And remember that the whole configuration is done from the webGUI. It might be handy to look at some logs, conf files etc from the command line, but everything is generated by the config entered through the webGUI. Don not (and there is no need to) edit stuff (conf files, change interface settings…) from the command line, those changes will be overwritten the next time pfSense re-creates them.

Are you just trying to go straight to a shell rather than having the config wizard (or whatever it's called)? If that is what you're trying to do, changing /etc/rc.initial probably isn't the best way to go about this.

The reason why /etc/rc.initial is being executed after logging in via SSH is because /root/.profile is set to start it for interactive sessions. If you want to immediately launch tcsh rather than rc.initial, change /root/.profile to use /bin/tcsh rather than changing rc.initial. Doing it this way should leave /etc/rc.initial intact in case you need to use it in the future.

Edit:

Reread your original post, sounds like you just wanted to get straight into a root shell rather than use a script to enter options on the wizard

maby your proxy is blocking some https traffic?

check logs on this side as you try to download packages and try to spot some rejected requests from the proxy.

Zikmen

Im also thinking that its because apinger has failed, for some reason my cable modem keeps on dropping.

Do you mean the 4150? I can't find a 4140.

Kind of beyond what I have access to but we're talking about some big numbers.  :) Hopefully someone else will come along to put some better figures to this.

It won't max out all your NICs which could be 16Gbps if all 8 were somehow managing to stream 1Gbps in and out simultaneously!
I would guess it will be >4Gbps though that is a guess. PPS becomes a more meaningful measure at those speeds because the contents of the packet can vary greatly, affecting the throughput bandwidth, while the number of packets forwarded remains relatively constant.
That CPU is only dual core so you won't see quite the same step up in performance from 2.2 that some others will due to the multithreaded pf in FreeBSD 10.

Steve

I do not know if it will work for everyone
But it worked for me

http://makandracards.com/makandra/1258-install-the-verdana-and-tahoma-fonts-under-ubuntu-linux

Whenever someone around me asks questions about implementing pfSense in any commercial environment I usually pull up this document and show them.

https://doc.pfsense.org/index.php/Comparison_to_Commercial_Alternatives

pfSense can easily be configured to port forward on a port by port,  1:1 NAT, or even act only as a firewall to devices/computers behind it that have their own public IP addresses.

:)

Ohh…you are right. It was a stupid configuration failure deep in the night...i didnt think about it.
Thanks  :o ;D

Thank you for your replay.

I'm using squid3 3.1.20 pkg 2.1.2.

The Dynamic content feature that you mention is enabled, but the problem exists. Maybe there is another parameter that i miss?

Thanks again.

Gonna take a look at that when I'm at the location again, thanks. I think I might just disable ipv6 inside the network completely; I'm guessing it has no added value whatsoever but the adresses are harder to remember :D

@P3R:

@phil.davis:

I think it tends to appear on interfaces that have VLANs or other aggregation methods where there is traffic for multiple logical things flowing on a single physical connection.

I have the bug with neither VLAN nor any interface aggregation. I do however have IPSec site-site connections active, so in that sense there are multiple logical channels out on the WAN.

We dont have any vlans on the pfsense box but we do in the network.
We have openvpn runninn.

H.

@HDM21KW:

Thanks for reply. following your instruct , and after restart PFSense , Snort recognize my whitelist ! E-Mail runs good , but port80/443 needed access in blocked hosts list , individually add IP/Networks needed( Akamai , etc…). a few time it needs , but once setup this , after it's be all right.

Snort WanSettings -> Pass List fields is below.

Thanks for reply , my snort problem is solved :D

Glad you got it working.  That final step of actually assigning the Pass List to the desired interface is frequently missed.

Bill

Yes out of state traffic is going to happen if you have 1 wan or multiple wan.  I see them mostly from son's phone = possible when it switches from cell to wifi and thinks it still has session with whatever it was talking to, and doesn't setup a new state, etc.

Out of state traffic is bound to happen, just part of tcp and firewalls. Its nothing to worry about.. If you don't want it in your logs - turn off logging of the default rule will remove lots of noise ;)

There are a few posts like this floating around…

https://forum.pfsense.org/index.php?topic=82835.0

Really-  you should never need to reboot unless your upgrading or doing physical maintenance.

Split DNS is simply running DNS on LAN that says your domain points to a LAN IP instead of WAN IP.  For example, if you own foo.com and it points to 1.2.3.4, split DNS would have you install a DNS server on LAN and have it resolve foo.com to be 192.168.1.x or whatever its LAN IP address is instead of its WAN address.

did you change your virtual network adaptors to the para-virtualized ones ?

thanks. sometimes reading it twice would help m(

@Hollander:

1. Be the eternal noob: create an alias, URL table, point to a *.tgz (Iblocklist).

IBlock lists are in a GZ - IP Range Format. This is not compatible in Alias/URL Tables by itself.

It has to be converted to CIDR and into a txt file format to be able to be used in the Alias/URL Table setting. That is where pfBlocker or my upcoming pfBlockerNG package can facilitate.

A Bad or empty Alias Table can crash pf …