What is before that part of the sniff.  I have to assume it resolved something to that IP..  What exactly are you doing to generate that traffic?  BTW that is not an error,  that is just some info about the packet - if your thinking chksum bad is an error that would prevent communication or your error?

So fix your issue on why the box is trying to go to to 10.0.1.1 if that is the not correct IP for where your trying to go.  What IP are you trying to go to?

1.  From the definitive guide, it says that Quick is enabled by default on all rules except floating rules.  I don't know if that means it doesn't work or if Quick is not desirable.  And., honestly, I can't even dream up a scenario where I create rules and then want them last-matched.  Who does this, and what good is it?  I tend to stick with hat's originally suggested.  If the wizard-created rules use MATCH, I use MATCH.

You mean that quick option should work with match action otherwise it doesn't make sense or this makes settings very confusing.

I always try and test my configuration after i set new rules because funny things could always happen. I tested match action with quick option. I doubled ("add a new rule based on this one" button) an existing rule and i changed second rule's queue with another queue. I set both rule's action to "match". Then i've found out that traffic goes to second rule's queue.

Then,for second test, i set first rule's action to "pass" then i tested again, traffic goes to first rule's queue.
In my opinion, this trial and error method proves that match action doesn't work with quick option or there is a major bug in there. I use 2.1.4 version-p16 which seems to be latest as for today

Ok then! Then you will have to filter out the traffic. Did you try with the ports specified on the Apple document? You can also monitor the state table while on a call.

Or better, assign a fixed IP address to your iOS devices and deny them access to the remote networks (unless you need that access for other reasons, of course)

@spiritfly:

I never realized that the nanoBSD is a different version. I thought that guide is taking me to the same mirror links for the same image. Oh well..

I've already installed it to my USB flash disk using another USB flash drive to put the installation on it. Then booted from it and chose to install on the first (empty flash disk) and it installed correctly.

I would caution you that the nano version has optimizations for flash that will preserve the life of the USB stick. Otherwise you might find it dying in less than a year since the standard version will write to it as though it were a hard disk.

https://www.pfsense.org/about-pfsense/versions.html

Flash memory can only handle a limited number of writes, so the embedded version runs read only from flash, with read/write file systems as RAM disks.

Switching versions is actually quite painless. Save your configuration to your computer from Diagnostics: Backup/restore: Download Configuration, install the nano version to the USB stick, then upload your configuration back to it. Another alternative is that you can manually configure the full version to behave mostly like the nano version.

@spiritfly:

One question about this though. I've noticed that when booting from the USB flash when it is connected on some of the USB ports on the back of my PC, an error showed up just before pfSense was supposed to boot and the following command line came up: db>

If I take and connect the same USB thumb on the front it runs perfectly. Weird.. I think all USB ports are USB 2.0 front and back. The MB is Asus M2N-MX if it means anything.

My guess would be that the drive numbers are changed when you move it to a different port. The simplest solution is to have it in it's final port when it's installed although you can reconfigure if moving is necessary.

@Cmellons:

" [Snort] Server returned error code 422…"

Nothing to worry about.

They are just updating on their end. It should be back to normal when they are finished.

What about Squid and Snort rapidly stopping and starting and pfBlocker reporting "no… action during boot process"? I haven't seen these logs before and it seems unrelated to the Snort update process.

the destination is always 80, that is http, so i need to leave it.
and it was my fault to block it :)

You could do it easily with Squid.

http://blog.wains.be/2007/06/07/blocking-internet-explorer-with-the-squid-web-proxy/

Don't edit directly the Squid config file. Use the Custom Options text area on Services / Proxy Server menu on pfSense.

i have the luck that the average age here is 50+
most off them only know how to turn on the computer and do some surfing :)

i keep it in mind. and are going to try pfsense 2.2 when it is released

If you have all that then use it.  :D I bet it cost a fortune when it was new!
It should work fine.

Steve

If you have to do so many dns queries that your ISP is cutting you off ;)  Why don't you just run your own, and have ti query either roots directly or any of the other public dns out there.

Pfsense is either going to query ALL the servers in that list at the same time, or sequentially query them if they don't answer - this does not seem like the best solution to me from your description.  I would just just grab bind and let it query the roots for you.  Then you have no issue with anyone cutting you off no matter how many queries you do - your only limit to number of queries you could do would be your machine horsepower that bind is running on and your internet bandwidth.

You can use any interface you like as admin access. If you think that the http/s webgui is interfering with your port forward it shouldn't. The webgui listens on all interfaces so changinb which one you use shouldn't make any difference. Are you seeing the pfSense wegui when you try to access your port forward? You can change the port the webgui uses. Did you try the change I suggested above?

Steve

I hear what you're saying about Google. As long as you accept that's what they're doing then what they offer in return seems quite a good deal. It just works better than anything else I've tried. Better than Hotmail anyway, or whatever they've re-branded it as these days!  ::)

Can you force users to use a limited set or servers by using a DNS overide for gmail.com? Does the connection immediately get redirected to countless other servers? That might not matter since you would have caught the traffic in the firewall rule and redirected it through the appropriate gateway by that point anyway.

What are you hoping to achieve by using a separate connection for gmail? Do you need to match this traffic 100%?

Steve

@Paul47:

pfsense 2.1.4 embedded, Intel D510MO
Does this sound like a hardware problem? I'm thinking of getting another board to find out. I might put a fan on this too although last night (when it failed again) it was not that warm and the machine has kept running when it was a lot warmer than that.

Is it the same current process each time? Or just random? Without more detail I would recommend trying a full format/reinstall to eliminate corruption as a cause and then if it persists look at hardware causes like temp/RAM/etc…

Far and away the best advice I can offer is "ask the hosting company". They should provide to you at a bare minimum:
NETMASK=255.255.255.248
BROADCAST=192.168.47.15
NETWORK=192.168.47.8
GATEWAY=192.168.47.x
USUABLE_RANGE=192.168.47.x-x
NAMESERVER1=
NAMESERVER2=

The second best advice I have is make sure that you have your IP addresses whitelisted to access the box remotely and if at all possible test the setup in your lab using the actual IP addresses, not simulated IPs.

Lastly, is that block for use behind the firewall (LAN) or do you intend to port forward all the the external IPs?

@ladlaurel:

is it possible that my pfSense configuration were messed up because of the sudden shutdown of the servers. or my server(web/mail) settings were also messed up because of that incident.

It's certainly possible, but unlikely unless the configurations were being actively written at the exact time power was lost.

You need to perform some basic tests to determine where the failure is occurring. The website is easiest generally… is the wan IP static? Can you connect to http://ipaddress:80 instead of http://domainname:80 ?

Where did you find freeswitch.tgz for pfsense?  is not downloable in the fusionpbx webpage.

Regards

Danisam