@rpsmith: System | Advanced | System Tunables | debug.pfftpproxy | (set value to 1 to disable) You will need to add this Tunable if it does not already exist. Roy… Many many thanks!!! Now it works perfectly!  :) :) :) Best regards, Stenio

http://redmine.pfsense.org/issues/1309 The GUI bit should be fixed after the next update. :-) In the meantime, be patient. No reason to go chasing down a new snapshot unless you're having an issue that needs fixed. It's been pretty stable since Monday or so. Not much in the way of big changes.

gmail smtp requires ssl so use port 587 or 465

@digitalrefuse: I was able to get past those errors by adding the above lines to my loader.conf, but now I'm getting some sort of memory allocation errors It would be better to add those lines to loader.conf.local since loader.conf can get overwritten in a firmware upgrade. Please provide details of the memory allocation errors.

Does anybody else suffering from those problem running in a virtual environment behind a vDS?

For anyone else encountering this problem: G Brinton in http://redmine.pfsense.org/issues/1178 suggested: Here are the steps to follow. )create VLANs (example vl1 and vl2) on you leX interfaces. )Assign those vlans to OPT1 and OPT2 (or OPTx) and enable them. )Go to Interfaces_PPPs and select OPT1 or OPT2 for the Interface that you're using for PPPoE )Go to Interfaces_Assign and select the newly create PPPoE(vl1) for your WAN link. If you have Dual WAN, then create OPT3 and assign the PPPoE(vl2) interface to it. )Done. WAN should come up then. which worked for me (pppoe on VLAN on rl0).

I was monitoring the 'states table size' to make sure it wasn't going over.  I can't really explain in depth what it means, but I have a feeling that it's how many open connections there are, similar to the results of a netstat.  Nonetheless, I just thought that if the number starts to reach the ceiling, you should increase it if you have the memory and processor power. So, I raised it gradually all the way up until 550000 and still the same results.  The active usually stayed around 475k to 500k, so I just guessed a max of 550k was good.  Plus, I had only about 7% memory usage and 0 to 15% processor. Meanwhile, it seemed like whatever I changed the max state size to, it would still drop the connection.

The missing user should be fixed now. http://redmine.pfsense.org/issues/1306#note-1

I can confirm the current snapshot is corrected and is functioning properly on the A64 build.

This should fix it… https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/072bc34c97cb6231c3977559e3faf86a01cc7dac

Any other errors in the system log? Anything else odd going on? Usually signal 11 is more indicative of hardware issues, but that isn't the only possibility.

ahhh sorry i should have mentioned i only use gbit intel nics. -there are no shaper rules, and the client we use to connect is openvpn, via windows or linux. ive since googled the issue, and it looks like other folks have gad the same issue with openvpn in the past ill let you all know if/when i find a solution

It doesn't say it's compatible with 2.0: Stable 4.33.0 platform: 1.2.1 and a quick search turns up this: @Wupsje: I got around this by removing the &id=0 from the URL. That "workaround" seems to work (tested real quick). But I think the package needs work? Someone was/is working on it, but who?: http://forum.pfsense.org/index.php/topic,14245.msg80619.html#msg80619 We might want to move this to the Packages forum?

Ok. Waiting for fix. Thanks.

