Thanks for replying! Turns out my sale findings weren't that reliable so I'm left with finding another Optiplex or similar. I will definitely go with a SFF when I find it. I've already ordered a INTEL PRO/1000 MT Dual Port Server Adapter 82546 8492MT from eBay.

Hi. @battles: The reason I was wondering about this is after I do a (6 halt system, it seems to shut down, locking me out of the terminal.  However, I sometimes begin to hear an alarm I wrote continuously go off warning me that snort is not running.  It seemed like OpenBSD was still up.  I didn't want to just power off the controller it is running on without properly bringing down OpenBSD first. The best way to shutdown pfSense from shell is executing /etc/rc.initial.halt Unattended way: yes | /etc/rc.initial.halt Regards.

I am running the latest stable release.  Can't remember off the top of my head what version it was (2.3.2?) but this issue has been for a while.  If I had to guess, it may have been around the time I upgraded to 2.3? You probably want sys logs after it disconnects, right?  I've taken pfSense out of the connection at the moment.  I had 3 eeros connected to pfSense in bridge mode, so this gave me a chance to check out their router features as I've only ever used them as APs.  When I get some extra time I'll connect it to network and try to get some logs.

@dennypage: Research buffer bloat. This is a vary good description of what takes place. https://www.dslreports.com/forum/r27252457-Internet-Frontier-FIOS-Latency-and-QoS-Where-they-fail

ok i switch outbound rules from Automatic to manual and i saw some generated for openvpn. So are those the outbound rules that should be set for them?

Hi. One interesting box. Quad-core, 8GB RAM, 32GB SSD, 4GB ethernet ports 2016 Firewall Micro Appliance With 4x Gbe Intel Lan Ports for PFSense 8G RAM 32G storage : $227.00 + $33.24 shipping https://www.amazon.com/gp/product/B01K2L3FYO/ref=ox_sc_act_title_1?ie=UTF8&psc=1&smid=ALPYNZEJ0WG1A Rergards.

Where did I found the patch for 2.3.2 p1 ?

Hi. Maybe off topic: One PhP function for encrypt/decrypt passwords, without the KEY is not easy decrypt it :) function fenydesencripta($vcadena, $modo) {   //AES-256 / CBC / ZeroBytePadding - ref http://php.net/manual/es/function.mcrypt-encrypt.php   $key = pack('H*', "dcb04c7d113a0cd7b53763052cef08cc55ace029fddbae4e1d427e2cfb2a10a2");   $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);   $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);   if ($modo) {     // $modo = true => encrypt // encripta     $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $vcadena, MCRYPT_MODE_CBC, $iv);     $ciphertext = $iv . $ciphertext;     $ciphertext_base64 = base64_encode($ciphertext);     return $ciphertext_base64;   } else {     // $modo = false => decrypt // desencripta     $ciphertext_dec = base64_decode($vcadena);     $iv_dec = substr($ciphertext_dec, 0, $iv_size);     $ciphertext_dec = substr($ciphertext_dec, $iv_size);     $plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);     return $plaintext_dec;   } } and one way to implement: //… foreach ($a_hosts as $hostent): ?> Regards

It sounds like you have gotten kind of clicky-clicky trying to fix this. Static ARP is almost certainly not necessary. If the pfSense firewall is asking for DHCP and receiving no response, the problem is either at layer 2 or in the DHCP server. The fact that logs there leave something to be desired is not pfSense's fault. There is nothing special in IPv4 DHCP client on pfSense. There are thousands and thousands and thousands of installations doing just that. Any problems are pretty much invariably issues with cable modems needing to be restarted due to the nature of those particular beasts. You have two out of two that are not working. Sounds like something systemic there.

No. Nothing can deal with serving the same ip:port to two different services. You need some sort of proxy.  Your web server might be able to do it. Not sure. Get more IPs or put things on different ports.

It means "sloppy state" and "disabling pf" should never be necessary.  I am not going to try to decipher that text, do the work, and make a diagram for you. Look at the diagram in my sig to see the information necessary and make one and post it.

So you got everything work, if not just ask - here to help.

I made the suggested changes & get the same results.

The source address would only be translated if there was outbound NAT configured on that interface, which should not be the case with a routed subnet.

SYN going out and and no response. Check the layer 2 and the host. https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

Suggestion: https://turbofuture.com/internet/How-to-Configure-pfBlocker-An-IP-Block-List-and-Country-Block-Package-for-pfSense

@doktornotor: Well, installing PHP on IIS is totally OT here. Yeah I know. Figured I'd give it a shot.  ended up having to do this: http://stackoverflow.com/questions/21216228/php-manager-for-iis-fails-to-install just to get php manager installed. It shows PHP is installed, but I'm still getting that 500 error. sigh. edit just figured it out. Complete w-t-f. Needed this: http://www.ryadel.com/en/php-cgi-exe-the-fastcgi-process-exited-unexpectedly-error-and-how-to-fix-it/ Man I love google. Had to get the x86 version of that.