yes you are right… i didn't test that command thoroughly enough.. thanks again

You're right, I did it again and it worked this time. weird. I think it might have been because I left off the #!/bin/sh, don't know.

@walbog: From the description of the original poster mike_of: i'm almost certain, it's a nessus-message…. thats why...  ;) Well, that too. ;) Yeah it is Nessus. Not that any other vulnerability scanner is better in that regard, they all seem to report their fair share of absurdity.

MBUF was high because of the Intel Quad NIC. I added kern.ipc.nmbclusters="1000000" to the loader.conf.local file and now the MBUF is down to 2% Thanks for that catch.

I just wanted to let everyone know I just reset everything back to factory defaults. Seems to be working. I was hoping to find out what the actual problem was. Thanks for the advice.

@BlueKobold: My lan is assigned to a bridge between the wireless and one of the ethernet interfaces. If he inserts a WiFi miniPCIe card into the SG-xxx unit and he creates a new interface for the WiFi card that must be bridged to an LAN Port! Actually, it doesn't have to be bridged - you can assign an IP to the wlan port and then have one wireless network segment and a second wired network segment. But, I wanted the wireless clients to be able to see the wired devices on the network (ie, tablets able to play media to wired media players) and for me it was much, much easier to bridge the networks. @BlueKobold: If you reboot, and many settings were lost, you could also try out to set up those things in a /bootloader.conf.local to not loose them all, as I see it right. The same is coming with updates and upgrades, please don´t forget this. I have no problem with settings persisting through reboots.  I've most often been rebooting due to dumb moves on my part or to be 100% that a non-working vpn config isn't trying to reestablish - ie, roll back to a backup and then reboot. @BlueKobold: For sure it would be even the best to go with external WLAN APs related to a proper and smooth running pfSense box. I hope this isn't an accurate statement.  I purchased the 2440 from pfsense with the wlan card installed. They did not offer a discount on the model with wireless added due to it being an inferior design :)

@doktornotor: Hmmm… it's doing some stupid countdown. Not really sure how to change it. If there's nothing configured, the first option value (32) will be selected. <select name="subnet" class="formselect" id="subnet">when you create a new opt interface and go to put an IP on it, it defaults to /32 vs /24Have seen multiple threads where the IP is set to /32 vs whatever mask they want because it default to this in the dropdown list.[/quote] for ($i = 32; $i > 0; $i--) { echo " <option value="\&quot;{$i}\&quot;" ";<br="">if ($i == $pconfig['subnet']) { echo "selected=\"selected\""; } echo ">" . $i . "</option>"; } ?></select> The countdown is just filling the SELECT drop-down control with a list of values from 32 down to 1.  The way SELECT controls work in HTML is that the first value in the list is "default selected" when the control is displayed unless a specific entry is marked with the "selected" tag when it is added to the list.  One way to fix this is to add a string like "Select a netmask" or something as the first entry added to the combo-control, and then adding the countdown values after it.  If you did this, then some extra validation code would need to be added to the PHP code processing the SAVE button command. Bill

Hi Steve Thanks for the detailed reply. I'm going to work on this tonight in a VM (the WG is too loud for the current room it's in) and I'll let you know how far I get. Thanks again.

It's sufficient to disable it on the ports that represent your WAN to the modem.

i attach screenshots to see if im doing anything wrong i cant connect on my android phone, im typing everything in correctcly but it cant connect my pfsense ip lan address is 10.10.20.254 l2tpipsec.zip

@Gertjan: Some how, this question starts popping up more often now … I'd say high profile hacking cases, and privacy concerns are beginning to make people test their contingency planning because hacking is becoming so wide spread and people dont want their data or personal details nicked off their computers at home.

@N8NEU: Thank you Gertjan for those instructions. I was unaware I need to create a bridge after making the OPT1 firewall rule.  All works fine now. Can someone please help me understand the correct way to set up PLEX on a home server if it is not to be installed on the same computer as pfSense? I have pfSense set up on a thumb drive and it is now working flawlessly. The dedicated computer has 4 HDs of which one is 3TB. The others are 500 and 380 GBs. I am planning to use RAID on the HDs. I use the thumb drives to save the HDs for music and DVDs. I was under the impression that PLEX would be on the same thumb drive as pfSense or at least a different thumb drive, but on the same home server computer. So where does one put PLEX in order to have access for the many streaming media in the home? Is setup an easy process to perform? Thank you for any advise on downloading, installing and setting up PLEX. This is my final step for setting up a complete home server. Tim - N8NEU Dude, no offense, but please, what are you trying to accomplish? Pfsense is a "firewall/router" whilst plex is a software like a media-center; completely diffrent usecases, plex should never ever be installed on a pfsense-box and vice-versa. If you are looking for a NAS-OS, go for FreeNas for example, put that behind a firewall, install plex on it, put that in you lan, behind a firewall. Do not, never, neverever, no, non, nicht, nein, würklechniid(!) install plex on firewall-os (not pfsense, not ipcop or any other). If you have one HW-Box, us virtualization (a hypervisior, like ESX, xen etc.), separate the os'es, networks, along your usecase.

@cmb: The "arpresolve: can't allocate llinfo" is what happens when the gateway IP logged there isn't reachable, most often because the NIC loses link, or when the gateway IP is no longer on any locally-attached subnet. Both of those is what's happening there. "rc.linkup: DEVD Ethernet attached event for wan". Also looks to be pulling a private IP when it re-gains link, where you had a public IP previously. I'm guessing what's happening is your modem is rebooting, when it comes back up the modem itself starts handing out 192.168.x.x IPs because it's lost its uplink. Using "Reject Leases From" for 192.168.0.0/16 on WAN should help with part of that, where you're probably staying down for longer than necessary because you're picking up the IP from the modem. The fact the modem is apparently rebooting is another problem entirely though, and outside the firewall. @cmb, you are correct, the modem is rebooting. I was finally able to witness this tonight. It does this multiple times each day. Any ideas on why the modem keeps rebooting? Hoping I don't need to purchase a new modem but I suppose if it fixes the rebooting I would look into it.

dude he is on esxi – there should be no reason why he should be trying to setup a lagg in pfsense. NONE!!!  unless he had interfaces in multiple vswitches???  For what Fing reason? If he wants failover for nics on his esxi host then he would set that up in esxi, not pfsense VM..

Have an old pc laying around and was wondering if pfsence can replace my router The short answer is Yes…. PFsense can replace your router.  PFsense in general only needs a 500 mhz CPU to run, so basically PFsense will run on any PC made in the last 15 years (e.g. Intel P3 and above). My PFsense box has been running on a P4-2.4 Ghz box with 512 MB ram for the last 5 years without issue.