Brilliant! That was the problem. Thank you so much for the quick fix!

I have @gsiemon's logs and will work on this over the weekend.  There are some other issues on the ALERTS tab as well that I have fixed already.  I will bundle everything up into a single update and post it within a few days. Bill

@emce: Nope, I'm not currently running an IDS.

Not down. It prefers IPv6 unless you changed that under System>Advanced, Misc, so if you have IPv6 you'll need to ping6 to test. If you have what looks like IPv6 connectivity but isn't functional, that'll break it like that.

We've hinted at it (and I think mentioned it outright at least once) but yes, NanoBSD will be on the way out. It was good at the time, but the limitations it imposes are really not needed these days. The added complexity of dealing with its wasted space, extra partitions, ro/rw switch timing, etc, are all things we'd be better off without. SSD prices are down, and quality is vastly increased, and worrying about writes is not something many people have to do these days. Plus a full install with /var and /tmp in RAM would not have that many more writes than NanoBSD (for the base system anyhow…)

dude does your wifi come into pfsense on different interface?  If not then you would have to create your rules to block only specific IPs that are the ones you want to block, or allow depending on how you right the rule.

Alright, well I don't know how much that zbox set you back, but you have to isolate the issue somehow.  I would suggest testing a new install on different hardware.  If your symptoms go away, which I believe they will, you know your issues are coming from the zbox and it'll have to be replaced. You also try USB NIC's, but I don't know how reliable that will be.

Most likely whatever startup script/action you're running is wiping all that out then. Those aren't in a place that would be removed by the firewall itself.

The two pages you're looking for are here: https://www.pfsense.org/our-services/gold-membership.html https://www.pfsense.org/get-support/software-support.html Gold membership doesn't include support - hence the second link.

virtio is best regardless Thanks for the info. I was wondering if it was a wise choice.

Hi, thanks for your replies. NIC status says 1000mbps. I did change the cables after seeing interface errors and it seems it is okay now. Still observing though.. thanks guys!

Thanks to tips Please keep reading and you answered my question :) :) :) ;) ;) ;)

@jimp: Looks like /usr/local/sbin/gmirror_status_check.php lacked execute permissions in the repository, so this should fix it: chmod a+x /usr/local/sbin/gmirror_status_check.php Yes!! This fixed it, Thanks JIMP

"LAN on 192.168.1.0" won't work with a /24 (or 255.255.255.0, it's the same) netmask. Valid IPs are from 192.168.1.1 to 192.168.1.254 and your LAN has to be in that range! The same for your WAN networks, of course. .0 is the network's address and .255 the broadcast address (in a /24 network). @Ste178uk: … I can not connect to the webpage on the WAN interfaces... ??? If you want to connect FROM your WAN interface you have to add a rule to allow this.

Rebooting the modem on change of device connected to it is not faith based computing..  You have to clear its cache of the mac of the device it connected too..  Since they give you no interface into the things, the only way to reset that is reboot it. The instructions laid out marvosa are correct order of how you would swap out a device. What I do to get around having to reboot the modem when I play with different distros for firewall/router - I always go back to pfsense, but like to see what the other guys are doing every now and then.  Or if want to play with different version of pfsense, or want to try some with clean install of pfsense is just make sure all the VMs always use the same mac that is connected to the modem.  This way I don't have to reboot the modem and always have my same public IP as well.

found out it was the shutdown wake on lan that was the issue, changed it to enable and while i was in there i enabled patter match, dont know if i need this but oh well shutdown WOL - enable wake on pattern match - enable job done

Hi jonathanbaird, Well - after some serious head scratching you'll NEVER guess what the issue was.  Some joker (hilarious I think not) had added an EAST coast IP address to my WEST coast system.  This not only explained why I wasn't getting responses back from the other side of the VPN, but also why the response was coming from an IP address that I hadn't even asked for.  So all my logic into when a ping gets a response but with no destination was a little misguided. For shiggles, I'll explain what happened in more detail : On my WEST system (192.168.101.123) someone had added 192.168.100.3 to its IP stack. This obviously explained why, when attempting to ping the EAST coast system of 192.168.100.20 I get the (correct) response "Reply from 192.168.100.3: Destination host unreachable".