I didn't know there was a package like that. Thanks @Jimp

Hi Steve, thank you for your answer… unfortunately both solutions didn't work... mbmon -c1 returns No Hardware Monitor found!! InitMBInfo: No error: 0 and sysctl -a | grep therm or sysctl -a | grep temper return no results… :( Ok, I got it, I will upgrade my firewall sooner or later... :D EDIT: and yes, ACPI is enabled in the BIOS setup, and recognized during the boot... (ACPI APIC Table: <compaq broadh2o="">) Thanks, Michele</compaq>

Check this: http://forum.pfsense.org/index.php/topic,64790  ;)

Updating the firmware to the latest release appears to have fixed whatever issue it was. I wish I was able to determine what happened, but don't have the knowledge on BSD to do so. I will put all my settings/packages back in place and see if this happens again. If it does not after a few weeks, then I will wipe the disc and reinstall fresh and chalk it up to some obscure setting or config that developed on the pfSense install. A hardware issue on the machine it was affecting would have been better as I would have found the issue I suppose. I don't like "not knowing" what would cause such a weird situation really. Oh well. Thank you to all the responses.

Sounds like you have a bit of testing on your hands.  Enjoy.

i found my answer! https://doc.pfsense.org/index.php/Remount_embedded_filesystem_as_read-write

I'm sure you have had it explained but: Port 135 is certainly not a port that needs to be, or should be, exposed to the Internet. Hacker tools such as "epdump" (Endpoint Dump) are able to immediately identify every DCOM-related server/service running on the user's hosting computer and match them up with known exploits against those services. Any machines placed behind a NAT router (any typical residential or small business broadband IP-sharing router) will be inherently safe. And any good personal software firewall should also be able to easily block port 135 from external exposure. That's what you want. *******  And this is whats causing your inability to connect probably ******** In addition, many security conscious ISPs are now blocking port 135 along with the notorious "NetBIOS Trio" of ports (137-139). So even without any of your own proactive security, you may find that port 135 has been blocked and stealthed on your behalf by your ISP. So, it doesn't much matter how awesome your security and filtering is, your ISP is in all likelihood not allowing it. VPN really is the way to go.

You could probably handle the group issue within pfsense but I'm not sure about DNS by time.  Anyway - Good luck.  :)

/tmp and /var are just memory disks (md0 and md1). On nanoBSD there is nowhere to move them., they live in memory and get created again every boot. The CF card partitions are mounted read-only, and you don't need to mess with that. pfSense mounts them RW when it needs to update the config. On the CF card there are 2 slices with 2 copies of FreeBSD. When you upgrade, the new version is writtten to the opposite slice. Then the selected slice for boot is swapped, and the system rebooted. It boots from the new slice, and you get the new pfSense+FreeBSD. The advantage is that, at the console, you can change the boot slice just after the BIOS stuff has run. So you can switch easily between versions if needed. The config is in a partition of its own, accessible from both the other partitions. Take a backup of your config before upgrading, as upgrades usually have some config file conversions, so the config is not always backward portable. IMHO you should upgrade in-place. It is easy and works. If you have a decent internet connection then use the auto-update from the webGUI. Otherwise, download the upgrade image for your CF card size and use the Manual Update from webGUI to suck it off your local computer and upgrade.

There have been regular posts about this. Yes, the (now known as) Electric Sheep Fencing guys are producing this sort of thing, and it will be a paid commercial product. No delivery date promised or estimated.

I hate seeing when my firewall is blocking things its supposed to block by default.  I always think to myself. "Ohhhh look.  Someone trying to get into my blocked port…  Thats nice".  No action needed. Its like the 10,000,000 hack attempts on my openvpn that is just forever ongoing from what appears to be an inexhaustible supply of random IPs out of China.  They don't have my certs, so who cares?  Let them waste their time.

Ah, OK. Glad you resolved it.  :) Steve

hello. I'm reopening my question. I'm now getting intermittent connection using the ping command. sometimes "request time out" will appear out of nowhere. This was generally bad when my customers were surfing the net and the gamers were affected here the most. I've already tried directing my dsl to my main PC (pfsense closed) and I haven't gotten any successive RTOs after 1 hour. So I suspect something is wrong with my pfsense. already installed pfsense anew (entirely deleted my old pfsense from the VM) and re-followed the directions told here and still the same problem. just in case I already enabled UPnP & NAT-PMP. same IPs as above. edit: sorry guys false alarm. it was my internet after all. I'm so fail. dsl needs fixing.

I have attached a diagram of my network. The access from the outside is made through WAN1, which is a modem router with port redirection to the pfSense IP address on port 80. In pfSense I have a NAT port forward created to redirect the traffic from the outside to the web server on the DMZ on port 80. This NAT port forward has an associated firewall rule to allow the traffic. I can access the server well and the speed is the same. The problem exists when I try to download the file. Thank you for your help. [image: network.jpg] [image: network.jpg_thumb]

ok it was a driver problem. i just tried the module from NeverSimple posted here http://forum.pfsense.org/index.php/topic,65355.msg366244.html#msg366244 and now it's working :) After plugging my wan i have an IP, no need to reboot nothing.

Running Squid and Dans in 256MB is always going to be a tight fit. If it's working OK for you be happy about that.  ;) So yes 85% seems entirely expected, quite low even. Steve

@mauirixxx: I'm running a Fortigate 80C @ work and have a site to site ipsec VPN connecting my home office to it. I've yet to try openvpn, as the ipsec config "just worked" for me. Office is a static, home is dynamic. So yeah, totally doable with ipsec. Yes, i know its doable, but not with pfsense on the work/office since pfsene NEED a static IP on your home box. I have setup other solutions and many boxes dont need to have a IP for the home box. I think it is made this way so the office could connect to the home, but if home had a stay alive checkbox there isnt any reason to use static ip on both places.