If you suspect it's a cacheing issue you could always turn off the cache in Squid and try again. As I've said, it may be worth checking your Squidguard settings and making sure you haven't got an overzealous block in place.

This would come in handy for managing multiple UTMs, especially if there is a package install/update that can be done to 2 or more by a single click. Also if a package configuration change can be pushed to multiple UTMs.

https://forum.pfsense.org/index.php?topic=81014.msg442131#msg442131

@kanters: Hi, I'm running pfsense 2.2 in a VM on Hyper-V. Connected to 2 virtual switches (WAN & LAN). The problem i'm having is that there is no internet connection from the LAN side to the WAN side. I can however connect from the WAN to a website located on the LAN. The problem is, I think, a routing issue. Since my knowledge of routers/firewalls is very basic I kinda need some help with troubleshooting. Please note that my IP address has a gateway that is outside of the subnet. Let me explain this a bit further. I own a server of soyoustart (part of OVH), they are a large company where you can rent dedicated servers. To fix the problem of pfsense not allowing a gateway outside of the IP subnet you have to run the following commands: Lets assume the IP address on my dedicated server (NOT the failover) is 1.2.3.4. In this section i needed to change the last octet to 254. so it would be 1.2.3.254 So i would type in this… route add -net 1.2.3.254/32 -iface em0 <hit enter="">route add default 1.2.3.254</hit> source: http://forum.ovh.co.uk/showthread.php?6507-ESXi-pfSense-and-failover-IP This always used to work with pfSense 2.1.X. Can anybody help me out? ps. I can ping from the pfSense console to the internet Did you add your Gateway in the web interface for the WAN details? I'm also testing 2.2 on Hyper-V at OVH (I've been running 2.0.3 successfully for over a year) and had the same problem. I found that even though you're running the script to add the route etc it also needs the gateway adding in the interface, even though it doesn't work! My 2.2 has been running at OVH for a couple of days now (testing only) and has no problem passing traffic with this configuration. I do still have the calcru error, but I always had that with 2.0.3 too and it never caused an issue.

Hej! So I have replaced now my CF card with a new one and it still has the same behaviour like mentioned in my first post. It reboots every now and then (like minimum every hour once). So I guess it is a problem with the hardware alix-board. What do you recommend as a replacement … my setup is ... one guest wlan (with captive portal) one private lan/wlan (where NAS, network printer, ...) ... and additionally I want to setup VPN, radius-server (for VPN authentication, wireless network authentication and NAS authentication) and a proxy Thanks, Rodney

I've seen this question pop up on this forum before. The only way to bypass a proxy for a specific domain that I know of is to use a proxy.pac file. The browser you use will have a 'automatic proxy configuration' field in the settings. You put the URL for a proxy.pac file that you post on a web server (possibly directly on the pfSense box) and enter instructions in the .pac file to tell the browser whether to use a proxy for a specific domain or to bypass it. The following link should give you some further information on how to do this: http://www.cyberciti.biz/faq/howto-use-auto-config-proxy-pac-file-for-specific-domain/

@pf2.0nyc: Assuming I want to keep my current rules and filtering between all VLANs, would throwing hardware at the problem solve this? Sure. Depending on why hosts are on different subnets/VLANs but still have to be accessible. With an L3 switch some of the routing might be relocated to hardware.

It's ok now. I've just rebooted the modems :D Thanks

Ah what a div.  :-[ Shoulda checked that. Thanks for the hint, that's exactly what it was. I'm more used to iptables I suppose with it's default policy of accept. I've added a rule now letting my test subnets through and all is workink. Can get on to the internet from the host on 192.168.3.0/24 subnet. :)

Just for the record: To make sure, your pfsense squid proxy will use the upstream proxy also for SSL connections, you need to add the following line in your configuration: always_direct deny all

So any fix on this issue? Any new updates?

I could do some test based on the recommendations by KOM and johnpoz. For my situation, it seems i was to stingy with the hardware settings on my vm's. Since i upgraded vCPU's from 1 to 2 and vRAM from 512mb to 1024mb, the problems are gone. While setting up the appliances i configured with this guide: https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5. There they speak about 1vCPU and 512mb vRAM if you have e few or no packages. I only use OPENVPN Client Export Packages in addition to the baseimage. So i thought 512mb will be enough. Now the error/problem is reproducable. when i go back to 512mb vRAM and change some NAT/firewall rules (only enabling/disabling) pfSense stops working as described earlier after about 20-30klicks. With 1024mb vRAM the error does not occour, even with 100dreds of klicks.  ;) My presumption ist that pfSense 2.2 with FreeBSD 10.x requires more vRAM the in older releases. Here for Reference my complete seetings: ESXi 5.5 Build 2456374 / pfSenseVM: HW-Version 8, FreeBSD 64bit, 2vCPU, 1024MB vRAM, 8GB vDisk Thick, 2xE1000 NIC BTW: the ancient ESXi Version i was using before has nothing to do with the problem. the problem is reproduced on the my old ESXi box aswell on the new.

Were you originally aiming for a bridged setup? (transparent firewall). Steve

Thank you all for replying. It ended up being NAT. I had it set on "Manual" and changed it to "Auto" at some point after the upgrade (didn't need the port forwarding stuff any longer). For reasons beyond my knowledge, the reboot of the server removed all NAT entries (Outbound) on the box. Changing this to a "Hybrid" NAT fixed the issues; placing the proper NAT entries on the system. Thank you all for your help - I can't thank you enough.

Maybe you can answer Ermal's question: @https://redmine.pfsense.org/issues/4326: Does net.inet.ip.dummynet.io_pkt_drop increase during this time? Steve

Do a fresh install and restore the config backup.

Enable logging on your default rule on your LAN and try and connect to IMAP again. Please also list us the packages you have installed on your network and if you could show us what you're seeing in your system and LAN log that would be good too.

In short there  isn't anything that can do it without adding a syslog server on your network and pushing your system logs to it. So far but put it in as a request. I just did because I asked a similar question last week.

Almost certainly not then! Though because it's a pppoe connection it's probably /32 so you could use other IPs from the subnet. I wouldn't though.  ;) Steve