Do DHCP static mappings sync between two boxes in a CARP cluster? So far it looks like a big no from where I am standing.

After posting I saw and downloaded pfSense-20081011-0859.iso.gz.  Not surprisingly my problem has changed.  Since things seem better with it here is what it is doing.  A laptop running Vista is able to connect without problems.  My Archos 605 WiFi errors out. It will connect to 1.2.  The pfSense log shows the fillowing:

Oct 13 09:40:16 hostapd: ath0: STA 00:16:dc:50:c4:1b IEEE 802.11: deassociated
  Oct 13 09:40:01 hostapd: ath0: STA 00:16:dc:50:c4:1b WPA: group key handshake
                                completed (RSN)
  Oct 13 09:39:54 hostapd: ath0: STA 00:16:dc:50:c4:1b WPA: pairwise key handshake
                                completed (RSN)
  Oct 13 09:39:54 hostapd: ath0: STA 00:16:dc:50:c4:1b WPA: received EAPOL-Key 2/4
                                Pairwise with unexpected replay counter
  Oct 13 09:39:54 hostapd: ath0: STA 00:16:dc:50:c4:1b WPA: received EAPOL-Key 4/4
                                Pairwise with unexpected replay counter
  Oct 13 09:39:54 hostapd: ath0: STA 00:16:dc:50:c4:1b IEEE 802.11: associated
  Oct 13 09:39:51 hostapd: ath0: STA 00:16:dc:50:c4:1b IEEE 802.11: associated

The output of ath0_setup.sh is:

+ + grep hostapd
  + grep ath0
  /bin/ps awwuxx
  + + xargsawk kill { print $2 }

+ /sbin/ifconfig ath0 down
  + /sbin/ifconfig ath0 mode 11g
  + /sbin/ifconfig ath0 channel 8
  + /sbin/ifconfig ath0 -mediaopt turbo
  + /sbin/ifconfig ath0 ssid Toontown
  + /sbin/ifconfig ath0 -hidessid
  + /sbin/ifconfig ath0 -mediaopt adhoc
  + /sbin/ifconfig ath0 protmode off
  + /sbin/ifconfig ath0 mode 11g pureg
  + /sbin/ifconfig ath0 apbridge
  + /sbin/ifconfig ath0 -wme
  + /sbin/ifconfig ath0 authmode open wepmode off
  + /sbin/ifconfig ath0 txpower 99
  ifconfig: SIOCS80211: Invalid argument
  + /sbin/ifconfig ath0 mediaopt hostap
  + /sbin/ifconfig ath0 mtu 1500
  + /sbin/ifconfig ath0 up
  + /usr/sbin/hostapd -B /var/etc/hostapd_ath0.conf
  Configuration file: /var/etc/hostapd_ath0.conf

Thanks for any help.

Thanks mcrane, that's sure to help somebody out there. I'm actually running 1.3.0a in the interest of development to be honest. But my thought was that just the small gesture of backporting the dnsomatic code from 1.3.0 would help a lot of people that need to stick with the stable build.

For now, the best work around is set a cache server (squid or not) into a local network or DMZ other than pfsense.

Configure in squid pfsense package the icp port and the upstream proxy to the local cache server.
Please do not enable transparent proxy on the same interface that cache server is(loop).

In local cache server(bsd,linux,windows,mac or other pfsense in a virtual machine) configure to accept connections from pfsense.

finaly configure 2 rule in pfsense on cache server's interface to access all local networks via default gateway and a rule to access the internet via load balance.

I guess in 1.3 the 'localhost' or 'all interfaces' tab will apear in rules to solve this limitation.

Does anyone know if it is possible to get the kernel updated in the 1.2.1 release?

It's quite an issue not being able to reboot the firewall remote.. :S

Hey wallabybob and nocer thanks for your replies.

I spent more time yesterday and managed to fix the issues. I now have the Intel PRO/1000 MT card installed and running. One port for WAN and the other for the LAN. I've rebooted a few times and the system is having no problems.  :).

@nocer

Yes we do have similar hardware. I wanted something that drew little power but was flexible.

I gave up trying to get the Realtek chip working as I only needed two ports. Thanks for the link for NIC card, I was looking for a 4 port solution but could not find one at a reasonable price. This should do nicely if required.

I must say Pfsense has already made a big impression on me. Massive improvement from my Draytek 2900vg. I just wished I'd set it up earler.  :)

Huh….you mean that you enter the url and wait 1 minute before even knowing there is connection!!
I do not think that is something for a firewall but you can always run powerd on you box, i do not think its shipped with pfSense though cpufreq(4) is.

Bump (Sorry for going on like madman about this pptp stuff, I've tried hard to find an answer for the above "0.0.0.0", but I can't)

the mount root failure is because it's a different device than the box you used to install. Type in the correct device name at the mountroot prompt, look at the boot messages to determine what it is. It'll be something like:

ufs:da0s1a

Thanks for the info, I was unaware on how the snapshot release cycle worked.

Check for 'In/out errors' on your Interfaces on the 'Pfsense 1.2-RELEASE Transparent Bridge'. You can find that info under Status -> Interfaces.

I'm not sure why it works at your place. Maybe you've configured more than just the 1:1 NAT.
But 1:1 NAT definitly does not work with NAT-reflection

I would setup split DNS since you're accessing the servers via the name and not the IP.

If you have problems with ftp i can only suggest:

@http://forum.pfsense.org/index.php/topic:

1: Disable the ftp-helper on all interfaces.
2: Define a port-range on your ftp-server for the data-transfer.
3: forward port 21 and your data-transfer-range to your server.

Also i wouldnt bother with 1:1 NAT and only use normal port-forwards and aliases.
–> NAT-reflection will work.

You can create an alias for each server and define what ports you want to use on it.
Use this alias in the port-forward-rule and the firewall-rule.

I've just downloaded the full update to give it a try.

pfSense-Full-Update-1.2.1-RC1-20080929-1044.tgz
29-Sep-2008 07:27 38M

The Full Update worked fine installed 6 packages as a test.

You might want to make sure you can access this page.
http://www.pfsense.com/packages/config/spamd.inc

It is an include file for the spamd package and will confirm you can get to the package website.

Depends on your specific hardware and what exactly you're talking about monitoring. Nothing has changed regarding monitoring in 1.2.1 (bug fix only release), if someone is willing to do the work it may be possible to implement more functionality along these lines in 1.3.

It's 1.3 only.