128MB is the absolute minimum RAM requirement and it would probably require some tweaking to run in that. 256MB is really the minimum you want, more would be better. If that's the hardware you have maybe consider m0n0wall as an alternative. Not sure you can do a LAGG with wifi connections. Even if you could the other end would have to support it and you probably wouldn't get any increase in bandwidth probably less in fact. If the router supports simultaneous dual band you might be able to achieve something with two cards but support for 5GHz wifi in pfSense is almost non existent. Make sure whatever you use supports client mode, many Ralink USB wifi devices run great in access point mode but not as a client. Just get something with a decent antenna and take some time to align it for best signal. Steve

Simple mistake, I'm sure. Yes it was.  :)

k… there's no logical reason that I can think of that exceptions would stop working if DG is working in general. Are you saying that DG is running fine, but it is not updating with any new exceptions that you add? If so... the only thing I can figure is that the UI is not updating the execptions list. The UI updates a text config file that resides in one of the DG directories and then it tells DG to re-read the config file. Did you check that the exceptions are being written to the text file in the DG directory (can't remember the name of the file off the top of my head)? Also, if it started when Snort was installed, a logical first thing to try would be to uninstall snort...

If you go to Diagnostics>Halt System, does that power it off? Whether or not the system powers back on after power loss has nothing to do with whether or not it powered off beforehand. If it's set to always power on after AC power is restored, it'll power on regardless of whether it shut itself off.

Solution: The solution is relatively easy and involves the system time that uses my Hypervisor time (+2) and adds another +2 for my time zone setting in pfSense. This gets me a wrong time, obviously. After NTP updates the time it is correct again, but old times are not updated. So the time line is sent down to the dumps. At least, this explains the 2 hours difference between the settings. To be honest, that is crap (not pfSense's fault, nor Hypervisor's) and I don't know what would be a solution. Maybe pfSense should allow to set a time next to time zone (and overwrite bios time)? PS I would love a statistic pointing out how many bugs are related to time zone and file format conversion fun :-)

@Derelict: There is no OpenVPN package on 2.1.5.  It's part of the base system.  Are you talking about the client export utility? Anyway. Now that all that is out of there, step back and take another look at the /tmp/rules.debug and all your interfaces and rules. My apologies, yes the client Export Utility for OpenVPN.

The first line shows that 4 haproxy processes are running, if you have long living sessions, and a few applied config changes that could be fine.. It could also mean a few did not shutdown properly.. You might want to check the pfsense systemlog it should show what pid was running and what gets started..(if package was recently re- installed) Either way it seems indeed maxproc is high enough for haproxy… What you could try is to install lsof, and check for open handles. Not sure if that will work.. lsof | awk '{print $2}' | sort | uniq -c | sort -n then check if the pid of haproxy indeed has a high number of handles.

That didnt work out too well… This morning, SSH to ALL machines on LAN failed (Temporary DNS name resolution), the firewall was suspiciously slow (and not responsive), I couldnt reach the internet from any machine... Deactivated all rules under OPT1, and rebooted the firewall, all is back to normal. For now I will assume this is only a glitch in the firewall and not related to my OPT1 rules, unless someone can point out that it is..

Thankx for asking! Forget about it, just a strange idea after not enough coffee this morning… We're all safe, I guess :-D

Also debugging my procedure … I noticed that the first time I run mysqld (for the root password setup, etc) I have to run /usr/local/etc/rc.d/mysql-server onestart After the root password is setup, I can then run /usr/local/etc/rc.d/mysql-server.sh [start|stop] :-[

Thanks a lot cmb for your your kind and accurate answer… Pedreter.

http://www.logicsupply.com/components/expansion-cards/ade4rtlang/ http://www.logicsupply.com/components/expansion-cards/ade4inlang/ If you can find the motherboards that the above two devices fit, that might be an option. I have one of the motherboards and I have a total of 6 1Gb NICs (2 onboard, 4 daughterboard)

Something not right with that NIC, probably a mis-programmed EEPROM. Easiest work around would be to keep the interface in promiscuous mode (which is why it works with tcpdump running), alternatively if you use a diff NIC it's not likely to be an issue. A <shellcmd>to run "ifconfig em0 promisc" would work around (search doc.pfsense.org for info).</shellcmd>

A client on your network is pulling something from 184.29.106.120 via HTTP. That's an Akamai IP, which is a CDN used by a bunch of companies to host their downloads. Best that shows is someone is downloading something. Filter states for the external IP to find the internal host.

@stephenw10: Interesting. So what are you running in the jails and what is hosting, FreeBSD? Steve Host is pfsense and the jails run FreeBSD. I don't think an alternate setup is possible. I believe pfsense can't run in a jail, and jails cant run anything but FreeBSD. I have a guest with asterisk, and another with apache/transmission/samba.

Squid is probably running on port 3128, not 80. The GUI is probably on 80. Check/change squid to be on port 3128, and configure your browser's proxy settings to use port 3128 and not 80 for the proxy.