I decided to install ipfire on the alix board just to see what happens. I'm not seeing any issues at all running ipfire on the exact same hardware, very strange….

Use a ssh client like http://www.chiark.greenend.org.uk/~sgtatham/putty/

Or directly with the firewall infront of you with keyb and monitor….

Connect to you firewall and login, choose option 8 (Shell)

Then

cd /cf/conf/backup

Now youre in the config back up directory, see what files are listed

ls -l

You should see a lots of config files named "config-xxxxxxxxxx.xml", look at the timestamp on those files, its for you to determine which file to copy based on when you fudged up the settings, if youre happy with your choice, run

cp config-xxxxxxxxxx.xml ../

The above should copy the config file to /cf/conf, we'll drop down to this directory and then backup your old config just in case, then we'll move the 'working' config in place of the old config thats giving you trouble.

cd .. cp config.xml config.xml.backup mv config-xxxxxxxxxx.xml config.xml

You should be done, just type exit in the console, the console menu should come up, then choose option 5 (reboot) sit back and pray.

Thank you for your fast answer!

Would be nice if one could edit those lists but aliases will do it for me.

@g4jc:

…The problem is, I'm not sure if the Trunking issue is with pfSense or ESXi.

Thanks for your reply.

I would wonder, a bit, if the direct cabling isn't working with auto-uplink, or both sides are trying to negotiate uplink states (aka: auto mdi-midix) and failing.  Or, are you using a crossover cable that isn't playing nice?  Test the link without VLANs first, to make sure that the physical connection is working, then add VLANs.

Hard to say for sure, but check the console and the system logs for any errors immediately after bootup.

If they are stopped, it could be because something that is starting them up is getting caught up and stopping anything after it from loading.

I'm still somewhat of a pfsense newbie, but since there is no obvious "rule" (would be nice if there was PASS, BLOCK, REJECT, MIRROR :) ), not sure if can do this.  You could "rig" it up in a pinch using a hub…... I know, far less than ideal but if it limps you along in the meantime while you figure something else out, it's worth contemplating at the least.

And you can also list all the devices which have acquired an IP address via DHCP (if you're using pfSense for DHCP) in Status: DHCP:

Steve

You can't, there isn't a package to show you that kind of info. You can get things like the CPU type, speed, RAM amount, etc, but not that level of detail.

You can maybe install the dmidecode FreeBSD package (check the doc wiki on how to install FreeBSD packages) and then use it at the shell to determine some of that info.

@stephenw10:

Unless your Linksys router was particularly old or underpowered I would not expect any increase in speed.

This. With the potential exception of an old Linksys and a fast connection, and the definite exception of scenarios where you're opening large numbers of simultaneous connections, like a bittorrent client set to open as much as it possibly can.

Comcast is cable so should have a 1500 MTU end to end, no need for MSS clamping. That'd most always exhibit itself differently than slow page loads too, more likely to be some pages completely failing to load.

That box is capable of pushing over 1 Gbps, it's not a question of hardware on the firewall at least. That box is significantly faster than any Linksys, but your Internet connection isn't fast enough that it matters. The latency through that box will be a good deal lower than the Linksys, but we're talking tiny fractions of a ms, not enough of a difference to be perceptible. Hardware or problems at the client are more likely the cause, there's vastly more involved client-side in rendering today's websites than there is for the firewall pushing packets.

Try to narrow it down with further measurement - different client systems, different web browsers, etc. May just be a fact of life on your Internet connection. Business class connections are generally better quality and better connected, you may not be able to achieve the same level of service on a residential connection. There's a reason business connections cost as much as 5-10+ times as much.

Could this be the cause of the messages? http://forum.pfsense.org/index.php/topic,47618.0.html

$SHELL is not necessarily your active shell.  To find your running shell, do:

[2.0-RELEASE][admin@pfsense.wired.local]/root(72): echo $0

/bin/tcsh

I believe $SHELL is your default shell, which may not be what is being invoked at that time.

I'm not a BSD expert by any means either, but on every other single *NIX system I've been on, /bin/sh is the bourne shell which is definitely not tcsh.

-Lou

http://doc.pfsense.org/index.php/How_can_I_forward_ports_with_pfSense%3F

Download SystemRescueCD www.sysresccd.org, follow instructions to put it onto a bootable USB. Put Bios Files and Update tool exe on a seperate FAT (or maybe FAT32) usb stick Put both usb sticks into computer. Boot from systemrescuecd, there is an option at the bottom to boot from image of other tools (can't remember the exact name), then choose Freedos. Start freedos (sometimes, it requires a couple of attempts to find the right memory manager options, depending on the board) change to drive B:, C:, D: etc… until you find the drive where the bios & tools reside. run bios update tools.

I think the CF-card was corrupt. I reinstalled pfSense from scratch on a diffrent card and now it booted properly.
I just need to configure it now.

Okay i understand,

Yesterday i tried to set the gateway by the DHCP, with success. But what is with clients they have configured the ip manually?
I think i will block all other traffic to 10.0.30.1 by simple firewall rules and set the gateway still by dhcp.

Do you think this is a secure way for my networks?

Later, after testing in my test environment, i want to send the dhcp information through my MS TMG (DHCP Relay) from my intern dhcp server for the dhcp discover of the wlan clients. The tagged traffic gets route trough the TMG in my intern network. The MS TMG is checking for trustworthiness (AD Membership).

Do you think this is a secure way to connect the wlan clients to my intern networks? To join the wlan the clients using wpa2 with radius authentication (MS Windows Server NPS/NAP with AD integration)

Pfsense Beta1 2.1 (i386) is running on a HP Elite Book 8530p Notebook Core 2 Duo 2.53Ghz 4GB Ram with a Expresscard/Realtek 8111 being used as the WAN port, build in Intel ethernet as LAN.

The switch is a Cisco SG-300-10

The AP is a Cisco AIR-AP1242-AG-A-K9

I originally had the AP plugged into a Netgear 824 router no vlans of course, getting the feel of the AP before I setup a PF box…..with no changes it's functioning on the SG-300-10 switch.....
I still have to make some changes of course to the AP based on the new setup. For example, I still need to setup at less one Vlan and verify other settings etc... the same goes for the Switch and Pfsense.
But it simply seem like the mac and ip isn't passing though the AP based on the current settings. For the time being I have all the ports on the switch setup as access/Vlan20.

I was just assumed sense it is functioning (AP), I should be able to WOL the Pfsense box by accessing through the WIFI/AP. Keep in mind everything is powered up except for the
laptop...the goal is to power up or power down the Pfsense box. The reason for this is for my GF, when I'm not there she can power it up with her laptop by connecting to the wireless AP.

Would be running 2.0.2 with a single ethernet cable but was having issues with the switch. And 2.0.2 doesn't support my Expresscard/Realtek 8111 so ended up installing 2.1 Beta1 which does.  
I'm confident the Vlans where setup correctly, but there must be some setting  :'( within the 3L switch mucking things up for me. Will figure it out another day.
As for networking, I had no idea of the complexity until I got the Cisco SG-300-10 and started plundering deep into PF. To start off with had issues with DHCP/Gateway handout from my
ISP being able to pass though the switch. Finely got a hint to turn off CDP in the switch  :-[ .......Networking is quite a mind Wack if you look at the big picture.....Guess give it another year networking wont be so daunting.

Give me a couple of days to finish what I know needs to be done and will report back.