If I recall correctly, ntpdate is supposed to run during startup to sync the clock with the specified reference clock. Then ntpd runs to nudge the local clock from time to time to keep it in step with the reference clock. ntpdate won't act if ntpd is running. See the FreeBSD man pages at http://www.freebsd.org/cgi/man.cgifor more information on ntpdate and ntpd. From what you have said it seems likely the hardware clock is way out of spec. I have a recollection a PC clock shouldn't drift by more than about a second a day. The software may not be able to cope with a clock so far wrong. Depending on the CPU and chipset, it is sometimes possible for FreeBSD to choose an alternate clock source which might be more accurate than whatever is being used now.

yea I now suspect that the CF was exactly the failure had issues writing the beta5 to it chucked it and got a new one.. this thread can be killed :)

@wallabybob: @BlueToast: I found a problem with this. The dnsomatic API documentation at http://www.dnsomatic.com/wiki/api says in the section Update Parameters "To update all services registered with DNS-O-Matic to the new IP address, hostname may be omitted or set to all.dnsomatic.com (useful if required by client)." Ok, yes, this worked. Thanks!

It is a highly critical datacenter (healthcare systems with critical patients at the other end of the wire) splitted on two sites (10 minutes by car) Two sites but one network, I have full layer 2 continuity between the sites, over two physical path. Sites are in active/active mode : same network servers (physical or vsphere VM) are in active/active or active/passive failover SANs (mostly VMware datastores) are replicated with on-the-fly failover(datacore) over 8gb/s fiberchannel links (two fabrics per site, two physical path) Internet and mpls access are provided through optic fiber with layer 2 continuity/failover (plus copper backup) between the sites. Internet peering is also secured with BGP failover over another ISP (copper + fiber). At this moment I have only one firewall per site, I'm thinking of how to have two firewall per site.

We have an ALIX board causing problems. It's going back for warranty repair :)

I solved the problem. Disabling CDP on the VLAN interfaces at the Cisco Router fixed the problem.

Only remove

;D Thank you very much. Using root did the trick and allowed me to transparently ssh to machines behind the firewall and using public key as credentials…very neat!

You can choose the monitor type for the load balancer entries (TCP or ICMP, I think, there may be more)

That makes sense…  Glad ya got it working...

Aha! Sorted! I've add the following line to /root/.tcshrc setenv PACKAGESITE "ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7-stable/Latest/" Works great.  ;D Thanks again Jim.

Thanks, I had misunderstood how filtering is applied but this cleared it.

cough google cough http://doc.pfsense.org/index.php/Known_Working_3G_Modems

@BlueToast: Alright, it works now. For anyone else that has the same or similar situation… Make sure you have the right CIDR. This fixed my problem. You don't have to add your static IP for WAN to the Virtual IPs page. You can have the two boxes at the bottom of WAN interface page (for bogon networks and private networks) checked/enabled. You don't have to add an entry to NAT 1:1 with your Static IP Subnet <-> LAN Subnet. Thanks for the update and glad to see you got it! Good Luck!

Marty, Post a couple screen shots of your static route page and your LAN firewall rules for a starting point. From what you explain the .0/LAN interface and the .1 static routed network are on two different physical switchs??They are not vlan setups through a  switch?  Do you have both of these subnets running off of one physical nic on the pfSense box? Which of the two subnets are the actual servers residing in? Sounds like you are getting 'one way communication' (randomly.?) If you enable logging on your lan firewall rules after lots of eye squinting you will probably being able to see what ports are not talking both directions. This would make sense why pings are A-OK. Barry

@nbben: To access it, I'd simply set my local PCs network settings accordingly. Details please. @nbben: However, as soon as it's plugged into the switch, all inbound/outbound traffic on the network stops. Please elaborate: All traffic from all PC's you modified but not traffic from PCs you didn't modify? All traffic from existing connections? Pings by hostname? pings by IP address? traffic originating in the pfSense box connected to the Internet? Was the pfSense box connected to the Internet still running normally? Did it report anything significant on the console or any of the logs? etc

No. You could give those static allocations in your DHCP configuration, but that's about as close as you'll get.