@Derelict: There is no OpenVPN package on 2.1.5.  It's part of the base system.  Are you talking about the client export utility? Anyway. Now that all that is out of there, step back and take another look at the /tmp/rules.debug and all your interfaces and rules. My apologies, yes the client Export Utility for OpenVPN.

The first line shows that 4 haproxy processes are running, if you have long living sessions, and a few applied config changes that could be fine.. It could also mean a few did not shutdown properly.. You might want to check the pfsense systemlog it should show what pid was running and what gets started..(if package was recently re- installed) Either way it seems indeed maxproc is high enough for haproxy… What you could try is to install lsof, and check for open handles. Not sure if that will work.. lsof | awk '{print $2}' | sort | uniq -c | sort -n then check if the pid of haproxy indeed has a high number of handles.

That didnt work out too well… This morning, SSH to ALL machines on LAN failed (Temporary DNS name resolution), the firewall was suspiciously slow (and not responsive), I couldnt reach the internet from any machine... Deactivated all rules under OPT1, and rebooted the firewall, all is back to normal. For now I will assume this is only a glitch in the firewall and not related to my OPT1 rules, unless someone can point out that it is..

Thankx for asking! Forget about it, just a strange idea after not enough coffee this morning… We're all safe, I guess :-D

Also debugging my procedure … I noticed that the first time I run mysqld (for the root password setup, etc) I have to run /usr/local/etc/rc.d/mysql-server onestart After the root password is setup, I can then run /usr/local/etc/rc.d/mysql-server.sh [start|stop] :-[

Thanks a lot cmb for your your kind and accurate answer… Pedreter.

http://www.logicsupply.com/components/expansion-cards/ade4rtlang/ http://www.logicsupply.com/components/expansion-cards/ade4inlang/ If you can find the motherboards that the above two devices fit, that might be an option. I have one of the motherboards and I have a total of 6 1Gb NICs (2 onboard, 4 daughterboard)

Something not right with that NIC, probably a mis-programmed EEPROM. Easiest work around would be to keep the interface in promiscuous mode (which is why it works with tcpdump running), alternatively if you use a diff NIC it's not likely to be an issue. A <shellcmd>to run "ifconfig em0 promisc" would work around (search doc.pfsense.org for info).</shellcmd>

A client on your network is pulling something from 184.29.106.120 via HTTP. That's an Akamai IP, which is a CDN used by a bunch of companies to host their downloads. Best that shows is someone is downloading something. Filter states for the external IP to find the internal host.

@stephenw10: Interesting. So what are you running in the jails and what is hosting, FreeBSD? Steve Host is pfsense and the jails run FreeBSD. I don't think an alternate setup is possible. I believe pfsense can't run in a jail, and jails cant run anything but FreeBSD. I have a guest with asterisk, and another with apache/transmission/samba.

Squid is probably running on port 3128, not 80. The GUI is probably on 80. Check/change squid to be on port 3128, and configure your browser's proxy settings to use port 3128 and not 80 for the proxy.

You will either have to configure the software firewall on your workstation to answer an icmp echo or turn off the software firewall completely.

Are these all public IPs? Steve

@cwyant55: I'm assuming I could also assign the "old" WAN IP to the new box and get it working without rebooting our Verizon box? Thanks for your help. Not in the most common scenario, where the additional WAN IPs are IP alias or CARP VIPs. If they're routing your additional IPs to your WAN IP, then you'll have to move over the WAN IP so the routing functions. That's less common.

@johnpoz: Look at the thread he linked too - sorry but a dns server that does not answer recursive queries has nothing to do with pfsense. Refering to my link? DNS Forwarder is part of the pfSense install.  DNS Forwarder is not answering queries from clients on the LAN.  This is a fresh install with no packages and no changes outside the setup wizard.  And it does seem that a number of people are having connectivity issues after upgrading their boxes. Not sure how thats nothing to do with pfSense. I think what Im seeing so far is that a couple of us have the " Allow DNS server list to be overridden by DHCP/PPP on WAN" box unchecked.  In my case the WAN of this particular machine does not get its address via DHCP and has to be set static.  When I get home I may try and play with this setting on my other 5 installs and see if I can break any of them. https://forum.pfsense.org/index.php?topic=82479.0 https://forum.pfsense.org/index.php?topic=81086.0

Really thank a lot to all