Nothing came up that I understood. So here is what was done.

1. Backup the configuration.
2. Re-install the whole pfsense.
3. Restore the configuration.

All working without any error. All running smooth now.

P.V.Anthony

I have same exact problem, Please give someone a solution.
کاشت مو

GRC also allows you to choose which port to scan as well.

Thanks very much!

This is definitely not the pfSense problem, but snort or any other packages or some settings. Try to whitelist your "blocked" sites in snort.

squid is http proxy, while I am guessing you were using Srelay on openwrt which is socks - completely different.

There is a Srelay for freebsd - if you really want support you could install the freebsd package - ask to get it added to the pfsense repo.

http://pkg.freebsd.org/FreeBSD:11:amd64/latest/All/srelay-0.4.8b6.txz

@phil.davis:

The only reason I went with the second method is because the screenshot matched the version of pfSense I'm using so I figured it was the way to do it now?

The second method does mean that if someone tries to (or accidentally) sets their client to use some other DNS, that it will be "silently" redirected to use pfSense anyway. So I guess that is convenient for clients.

The first method makes clients not work if they do not "obey the rules".

I guess it depends if you are a kind-hearted soul or "the network admin from hell".

Hehe… yah... I get it now, I think I'll stick with the kinder option for the time being ;)

More user friendly to use screen

@kpa:

I agree that the checkmark should have the same function regardless of the interface type, be it enabling/disabling the interface completely or just enabling filtering/NAT on the interface. Neither the GUI or the existing documentation give you any hints of different semantics of the checkmark's function depending on the type of interface now.

On Reddit I discussed in more detail other problems of the "pfSense Interfaces" architecture, such as different meanings of "IPvX Configuration Type" depending on the corresponding FreeBSD interface and on the selected field value itself.
Right now pretty much nothing is consistent, it's a bunch of hacks to make common (and less than common to some extent) scenarios work.
I hope they will fix it soon. It is, imho, one of the worst downsides of pfSense in comparison with major commercial solutions (e.g. Cisco).

Looks like you have 512MiB of memory and it tried to allocate ~64MiB but there was not enough free. Add more memory? Possibly disable additional services that you may have enabled, like Snort or squid.

@jimp:

The login beep is not done with a call to the beep command, but a byproduct of that login log message being printed to the console.

Did you password protect the console, perhaps? I don't think that would suppress the message but it's the only thing I can think of that might be even remotely relevant.

Beep still works fine at login on the two boxes I have here which still have a speaker.

I had the same problem.  Deselecting Password protect the console menu in System → Advanced → Admin Access → Console Options resolved it for me on pfSense 2.3.4.

Fantastic workaround!  Thanks for the idea.

@iska:

@jimp:

https://doc.pfsense.org/index.php/Why_was_FreeBSD_chosen_instead_of_another_OS

I know OpenBSD is aimed for maximum security, and FreeBSD is for maximum performance, while PfSense is for security or firewall/router, why don't they chose OpenBSD.

Because Theo.

Ok, if you insist, and will assume the liability  :)

"Put it" at "/usr/local/www"  (or in a "new directory/folder"  /usr/local/www/XXXX )

Thank you, that did the trick.

I agree with you - but you stated this

"they don't understand the underlying plumbing going on."

So unless you do, you have no idea what they are doing - right?  You say it works when both on the same lan.. So look to see what is going on when on the lan, then you can make your firewall rules to allow this, etc.

You for sure would not need to do any sort of natting here - since local networks to pfsense do not nat between each other.

Depends what is more important to you, you say it not too slow.

Keep in mind that the vast majority of net traffic not static any more - most everything is dynamic.  So your cache is not going to buy you much.. Browsers cache most of their own static stuff anyway.

Using explicit vs transparent would be better, since now your not forwarding all your 80 traffic to your proxy port and just hitting the proxy port directl.  Also what hardware are you running this on?  How exactly are you benchmarking your slowdown?

Have your users actually complained about the performance hit?

I have no experience with NtopNG - anyone else feel free to jump in…