I updated my Alix 2d13 to 8.3-RELEASE-p5 FreeBSD 8.3-RELEASE-p5 #0: Sat Jan  5 17:51:54 EST 2013 and noticed the following errors during boot:

The session_start() errors should be fixed in a snapshot 1.

Well it could be a number of things causing this you have to gather as much info as possible when it doesn't come up correctly to narrow it down. For example it could be:
1. The NIC is not attaching to the driver correctly. Seems unlikely since you said earlier you could see it had a 192.168.1.1 address. If you provide the output of ifconfig that will confirm that.

2. The firewall is blocking traffic. That should never happen if you are running a DHCP server but sometimes things get weird. You would see that in the firewall log however.

3. The DHCP has stopped. If the DHCP server crashed out you should see something in the system log.

4. Something else on your LAN is running a DHCP server that is grabbing requests. This happens quite often.

Steve

Crap, yes this seems to be one of those "shabby" Intel Chipset-integrated things that can run in a Intel or with LSI or even Adaptec firmware mode depending on the OEM.
SuperMicro also makes a couple of boards that have this C606 PCH-integrated - somehow "FakeRAID" stuff IMMV. More expensive boards from them  actually have dedicated LSI chip instead of the onboard PCH SAS.

Anyhow, you're not alone also FreeNAS people have been hurt by this: http://forums.freenas.org/archive/index.php/t-8488.html

Since you have the RAID 300 thing, this one definitely is onboard (according to Lenovo RD430 manuals)

Now I'm pretty sure that the RAID 500 would have been the the card you would be looking for and is considered the 9240 card from Lenovo.
This kind of cards are quite affordable, actually the IBM M1015 is quite popular among in DYI ZFS (FreeNAS) builds.  Maybe you want to give it a
try, either via the official RAID 500 board or the IBM one. The original LSI cards often are more expensive - but in case of the 9240 come with RAID5 mode unlocked.

The question actually yet is if you want to fight with the PCH-integrated SAS - actually a vanilla FreeBSD 8.3 or better 9.1 could be worth a try to compare - maybe you can
kldload isci over there. OR you go the route and shell out some money for a more "proper" SAS RAID card. Actually I'd even prefer a plain HBA in some situations, but some
server makers like IBM and Lenovo only support and sell you SAS Hardware RAID cards.

Edit: See http://svnweb.freebsd.org/base/release/8.3.0/sys/dev/isci/isci.c?revision=234063&view=markup , the 0x1d68 device should be handled by iscsi, thus trying with a plain FreeBSD 8.3 could be interesting, but YMMV if you want to spend the time with this card or get a true MegaRAID card :-)

Just wondering if there has been any solutions to snort when the WAN is pppoe. See below for suggestion.

Thanks much. Will save me the trouble of reapplying the patch with each update.

@wallabybob:

Just to clarify, what form of support are you looking for? You haven't said you actually have a working connection to the mobile network

I thought "works great, and setup was painless" would be relatively unambiguous. Apparently not.

I have a fully functional internet connection over the MC760. I'm using it in a failover group, and everything works as expected. (well, see my other post about OpenVPN)

I would like the graphs to work, and I'm willing to help. I'm a sysadmin, so I'm both interested in monitoring and not completely clueless, but the last time I dealt with PPP and AT commands it was talking to a Courier. :D

So, where should I be looking to add support for graphing the cellular stats, and what information about this modem can I contribute to the cause?

Yup, just now took the time to look it up.

http://forums.freebsd.org/showthread.php?t=22766
http://www.linuxmisc.com/8-freebsd/d5e96cd035cb7726.htm

So on a system without a printer would disabling or enabling the printer port in BIOS prevent the stray irq 7?

Thanks

A little late to the party.  So happy this is fixed.  Just sent a donation!

Thanks guys!!!

OK, no trouble - I have a 2.0.2 system at home. Will fire that up tonight, merge the changes into the 2.0.2 version of pfsense-utils.inc, test and submit a pull request.
Edit: pfsense-utils.inc version done and tested for 2.0.2 - pull request is in GitHub.

find some news about this.  I hope PF Increased encryption capabilities within the network.

https://www.schneier.com/blog/archives/2012/12/china_now_block.html

Dude! I owe you a beer!

Taking out the Windows Update bits and turning off cachign of dynamic content did the trick! Check it out!

