Yep, it wasn't dying.  Went in today and saw the syslog service running on the firewalls, so went to try and figure out why the Cisco switches were talking to syslog server but not the production and test firewall.

Turns out the network that the firewalls is on is considered public by the Winows Firewall on the Syslog Server.  Changed the setttings to allow the public network through to the syslog service and the meassges started flowing in.

Thanks for the input.  It did make troubleshooting easier.

See this post/thread: http://forum.pfsense.org/index.php/topic,55441.msg296357.html#msg296357

Steve

ps: I also tried accessing from different browsers and different computers with Linux and Windows, and the result is always the same.

Sorry- missed this till now.   But updated earlier to latest 2.0.2 release on that box and all is good!   :)

Thanks!

@franci:

when I looked at the system logs I get only a "Segmentation fault" message.

How did you look at system logs? In "modern" versions of pfSense it is necessary to use the clog utility because the logs are kept in a special format (circular log) which is limited in size.

Please post the output of the pfSense shell command```
du

Why not put the pfSense box out in front, give it the public IP, and then create two networks behind it, that can both access the internet but not each other. There must be a way to set the Huawei modem/router into bridge mode. So then you have WAN, LAN1, LAN2.

@Atomjax:

Steve

I guess that is the part I don't understand. Why would both be set to none and why does there need to be a third network involved?

What I have done so far:

1. Configured the WAN interface with a public IP. We will say 111.111.111.19/29 with a gateway of 111.111.111.17
2. Turned off NAT
3. Enabled net.link.bridge.pfil_bridge
4.Enabled the OPT1 interface without any further configuration for the interface.
5. Configured with the Bridge with the WAN and OPT interface. No advanced settings were configured.

What I want to accomplish is this. I have a public /29 subnet. I want to be able use and firewall the whole subnet with only one outside interface.

Thanks for your help.

J

When you put interfaces into a bridge, you generally no-longer will set an IP to the interfaces directly. You will assign an ip to the bridge itself which is like a virtual nic that is present on the bridge. So essentially do not set any IP on WAN, set the IP on Bridge0 instead.

Thank you; I had actually followed that thread a bit over a week ago, but it seemed stalled - I'll check back in a few days.

Are you using VLANs on the WAN connection ?

I read something that when using the parent interface and a VLAN member of this interface that the parent interface counts the child and itself in the traffic counter. Not sure if it is 100% correct what I said but there was something strange with that.

So no suggestions?
How to stop the update script?

Run pfSense and, say, nas4free as vms under the hypervisor of your choice.

Steve

Nice.  :)

Steve

@cmb:

Doesn't have any effect on anything we do or any of our users.

Thanks just wanted to make sure.

http://doc.pfsense.org/index.php/How_can_I_edit_the_PF_ruleset

I would assume you could edit them with pfctl if you wanted - but wouldn't survive reboot, etc.

You can do that, but we run so many things from the web server that it would be functionally no different to allow everything.

"If i was to deploy pfsense on my dedicated web server."

What?  Do you mean putting your webserver "behind" pfsense box?

I would not suggest running a webserver off of pfsense other than very minor sites if you had no other choice.

Ahh, interesting. Thank you very much!

Ah good to know and thanks for confirming.  :)
What would be useful would be to be able use some of the system "aliases" in firewall rules. For example use Private_networks or Negate_networks. As it is I have an alias I setup myself, LOCAL, but I have to remember to update it if I change anything and it doesn't include the WAN IP (though could it?). Negate_networks does that automagically.

Steve

Thanks Jimp, that did the trick nicely.