Just committed a fix for this.  Please test next snapshot run.

The workaround is to edit /etc/rc.php_ini_setup and insert:

suhosin.memory_limit = 512435456

Below:

[suhosin]
suhosin.get.max_array_depth = 5000
suhosin.get.max_array_index_length = 256
suhosin.get.max_vars = 5000
suhosin.get.max_value_length = 500000
suhosin.post.max_array_depth = 5000
suhosin.post.max_array_index_length = 256
suhosin.post.max_vars = 5000
suhosin.post.max_value_length = 500000
suhosin.request.max_array_depth = 5000
suhosin.request.max_array_index_length = 256
suhosin.request.max_vars = 5000
suhosin.request.max_value_length = 500000

Then run /etc/rc.php_ini_setup from shell

I do not know if this is possible…

I guess since the IP you want to NAT to exist on your LAN interface that won't work...

In the serial console you should see it boot and get asked to assign nic's
Are you using putty. if not then do so :)

It's only Friday, i haven't tried it yet.

No one?

Never mind, I am migrating to an external computer. Not a VM. It has only one NIC, so I added a USB NAD. It gets recognised. (ADMTek USB To Ethernet)

In the internal setup, I must make the link up. Here is the error message:

Please connect the WAN interface and make sure the link is up blabla.
ue0: Link state changed to UP
<enter>No link-up detected

Please connect the WAN interface and make sure the link is up blabla.

I thought: wtf?

For exclamation, the WAN interface must be on the slowest (USB, 100Mbit) ethernet card.

Although, when I connect the WAN to the onboard network card (Gigabit), it gets recognised successfully.

It is the AMD64 pfSense 2.0 BETA4 2010-11-25 1721 build.

How do I shoot this problem?
Thanks!</enter>

I've installed the i386 update built on Thu Nov 25 17:22:40 EST 2010.  CP redirect seems to work if I don't use HTTPS, but the secure redirection just hangs.  If I click on the link to show the existing login page (on the CP configuration page) it also freezes under HTTPS, but works correctly under HTTP.

assuming you are trying to setup an incoming tunnel just forward the port (on the desired interface or virtual IP) through to the ssh server.
All that the tutorial is doing is the equivalent of running something like

ssh  -D 8080  username@address-of-ssh-server

in a *nix terminal and then you just alter whatever program you want to tunnel to use a socks5 proxy on 127.0.0.1:8080

If what you are trying to do is use the firewall as your ssh proxy I'd strongly advise against it as the system is not designed for it. Far better to get an older PC and set it up with FreeBSD behind the firewall.

FYI this post is being done from an Ubuntu laptop down an ssh tunnel through a PFSense firewall and into a FreeBSD server.

Should have also said don't use the default port of 22 on the public interface unless you want the world trying to brute force a connection, pick something obscure like 1222 and do a redirect.

confirmed as well on 2.0-BETA4 (i386)
built on Wed Nov 24 19:45:12 EST 2010

well done guys, thanks so much for this

You do not need to configure it. Just open up Port 21 (or anything you have configured on your server) and allow traffic to the ftp server. The helper will then dynamically open up ports for the ftp session…

Follow discussion here
http://forum.pfsense.org/index.php/topic,29839.45.html

Thank you, jimp!

Install the cron package to edit cron jobs. You edit them in the config, not in the crontab file.

DynDNS update happens when your WAN IP changes. If you are being locked out for too many changes, I'd really be looking at why your WAN connection is changing IPs so frequently.

The DynDNS code will not issue an update request if the IP stays the same, unless 24 hours has passed.

jimp: Yes, I had revoked certificates in my imported CRL file.
I may confirm that CRL importing/exporting is working fine with the Sun Nov 21 02:37:38 EST 2010 build.

Thanks!

Thanks for the info!

@jimp:

I completely rewrote the PPTP/L2TP/PPPoE Server logs. They work fine now.

just to leave feedback, and to thank you for great job!

everything works perfect, thank you one more time
regards

Can you resend the data.
With the latest image this should not be present there!