sorry about the delay but what information do you need so i can post it i need to know if i need to get a new nic or not cause the message is still showing up in the logs

Not familiar with that. In ESXi, you can pass the device from the host to the guest. Perhaps you can do something similar.

I haven't found any obvious conflict in the config file so I might try the deletion of interfaces and let you know.

Figured it out! So apparently within the Squid Allowed ports, despite Squid configuration page stating: This is a space-separated list of "safe ports" in addition to the already defined list: 21 70 80 210 280 443 488 563 591 631 777 901 1025-65535 I had to make the following modifications: acl safeports: 21-65535 acl sslports: 443 563 995 All good  :o

[2.1.4-RELEASE][root@pfsense]/root(1): cd /tmp [2.1.4-RELEASE][root@pfsense]/tmp(2): wget -O speedtest-cli https://raw.github.com/sivel/speedtest-cli/master/speedtest_cli.py –no-check-certificate [2.1.4-RELEASE][root@pfsense]/tmp(3): chmod +x speedtest-cli [2.1.4-RELEASE][root@pfsense]/tmp(4): ./speedtest-cli Retrieving speedtest.net configuration… Retrieving speedtest.net server list... Testing from Comcast Cable (24.13.xx.xx)... Selecting best server based on latency... Hosted by ServerCentral (Chicago, IL) [40.85 km]: 20.297 ms Testing download speed…..................................... Download: 56.79 Mbits/s Testing upload speed.................................................. Upload: 11.13 Mbits/s

Hi, Looks like a L2 problem. Did you set any Hardware offloadings under Advanced->Networking ? MOst of the time you'd better disable any off-loadings. Did you spoof a MAC adress (Interfaces->Your_L2TP_interface ?

Squid + Squidguard. And then, find good lists…

Start with that : DO NOT MIX tagged and untagged VLAN on the SAME physical Interface ! So if you plan to have a "management" VLAN with no tagging on the PF : forget it unless it has a dédicated phys interface. Use ONLY TAGGED Vlans for every VLAN attached to the same Phys interface! Concerning the limiter, be carefull, keep in mind that limiter only applies to trafic LEAVING the (any) interface. Trafic coming in cannot be shaped. So if you flood your interface from the WAN, your limiter won't be involved : trafic leaving only. Have a look to your Floating rules. The Wizard is sometimes tricky with rule creation. Have a check.

When dealing with Interfaces, you often need to reboot. But YES ! Default GW is important. It defines which GW will be used by your default routing table or by the PFsense itself.

1 - Is this a PPPoE connection ? We don't face this problem with our PPPoE connection. It takes time, but the connection come back in the end. You may want to use the "Periodic reset" option in your PPPoE interface ? 2 - You should concider using this option : Advanced -> Misc -> "Load Balancing / Allow default gateway switching " (CHECKED !)

Got It ! Tiers 1 is 172.17.0.254 Tiers 2 is 172.16.0.254 And your PF default's GW is your Tiers 2 (172.16.0.254). In your rule, you specify the kind on trafic that should be filtered : in your case "TCP" only. So it won't apply to any ICMP traffic (a trace route uses ICMP). But it will for HTTP trafic though. So, because you don't specify ICMP kind of trafic, your default routing policy aplly : Go through the default PF's GW. Here is your answer.

I found out that you can change the language through the WebGUI. I wanted to customize the page. But when I edit the error page in the corrpesdonding folder, even if I restart the box, I'm to able to see any change. The error page is still the same. Any Idea ? Also I want to copy the german folder to an other location and point the squid.conf to this folder. It seems that I'm using the wrong file in the wrong location. THanks !

@felesaerius: ….How do I get rid of this message? /etc/rc.filter_synchronize Line 283 ….  ;)

::) So while trying about everything i put the NAT Outbound Rule back on auto and… everything works fine....  :-[ I didn't even remembered I had changed it... Morality : check and recheck everything before complaining....

Just so the answer is somewhere, u can put a nice little script in /usr/local/etc/rc.d like #!/bin/sh ###route.sh : create route on initialisation /sbin/route add -net xxx.xxx.xxx.254/32 -iface emx /sbin/route add default xxx.xxx.xxx.254 Didnt invent it, this solution was out there already… on OVH soyoustart forums

That's great work! How quickly does that counter advance?  I  wonder how often it hits 32767 in normal traffic conditions.  In other words, why doesn't this cause links to flap more often? Thanks! Martin.

2nd Update: I'd like to announce that I've solved the issue. I couldn't get rid of the problem with VLAN tags getting stripped by my NIC (or perhaps it was VirtualBox's fault) but one way to fix this is to download Realtek's Diagnostic Utility (below). Then go to Network and Sharing Center > Change adapter settings > Realtek PCIe GBE Family Adapter (choose the one that's for your LAN!). Disable anything that has the word VirtualBox. Then open the Realtek Diagnostic Utility and create VLAN 1 as well as the additional VLAN you need. Now wait 3 minutes for each VLAN you configure as it installs the drivers into Windows. Now you may notice under Network and Sharing Center > Change adapter settings there are two new adapters called Realtek Virtual Adapter. Each of these are adapters to your VLAN. Open each of them and enable any mention of VirtualBox. Go to VirtualBox and assign each Realtek Virtual Adapter as a network card for your PfSense VM (PfSense shouldn't be running). Start your PfSense VM and configure your two new virtual NICs. Now you have two operable VLANs but they show up as ethernet interfaces in PfSense. That works too. http://www.realtek.com/Downloads/downloadsView.aspx?Langid=1&PNid=13&PFid=5&Level=5&Conn=4&DownTypeID=3&GetDown=false This solution works but it's limited to how many network adapters VirtualBox can create. I'm eager to help anyone as I know how much pain and suffering I went to figure out this solution on my own. I'm subscribed to this thread and I'll be reading upcoming replies. Anyone who wants to do the same thing can contact me here and I'll see how I can explain it to you.