Just about all CF cards created in the last few years have wear leveling.  You'll be fine with that card and the 4GB NanoBSD image.

Using beta 2. Dosen't seem to have the problem…  yet :)

@XIII:

I thought that was on the roadmap? is it just that it has not yet been implemented?

Per-page permissions are there, but not "read only users" that can look but not touch. There's no code around for that that I'm aware of.

pfSense isn't linux, its FreeBSD.  OSX isn't linux either.  Its based, loosely, around the FreeBSD core.

well actually i got it from you wagonza. i searched for missing gateway and came across that

Also, what sshclient are you using ? I have noticed trouble with some clients sending unwanted characters when working on older unix-systems.

@jimp:

Have you rebooted since that change? Some processes will only pick up a TZ change after a reboot.

Hmm.  Probably not.  I'll give that a shot.

Hi and thanks for the feedback.

@eirikz:

What version of Vmware is this ? ESX ? Server ? Workstation ?

I'm using the vmware player.

@eirikz:

Also, you are on a totally different subnet, so no wonder you cannot reach the pfsense..

I'm aware of that. I was expecting that windows would take care of the network addresses in this virtual lan.
Even so, I tried setting up the lan address in both subnets (192.168.30.2 and 192.168.229.2) without success.

Do you have any check list or troubleshooting guide for this kind of issues?

thanks again for the help

If these are internal interfaces, they do not require and should not even have gateways set.

Items inside those subnets should use pfSense as their gateway, and pfSense will use its routing table to forward them on, which if 1.2.3.4 is the gateway to your upstream, it will all route properly.

I think I might have answered by own question;

http://forum.pfsense.org/index.php/topic,26759.0.html

I was completely wrong on the subnet masks. My subnet mask for my WAN interface was incorrect. Thanks for the prompt help and the link. It's working perfectly now.

Running "top" to see what process(es) are tying up the CPU would be a prudent first step in troubleshooting this.

I didn't. I guess it's the Netopia 4541 router on the WAN end which bring this. There is no option in the menus to act on this.

@jasonlitka:

2.1 only has 4 open tickets.  We should see it by the end of January, right?   :)

Add in all the "future" ones :-)

Has no one an idea?

Please start new threads for new issues. This is the second post of yours which I had to split into a new topic due to unrelated content.

I split your post into a new thread, it was unrelated to the thread in which it was posted originally.

If you want to make your BIOS boot from CD, you'll need to consult your system's manual. Every BIOS is different, so there is no single set of step-by-step instructions that can be written to help you.

In general, it goes something like this:

Get into BIOS (varies by mfg, could be Del, F2, F12, F1, etc) Find boot settings (Could be boot menu, or advanced, or anywhere really) Adjust the boot order (Could be by pressing enter on an option, hitting +/- to adjust order, hitting F5/F6 to adjust order, etc) Save and exit (Could be a menu option, could just press esc, maybe a special key, etc)

Make sure that your hard drive is still bootable, just at a lower priority than the CD.

I don't know the scale of the problem: for example is this for a "large" research lab that just got an "intelligence" contract and now has to "do something" about security or is it to protect the computers of the rest of the family from grandma's laptop (which has proved to be something of a virus magnet) when she comes to visit and plugs it into any RJ45 socket in the house that seems good at the time.

The details of the requirements seem to be gradually unfolding. Lets see if I can flush out a few more.

Here's a couple of other ideas to consider:

Disconnect the cables (apart from cables to sockets you can physically secure or are always "insecure") and require the mixed cases to use encrypted wireless with multiple wireless networks (at least "trusted" and "untrusted").

Use VPNs (Virtual Private Networks) on the cable. The VPN encryption isolates the "networks".

If either of these are ideas could be useful (and I can think of a number of reasons why they might be "less than ideal") then I think you would probably need to provide further information along the lines of the number of computers involved, frequency at which computers change from "trusted" to "non trusted" (and vice versa), distances between computers, intervening materials, bandwidth involved, communication patterns, budget etc because neither of these ideas would scale as well as the other "less than ideal" proposals on the table.

Some more questions: what makes a computer "trusted" or "untrusted"? Location ("untrusted" in an insecure area because someone passing by could see "sensitive" information on the screen)? the computer's function ("we don't trust the computers controlling the dishwashers because the software comes from North Korea")? the computer's user ("Grandma has an uncanny knack of downloading the most active and vicious viruses")?  something else? And what causes a computer to change from "trusted" to "untrusted" or "untrusted" to "trusted"?

I've been a bit light hearted here partly because I confess a growing suspicion that making minimal changes is a higher priority than implementing any genuine network isolation and if that is the case I'm probably not very effectively using my time if I make any further contributions to this topic. My apologies if that suspicion is unjust.