@lovene: I need to audit all firewall activity but cannot achieve this. I need to print audit reports of all changes. Exactly what do you mean by "all firewall activity"?  All packets in and out, blocked packets, passed packets?  Logins?  File changes? "All" has the potential to cover a lot of ground, specific help requires specificity of what you are trying to accomplish.

whats the output of ifconfig -a?  Is your WAN interface at the correct speed and duplex?  What did you do with "traffic shaping"?

I see squid running. I bet you had a memory spike once or more that caused some pages to get swapped out, but those pages have yet to be referenced again and just stay in limbo until the next time they are needed. Also, you don't need to reach 100% memory usage to get paging. Memory gets fragmented and if there are no large enough contiguous segments, the kernel may need to swap out pages to effectively defrag the memory.

@Derelict: pfSense will do multiple scopes just fine. It just can't be configured to accept helper requests from multiple subnets on one interface. Well that's just silly.

your typical off the shelf router is a firewall as well, it just has limited features in allowing configuration of the rules.  Many of them have very limited outbound controls, and inbound are all pretty much just port forwards with varying degrees of features depending on the make and model. But in a nutshell out of the box pfsense is same as any off the shelf home router in what it does.  It nats, all inbound traffic that is not direct answer to a request is blocked, while the default outbound rules from lan are any any.  This is pretty much what every off the shelf router does. Where pfsense allows you to go way beyond what any off the shelf router would allow you to do when you want to get fancier than that.  But if you want to use it like that - that is pretty much how it is out of the box. And yes you could even enable UPnP if you want it..  Where your off the self router is normally just an on and off checkbox, pfsense allows you to get fancier with allows and deny specific ports or deny from all except a specific IP to request, etc..

BTW, there is a dedicated IPv6 forum.

Please can someone give me a hand on this one?????

Looks to be a "bug" or at least a deficiency in the system? https://redmine.pfsense.org/issues/4474

All you need to backup is the config.xml (Diag > Backup/Restore). You can reinstall + restore faster than you could image the disk back.

Normally when you put a wifi router into bridge mode the wifi would be disabled, if yours is still on - I would connect to it and disable it.  If you can not connect to it while in bridge mode then put it back in router mode, disable the wifi and then back to bridge. As stated if you want to use vlans with your wireless network - get a AP that supports them, and make sure your switch supports them as well.  Unifi makes reasonable priced AP that do vlans, the latest gen AC lite model is under $100 - I have multiples SSIDs running on different vlans.

Hello marvosa, thank you for your reply. Yesterday I figured it out. I didn't use Outbound NAT which solved my problem  :D Markus

We have had a couple reports of crashes in dnsmasq on 2.2.6, there is a thread with a fix you can try. Alternately, install the service watchdog package and have it monitor dnsmasq to restart it when needed.

it's been several days I'm working on but I do not find solution !!!! I found that : https://www.reddit.com/r/PFSENSE/comments/3hk4f1/openvpn_logging_format_grok_is_killing_me/ Laurent

I found a regex that matches: regexp=(\w+\s+\d{1,2}\s+\d\d:\d\d:\d\d)\s+([\w-_]+|\d+.\d+.\d+.\d+)\s+.(\d+):\s+(\d+):\d+.{(\w+).}\s+([\d.]+):(\d+).*\s+([\d+.]+):?(\d+)? https://www.alienvault.com/forums/discussion/comment/13034/#Comment_13034 This post can be closed.

Nice to hear , that the problem is solved ;-) Grtz DeLorean

It depends entirely on what you want to do. If you want to manage site blacklists and such, then Squid/Squidguard would be a good way of accomplishing that. If you want to log/view traffic, then Ntop is the answer. There are no real "must-have's" - just install what you need to do the job. To see how much disk space you have, click on 'Diagnostics/Command prompt'. Type 'df -h' in the field below 'Execute Shell comamnd' and then click on the 'Execute' button. The dashboard also shows disk usage near the bottom.

All NICs are available leading me to believe that the problem is intermittent. I haven't had a chance to rebuild my pfSense yet, but am gearing up to do so soon. In order to isolate the problem, I will be redoing the NIC configuration. In my previous config I had the WAN running on the on board Intel NIC. I will change this to the LAN port. The other NIC is a dual port Intel pro/1000. Question? Would it be recommended to run both the WAN port and VLAN on the dual port NIC? Or should the WAN be on it's own dedicated card? I have one PCI x1 slot left if necessary to add an additional card. The issue is finding a compatible half-height legacy PCI Intel NIC that would fit in the M58P.

Hmm, so so there are new found issues with the old box. I plug it in and swap over all the interface cables, and get logged in. A couple of the wan ports are down, so I bounce the dsl modems. They all come back up but something strange, wan 1 and 3 have identical gateways.  Power cycle again and same thing… very strange. I cannot resolve any external host, nothing.  Check the General Setup and yes there are 5 DNS servers specified.  All the interface settings are right. So I delete wan 2 and 3, the GW group and verify the firewall rules are now looking at * for a GW.  still no internet access, no DNS resolution. Check the DHCP leases and my IP is not listed.  release/renew have a valid IP.  Refresh the DHCP Leases page and mine is still not listed.  Change the primary and secondary DNS server, release/renew I have them.. the two new DNS IP's but still my leases does not appear in the list. So I swap back to the new box to post this reply.  I sear on my mothers grave that the old box worked when removed from service roughly a month ago now.

Looks like I've solved the issue. In my case I had to disable beastie from boot. My /boot/loader.conf.local is as following loader_delay="9" beastie_disable="YES" Already rebooted few time and works like a charm. Also I encountered the same issue using USB HDD and Full Pfsense install -> did it to troubleshoot. That makes me lean towards some wiered USB controller issue and beastiie.