It is only 5 devices :D

As impossible as it should be, I've seen 2 NICs with the same MAC. While supposedly unique, some manufactures have been known to recycle MAC addresses.  There's also the possibility of locally assigned MACs and many consumer routers can clone a MAC.  However, as long as they're not on the same local network, duplicate MACs are not a problem.

Though, for the home user, the time spent installing, configuring, tuning, and maintaining snort would probably be better spent educating the family on what not to do. That will benefit them for life on every network they encounter.

Thanks everyone this now works  :) :) :)

http://forums.kali.org/

:) :) :) :) :) :) Huraaah it works, many thanks Rafi

At the bottom of the link KOM mentioned :- Status -> System Logs -> Settings Remote Logging Options

OpenVPN? It will always allow the ping traffic out. More likely is that whatever is at the other end stopped responding to ping or you moved to a different gateway that doesn't respond. Or maybe it triggered something that blocked pings! If you set the gateway monitor to an alternative IP accessible over the VPN that should give you back link stats. Steve

@stratus: I made the following adjustment yesterday: Routing -> Edit Gateway Probe Interval: 3 Down: 60 I dont know if it is just a fluke or not, but I did not register any outages last night. I will continue to monitor and update this post as I discover things This worked for me.  Made an account just to thank you for it.  Had been troubleshooting it for 2 days.

Well, for a start I now have an AES-NI mini-pc with pfsense running as main router. :)

There are still some processes in pfSense that are thread-locked or do not scale well across cores and those benefit from faster CPU speed. If you run a number if things though, VPN, snort, squid etc, those can use separate cores so you would some benefit there. The sweet spot there depends what you're running but 4 fast cores is pretty good for a default setup. Steve

Probably not. It depends exactly what that box is doing though. For example pfSense can do ML-PPP itself: https://doc.pfsense.org/index.php/Multi-Link_PPP_(MP/MLPPP) Steve

By lying and increasing my subnet size from /29 to /24 on the LAN2 I have avoided duplicate interface addresses on LAN2 and WAN2. At least traffic is now flowing…

@Gertjan: This is the key word : Cannot allocate memory Also check drive space and disk allocations. If needed, stop en remove the "memory eaters" (packages - and I'm not talking about the cron - or note package here  ;)) Hi Gertjan, that's not a Problem of mine. The Server has a CPU Load from 3-4 Percent and a low Mem usage. I found out that the Message and the Problem happen, if a Gateway has Packetloss and it's marked as down. Than the Error is generated. Also if the GW is coming up again. I think this is a bug that has been checked. As workaround i disabled the gateway-check. Than nothing error happen.

Hi, Probably freebsd kernel hints file. See what dmesg has to say.

@SammyWoo: Looked at the diagram more closely and this is impossible as pfsense is on the same subnet as the laptop.  Bad mask(s) or the Switch is hooked up/configured wrong. the answer was here https://forum.pfsense.org/index.php?topic=132528.msg730834#msg730834 the device is kinda defective as shown Int 1 –-> ibg0 Int 2 ---> ibg2 Int 3 ---> ibg3 Int 4 ---> ibg1 this is the port config of the device..this is why it didnt work because it wasnt the correct port.

"100% True !! I totally agree, I bet even all free DNS's are in it to. " Then why don't you just resolve.. Are the root servers in in on too?  When you resolve you ask the roots for the NS of the domain your looking for, then you directly act the authoritative ns for that domain.. You do not forward all your queries to some specific name servers.. And you can limit your queries to the roots for only the specifics.. Ie you don't ask root for www.domain.com you ask for .com ns, then you ask .com ns for domain.com - but I found this to be very problematic with many domains that do delegation, etc.. microsoft technet had all kinds of problems if I recall. there was a whole thread about turning this feature on.. qname-minimisation If your interested in such a thing.

That makes sense…didn’t think of that.  Thank you! ETA:  That was the issue...the 4 port NIC now occupies igb0 through igb3 and the onboards start with igb4.  Thanks again!