@N8NEU: Thank you Gertjan for those instructions. I was unaware I need to create a bridge after making the OPT1 firewall rule.  All works fine now. Can someone please help me understand the correct way to set up PLEX on a home server if it is not to be installed on the same computer as pfSense? I have pfSense set up on a thumb drive and it is now working flawlessly. The dedicated computer has 4 HDs of which one is 3TB. The others are 500 and 380 GBs. I am planning to use RAID on the HDs. I use the thumb drives to save the HDs for music and DVDs. I was under the impression that PLEX would be on the same thumb drive as pfSense or at least a different thumb drive, but on the same home server computer. So where does one put PLEX in order to have access for the many streaming media in the home? Is setup an easy process to perform? Thank you for any advise on downloading, installing and setting up PLEX. This is my final step for setting up a complete home server. Tim - N8NEU Dude, no offense, but please, what are you trying to accomplish? Pfsense is a "firewall/router" whilst plex is a software like a media-center; completely diffrent usecases, plex should never ever be installed on a pfsense-box and vice-versa. If you are looking for a NAS-OS, go for FreeNas for example, put that behind a firewall, install plex on it, put that in you lan, behind a firewall. Do not, never, neverever, no, non, nicht, nein, würklechniid(!) install plex on firewall-os (not pfsense, not ipcop or any other). If you have one HW-Box, us virtualization (a hypervisior, like ESX, xen etc.), separate the os'es, networks, along your usecase.

@cmb: The "arpresolve: can't allocate llinfo" is what happens when the gateway IP logged there isn't reachable, most often because the NIC loses link, or when the gateway IP is no longer on any locally-attached subnet. Both of those is what's happening there. "rc.linkup: DEVD Ethernet attached event for wan". Also looks to be pulling a private IP when it re-gains link, where you had a public IP previously. I'm guessing what's happening is your modem is rebooting, when it comes back up the modem itself starts handing out 192.168.x.x IPs because it's lost its uplink. Using "Reject Leases From" for 192.168.0.0/16 on WAN should help with part of that, where you're probably staying down for longer than necessary because you're picking up the IP from the modem. The fact the modem is apparently rebooting is another problem entirely though, and outside the firewall. @cmb, you are correct, the modem is rebooting. I was finally able to witness this tonight. It does this multiple times each day. Any ideas on why the modem keeps rebooting? Hoping I don't need to purchase a new modem but I suppose if it fixes the rebooting I would look into it.

dude he is on esxi – there should be no reason why he should be trying to setup a lagg in pfsense. NONE!!!  unless he had interfaces in multiple vswitches???  For what Fing reason? If he wants failover for nics on his esxi host then he would set that up in esxi, not pfsense VM..

Have an old pc laying around and was wondering if pfsence can replace my router The short answer is Yes…. PFsense can replace your router.  PFsense in general only needs a 500 mhz CPU to run, so basically PFsense will run on any PC made in the last 15 years (e.g. Intel P3 and above). My PFsense box has been running on a P4-2.4 Ghz box with 512 MB ram for the last 5 years without issue.

It's been a few days since I changed the Proxy ARP to an IP Alias. No crashes so far! I'll do the update during the next maintenance window. Thanks for the help!

It Fixed !!! I reinstall in 64 bits and it work ! Thank you all

Do yourself a big favour and use LDAP, if you want centralized auth usable pretty much for everything.

Yeah on your dhcp server tab Deny unknown clients If this is checked, only the clients defined below will get DHCP leases from this server. Enable Static ARP entries   Note: This option persists even if DHCP server is disabled. Only the machines listed below will be able to communicate with the firewall on this NIC.

What are you saying is broken? [2.2.4-RELEASE][root@pfSense.local.lan]/root: php -v PHP 5.5.27 (cgi-fcgi) (built: Jul 13 2015 19:15:15) Copyright 1997-2015 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2015 Zend Technologies     with Suhosin v0.9.37.1, Copyright (c) 2007-2014, by SektionEins GmbH [2.2.4-RELEASE][root@pfSense.local.lan]/root: /usr/local/sbin/fcgicli -f /etc/inc/openvpn.tls-verify.php -d "test.test&depth=2&certdepth=1&certsubject=C=US,"; echo; echo $? OK 0 [2.2.4-RELEASE][root@pfSense.local.lan]/root:

@doktornotor: Yeah, 192.168.10.200 won't ever work as destination in WAN rules. It's not routable. Try NAT instead. And post screenshots. Not this ASCII art. i want to implement internet speed  control on whatsapp upload/download both for every single devices which has been connected on my network !!! is that possible ?? ???

I read through that page over and over again. I guess the frustration of borking the system prevented me seeing that sentence. I guess I thought I could do it logged in via SSH but that didn't work. I went and put a monitor back on the machine and did it locally and it worked. Also, being that it is now 2AM when I'm normally asleep at this time may have something to do with the oversight. It is back and working properly again now.

This works.  I finally got it working, had to release the IP from my router.  Now to create another vlan for my wireless network :)

Great suggestions guys, of them I like Derelict's tcpdump loop. I'll have to give it a try.  I did find that the latest managed switch firmware now supports a mirror port and will soon support a packet header only mirror, so it remains an option. But before I go this route, I had a recent discovery I thought I had ruled out but appears relevent.  I've kept an eye for drop patterns and see now that, although random, it hits on 15 minute increments such as 4:22pm, 4:37pm, 5:07, 6:07, etc.  Although nothing in the log corresponds. However in CRON is only one 0,15,30,45 and that's /etc/rc.filter_configure_sync .  I changed the interval to */60 and now the drops don't occur more than once every 60 minutes.  So what is this for and does it have to be on such frequent intervals?  Perhaps a better question is how might it cause the drop so I can modify or remove the root cause?

This issue is separate from the NAT one. For that case you'd have to disable pfsync to stop that.

My ISP supports MLPPP, as I said, its working… Both links are up as per my ppp.log I would just like to find a way (and maybe I have to parse the log and create my own widget) to show current link status per ppp connection.. [wan] Bundle: Status update: up 2 links, total bandwidth 128000 bps So I would assume that the ppp.log would show if a connection goes down, and when I get a chance I will take one down my unplugging the phone line and see what the log shows.. Not sure if its only on initial connection, or on some fault that it is updated.. But before I went and reinvented the wheel, I wanted to make sure there wasnt a package/script someone else had made to do the same.

Yup, you're correct.  If it was done right, it would be working. Turns it was an IPSEC phase 2 configuration conflict.  I had one of my techs build the tunnels and he decided to use a /16 to summarize the 192.168.0.0 networks in the phase 2 entry.  So the firewall was trying to IPSEC everything.  Fixed the CIDR notation to get away from the networks in use locally on the firewall and all is well now. So yeah, you know, just configure things correctly and things will work…  :D

Rumor has it that the problem was solved yesterday, and we will test it in production, at the start of next week. Solved with adding VIPs as you said Stephen, i will write a status and follow up on this when its in production, with the resolution incase someone else misconfigures the same way i have and stumples on this thread later. Thank you for the help :) /shh

The feature request is specifically for  'auto-disconnect'. There are a lot of providers which charge based on the connection time. So there is a need to bring up and down the ppp session. And ignoring this request is a deal breaker for some of us.