Thank you for the info, it's greatly appreciated!

Clever but hard to exploit in reality. The command part of the command line is already set and can not be changed by the glob expansion so it's limited to changing the behaviour of known commands. Many times you're better off by not using wildcards at all, people tend to write silly commands likegrep -r foobar *etc. where it's better to replace the wildcard with a dot (.) and let grep(1) do the expansion and recursion itself. Also if you want to protect against such tricks you can use the end of arguments list -argument``` alias rm='/bin/rm -i --' That would no longer try to interpret file names like '-rf' as options if run as 'rm *'

@G.D.: You could still create the VLANs on the pfSense, and you do not have to route them anywhere, you can point the interface to a custom Gateway, right? I guess I could, but I'm not 100% sure what you're getting at. You mean create multiple vlans with different gateways, assign dhcp per vlan, and point IP-helper or DHCP w/e on juniper to each individual gateway? I guess this could work, and just NAT the primary VLAN and point default route on the switch to that pfsense gateway right?

@mbrossar: I want to set up a central CA that signs for a set of Intermediate Certificate Authorities (ICAs). @mbrossar: My CA should not sign individual certificates.  It should only vouch for my ICAs. @mbrossar: All of my certificates are signed by an appropriate ICA. @mbrossar: I have a few sites that I am working on connecting via site to site VPNs using pfSense boxes.  I am thinking about leveraging the CA functionality within pfSense.  My question is, can I create an ICA on a site that refers to a CA that's on another site, at the end of a tunnel or does an ICA need to be on the same box as its CA?

Yep, this is the wrong section. A non pfSense related question should be in General Discussion. You haven't given the exact model number but it looks like the only way to reset the switch is to upload the factory firmware from the bootloader prompt at the serial console. Good luck!  ;) Steve

cant find exact wireless chipset compatible available on the pfsense wireless supported drivers how about this one. http://www.cdrking.com/index.php?mod=products&type=view&sid=10540&main=50#.U7DLqZSSxfg  ralink rt3060 thanks

@sollostech: Has anyone made or thought of working on a responsive theme for pfSense? Would be delicious to have an easy way to manage from my iPhone. Hello sollostech, Did you try the "pfsense" theme? I don't use an iphone but that works for other models.

https://forum.pfsense.org/index.php?topic=44941.0

Has any of the developers taken a look at this since the source is available?

Look in the system log for any miniupnpd-related entries. In the console, do "ps auxww | grep miniupnpd". If no miniupnpd process is found, do "/usr/local/sbin/miniupnpd -f /var/etc/miniupnpd.conf -P /var/run/miniupnpd.pid -d" and see what it says.

Just be careful when you "extend" your subnet. If you forward broadcasts across the, then devices from one datacenter may pick-up an IP and use the gateway from the other datacenter. You'll probably not want to allow broadcasts, which can cause issues with some services, or limit each datacenter on which devices get an IP address from the relative local DHCP. I do not have experience in this area, so maybe someone else could add more to this, but I know this could be a real issue.

I'm assuming this is a full install and not nano. Putting aside the issue of a possible memory leak, you generally make swap permanent by adding it to /etc/fstab. Something like: #/dev/label/swap0              none            swap    sw              0      0 Ref. https://www.freebsd.org/doc/handbook/adding-swap-space.html To increase the size of the swap you will need to repartition the disk or create a "swap file" (see link above) and add it to fstab as above. But… I don't think that's the problem. You should not be running out of RAM (and IMHO not even swapping at all). Other than the ICAP errors, what are you seeing that leads you to suspect the memory? Are there memory related errors in Status: System logs: General?  (i.e. out of swap space, memory exhausted, unable to create, etc.) In your situation,  I'd recommend looking for the source of the ICAP errors first.

Probably is that old option in postfix that I mentioned in the other linked thread. It tries to change system.inc in a very dangerous way. The package maintainer will need to fix it, so you'll want to make a post in the Packages board to get their attention.

Hmm, odd. It worked fine before though? Anything vge related in the system or boot logs? Steve

@Nightfrost: –UPDATE-- So, after some worsening packet loss, and longer downtime periods, I decided to contact Verizon.  They are blaming poor cable installations between the ONT and my router.  I've already re-terminated one end, but I'm not too convinced that the chord would causes such an issue.  If the chord was damaged, i'm pretty sure I'd be experiencing other issues.  Also, I decided to pick up an Intel NIC to replace the PoS Realtek one. Have you tried temporarily replacing the pfsense router with the old verzion router and seeing of you still have latency problems?  Could be useful as a way to rule out ISP/ONT/cabling issues.

I'm faulty as you  :P

WOOOOOOOOOOOOOT finally got it! So I must have had a typo the first go around. Here was the solution: /etc/rc.conf_mount_rw    # Set file system temporarily to read write setenv "TMPDIR" "/root"    # Set the environment variable so pkg_add uses a location with enough space setenv "PKG_TMPDIR" "/root"    # Set the environment variable so pkg_add uses a location with enough space pkg_add -r -v ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/openjdk7.tbz    # Fetch openjdk7 rehash    # Updates executables available in path java -version    # Tests whether JAVA is working Thank you all for your help

The gateway address seems to be a private IP, is it conflicting with the LAN subnet? Steve

No that there is anything much to see/change, but the settings for the monitor types are on the Monitor tab in the Load Balancer settings. It sends a ping once per second, I don't believe there is a way to tweak that.