Ha, I hear ya.  :) I confess I've done that in the past where a real switch would be much more appropriate. Good to know it can be done if needed even though mostly it shouldn't. Steve

@jimp: Packages and updates for Factory and CE use different sets of backend builders and repositories. Builds happen at different times and depending on how things happen, an update may not be synchronized from one side to the other until a later build run. It's usually very temporary when things are out of sync in that way. As always, Thanks Jim! It was just an anomaly that neither BBCan177 nor I could account for other than the Factory build.  I knew from history they eventually show up… BUT, we were trying to test something invoked by the PR and I needed the _8 release to test.  I tried to keep it out of gen pop but someone had other ideas.  I know better now. Rick

^ true if the client was running the vpn through the router to the pfsense as a road warrior sort of connection then no you wouldn't have the asymmetrical issues.  That is not how I understood what he was suggesting on doing. But then every client wanting to use the application would have to run vpn client.

I understand. It's pretty secure out the box, everything is denied on WAN, but you can add block rules or remove the default allow rule on LAN to tighten up outgoing traffic. Keep asking questions if you have them.  ;) Steve

Sorry guys, I have solved my problem Opening the file rc.update_urltables on PfSense I have seen the forceupdate parameter I have modified the cron schedule such this: /usr/bin/nice -n20 /etc/rc.update_urltables now forceupdate Now It works perfectly Best regards, Jack Reference: https://github.com/goldchang/pfsense/blob/master/etc/rc.update_urltables https://github.com/goldchang/pfsense/blob/e0c1bfd7421c5a805b27a80247c4095c8efeab99/etc/inc/pfsense-utils.inc

@johnpoz: "The services I'm running are darkstat, dhcpd, dasbl, dpinger, iperf, named, ntpd, radvd, snort" "hen I replace the pfsense firewall with a Linksys E1200, I can use the internet again." Your little linksys E1200 sure and the hell does not run snort ;) Are you just on the lan interface, or have you created multiple network interfaces?  What rules did you put on them, etc. What exactly is dasbl – do you mean dnsbl from pfblockerng?  That could be causing you issues with internet access.  Which your linksys sure wouldn't be doing either. There is way more you can mess up with pfsense vs some really black box soho nat router with only 1 network.  And really almost zero control of the outbound firewall rules, etc. I know the Linksys can't run snort, just was pointing out I knew it wasn't my internet connection. I reinstalled pfsense, reinstalled all my packages and ran into the same issue again.  It has something to do with pfblockerng.  I just haven't had the time to dig into it.  I also don't have the know how either to look into it.  Maybe one of these weekends when I'm a little less busy, I'll reenable pfblockerng and see what the error message is and report back…In the mean time, I have it disabled.

I have seen something similar, where messages from certain services/daemons seem to ignore the time offset and are hours different from current.  No idea why it would just stop.

Thank you for being patient with me! I think the switch is working, but I reconfigerd it anyway, discovered that two of the ports I used was 10/100/1000 and the other two was 10/100. But no difference. So I started to check again which combinations worked. igb0, igb1 => worked igb0, igb2 => Not working igb0, igb3 => worked Any combination with with igb2 did not work. I tried with igb0, igb1, igb3 and it worked! Then I added igb2, and now it is WORKING  :o :o without reboot! And it is working after a reboot!  :) :) All together it is a bit odd. I will, when I get the time, install from scratch and see if it is the same. But in all, in the beginning pfsense was a little bit strange, but playing around with it for some weeks, I do really like it! I really love some features! I don't know why I was stucked for so long with Smootwall… Probably because it just was running and running and running! Have a really nice ester weekend!

That was kind of a "mobile" version you get with a phone or disabled scripts or something like that. Has been there for as long as I can remember.

Somebody have a clue?

"vlan 1 untagged on all ports (hard coded) " What kind of shitty switch is that?  Even the 30$ smart switches allows you to change the pvid of the ports.. Here is a cheap switch I got for I believe like 25$ as you can see I can change the pvid of a port.. So this is the untagged vlan that is on that port.. Which is what you would connect to pfsense port you have your vlans on.  See the ports that are in pvid 20.. That is the native vlan I have on pfsense interface that other vlans run on. What is the make and model of this switch your using?? [image: shittyswitch.png] [image: shittyswitch.png_thumb]

Thanks for your replay, this is all the configuration that we have in our sites [image: pfsense.png] [image: pfsense.png_thumb]

did you make pfsense domain localdomain.com when you set it up and call it pfsense.  That if pointing to pfsense for your dns that is how it would work out of the box.

Anyone?

We have confirmed the issue is the SG-1000 not liking the Cisco's switch being fixed to 10Mbps Full Duplex. The ISP changed their device to autonegotiate and the SG-1000 works as expected. Thank you to everyone for the assistance.

Have you tried? ifconfig eth1 | grep 'inet'