It's not possible to configure VLANs with an unmanaged switch, unmanaged switches don't support 802.1Q. You'll have to get a managed switch and configure its VLANs accordingly to match the firewall (and don't use 1). Explained in depth on firewall and switch side in http://pfsense.org/book.

There is some watchdog functionality in freebsd you could use if you need it. You can just rename the title of your first post in this thread to have [solved] at the beginning if you like. You have a limited time from the post date to to that. 7 days?  :-\ Steve

@brcisna: Just a thought. Try running memtest86 from any linux distro bootup disk on your pfSense machine. This will take just several minutes to do,and will at least eliminate the possibility of having a/some diffective memory sticks Tried that, twice actually last week, No problems. @brcisna: .2) When the pfSense machine  is booted and run for just 15 minutes try running top from the shell and see if anything looks wonky in the printout here. Maybe you will see some oddity. Nothing odd in the syslog at all nor anything in the running processes. Even when it locked up, it just locked and stopped everything including syslog.  To make sure the system wasn't hacked, I even did a full wipe and reload of the system. @brcisna: Also,,in your initial post did you say you are running 5 pfSense machines,and all 5 are experiencing these lockups ina similar fashion? Only on one, the other 4 are perfect. @brcisna: Take Care, Barry Thanks for the Idea's  since putting the switch in, there hasn't been a single lockup and it is going on 5 days now.  So maybe a flaky comcast modem?? and the switch is dealing with it better than running directly to the nic…maybe????  oh and btw,  on the nic interfaces before and after the switch install, there were never any errors shown. always 0 Thanks Dickie  :-) Happy Holidays

Hi jimp, Thank You for the reply. I am fairly certain the reason the machine failed to boot off the 'first drive' / highest number bios sata port, that i disconnected,, on purpose,was due to the fact the first drive was marked as off line,as you said,,in the fstab. I should have booted the machine with booth drives connected,,  let the mirror array reubild then shut down and then disconnected the 'second drive" then booted on the first drive i disconnected , i am fairly certain the machine would have booted with no probs.. This scenario is hard to explain the sequence?:).. After I rebooted the pfSense machine , after having reconnected both drives,,i looked every few minutes and had solid HD activity for about 20-30 mins until what i guessing the raid array was done 'rebuilding'(on 80gb sata drives). In the dashbord geomirror widget i am seeing 'complete' in the raid setting. yeah! Take Care, Barry

Yes, that is enough, or if you have the usual NAT rules, binding on LAN is OK too.

can i restore my 32 bit config to a new 64 bit build?

Hmm, Ok. My own box is not hidden behind NAT the WAN interface has my public IP. Thus it does not have to use a service like checkip.dyndns.org to discover the public address. The address doesn't change so it it does nothing and after about 18 days I get emails. After 25 days it will send the update information even it's still the same but it seems that interval is now too long, for No-IP at least. Steve

You can also try adjusting the timecounter on pfSense, search around the forum for "kern.timecounter.hardware" you should find some info on changing it. (It's also covered in the book)

The server in .nl is back up, there was an AC issue at the colo and that box didn't get powered back on. Should be OK now.

I think you're referencing Status -> System Logs -> Firewall Tab but the section I'm concerned about is Status -> System Logs -> System tab. Unless I'm misunderstanding what you mean. None of my firewall rules that allow or block IGMP are set to log. Messages like this are flooding the system tab: Dec 20 19:00:46 igmpproxy: Note: RECV V2 member report from xx.xx.xx.xx to 224.0.0.252 (ip_hl 24, data 8) Dec 20 19:00:46 igmpproxy: Warn: unknown Mode in V3 report (10502176) Dec 20 19:00:46 igmpproxy: Note: RECV V3 member report from xx.xx.xx.xx to 224.0.0.22 (ip_hl 24, data 16) Dec 20 19:00:46 igmpproxy: Note: RECV V2 member report from 10.0.0.111 to 224.0.0.252 (ip_hl 24, data 8) Dec 20 19:00:42 igmpproxy: Note: Adding MFC: 207.228.xx.xx -> 232.239.0.10, InpVIf: 0 Dec 20 19:00:42 igmpproxy: Note: New origin for route 232.239.0.10 is 207.228.xx.xx, flood -1 Dec 20 19:00:40 igmpproxy: Note: RECV Membership query from 10.0.0.1 to 224.0.0.1 (ip_hl 24, data 12) Dec 20 19:00:40 igmpproxy: Note: RECV Membership query from 10.0.0.1 to 224.0.0.252 (ip_hl 24, data 8) Dec 20 19:00:38 igmpproxy: Note: The IGMP message was from myself. Ignoring.

I had thought it was automatic, but it's apparently not (at least on the version you're using, I don't know about 2.1) Using multiple subnets on a single interface in that was is still mostly an edge case. Most people put distinct subnets on separate VLANs or interfaces.

You can, though I'd keep an eye on it, especially after the next reboot, to make sure it doesn't come back.

gonna need more info: what pfsense version are you running generally i'd think if any tcp protocol is working, then all tcp protocols could work if there is no firewalling issue. Post screenshots of interface config / firewall rules on LANS / routing table / traceroutes / …

With transparente mode, only http if filtered. Are you trying all downloads on eicar site?

There's a thread about that here: http://forum.pfsense.org/index.php/topic,54971.15.html Steve

@heper: is the gateway filled in correctly on the KVM box ? yes, in fact ping works fine…

If you just need to make the virtual screen bigger to make the text more legible, just tap right-ctrl + f to maximise the screen.