Post some logs. Alternatively, try a crystal ball.

Ah, well spotted. Unusually narrow WAN pipe. Steve

Yeah the networking support in virtualbox is lightyears beyond what the simple player is, atleast last time I played with player.

OK, not sure if what I am seeing is a feature or a problem. I have registered a host sip.mydomain.net      98.114.XXX.YYY  on no-ip.  I can ping it without any problems from my ipcop setup. I switched over to pfsense. I then went to DNS Resolver and checked the following: Enabled DNS Resolver Enabled DNSSEC Support Enabled Forwarding Mode Enabled Register DHCP lease in the DNS Resolver Enabled Register DHCP static mapping in the DNS Resolver I then created a new entry under Host Overrides: Host: sip Domain: mydomain.net IP: 192.168.3.6 I then went to Diagnostics -> DNS lookup and entered  sip.mydomain.net in the field.  The DNS lookup returned 98.114.XXX.YYY! I repeated the command some 6-7 times. only once it returned 192.168.3.6, the other times it returned the outside IP. What is causing this? Thanks again for the help Renato

Thanks for your help guys. I learnt something new today.

Who said it was being forwarded anywhere?

I still think my problem was their 'cloud' middleware.

Yes, it's not a good idea to block with almost all of the countries selected. In regards to your boot issue, you should have previously received "pfctl" memory failure notifications?? Also, unless you have open wan ports, you should use "permit outbound" rules as pfSense is a state full firewall by design. pfBlockerNG, is more than a country blocker, you should read the thread I linked above for other threat source lists which can help protect your network from known malicious ips.

So, Resolved.  I submitted a trouble-ticket with support.  Since I couldn't find any reference of this on the search engines or within this forum, I'll post the fix: From the looks of your errors, it seems that /etc has become corrupt on your filesystem. The safest thing to do here is a clean install. The memstick image you'll need to download is located here: https://firmware.netgate.com/firmware/memstick/netgate-memstick-serial-2.2-RELEASE-amd64.img.gz Instructions for extracting that image and writing it out to a USB memstick can be found here: https://doc.pfsense.org/index.php/Writing_Disk_Images Once written, connect to your serial console and boot device from the USB memstick. You may need to pick Option 3 to boot from USB device at the first menu. At the install menu, choose quick/easy install. When prompted for the system type select APU/VK-T40E.

@Wolf666: Half-Bridge is not supported, as far as I know. I was in the same ship, my ISP only supports PPPoA, when I moved to pfSense I changed my modem. Now I use a Draytek 120 which has a sort of PPPoE<->PPPoA relay. I simply configure my pfSense to use PPPoE, I put my ISP account there, pfSense passes them to Draytek which takes care of PPPoE->PPoA connection. It works flawlessly (low pings, latency near 0), my connection is 20/1. Since Vigor is a chip box, I bought 1 more as a spare. I found this site talking about something similar to my configuration: http://blog.magiksys.net/pfsense-firewall-default-gateway-different-subnet so I tried this commands: route add -net gatewayip/32 -iface em0 route add default gatewayip gatewayip is my isp gateway ip address received by dhcp from the half-bridge modem. With this system it works but I have dynamic IP, so every time the connection drops or the modem is restarted I have to digit the commands and find the new gateway… I've done like you, I bought 2 Vigor 120. Thanks for your reply! If somebody knows how to automate the commands above every time the connection drops please let me know! Thanks!

Anything attached to the Internet is attacked/scanned/probed/enumerated/logged hundreds of times per day, every day.  That's normal.  The error you're seeing is to do with the pfSense WebGUI which is served using Lighttpd.  One thing that seems to trigger this error is when you have WebGUI running in HTTPS mode, but you access it via HTTP with port 443 specified.  Are you doing that? http://pfsense_LAN_IP:443/

Great Thanks for your help With that information I was able to do some more searching and came up with this document. It solved my problem https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F Jason

So it has been a week…and nothing has happened so far. The FW has been perfectly stable and there have been no unscheduled reboots except for the one that will have happened at 2am on Sunday morning. Anyway, simple question, I think we all agree that doing a packet capture would be a good thing to grab to see if there is any traffic trying to reach the Internet...is there any reason why I couldn't get my script to do that? Rather than going  "Ping, fault found, reboot" why can't I say "Ping, fault found, packet capture for 2 minutes on WAN interface, save pcap file to log dir, reboot". That way when the event occurs again I will have a capture to look at after a failure that will be allow us to (hopefully) narrow down the cause of the fault. If this is possible, can someone provide the additional lines of code that need to be inserted?

Further to the above, I'm making good progress with the basic version of pfsense 2.2 firewall syslog events - just about have all IPv4 TCP/UDP working and will start on ICMP and IPv6 after that. One thing I don't have the facility to do at home is CARP, so I would very much appreciate it if people could post me some example CARP event messages for me to make sure my patterns are matching correctly.

Except that not everything on the network is a javascript-capable web browser.