Yep, you're right.  Thanks for pointing that out.

Ok, I figured out why pfctl was hanging up. One of the captive portal rules was too long. I'm working on a patch to break up CP rules into smaller chunks in /etc/inc/filter.inc.

Just wanted to post this in case someone else runs into this thread with a similar problem.

No reply and I couldn't solve the problem so I went removing the package.

Just stopping the service didn't help… web browsing was extremely slow, that's why I tried removing the package completely and things got back to normal.

Then I reinstalled the package and it kept all my previous configuration, and it started doing the problem again.

Is there any way to make a clean remove and clean install of a package (or more specifically the squid3 package) ?

Thanks!

Did it like this. Now all three leds are green from the beginning of booting. Nothing comes to the serial console anymore.

For an explanation and solutions see: https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

Steve

Diagnostics: Backup/restore

Under backup configuration you have specified 'all'?

If packages are not reinstalled have you then tried the Package Functions 'Reinstall packages'?

Go to System: Routing: Gateways tab. Edit your wan gateway and disable gateway monitoring.

Steve

If check_reload_status is using high CPU, that is a symptom of another cause. Usually it's that a gateway is being flagged as down/up, or an interface is bouncing somehow.

I've also seen that in one case where it as a dodgy DHCPv6 server at the ISP on their WAN, disabling DHCPv6 on WAN settled it down.

There is not currently any way to create users certificates from the shell.

The actual commands are wrapped in functions. What you'd need to replicate is the user input that would be similar to fields entered in the user manager and then replicate what happens when the save/apply action is performed. The hard part isn't getting the data, it's the input validation to make sure what is entered is valid/makes sense and can be used to add a user/cert.

This document might help you with your filtering bridge setup:
Transparent Firewall/Filtering Bridge

Found with the search function of this forum.

Those are real errors accessing the disk. So it is not that the file system is full - it is that there is some disk problem. If this was working fine for a few months, then the errors started, that means it is not a general FreeBSD driver or disk SSD firmware issue. It seems that the disks are failing in some way. It is surprising that you are getting similar failures then on 5 different systems.
Someone else might be able to advise what might be going wrong with a whole batch of disks!

There is a curses based web browser that you can use but it's fairly ugly.
See: http://www.freshports.org/www/links

Steve

Learning what you're doing will actually SAVE you time…

@stephenw10:

@Arisian:

The great thing about Christmas, is that my wife apparently still wants the internet to work today. Pssh…

Ha! I feel your pain.  ;D

What _JT has described above should work but it's not how I would do it or many other people here on the forum.

Having your R7000 NATing between the 10.0.0.0 and 11.11.11.0 subnets is a bad idea. You're just making far more work for yourself, increasing the possibility of errors by many times. You should have one internal subnet and allow all the devices on it to be handed and IP by the pfSense DHCP server. You can probably turn of routing and NAT of the R7000 using DD-WRT (it's been a while since I used it) in which case you can use all 5 ports and you'll see no reduction in throughput.

You shouldn't be using 11.11.11.0 at all because that is not a private subnet! If you ever need to access a server at 11.X it won't work.

Steve

I understand what you mean…if the server of the TS is not sufficient to handle both firewalling, NATting and traffic then it might be best to buy a new router. Just built one myself with an Athlon 5350, works great :)