Yep, a plain vanilla typo - pull request https://github.com/pfsense/pfsense/pull/1369

I've tried that to no avail.

@StefPar: Thanks Steve, because my network is an offline network i can't use auto backup package so if you can i need an example about backup from console.. thanks Try this: #/bin/cp /cf/conf/config.xml /mnt/backup/pfconfig/config-`hostname`-$myDate.xml This should make a copy of your configuration to /mnt/backup/pfconfig just adjust this to the location where you want to have it. In my case, this is an SDCARD.

It was an outbound NAT problem.  A while back while testing some diferent OpenVPN configs I had changed Outbound NAT over to manual.  I changed it back to Auto and everything's working perfectly now. I appreciate the suggestion!

That will only work to let you into a small number of pfSense devices until it trips the bug again. Also it would forget any other HTTPS certificates that were manually marked as trusted. That db can be managed from inside the settings on Firefox, though it's still a poor workaround for most of us. If you're on 2.1.5, apply this patch: http://files.pfsense.org/jimp/patches/cert-unique.patch Afterward, from the shell, run: pfSsh.php playback generateguicert Then the GUI will use a certificate that Firefox won't choke on. If you're on 2.2 already, run the command above from the shell. It's already present. Certs on fresh 2.2 installs are fine.

You don't  But that is not a normal configuration.. I would do it this way, since if your sending 22 to .3, that is not really www.foo.org now is it ;)  So ssh.foo.org would be better or ssh.www.foo.org if you wanted.  I have to assume your sending both http and https to .15 so www.foo.org points to .15 works for both of those.  And 10k.foo.org for port 10000 pointing to .19 you have 4 different IPs there they are not all www.foo.org  Other way you could do it other than NAT reflection is actual forward on your lan side that says if going to IP 10.0.1.15 (www.foo.org) on port 22, really send it to .3, same for your 10k port

thank you guys..and it works perfectly great

Thanks for the insight, I will remove the virtual CD drive and see what happens I was just caught off guard because these pfSense instances have been running fine for over a year now only to suddently start being unreliable like this.

It's apinger.  I think I restart it by turning gateway monitoring off then back on for the interface.

The external IP addresses using the most bandwidth are Akamai & Level3 caching servers.  Are you running Squid cache?  Is it possible that a Windows Update or some other large blob is being downloaded to your Squid cache?  That would explain high bandwidth into WAN that isn't being passed out to LAN.

You are right! I just tested using speedtest.net, and now I see the 800Mbps peaks without issue.

So curious are you actually using ipv6?  If not another option to remove the noise is remove it at the source by turning off ipv6.  Sure looks like ipv6 multicast for something to do with UPnP/SSDP with that destination. You can track down what is generating the noise..  And turn off ipv6 ;)  No noise, and less garbage on your network.

Thanks Bill for your reply. I was on holiday out at a remote location so could not response quickly. I will check the material and see if it would help me set this up quickly. Do you also have any literature on how to setup IDS and IPS with snort.

That's great, thanks guys  ;)

That was it!  I thought the Bundled Support Information link would just open a PDF like many of the other links in the pfSense support areas but I was wrong!  Thanks! [image: ScreenShot050.png] [image: ScreenShot050.png_thumb]

Thanks Jimp and KOM. KOM, When reducing the squid cache to 500mb and flushing squid did not free up any space I started to hunt for the culprit. Jimp I wish I looked at the inodes before i started deleting 60 Gig of SARG files (Just to be sure). There were a zillion small files in there. running a single rm -R * on the sarg-reports sub directories took 7 hours to complete.  Now my disk space is pitifully empty: $ df -hi Filesystem    Size    Used  Avail Capacity iused ifree %iused  Mounted on /dev/ad0s1a    81G    1.9G    72G    3%    42k  11M    0%  / devfs          1.0k    1.0k      0B  100%      0    0  100%  /dev /dev/md0      3.6M    46k    3.3M    1%      27  739    4%  /var/run devfs          1.0k    1.0k      0B  100%      0    0  100%  /var/dhcpd/dev Thanks for your help! looks like we solved this one.. I am putting it down to the inodes being full. Needless to say I removed the zero in the reporting options Cheers..

so your gateway is .145 what mask did you put on the vips? You sure its not just your server firewalling?  What are you running for your webserver?  Is it linux or windows based?  I don't understand why people do 1:1 why not just forward the ports you want? If was me I would create all the vips, and then setup rule on wan to allow ping.  And validate they all ping.  Then move on to what ports on what IP you want to forward to your inside boxes.

pfSense log files are binary circular logs of a fixed size. They do not "rotate", they roll over. https://doc.pfsense.org/index.php/View_Log_Files_in_the_Shell The size cannot be changed on pfSense 2.1.x or before, but it can be changed on pfSense 2.2 in the Settings tab of the system logs.