Hello, I find the problem. Other users ask me to change the GUI to Portuguese. And some settings don't work in Portuguese. I set GUI to English and it works again. Thanks.

Helps when you read instructions! Its up now :) http://en.community.dell.com/support-forums/network-switches/f/866/t/19445142

Ok so I revisited my code after giving it a rest for a few days and made some progress on my original idea of creating an Alias called "Whitelist" and then programatically updating that list by pushing the config.xml file from the server, updating the Whitelist Alias, then pulling the config.xml file back to the firewall and reloading the config…. The issue I ran into was  that running rm/tmp/config.cache would not apply the changes… Today I found that if you run both rm/tmp/config.cache and then /etc/rc.filter_configure it will apply the rule! Two questions… 1. Are there any unforeseen issues with running the /etc/rc.filter_configure script… it looks like it is pretty straight forward.. and I did not see anything obvious… 2. Is there any way to preflight the config.xml BEFORE is run the commands to reload it? Like you can with Apache? I am running all kinds of safety checks in my script that updates the config.xml.. but I want to be as safe as I can be… For anyone interested here are more details… I am running coldfusion on a box that is open to all Ip address on the WAN. 1. I have a page on that server that requires the agent to authenticate to. 2. The coldfusion script looks at the users IP and determines if it is a new one. 3. If it is a new one it updates a database for that users profile and sets a flag that tells a scheduled task (cron job) that a new IP needs to be added to the whitelist. 4. The scheduled task runs every five minutes and looks for the update flag… if it sees it it runs… Here is what it does…. Gets the new IP whitelist from the server… uses putty to run a .sh script on the firewall that FTPs the config to the coldfusion server (all done inside the LAN) Replaces the previous whitelist with the new whitelist uses putty to run a .sh script on the firewall to ftp the config.xml file back to the firewall server runs a .sh script to reload the config..

I just found the vm.swap_enabled sysctl, and have now set this to 0 in the system tunables section. Hopefully this fixes it. If anyone knows any other places that swap should be explicitly disabled please let me know.

Yep with that configuration you could easily setup a VLAN that only terminates at each pfSense box and use that as a dedicated connection to route the traffic. Steve

Thanks for pointing me in the right direction. I was able to access my website using Host Overrides at the General DNS Forwarder Options.

Intermittent fault. Failing switch, failing NICs. Failing under high load or memory use conditions. Failing due to some unusual network traffic. The older Realtek NICs used to suffer watchdog timeouts with monotonous regularity on some hardware/driver combinations. Despite some concerted effort to determine a cause none was found but suspicion fell on fragmented packets being a common cause. Many people were able to eliminate or massively reduce the issue by placing a good quality switch immediately connected to the Realtek NIC. I'm not saying that applies here though, that was a much older NIC, but you can see how it could work fine for months and then suddenly fail when some new or updated piece of software starts sending differently formatted packets. Steve

any news? need to be sure my outgoing trafic is encrypted

So pfsense and squid on the same lan – lets call them pf 192.168.1.1 and squid 192.168.1.2 How would pf have anything to do with other lan members say 192.168.1.3 talking to 192.168.1.2??  Unless there was a duplicate IP, or dhcp server change?  What is your dhcp server on this lan?  Are clients static?  How are they pointed this proxy?  Autodiscovery/wpad/implicit?  What are the clients gateway - what is the gateway off this network?  Pfsense? Really need some more info to guess to that the issue could be.

I updated a different old post- but related to this- this morning https://forum.pfsense.org/index.php?topic=68229.msg467037#msg467037 I think the strange timestamps in the system log are somehow a key factor in this- because only the lines that start with "check_reload_status" have the incorrect timestamp. I am also using an embedded image.

This sort of system is outside my experience to honest. There were some issues a while ago. For example I believe this no longer applies but because none of the boxes I use igb NICs I can't be sure  :-\ : https://forum.pfsense.org/index.php?topic=69486.0 If it happens again you might consider going to 2.2 which has newer drivers as well as many other improvements. Steve

It may work just as well normally but will it come back up after an outage? With the threasholds set to their standard values if you have a laggy or lossy connection, such as a wifi or 3g/4g link, then you would exepct to see lots of alarms and down times but you still expect it to come back up by itself which this isn't.  :- I'll not pretend to know too much about apinger though it seems to behave in it's own special way.  ;) I once read through all the config scripts and still came away with conflicting ideas. Steve

Thanks for the reply–I'll look into smokeping. Not familiar with that at all. As far as the email notifications, I was looking for convenience sake. This is a site that I'm off location for, and I would prefer to just have it email me if pings go down and sort of a daily report for the logs, rather than having to check it myself.

Currently the only way to get a copy of the updated book is via the Gold subscription.

And what IP is on your lan of pfsense? that 192.168.1.155 is that pfsense wan or lan address? You would need to put a vip on the wan interface connected to the device so that they are on the same network, and make sure there is an outbound nat.

Possibly if there's still some conflict. I don't see anything immediately so I'd guess at some openvpn problem. Steve

You can almost certainly do this in php, though I never have. If you look into how this is done in pfSense is uses a function something like: get_real_interface(LAN)# It's a function in /etc/inc/interfaces.inc Steve