Are you saying it disables remote logging also? The logs in the pfSense GUI are the logs on disk. Disabling the logs on disk will disable the logging you can see in the pfSense GUI. Remote logging via syslog should still work, though. It's basically doing exactly what you told it to do – though perhaps not what you expected. If you want to see logs on pfSense, they have to be stored somewhere. They aren't buffered in memory, they have to go to disk. You could try putting /var/ in a RAM disk if you're concerned about disk writes, though that has other caveats.

well what is the gateway you set on pfsense wan?  If points to your router as its gatway you would have internet access for all your vms just like any other machine on your normal network.. Since out of the box pfsense would nat all the traffic to its IP that is on your normal network. To get to vm1 you would need to setup a port forward for what port you want to send to vm1 IP in pfsense, then hit pfsense wan IP from the linux box on that port. Only if you don't have pfsense not natting do you run into complications because of possible asynchronous routing and your isp router not know how to get to the downstream network that is behind pfsense, and not setup to nat that network or even allow it, etc..

Someone just updated ticket, I'm sure I'm not alone :)

The default wan rules block all unsolicited traffic, so out of the box the web gui is not available via the wan.  You would have to have created rules to allow access via wan.  So I find it pretty unlikely that web gui not accessible before upgrade that it would be accessible after upgrade.  Nor would it be available on clean install of 2.3 without intervention to the default config. Please post how you believe that web gui is available via wan interface..

Ok, thanks for the reply. I've just tested it. Seems to work, I have the IP I ordered. I'll look into the logs if I find any such entries.

@jbhowlesr: So I added the rules from the links above and I'm finding intermittence in whether these services work or not. This is such a but pain. This quote is probably the best way to end the post. I can't stop feeling I kicked a hornet's nest here. In hindsight I think johnpoz answer was the better answer in a higher order of right and wrong. It seems more and more home users are using PFSense  and rightly so. Regarding Default Deny, M.Ranum once wrote:"It takes dedication, thought, and understanding to implement a "Default Deny" policy, which is why it is so seldom done." This is especially true for a home environment. Number 1 for any home user should be the manual. For a DD policy you must know Network basics, protocols and ports etc.  If not you may drive yourself mad if your internet hungry kids don't get to you first. Go back to the Default PFSense Lan rules and call it a day, no harm , no foul. In my view if you are running Microsoft you have bigger problems anyway in your network. :o sorry, don't shoot the messenger. I noticed the "Feedback" post and debated to reply here or on that one. Since your subject line was succinct I wanted to make sure others of future searches were well aware of the possible issues. I repeat Default Deny is not for everyone. If I sparked your interest, Great! But on the forums you may be hard pressed to find someone to know what is running on your private network. DD policy requires intimate knowledge of what is running on your machines. Only you can figure that one out. Research before implementing and a good grasp of network protocol and basics is a must. I do not think there will ever be an easy button for this type of setup. Sorry if I started you down a path you may not have wanted to travel. But, hey,  you asked.  ;)

Ah thank you :)

Thanks heper for pointing me in the right direction. This pfsense is running on a vm machine under virtualbox. There is a setting for the bios clock if it will send UTC or local time to the vm machine. I had it on Local and it needed to be on UTC for pfsense. Changed it and waited out the last update time of rrd and then the reboots are ok. I believed my clock was Ok since I have ntp on the host server and ntp in pfsense. /Best regards illern.

Oops apologies for not searching the bugtracker

thank you guys. will try to disable in BIOS. I will play a bit more with squid, hopefully, it is just human error. Thanks, will update. Update: 1, changed to dedicated to avoid fail over. NOT from within BIOS, but from web config. 2, squid works after fresh reconfiguration. Don't use old config file.

This was the issue: https://forum.pfsense.org/index.php?topic=109763.0

chpalmer- If your using ports 0-3 try moving over to ports 4-7 until you get your replacement.  Once the ports start going they tend to run in pairs… Thanks for the heads-up on the NIC ports. I remember reading in the excellent "Firebox" section of the forums that the right side ports (msk0 thru msk3) were suspicious, and based  on the comments I've avoided using those.  So I'm reluctant to make any change pending the replacement firewall(s.) Still, wondering about the root cause.  I was under some duress, and didn't copy the logs before rebooting.  A quick glance at the dashboard gave the false impression all was okay.  Seems like the auto-reboot script similar to https://forum.pfsense.org/index.php/topic,17243.0.html could have brought the box up without my intervention.  Seems there's mixed thought on reboot scripts, but I've now added a variation that might come in handy, if called upon. Thanks everyone… Peter

2.3-RELEASE is out today

I get to plug another hole in my knowledge every day. That seems to have fixed it.

I had issues upgrading from RC to 2.3 release but I did a clean install in like 15 minutes I was back up and running. Thank you all who were involved in the project and getting 2.3 released. Well done guys. Very impressive release.

I just updated pfSense to 2.3 and added that line to System Tunables. Let's see how it goes now. Regarding Hardware: ASUSTeK COMPUTER INC. P8H77-M PRO Intel i3-3220 re3: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">re2: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">re1: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">re0:<realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet=""></realtek></realtek></realtek></realtek>

Not that it's likely to be an issue, but it looks like phil.davis and sinhkh87 were using two different alias names - sinhkh87: Alias created with name wordpress_org phil.davis: It worked for me looking up the exact same name wordpress.org and pressing "Add alias". Still much more likely to be "updated-before-current-changes" problem, but just in case….....