I also got this "user unbound does not exist" on a 6 March snapshot as reported here: https://forum.pfsense.org/index.php?topic=89925.0 I will try a later snapshot tomorrow. But this was a new snapshot build after those that had the small size.

Bad cable? Bad port(NIC or switch)? Have you tried re-plugging the network cable instead of a reboot? Have you tried swapping ports on your firewall?

Yep , figured it out first off, here's my admin interface, not that it really matters. Packets: sent=67113, rcvd=67113, error=0, lost=0 (0.0% loss) in 33556.000901 sec RTTs in ms: min/avg/max/dev: 0.119 / 0.389 / 15.909 / 0.320 Bandwidth in kbytes/sec: sent=0.120, rcvd=0.120 In order to shape download traffic correctly, I had to traffic shape LAN egress. While I allow link local traffic to PFSense on LAN, it doesn't have much bandwidth set. Pings that did not make it out my WAN kept getting set to qLink instead of qICMP because of my catch all LAN to LAN. Traffic that actually creates a state on the WAN interface properly gets the desired queue.

I'm not familiar with the Negtear switch or the Asus AP, but I think it sounds a little odd that your AP is picking up it's IP via DHCP. In most cases you should set the IP on an access point statically, at least in my experience. Have a go at assigning a permanent IP to the Asus AP and see if that has any effect.

No need to wait for that. A simple power cycle will cause it to create a new static map process. I run in to this same issue because my freebie Meraki switch doesn't allow disabling of CDP and LLDP. Lets just say it's nightmare to get it to static map to the correct MAC.

https://forum.pfsense.org/index.php?topic=89419.msg494797

i think whoever gave you that sheet with the current "linux' firewall rules, probably has no clue how a firewall should work, and made an overcomplicated mess of things. do note that i personally know (almost) nothing about firewalling :)

@johnpoz: if its physical hardware it would use that mac on that interface, unless you went in and changed it or did some sort of clone in pfsense.  If its running on virtual then it could create new virtual mac if you did something in the setup, etc. Yes, it is physical hardware, so that is good. @johnpoz: So see a 2 second sniff on the wan in pfsense would of told you that traffic wasn't get there, and looking to validate your wan was the IP you thought it was suppose to be is another valid check ;) Knowing it isn't there and being actually able to see it are two different things.  There is a lot of information and I'm brand new to pfsense, so actually finding it, was difficult.  New tools are the hardest to use. @johnpoz: Glad you got it sorted.  It tried firing up that software this morning and couldn't figure out how to get the debugger tester you showed running. Yea, welcome to the hardest to setup software in the world!  It is better now than a few years ago, but I've setup at least 100 accounts in PHPed and I still use a cheat sheet.  Once you get the account setup, then there is also a component that must be installed into PHP on the web server and php.ini needs to be updated with the ports and IP of the users.  Its rather a pain to setup.  Once setup, it is amazing.  I can't live without it.  The ability to step line by line through a PHP program is very helpful when there is a strange bug.  Plus the code prefill and highlighting are very helpful.  For example, if you create a variable called $rec_num, next time you type $rec it prefills $rec_num.  That really cuts down on typos.

I was thinking of something similar myself where an external modem like this one connects to the 4G either : http://www.maplin.co.uk/p/tp-link-3g4g-single-band-n150-portable-wireless-n-router-n40ql or http://shop.ee.co.uk/dongles/pay-monthly-mobile-broadband/osprey-black-from-ee/details The question is how I can get the roadwarrior clients that use the primary link to connect. The ip address of the 4G is most likely dynamic so hence the question if anyone has done something similar. Cheers, Raj

It seems that I have a similar problem at one of the sites where I have dual wan ( PPoE and wan 1 and static ip on wan 2). Backup link is over 3G router , slow, but working. I have received a  notification by email " WAN01_PPPOE is down, removing from routing group dualnet. Pfsense 2.1.5 32 bit installed on a 2GB kingston usb memory, embeded version with vga ( intel atom D2500cc). I can't login remote as the second wan doesn't have a public IP :(. I will check the logs tomorrow. BR, Adrian

depends on what you're doing with it. In many cases, yes. In some cases, no firewall will do exactly what IOS can do for more complicated routing-specific needs. Or if you have interfaces in it other than Ethernet (T1 CSU/DSU, among other line cards).

would stopping them to resolve work? you could use dns resolver wildcards to make entire TLD's resolve to localhost … advanced section in "services-->resolver' server: local-zone: "xxx" redirect local-data: "xxx 3600 IN A 127.0.0.1" result on client pc: heper@i7 ~ $ nslookup  hornytube.xxx    <---BEFORE Server:        10.0.0.1 Address:        10.0.0.1#53 Non-authoritative answer: Name:  hornytube.xxx Address: 87.250.153.105 heper@i7 ~ $ nslookup  hornytube.xxx    <---- AFTER Server:        10.0.0.1 Address:        10.0.0.1#53 Name:  hornytube.xxx Address: 127.0.0.1 heper@i7 ~ $ nslookup  pfsenseresolver.xxx Server:        10.0.0.1 Address:        10.0.0.1#53 Name:  pfsenseresolver.xxx Address: 127.0.0.1

@watts3000: I am curious why do you want to replace SSTP? Are you having some technical problems. Or do you want to replace it just because it's Microsoft we run SSTP and L2TP and have zero problems. The machine that supports the SSTP links right now is a virtual machine, and I want to get that traffic/dependency off the network for those VMs.  So, it's either set people up to connect to the pfsense system, or put in real hardware for people to reach. A software solution doesn't add (significant) heat to my datacenter - which is why I was hoping for an easy install/deployment.

http://i.imgur.com/7jAfrAo.jpg Gotta love squid.

Sure.  Just make LAN rules that pass only what's necessary for exchange and the default rule set will block everything else.

@MiXeDeMoTiOnS: I installed Snort and it basically killed my internet connection it brought down my speed to a complete crawl or basically timed out some of the pages.  I was wondering is Snort suppose to slow your connect I'm pretty new so some advice on this subject would be greatly appreciated. Snort will not impact your speed unless you are enabling every possible rule and have a 8088 8 MHz processor from the 1980s …  :D Blocking is another issue (feature).  No IDS is "install and forget".  Every IDS installation requires environment-specific tuning.  Refer to the Packages sub-forum here and search for all the Snort configuration threads.  There is an excellent Master Suppress List thread that reviews fixes for the most common false positives from Snort. Another recommendation is to first run Snort in non-blocking mode for a few days or a week or two.  That way you can see what it would have blocked, and then have time to evaluate/research each alert to see if it is indeed a false positive in your environment.  Many of the HTTP_INSPECT alerts are generally false positives. Bill