There has been a change (actually revert) in the used DHCP v6 client 10 days ago [1], so I guess if something broke it could have been around that time. [1] https://github.com/bsdperimeter/pfsense/commit/d53a9a5100c83988cd7479e9228c27f2ab09760e

sorry

fixed

Probably this: http://redmine.pfsense.org/issues/2441 Workaround here: http://forum.pfsense.org/index.php/topic,56367.msg301169.html#msg301169

push Nameservers were not the issue here. I fixed my DNS settings now. All nameservers entered in the General Setup now work 100%. A test name resolution via "Diagnostics / DNS Lookup" works perfectly. Still, once per day, when I make changes to the aliases, the PHP process that tries to evaluate URL Aliases, completely hangs and I have to kill it. I doubt this is caused by DNS issues. I removed the URL alias now and am curious what happens tomorrow. Can a developer please advise what to do here? I have the suspicion that there is a bug in the URL Alias evaluation function.

Have a look at: http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards It's more about Broadcom and Intel NICs but upping kern.ipc.nmbclusters might already helping a little. In fact FreeNAS recommends even twice the size and Intel recommends an even higher limit when using a 10GE NIC using ixgbe. (which also requires more memory I guess) From my short tests with virtio I haven't been happy with the storage driver, it was less stable than plain IDE, but vtnet seemed reasonably solid though.

Great to hear..  Its not very common, but yes sometimes the wire is not quite right..

WOW i feel like a complete idiot.. the worst part is i know that i was troubleshooting to far and it was going to be something easy and way obvious…for this i say thank you.  I now have it fully installed with pfSense-2.1-BETA1-4g-amd64-nanobsd_vga-20130109-1617.img.gz 09-Jan-2013 17:59 172M (2.1-BETA1 (amd64) built on Wed Jan 9 16:17:18 EST 2013 FreeBSD gho57.localdomain 8.3-RELEASE-p5 FreeBSD 8.3-RELEASE-p5 #0: Wed Jan 9 17:47:08 EST 2013 root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_wrap_vga.8.amd64 amd64) nanobsd (4g) and running on both slices. But i'm still having issues upgrading either auto update/console update or manual update and on both slices. It down loads the package it attempts to install but thats as far as it goes. I log back in and met with a warning message: php: : New alert found: Something went wrong when trying to update the fstab entry. Aborting upgrade. php: : The command '/usr/local/sbin/gzsig verify /etc/pubkey.pem < '/root/firmware.tgz'' returned exit code '2', the output was 'No gzip signature found Couldn't verify input' I have checked and i do have allow invalid or missing signatures to be used. Any more help or suggestion would be much appreciated. Thanks again.

@jimp: Before, it was uploading update images twice. Once under the "real" name and again under the latest-* names, and it didn't upload the version files until the end, so during any snapshot upload it would have been possible to update at some point and either get a partial file or one that didn't match the version. Now it simply does a symlink to the already-uploaded file and copies the version after that. Much faster, less prone to error, and saves a bunch of bandwidth for each snapshot run. Way cool. Thank you for the update and improvements.

There are fixes that happened after 2.0.2, there will be a 2.0.3 shortly. 2.1 should be OK now also.

Thanks for the details - that makes sense ;)  And yeah I had just added some rules.  Will keep an eye on it.

also which version IOS you running on the iPhones? I am still running 5.1.1 but will soon be upgrading to 6.0.1 UPDATE I have had good success with the completely open wifi and multiple clients. Now I will layer in WPA in a measured approach and see how it goes. Thanks

Yep, that was it. Its all working now. Thank-you all for for your help, this had been a big issue for me for a long time!

@jimp: Best way to do what you're after is just to bind to the LAN interface and port forward from each WAN there. Hi, ony to knowledge. I have this scenario ruunning in UDP port, and this work perfect!!! :)

Oki, think I fixed my own issues. Enabled the setting above and change NAT to manual and removed all NAT settings and looks like squidGaurd is working now.

Sure, if you want, go ahead.

Ermal added some checks to see if it was running at the command line before doing the session start bit. Perhaps it needs some more logic there, or perhaps you don't have a snap that includes the fixes. You can also edit /etc/inc/config.lib.inc and prefix the session start with an @, so it's @session_start( … and then if it fails, it fails silently.

I've also seen this issue on system with more than 4GB RAM.  Seems like there may be a variable somewhere that needs to be of a larger type. Indeed, FreeBSD uses a 32-bit integer to determine the physical memory size in bytes 1 and thus pf fails to correctly set the table-entries limit 2. Submitted the previous patch to bump the default value to 200000.

I propose the following code to solve the problem. The pfSense_getall_interface_addresses function is used only on time : on CARP reload. So I don't use it and I use an other way to have the information. What do you think about this ? diff --git a/etc/inc/interfaces.inc b/etc/inc/interfaces.inc index 07d621d..0d3d658 100644 --- a/etc/inc/interfaces.inc +++ b/etc/inc/interfaces.inc @@ -86,6 +86,21 @@ function does_interface_exist($interface) {                return false; } +function getall_interface_addresses ($realif) +{ +  // Return an array with all the IPs defined on a physical interface +  $ipv4 = get_interface_ip ($realif); +  $ipv6 = get_interface_ipv6 ($realif); +  $nm4 = get_interface_subnet ($realif); +  $nm6 = get_interface_subnetv6 ($realif); +  $ips = array (); +  if ($ipv4 !== NULL) +    $ips[] = "$ipv4/$nm4"; +  if ($ipv6 !== NULL) +    $ips[] = "$ipv6/$nm6"; +  return $ips; +} + /*  * does_vip_exist($vip): return true or false if a vip is  * configured. @@ -116,7 +131,7 @@ function does_vip_exist($vip) {                return false;        } -       $ifacedata = pfSense_getall_interface_addresses($realif); +       $ifacedata = getall_interface_addresses($realif);        foreach ($ifacedata as $vipips) {                if ($vipips == "{$vip['subnet']}/{$vip['subnet_bits']}")                        return true;