All rules running are the following. It looks like IPs in DynamicIP don't limit by anything because dnpipe 1 and 2 are not defined yet. [2.0-BETA5][root@office.zhenghongkeji.com]/root(1): pfctl -sr scrub in on pppoe0 all fragment reassemble scrub in on vr0 all fragment reassemble anchor "relayd/" all block drop in log all label "Default deny rule" block drop out log all label "Default deny rule" block drop in quick inet6 all block drop out quick inet6 all block drop quick proto tcp from any port = 0 to any block drop quick proto tcp from any to any port = 0 block drop quick proto udp from any port = 0 to any block drop quick proto udp from any to any port = 0 block drop quick from <snort2c>to any label "Block snort2c hosts" block drop quick from any to <snort2c>label "Block snort2c hosts" block drop quick from <pfsnortsamout>to any label "Block pfSnortSamOut hosts" block drop quick from any to <pfsnortsamin>label "Block pfSnortSamIn hosts" block drop in log quick proto tcp from <sshlockout>to any port = ssh label "sshlockout" block drop in log quick proto tcp from <webconfiguratorlockout>to any port = http label "webConfiguratorlockout" block drop in quick from <virusprot>to any label "virusprot overload table" block drop in log quick on pppoe0 from <bogons>to any label "block bogon networks from WAN" block drop in on ! pppoe0 inet from 119.130.16.221 to any block drop in inet from 119.130.16.221 to any block drop in on pppoe0 inet6 from fe80::221:85ff:fec7:370c to any block drop in log quick on pppoe0 inet from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block drop in log quick on pppoe0 inet from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block drop in log quick on pppoe0 inet from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" block drop in log quick on pppoe0 inet from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" block drop in on ! vr0 inet from 192.168.80.0/24 to any block drop in inet from 192.168.80.253 to any block drop in on vr0 inet6 from fe80::226:5aff:fe83:f580 to any pass in on vr0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server" pass in on vr0 inet proto udp from any port = bootpc to 192.168.80.253 port = bootps keep state label "allow access to DHCP server" pass out on vr0 inet proto udp from 192.168.80.253 port = bootps to any port = bootpc keep state label "allow access to DHCP server" pass in on lo0 all flags S/SA keep state label "pass loopback" pass out on lo0 all flags S/SA keep state label "pass loopback" pass out all flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass out route-to (pppoe0 119.130.16.1) inet from 119.130.16.221 to ! 119.130.16.221 flags S/SA keep state allow-opts label "let out anything from firewall host itself" pass in quick on vr0 proto tcp from any to (vr0) port = http flags S/SA keep state label "anti-lockout rule" pass in quick on vr0 proto tcp from any to (vr0) port = ssh flags S/SA keep state label "anti-lockout rule" pass on pppoe0 proto udp from any to any port = 4000 keep state label "USER_RULE" pass in quick on pppoe0 reply-to (pppoe0 119.130.16.1) inet proto udp all keep state label "USER_RULE" pass in quick on vr0 inet proto tcp from 192.168.80.198 to any flags S/SA keep state label "USER_RULE" pass in quick on vr0 inet proto udp from 192.168.80.198 to any keep state label "USER_RULE" pass in quick on vr0 inet proto icmp all keep state label "USER_RULE" pass in quick on vr0 proto udp from any to any port = domain keep state label "USER_RULE" pass in quick on vr0 proto tcp from <dynamicip>to any port = http flags S/SA keep state label "USER_RULE: Dynamic allocated IP can access HTTP with limit" dnpipe(2, 1) pass in quick on vr0 proto tcp from <dynamicip>to any port = https flags S/SA keep state label "USER_RULE: Dynamic allocated IP can access HTTPS with limit" dnpipe(2, 1) pass in quick on vr0 proto tcp from <dynamicip>to any port = 3722 flags S/SA keep state label "USER_RULE: Dynamic allocated IP can access DriveGenius" dnpipe(2, 1) pass in quick on vr0 proto tcp from <dynamicip>to any port = 4000 flags S/SA keep state label "USER_RULE: Dynamic allocated IP can access QQ with limit" dnpipe(2, 1) pass in quick on vr0 proto udp from <dynamicip>to any port = 4000 keep state label "USER_RULE: Dynamic allocated IP can access QQ with limit" dnpipe(2, 1) block drop in quick on vr0 from <dynamicip>to any label "USER_RULE: Dynamic allocated IP stop here" pass in quick on vr0 proto tcp from any to any port = ftp flags S/SA keep state label "USER_RULE" pass in quick on vr0 proto tcp from any to any port = ssh flags S/SA keep state label "USER_RULE" pass in quick on vr0 proto udp from any to any port = smtp keep state label "USER_RULE" pass in quick on vr0 proto tcp from any to any port = http flags S/SA keep state label "USER_RULE" pass in quick on vr0 inet proto tcp from 192.168.80.0/24 to 192.168.80.253 port = 3000 flags S/SA keep state label "USER_RULE: ntop port" pass in quick on vr0 proto tcp from any to any port = https flags S/SA keep state label "USER_RULE" pass in quick on vr0 proto tcp from any to any port = pop3s flags S/SA keep state label "USER_RULE" pass in quick on vr0 proto tcp from any to any port = smtps flags S/SA keep state label "USER_RULE" pass in quick on vr0 proto tcp from any to any port = pptp flags S/SA keep state label "USER_RULE" pass in quick on vr0 proto tcp from any to any port = 3389 flags S/SA keep state label "USER_RULE: Windows remote desktop" pass in quick on vr0 proto tcp from any to any port = 4000 flags S/SA keep state label "USER_RULE: QQ" pass in quick on vr0 proto udp from any to any port = 4000 keep state label "USER_RULE: QQ" pass in quick on vr0 proto tcp from any to <remote_manage>port = 3022 flags S/SA keep state label "USER_RULE: Huadu and Conghua ssh" pass in quick on vr0 proto tcp from any to <hangzhou>port = 3212 flags S/SA keep state label "USER_RULE: Hangzhou ssh" pass in quick on vr0 proto tcp from any to <hangzhou>port = 3222 flags S/SA keep state label "USER_RULE: Hangzhou ssh" pass in quick on vr0 proto tcp from any to any port = afs3-prserver flags S/SA keep state label "USER_RULE: Guangzhou yizhidu System" pass in quick on vr0 proto tcp from any to any port = 8000 flags S/SA keep state label "USER_RULE: EPMonitor video monitor port" pass in quick on vr0 proto tcp from any to any port = 8090 flags S/SA keep state label "USER_RULE: Zhenghong epmonitor system" pass in quick on vr0 proto tcp from any to any port = 8443 flags S/SA keep state label "USER_RULE: Tax system of guangzou" pass in quick on vr0 proto tcp from any to any port = 3308 flags S/SA keep state label "USER_RULE: Yuchanghong need this port" pass in quick on vr0 proto tcp from any to any port = 8088 flags S/SA keep state label "USER_RULE: Bambo need this port for ftp" pass in quick on vr0 proto tcp from any to any port 32999 >< 34001 flags S/SA keep state label "USER_RULE: Bambo need this port for ftp" block drop in quick on vr0 inet from 192.168.80.0/24 to any label "USER_RULE: Block any TCP" anchor "tftp-proxy/" all anchor "miniupnpd" all</hangzhou></hangzhou></remote_manage></dynamicip></dynamicip></dynamicip></dynamicip></dynamicip></dynamicip></bogons></virusprot></webconfiguratorlockout></sshlockout></pfsnortsamin></pfsnortsamout></snort2c></snort2c>

ok. I'll do so. Thanks I did the check just before updating (first update after installation), to have security about the right update-path. Really strange. After the initial install i waited nearly 5 hours to get shure the packages are installed completely. (No one was installed instead.)

thanks Jim! I'll see if I can manually create an entry in the config.xml and see what happens. Looking at the order in my host file, I see it inserts my DNS entries, static IPs then my dhcp clients. Within that order, looks like its IP Address then Host name order. DHCP client have no order it looks like. Edit: Manually editing the order in config.xml did the trick for me :-)

While its questionable as a setup i activated so people can use it.