This was the issue: https://forum.pfsense.org/index.php?topic=109763.0

chpalmer- If your using ports 0-3 try moving over to ports 4-7 until you get your replacement.  Once the ports start going they tend to run in pairs… Thanks for the heads-up on the NIC ports. I remember reading in the excellent "Firebox" section of the forums that the right side ports (msk0 thru msk3) were suspicious, and based  on the comments I've avoided using those.  So I'm reluctant to make any change pending the replacement firewall(s.) Still, wondering about the root cause.  I was under some duress, and didn't copy the logs before rebooting.  A quick glance at the dashboard gave the false impression all was okay.  Seems like the auto-reboot script similar to https://forum.pfsense.org/index.php/topic,17243.0.html could have brought the box up without my intervention.  Seems there's mixed thought on reboot scripts, but I've now added a variation that might come in handy, if called upon. Thanks everyone… Peter

2.3-RELEASE is out today

I get to plug another hole in my knowledge every day. That seems to have fixed it.

I had issues upgrading from RC to 2.3 release but I did a clean install in like 15 minutes I was back up and running. Thank you all who were involved in the project and getting 2.3 released. Well done guys. Very impressive release.

I just updated pfSense to 2.3 and added that line to System Tunables. Let's see how it goes now. Regarding Hardware: ASUSTeK COMPUTER INC. P8H77-M PRO Intel i3-3220 re3: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">re2: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">re1: <realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet="">re0:<realtek 8111="" 8168="" b="" c="" cp="" d="" dp="" e="" f="" g="" pcie="" gigabit="" ethernet=""></realtek></realtek></realtek></realtek>

Not that it's likely to be an issue, but it looks like phil.davis and sinhkh87 were using two different alias names - sinhkh87: Alias created with name wordpress_org phil.davis: It worked for me looking up the exact same name wordpress.org and pressing "Add alias". Still much more likely to be "updated-before-current-changes" problem, but just in case….....

If you want a more secure CA you should look into something that supports CRL's to be fetched from outside the device. Also set up an offline root CA (a virtual machine on a crypted drive, never attached to the internet or something similar) and a intermediate CA that is available for signing and CRL's. The offline root CA is only used to publish a new CRL for the intermediate CA. Then again.. is there any point of doing this for home use? Probably not..

I went ahead and just used the native pfsense implementation and retired the VM. It's now working. Thank you though for the help!

I'll try..Could you point me to one of those threads? thanks again

pfSense needs separate interfaces for WAN and LAN. If you can't add another physical interface your only other choice is to connect a VLAN capable switch and use VLAN interfaces for WAN and LAN.

I think nagios account is jailed.

Thanks for the report. Just pushed a fix.

yes it was changed to E_warning  gather that then changed it back as it breaks traffic graphs and a bunch of stuff edit ok I see what I might have done  wrong will try again

Huh??  I have a vpn connection to one of my vps, I can create a rule and route any machine or all machines through that gateway on 2.3 without any issues. How about what version of 2.3 are you on, what other packages you might have installed and exactly what your trying to accomplish? See attached, I create a rule on lan to route my one box through my vpn connection, IP is vpn IP..  Disable rule and then IP is my normal ISP ip.. [image: enabledrule.png] [image: enabledrule.png_thumb] [image: disabledrule.png] [image: disabledrule.png_thumb]

From what I can see after teasing out some information on my own it looks like your firewall is correctly forwarding the port traffic to your cpanel server. I can see I'm getting a response from the server from my own network on that port, so on the face of it - and given the wealth of information you've provided so far - it looks like the cpanel server is either not routing out correctly or there's a redirect taking place on the cpanel server which is failing. If you'd like to furnish some more relevant information - like the actual firewall rules, the routing table for the cpanel server and your NAT rules - it might be possible to get to the bottom of the problem. But based on the limited information, I'd say this is a problem with your cpanel server or possibly your internal network environment.

You can't enable bogon blocking on an interface that acts as a DHCP server, it'll block the DHCP requests. It's not doing anything useful on LAN anyway, just disable it on LAN.

Give it several minutes on the page, then leave the page and come back to it.  DO NOT refresh as that will just issue the update command again.  Changes in pfSense 2.3 at the system API level due to Bootstrap have made the progress bars used by the old package code non-workable, so there is no visual indication of the download progress. Take a look at the log file on the UPDATES tab and see what it says. Bill