cost was 10 times that it wouldn't be worth the effort of turning it off and on every night ;)

@Cyberben:

I can use my browser to get to the machine through WAN/dhcp.

When you setup a router / firewall device, you hook yourself up for initial setup using a local serial port (could be a serial over USB), or a dedicated NIC, or, by default, the future LAN NIC.
Never ever the future WAN port.
That goes for pfSense and any other device on this planet.

Knowing this, you will find this :
@Cyberben:

I simply tell the machine there is a LAN NIC I loose connectivity to WebGUI.

… normal.

"ftp server is IBM mainframe and that's location is in our main office. "

Then why would you be natting inside your own company?  So you running what OS z/OS?  sftp (ssh) is available on pretty much every OS on the planet..

"those force us to use cmd ftp to get some files"

Not really no..  there are many ftp clients you could run on windows that allow for scripting that support way more features than the built in cmd.. If your using active then install ftp active package for pfsense for your clients behind pfsense..

https://forum.pfsense.org/index.php?topic=89841.0

ftpclientproxy.png
ftpclientproxy.png_thumb

Did you solve this? just got the tg-789 (fttn) trying to bridge it.

UPDATE
By using IPv4 Configuration Type DHCP it now connects however the gateway shows offline

WAN_PPPOE IPADDRESS 0.0ms 0.0ms 100% Offline

@xenu:

I have a UPS connected to my NAS box, and it runs nut.
I have pfsense UPS configuration set to : "Remote NUT server".

The problem is if I have a quick blip where the power goes out for a few seconds and returns, the pfsense box shuts itself down.

The shutdown timing is controlled by the NUT master server. Some UPSs have an issue where they send a low battery notification almost immediately after going on battery which will trigger slaves to shutdown. To change this, you need to set ignorelb on the master server.

See 'ignorelb' in the ups.conf man page.

Thanks. That did the trick.

SSH is useful for troubleshooting, transferring files, and restarting the webgui if for some reason it stops responding.

You can block both (webgui/ssh) to only be accessible from a management network, that would prevent all possible exploits in those services as to exploit either someone would need to be able to send it at least some 'malicious' packet..

@DeLorean full version on USB should work fine, just make sure to enable memory disk for /tmp and /var.. Anyhow its the only choice going forward with 2.4..  https://forum.pfsense.org/index.php?topic=121255.0

The SYN retransmit looks like there is nothing accepting the connection.. Would think nginx aint running then..
Can you try when the problem occurs?:

Then while trying to access the webgui:

Anything special configured/installed? bridge/HA/squid/snort/suricata/other? Any portforwards that might be preventing traffic reaching the webgui?

@a_thiha:

…. I reinstalled pfsense.

Version 2.2 ???????????

Thanks guys. When I get home I'm breaking out the coffee & starting the process of chasing where the config is broken

–-
Edit: I got home & you were correct it was a configuration issue. Embarrassingly I setup my static IP  incorrectly on the WAN side. I've corrected the configuration & everything is working now. Kicking myself for looking at that 4 times & missing that the subnet was incorrectly configured.

Appreciate your help & patience

Is this Sierra?
My first idea - don't use PPP. Not sure that the drivers for other modes (qmi, mbim) are available on FreeBSD though.
I'm currently using Sierra's EM7455 on Openwrt based router.

@barbatrukko:

@Gertjan:

You checked this : https://doc.pfsense.org/index.php/Executing_commands_at_boot_time ?
Or this : the Cron package ?

Hi,
the first link is about "boot time" and is not what I want: i want that all days at some time system execute a command.

The /etc/crontab file is constructed at boot time.
Use the info found here https://doc.pfsense.org/index.php/Executing_commands_at_boot_time to "add" your own lines. The will last because the file only gets created ay boot time.

why would something that is local to 1.2.3 even talk to pfsense to talk to something else on 1.2.3..

"Now we have lots of App and Links with us from long ago configured with IP 1.2.3.5"

You configured stuff to use an IP and not a FQDN??  Yeah fail for sure..

You do understand that a machine especially a webserver for example can have more than 1 IP on the same network right.. So your new server can have 1.2.3.4 and 1.2.3.5 and serve up stuff on port 80 for either of them..  Your server could serve up http (80) on hundreds of different ips if you wanted too, etc..

What you should be doing is redoing all your stuff that have a hard coded IP in them..  This is just bad bad bad idea all the way around!!