Packet capture on your WAN filtering on that 75. IP and do it again, then stop the capture. I suspect your next hop router responds with source IP 192.168.1.1 on its TTL expired in transit messages. The response time shows it's likely coming from your upstream gateway.

I would think that would be ideal. Having an opt1 interface on the LAN with the router/gateway as the rest of your LAN. Since that will be doing the NATing, pfSense should allow that to pass as an outbound connection. It should be the same as all the other traffic originating from the LAN side.

locking this as duplicate of: http://forum.pfsense.org/index.php/topic,58475.msg313363.html#msg313363 Please don't post the same thing twice.

Issue resolved by reinstalling the server with 32bit version.. seems to me that 64bit version of pfsense have driver issues with some network cards… or something like that. Thank you for all of your help. Bit of a note, webconfig still dies once in a while.. a 5 or 10 min. cronjob to restart the webconfig fixes that. */5 * * * * /scripts/fixwebconfig.sh >/dev/null

By the way, we think the problem is just a cabling issue. I remember wanting a couple more inches of cable when I hooked it up…three weeks ago.

Yes, DNS servers are added under general setup. Try using whatever dns servers your ISP was handing to you under DHCP since you know that works. Otherwise Google's DNS servers, 8.8.8.8 and 8.8.4.4, are reliable and reachable from almost anywhere. It doesn't matter if you allow DHCP override because you're no longer using DHCP. What gateway are you adding? Use whatever gateway your ISP gave you under DHCP. Any reason you are switching to static IP? Steve

After modifying the VIPs masks and isolating the LAN and WAN interfaces in separate VLANs, the CARP behaviour is now the expected one. Since the firewalls are in a production environment, I couldn't test as much as I wanted because I had to reduce service downtime, so I'm not sure which change fixed my issue.

There's a thin mini-itx standard with half height I/O sheilds. http://www.intel.co.uk/content/www/us/en/hardware-developers/thin-mini-itx.html Leasing rack space in U increments seems common. I've never done it though. Steve

Thanks wallabybob.. you da man  8) Correct all along.. router caching the MAC address from the IPCop in its arp table/cache, so clearing it made it work.  These very bytes will be flowing to the forum via the pfsense appliance flashing prettily under my desk. Great work friend.. I really appreciate your time and patience as I was at the point of sending the boxes back while I could still get a refund.  So pleased that I don't have to now and that I can retire my poor old IPCop before its hardware gave up the ghost once and for all. Take care, Darren.

Would you not be better off using pfflowd to export traffic data to some netflow analyser running on the Pi? I imagine you would end up with a set of pretty screens!  :) I don't know if the Pi has enough horsepower to do that. Fortunately there are so many people using them I'm sure someone has already tried. Steve

Hmm, interesting. Incoming DNS queries should be blocked by default anyway (like anything else). I assume you hadn't opened port 53 deliberately. Perhaps it's related to the on going record breaking DDOS against Spamhaus. They are using DNS amplification with open DNS servers, check you don't have some misconfigured dns server internally. Interesting that the linksys router appeared less susceptible.  :-\ Steve

Light failure means power failure.

Install the widescreen package and then uninstall it. Then it works again…

Hi, i am attaching my network diagram.Please check help me to configure the pfsense( the sip adapter-phone system working perfectly without the pfsense ).I need to replace this with softphones. [image: 123.jpg] [image: 123.jpg_thumb]

The free version of Smoothwall seems see little attention form the company, users have tried to support it, even forking to add features and fix problems. Active users working on fixing problems haven't gotten much if any support from the company in the last couple years. It does appear that they are working on an upgrade from 3.0.x to 3.1 but that has happened since I switched. Add on packages are a major pain there, again users do what they can but support by the company is minimal and many packages are abandoned by their maintainers. Upgrades if you have packages installed can be a huge hassle, uninstall everything, update, reinstall everything. Sad because they had a good base system back when  the company cared about building their reputation using the free version. I still have SmoothWall loaded on a couple boxes but as I get better at using it they will be moving to pfSense too.

No real definitive cause in there that I'm familiar with. Is the crash the same every time? Or do the processes and backtrace change?

i also unable to reproduce the error but it happened consistently on a daily basis.  my environment was a vm running on the kvm hypervisor the physical nics are  e1000: Intel(R) PRO/1000 Network Driver - version 7.3.21-k8-NAPI the hypervisor os is  Ubuntu 11.10 (GNU/Linux 3.0.0-16-server x86_64)

Just an up date say I have finally got the logs to be mailed out direct from PFSense. After going down the complete wrong track with setting up a syslog server, trying external syslog servers (splunk) and generally having a play with the system the solution I was looking for was a simple installation of a known package. Once I found mailreport from packages and installed it it took 5 mins to configure and now the logs (and a couple of graphs) are automatically mailed for storage.

Thank you all for the information and suggestions. Responding to mikeisfly's question on the camera. The camera contacts the remote dd-wrt router (camera at a fixed ip on the lan) when it senses movement in the camera field of view and initiates an ftp transfer of that jpeg image file to the home ip address. The camera operates at a specific port and uses the dd-wrt router to contact the home ip address over the internet. This allows manual remote access to the camera.