Hej! So I have replaced now my CF card with a new one and it still has the same behaviour like mentioned in my first post. It reboots every now and then (like minimum every hour once). So I guess it is a problem with the hardware alix-board. What do you recommend as a replacement … my setup is ... one guest wlan (with captive portal) one private lan/wlan (where NAS, network printer, ...) ... and additionally I want to setup VPN, radius-server (for VPN authentication, wireless network authentication and NAS authentication) and a proxy Thanks, Rodney

I've seen this question pop up on this forum before. The only way to bypass a proxy for a specific domain that I know of is to use a proxy.pac file. The browser you use will have a 'automatic proxy configuration' field in the settings. You put the URL for a proxy.pac file that you post on a web server (possibly directly on the pfSense box) and enter instructions in the .pac file to tell the browser whether to use a proxy for a specific domain or to bypass it. The following link should give you some further information on how to do this: http://www.cyberciti.biz/faq/howto-use-auto-config-proxy-pac-file-for-specific-domain/

@pf2.0nyc: Assuming I want to keep my current rules and filtering between all VLANs, would throwing hardware at the problem solve this? Sure. Depending on why hosts are on different subnets/VLANs but still have to be accessible. With an L3 switch some of the routing might be relocated to hardware.

It's ok now. I've just rebooted the modems :D Thanks

Ah what a div.  :-[ Shoulda checked that. Thanks for the hint, that's exactly what it was. I'm more used to iptables I suppose with it's default policy of accept. I've added a rule now letting my test subnets through and all is workink. Can get on to the internet from the host on 192.168.3.0/24 subnet. :)

Just for the record: To make sure, your pfsense squid proxy will use the upstream proxy also for SSL connections, you need to add the following line in your configuration: always_direct deny all

So any fix on this issue? Any new updates?

I could do some test based on the recommendations by KOM and johnpoz. For my situation, it seems i was to stingy with the hardware settings on my vm's. Since i upgraded vCPU's from 1 to 2 and vRAM from 512mb to 1024mb, the problems are gone. While setting up the appliances i configured with this guide: https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5. There they speak about 1vCPU and 512mb vRAM if you have e few or no packages. I only use OPENVPN Client Export Packages in addition to the baseimage. So i thought 512mb will be enough. Now the error/problem is reproducable. when i go back to 512mb vRAM and change some NAT/firewall rules (only enabling/disabling) pfSense stops working as described earlier after about 20-30klicks. With 1024mb vRAM the error does not occour, even with 100dreds of klicks.  ;) My presumption ist that pfSense 2.2 with FreeBSD 10.x requires more vRAM the in older releases. Here for Reference my complete seetings: ESXi 5.5 Build 2456374 / pfSenseVM: HW-Version 8, FreeBSD 64bit, 2vCPU, 1024MB vRAM, 8GB vDisk Thick, 2xE1000 NIC BTW: the ancient ESXi Version i was using before has nothing to do with the problem. the problem is reproduced on the my old ESXi box aswell on the new.

Were you originally aiming for a bridged setup? (transparent firewall). Steve

Thank you all for replying. It ended up being NAT. I had it set on "Manual" and changed it to "Auto" at some point after the upgrade (didn't need the port forwarding stuff any longer). For reasons beyond my knowledge, the reboot of the server removed all NAT entries (Outbound) on the box. Changing this to a "Hybrid" NAT fixed the issues; placing the proper NAT entries on the system. Thank you all for your help - I can't thank you enough.

Maybe you can answer Ermal's question: @https://redmine.pfsense.org/issues/4326: Does net.inet.ip.dummynet.io_pkt_drop increase during this time? Steve

Do a fresh install and restore the config backup.

Enable logging on your default rule on your LAN and try and connect to IMAP again. Please also list us the packages you have installed on your network and if you could show us what you're seeing in your system and LAN log that would be good too.

In short there  isn't anything that can do it without adding a syslog server on your network and pushing your system logs to it. So far but put it in as a request. I just did because I asked a similar question last week.

Almost certainly not then! Though because it's a pppoe connection it's probably /32 so you could use other IPs from the subnet. I wouldn't though.  ;) Steve

Perfect.  Thanks.

The configuration I created for them was straight LDAP on the pfsense side originally, and it failed.  I was assured by the second party they were NOT running LDAPS, and that I must be typing the account credentials wrong.  Once I loaded the ldap verbose logging tool in pfsense, I suspected that LDAPS was in play, and explained that we needed to exchange root certificates and that conversation hit a brick wall fast.  I would always prefer secure setups, but my issue is that I don't always work with people that understand their own networks.  Every now and then I have to tell people (nicely) that they are in fact running something they think they aren't, and I always want good technical information to back me up when I do . Thanks again for the prompt reply, this was a big help.

Mind your B's and b's. :-)

Thank you sir  ;D I've been fiddling with the network card tweaks (apparently I had some, but according to the forum not all). I think the problem has gone away like a fart in the wind ( ;D ;D ;D )

It is fairly general. If I have a notice and go to a webGUI page that is longer than the screen, then scroll down to the middle/bottom of the page, then click the "unread notice" button, the page jumps back to the top and/but the Acknowledge All Notices popup appears somewhere down the page on the right-hand side. I am on Firefox 31.4.0ESR