Try a newer snap, version from 09/11/10 runs like a charm, even squidguard runs without any glitch!

Try new snapshots should be fixed.

What time is this snapshot.
I remeber a fix went into FreeBSD for this.

With actual snap (20091105-1507) usermanager is still unusable: No user nor group is added!

@mhab12:

If you post in the 'post a bounty forum' you'll likely see better results.

Thanks for the note, as it has been very quiet here, I'll give a shot there.

@ermal:

At least until we can support layer7 pass rules somehow(which i do not have plans to do for now or without being convinced to do so.)
I will add some validation rules so people do not get confused with this and can understand what they are doing wrong from the validation error message.

Did I get you right, Ermal?

Is it really so that you cannot use L7-filtering to anything else than blocking? If that's the case, then I can not undestand why there are other rules in the container than Action + Block?

I thought that one has several options: To throttle (via Limiter), To forward (to a certain queue) and thirdly block using action. My intention is use Traffic Shaping to throttle P2P, not to block it totally.

@hracht:

It seems that ipfw_classifyd is missing from recent snapshots. Here is the relevant init string from /etc/inc/shaper.inc :
    $ipfw_classifyd_init = "/usr/local/sbin/ipfw-classifyd -n 5 -q 700 -c {$path} -p " . $l7rules->GetRPort() . " -P /usr/local/share/protocols";
and ls output is
  # ll /usr/local/sbin/ipfw-classifyd
  ls: /usr/local/sbin/ipfw-classifyd: No such file or directory
I tried snapshot pfSense-2.0-ALPHA-ALPHA-20090804-1708.iso.gz and then upgraded to pfSense-2.0-ALPHA-ALPHA-20090819-2349.iso.gz

BTW, Layer7 works very well in blocking P2P, so the missing file is now available in the newest snapshots..

BR,

Tommi

edit: Some proof reading

Differences between working 1.3.2 and actual 2.0 firmware

1.3.2 routing table:

Destination Gateway Flags Refs Use Mtu Netif Expire
default      195.14.226.5         UGS  0 8090942 1492 ng0
10.112.35.0/27   link#1                 UC    0 0      1500 em0
10.112.35.2 00:23:32:9e:c4:74 UHLW 1 47043 1500 em0 759
10.112.35.3 00:11:24:e6:45:80 UHLW 1 132  1500 em0 769
10.112.35.6 00:1e:58:48:3d:9e UHLW 1 2633  1500 em0 1167
10.112.35.12 00:18:f8:13:71:46 UHLW 1 1      1500 em0 993
87.79.167.226   lo0                         UHS  0 0      16384 lo0
127.0.0.1         127.0.0.1                 UH    0 0         16384 lo0
195.14.226.5 87.79.167.226         UH    1 2430 1492 ng0

2.0 routing-table:
default         195.14.226.5       UGS    0 55    1492        pppoe0
10.112.35.0/27   link#3               U         6 208 1500         bge1
10.112.35.13   link#3               UHS         0 45 16384 lo0
87.79.58.31   link#8               UHS         0 0 16384 lo0
127.0.0.1           link#5               UH         0 52 16384 lo0
127.0.0.2         127.0.0.1               UHS         0 0 16384 lo0
195.14.226.5   link#8               UH         0 45 1492 pppoe0

What are this links meaning? Looking at 1.3.2 i see only one link, on 2.0 lots of this links with strange numbers.

@stompro:

Take a look at the thread from yesterday about Alix crashing, seems like a similar problem.
No real clue yet on what the cause is though.
Josh

The problems with the Alix were in user space- dhcpd, apingger, where as I'm getting kernel panics with the em0 driver… ?

@videoman:

No luck for me- used 2.0-ALPHA 20091024-2136, upgrade my config to 1.2.3-rc3, then uploaded the config backup to 2.0- system was not working, vlans did not work, and it began asking me for a username/password at the serial console.

The vlan upgrade code needs some more attention. It's not quite 100% but it is better than it has been.

I believe there are already threads open about the vlan showing as down issue, you should probably post to those as that is a new topic.
Josh

thanks much. I found this out after installing. Logs showed me the missing libs.

Thank you so much, it works perfect now!!!!!

Just in case you are wondering, using just active, if you go to google video section and search for "Line 6 Spider 3 150 watt" and click on page 2 it shows some rather extreme porn images. My 15 year old son pointed that out to me as he was looking things up about guitar amps.

Thank you again, now this is perfect.

ProBSD