Yes you can delete LAN, though you could also just reassign it to one of your VLAN interfaces. The only thing that makes LAN different to any other interface is the pre-defined firewall rules.

You will only be able to access the webgui via another interface if you have setup firewall rules to allow it.

Steve

Yes you can make it bigger, though you shouldn't have to. The only restriction is the amount of memory it uses, as far as I know, though I suppose it could have some other consequences if you made it ridiculously large. E.g:

@http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/configtuning-kernel-limits.html:

The NMBCLUSTERS kernel configuration option dictates the amount of network Mbufs available to the system. A heavily-trafficked server with a low number of Mbufs will hinder FreeBSD's ability. Each cluster represents approximately 2 K of memory, so a value of 1024 represents 2 megabytes of kernel memory reserved for network buffers. A simple calculation can be done to figure out how many are needed. If you have a web server which maxes out at 1000 simultaneous connections, and each connection eats a 16 K receive and 16 K send buffer, you need approximately 32 MB worth of network buffers to cover the web server. A good rule of thumb is to multiply by 2, so 2x32 MB / 2 KB = 64 MB / 2 kB = 32768. We recommend values between 4096 and 32768 for machines with greater amounts of memory. Under no circumstances should you specify an arbitrarily high value for this parameter as it could lead to a boot time crash. The -m option to netstat(1) may be used to observe network cluster use.

I guess that advice is a bit old now, 64MB is not going to trouble your system!

Steve

I could do it with root and scp transfer.

Thank you.

In Endian it works well… I haven't defined all 8 IP's because I dont use it

endian.png
endian.png_thumb

thank you very much Steve.  :)
booting from USB is OK and pfsense installed successfully on SATA DOM.
the problem was USB CDROM.

Guessing it could have something to do with the NIC's that virtual pc is emulating. Don't think anything other than Windows is supported on virtual pc and afaik it emulates a network card that most OSS operating system don't fully support…

I'm still having trouble with this and I do not have the answer.
Does someone know or can tell me in which way seeking ?

Airy

@Phonebuff:

I appeared to loose all DNS resolution and specifically the CBeyond DNS as the SIP registry went away.

–---------------------------------------------------------------------------------------------------

Did I miss something in my configuration(s) ?

JMS.

I see you mentioned Asterisk later in the post.  The fact you lost all SIP registrations to the server is a very well documented Asterisk problem.  If your Asterisk server loses DNS resolution (sounds like you have a SIP trunk as this bug doesn't affect TDM devices from what I've heard), then it will fail to respond to SIP registrations itself.  There have been many attempts at work arounds (dns caching and such) but it will still always fail eventually.  It sounds like you got your DNS issues sorted, so you probably noticed your phones started to register at that point too…

@al1x:

OpenSSL? crypt? pam? I haven't looked at them in depth but they would seem to be relevant.. no?

crypt applies strictly to DES hashing, which we don't use anywhere. The PAM one isn't applicable to anything we do. The OpenSSL one, we got a private heads up related to that which I can't discuss, but it's not something that's applicable in our use cases and there are other reasons it's been delayed until now (like the additional one on sysret, though local priv escalation generally isn't applicable either). Now that the sysret one is settled with the updated advisory this week, we'll have 2.0.2 out shortly.

We have a good relationship with the FreeBSD security team and are always on top of security advisories. If/when there is ever a reason for a quick update, we'll put one out immediately.

If you're running from live CD (or memstick, which is the live CD for USB flash), you can't install packages. If you're running full time from USB flash, use nanobsd on it, not memstick.

Take a look at this: http://doc.pfsense.org/index.php/Multi-Link_PPP_%28MP/MLPPP%29
This is only the client side however.

For the server you will have to look elsewhere.
Don't really know where. Google.

@virtualliquid:

it does not break and I now have nothing to play with :(..

:D
I feel your pain!
External syslog server and analyser? That's something I've been meaning to setup for a while now.

Steve

I can ping all of the Google DNS Servers.

Server is HP Proliant DL580 G4
Quad 3.6Ghz DC w/ 64GB
Running 2K8 Datacenter

I have 3 more exact servers arriving in the next few days along with 4 PCIe Mellanox cards.
The Idea is to set them up as a cluster.

Anywho…
Apparently it didn't want to use the DNS servers untill i supplied it for them in the IPv4 config.

Thanks Steve for all your help

what about setting up a captive portal on pfsense ?
captive-portal connected to freeradius. if they use their username/password on the switch or on CP. Would that make any difference ? CP is always active on pfsense NIC.

If you enable CP + 802.1X then you must add a pass-through for the switch on CP so that the switch cans end access-requests through CP to freeradius.

Since it has been about 6 months since the stats were last posted, is there a newer estimate of the number of live pfSense installs?

Thanks!

Thx a lot. One of the strenghts of pfSense really is that forum, too!

thanks for helping  ;D

hello you can use this tutorial and skip the capive portal if you dont need captive portal!

http://blog.stefcho.eu/?p=754

I forgot you just have 2 nics, maybe you could use a usb nic for the third one?