@Derelict: It has been time to upgrade off realtek for years. I am also curious about this as i just purchased a zotac ci232nano (realtek NICs) and have the dropping NIC issues with 2.3.2 P1. Should i downgrade? Or even bother if pfsense will not fix the compatibility issues in newer revisions? I don't want to be stuck on an old build forever.

no I didn’t touch the buttons on any of the deals. thank you so much now I have internet through my wireless side that is what I need so I can hook up a couple more Access Points thank you so very much for your hard work and time. and thank you for the fast response to all my questions at least you care about helping to get others up and running. A lot of these sites take for ever or never answer at all. I will always put a good word in for you your Friend Ron Frazier AKA Wildmanron

Go ahead and thread jack, I don't mind. I'm going to install and learn this app so the knowledge is helpful…

Hi, What do you mean by PVC profile?

What does the switch care about rules in pfsense??  Switch is just layer 2, it sees packets come in 1 interface and based upon the dest mac, or broadcast sends it out other interfaces..  Are you going to use this switch as a router in layer 3 mode?? So there is few different ways you match up your vlans you create in your switch to the vlans you create on pfsense so that your packets go where you want them to go..  So your sending in all your vlans into pfsense via only 1 interface em1 (lan)… So you need to create your vlans in pfsense to match up with the vlan ID, which you have as 10,20,30.. So these vlans are all in addition to your normal LAN?  Or do you also have LAN native on the interface and then these 3 vlans are on top of that?  So for example maybe that is just going to use the default vlan 1 on your switch?? So you really have lan (em1) (vlan 1) but not tagged this is just native vlan VLAN10Design (em1 vlan id 10) VLAN20Storage (em1 vlan id 20) VLAN30Science (em1 vlan id 30) So for example here is my vlans.. They all sit on my em2 interface, and their tags match up with the tags in my switch..  But there is also a network that runs native without any tagging that is em2 (wlan) pfsense doesn't care about this tag.  But in my switch this vlan has tag of 20.. So you can tag all your traffic to pfsense and let it determine what traffic is in what network.  Or you can use native without any tagging and just create a new layer 2 network in your switch and pfsense doesn't know what this tag is.  Or you can do a combination where there is a untagged network on your parent interface, but there are also vlans on top of that with tags.. [image: vlans.png] [image: vlans.png_thumb]

http://lmgtfy.com/?q=pfsense+accessing+modem+interface+from+LAN

@Chrismallia: Did you add the firewall rule for  the vlan ? A firewall rule was not needed for this config, however that is something very commonly mentioned as a possible issue.

Thanks for replying! Turns out my sale findings weren't that reliable so I'm left with finding another Optiplex or similar. I will definitely go with a SFF when I find it. I've already ordered a INTEL PRO/1000 MT Dual Port Server Adapter 82546 8492MT from eBay.

Hi. @battles: The reason I was wondering about this is after I do a (6 halt system, it seems to shut down, locking me out of the terminal.  However, I sometimes begin to hear an alarm I wrote continuously go off warning me that snort is not running.  It seemed like OpenBSD was still up.  I didn't want to just power off the controller it is running on without properly bringing down OpenBSD first. The best way to shutdown pfSense from shell is executing /etc/rc.initial.halt Unattended way: yes | /etc/rc.initial.halt Regards.

I am running the latest stable release.  Can't remember off the top of my head what version it was (2.3.2?) but this issue has been for a while.  If I had to guess, it may have been around the time I upgraded to 2.3? You probably want sys logs after it disconnects, right?  I've taken pfSense out of the connection at the moment.  I had 3 eeros connected to pfSense in bridge mode, so this gave me a chance to check out their router features as I've only ever used them as APs.  When I get some extra time I'll connect it to network and try to get some logs.

@dennypage: Research buffer bloat. This is a vary good description of what takes place. https://www.dslreports.com/forum/r27252457-Internet-Frontier-FIOS-Latency-and-QoS-Where-they-fail

ok i switch outbound rules from Automatic to manual and i saw some generated for openvpn. So are those the outbound rules that should be set for them?

Hi. One interesting box. Quad-core, 8GB RAM, 32GB SSD, 4GB ethernet ports 2016 Firewall Micro Appliance With 4x Gbe Intel Lan Ports for PFSense 8G RAM 32G storage : $227.00 + $33.24 shipping https://www.amazon.com/gp/product/B01K2L3FYO/ref=ox_sc_act_title_1?ie=UTF8&psc=1&smid=ALPYNZEJ0WG1A Rergards.

Where did I found the patch for 2.3.2 p1 ?

Hi. Maybe off topic: One PhP function for encrypt/decrypt passwords, without the KEY is not easy decrypt it :) function fenydesencripta($vcadena, $modo) {   //AES-256 / CBC / ZeroBytePadding - ref http://php.net/manual/es/function.mcrypt-encrypt.php   $key = pack('H*', "dcb04c7d113a0cd7b53763052cef08cc55ace029fddbae4e1d427e2cfb2a10a2");   $iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);   $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);   if ($modo) {     // $modo = true => encrypt // encripta     $ciphertext = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $key, $vcadena, MCRYPT_MODE_CBC, $iv);     $ciphertext = $iv . $ciphertext;     $ciphertext_base64 = base64_encode($ciphertext);     return $ciphertext_base64;   } else {     // $modo = false => decrypt // desencripta     $ciphertext_dec = base64_decode($vcadena);     $iv_dec = substr($ciphertext_dec, 0, $iv_size);     $ciphertext_dec = substr($ciphertext_dec, $iv_size);     $plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);     return $plaintext_dec;   } } and one way to implement: //… foreach ($a_hosts as $hostent): ?> Regards

It sounds like you have gotten kind of clicky-clicky trying to fix this. Static ARP is almost certainly not necessary. If the pfSense firewall is asking for DHCP and receiving no response, the problem is either at layer 2 or in the DHCP server. The fact that logs there leave something to be desired is not pfSense's fault. There is nothing special in IPv4 DHCP client on pfSense. There are thousands and thousands and thousands of installations doing just that. Any problems are pretty much invariably issues with cable modems needing to be restarted due to the nature of those particular beasts. You have two out of two that are not working. Sounds like something systemic there.