Oops! My mistake, not sure how that happened.  :-[

Steve

@Darkriser:

Will post the HP models tomorrow, just to let u know….

The original PC was:
HP Compaq dc7100 SFF

The current PC is:
HP Compaq dc7600 Convertible Minitower

Yes, though I would haver thought those switches might support several types.

Actually reading the user guide it supports port/link aggregation but it doesn't specify if it's LACP compliant or using their own protocol.  :-\ Try it and see.

Steve

hi, thanks for the input. you were right..  LAN has conflict with another gateway! thanks :)

While capture is running, do I need to leave the browser tab open or can I close it can come back later?

Pretty sure it would end when your browser session does. Not real sure. But if you ssh in and run a tcpdump command, like say

tcpdump -n -i <interface>-W /path/to/somefile.pcap</interface>

That will run until you kill it. You can also download that via the web interface (diagnostics->command prompt) or over via scp.  And you can examine the .pcap file at your leisure.

If they are stored, how would I go about locating them and deleting them?

Diagnostics->Command prompt. SSH shell is much easier for this.

Is there a way to run a capture that only records in 20 minute intervals but only keep 5 pcaps at a time??

Sounds like a job for cron and scripts. I wouldn't try and use anything on the gui web interface for that. 20 minutes interval cron jobs running a script that makes sure you only have 5 .pcap files, and then tcpdumps a new one. I don't know of anything analogous to that wireshark command that's a stock utility.

It sounds like you are just worried about storage. pfSense does a have way to integrate remote storage for logs. Not sure if that extends to packet capture. If you can make a firewall rule that matches a filter string and log it to remote storage, then you'd be doing the same thing.

I just noticed the "Count" field. If I set this to something like 250000 would that basically be like retaining only the most recent 250k captures, or does that mean stop logging after 250k is reached?

The latter in my experience.

I can access their site and I can see all the different size files to download. When I click on any of them it takes awhile to load the "Oops! Google Chrome could not connect to download.thinkbroadband.com" page. I haven't had a chance to throw my old router up and check if I can get to that site to download those test files.

Yes I did remove my WAN IP information on purpose. I have a standard Cable internet connection from Cox Communications and my IP address is DHCP assigned. I'm currently using a Motorola DOCIS 3.0 Modem. I haven't had any internet issues before installing the pfSense box.

I have the MTU size on the WAN interface set to use the default size.

BTW thank you for your help!!

However the gateway status is randomly changing. Now I am getting the right status. Please see the the attached. Where is the problem I couldn't able to find.

Any kind of help will be appreciated.

Nahid

Capture1.PNG
Capture1.PNG_thumb

Not quite as simple, but you could export the old config, hand copy the certs, cas, and users sections and then drop those into the new config.

It's just plain text XML, not terribly scary with a text editor.

Just updating.  Disabling the CD-ROM device in Virtualbox seems to have resolved the issue.  Thanks again!

Click the error in the notification bar, or click "acknowledge all" and it will go away. Go to Status > Filter Reload, click the button to have it to a filter reload. If there are no errors, then it's all OK now.

Thanks everyone that replied. I had looked into installing sudo but decided I didn't want to take the chance on breaking anything with the production machine.

In case anyone is interested the solution I used "fastest implementation" was to put taps in place on both sides of the pfsense box with a tiny linux computer connected to both taps and the lan. Now I can troubleshoot till my eyes bleed.

Best Regards
rfi

Well, bossman decided to do away with our DNS server & make the big fish upstream do it for us so the problem solved itself!

Thanks for all the help though.

Good luck mate.

…and you add pass rules on the extra LAN/VLAN interfaces.
(Only the first LAN-style interface gets a default pass rule added)

@jimp:

Reinstall the package. A 404 means the file is missing, most common cause is the package files being gone but the menu entry remaining. Reinstalling the package will fix it.

Ah! Thank you so much! I never had used the package before on this firewall, and didn't realize I never installed it. The previous one I had someone else had configured that feature. It was difficult to find in the packages because I was looking for "RRD" and skipped over "mailreporting"

thanks!

ok, thank you.