1357092130.999    553 10.0.0.12 TCP_MEM_HIT/200 1130 GET http://forum.pfsense.org/Themes/slickprographite/images/rss.gif - NONE/- image/gif
1357092131.729  1110 10.0.0.12 TCP_MEM_HIT/200 1549 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/normal_post.gif - NONE/- image/gif
1357092131.729  1110 10.0.0.12 TCP_MEM_HIT/200 769 GET http://forum.pfsense.org/Themes/slickprographite/images/filter.gif - NONE/- image/gif
1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 814 GET http://forum.pfsense.org/Themes/slickprographite/images/email_sm.gif - NONE/- image/gif
1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 1007 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/profile_sm.gif - NONE/- image/gif
1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 498 GET http://forum.pfsense.org/Themes/slickprographite/images/useron.gif - NONE/- image/gif
1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 1013 GET http://forum.pfsense.org/Themes/slickprographite/images/star.gif - NONE/- image/gif
1357092132.461    732 10.0.0.12 TCP_MEM_HIT/200 772 GET http://forum.pfsense.org/Themes/slickprographite/images/post/exclamation.gif - NONE/- image/gif
1357092133.189  1086 10.0.0.12 TCP_IMS_HIT/304 285 GET http://forum.pfsense.org/Themes/slickprographite/images/ip.gif - NONE/- image/gif
1357092133.189  1086 10.0.0.12 TCP_MEM_HIT/200 1114 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/quote.gif - NONE/- image/gif
1357092133.189  1460 10.0.0.12 TCP_MEM_HIT/200 1054 GET http://forum.pfsense.org/Themes/slickprographite/images/im_on.gif - NONE/- image/gif
1357092133.909  1447 10.0.0.12 TCP_IMS_HIT/304 285 GET http://forum.pfsense.org/Themes/slickprographite/images/useroff.gif - NONE/- image/gif

Thanks, man!

@Nachtfalke:

If you have problems with squid3 - did you try with squid2 ?

Further you have two times an entry for caching windows updates. Are you sure that this is correct. I assume it is wrong.
Further try to disable "cache dynamic content" on GUI. This could cause problems if I remember correct some forum posts.

But in general squid3 is working on pfsense 2.1 and is caching. Probably something worng with your config or you use a website which does not allow caching.

Refer to the FreeBSD ARP (arp) manual page.  Particularly the -S option.  I think the answer is there.

Capability for creating static ARP table entries from DHCP static mappings is available in Services: DHCP Server.

See attached document for additional WoL configuration details.  (remove the .jpg extension)

[Wake on LAN.docx.jpg](/public/imported_attachments/1/Wake on LAN.docx.jpg)

ok, thanks.

Any thoughts?

Not the way you're implying, it can't. It allows/denies access to the individual pools by mac address (or they can be open for all to use), but there isn't a way for the DHCP daemon to distinguish which interface the queries enter in a bridged setup that I recall. Or if there is, it's not supported by this.

What you're suggesting is a fundamentally flawed design. If you want different interfaces in different subnets, don't bridge them. You're just asking for trouble trying to craft something odd like that. And it's far, far off topic for the original thread (I split it off into a new thread).

OK I will try the snapshot wednesday. Thanks a lot !

Sniffing the tunnel (enc0) traffic seems to be one way only (IPsec network is 192.168.79.0/24, 10.13.10.0/24 is an internal unfiltered subnet routed via LAN interface)

10:02:46.705864 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54824 > 10.13.10.12.80: Flags [s], seq 451508624, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 105133164 ecr 0,sackOK,eol], length 0 10:02:47.777839 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54824 > 10.13.10.12.80: Flags [s], seq 451508624, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 105134164 ecr 0,sackOK,eol], length 0 10:02:48.890064 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54824 > 10.13.10.12.80: Flags [s], seq 451508624, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 105135264 ecr 0,sackOK,eol], length 0 10:02:49.985846 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54824 > 10.13.10.12.80: Flags [s], seq 451508624, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 105136345 ecr 0,sackOK,eol], length 0 this is a trace to an external network (google.com) still leaving enc0 and actually it does work [code]10:04:11.980610 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54829 > 173.194.35.24.80: Flags [F.], seq 762, ack 174239, win 8192, options [nop,nop,TS val 105218435 ecr 887816610], length 0 10:04:11.984472 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54828 > 173.194.35.24.80: Flags [F.], seq 555, ack 110578, win 8192, options [nop,nop,TS val 105218501 ecr 887816582], length 0 10:04:12.137217 (authentic,confidential): SPI 0x0e8b475d: IP 173.194.35.24.80 > 192.168.79.1.54829: Flags [F.], seq 174239, ack 763, win 999, options [nop,nop,TS val 887823607 ecr 105218435], length 0 10:04:12.137705 (authentic,confidential): SPI 0x0e8b475d: IP 173.194.35.24.80 > 192.168.79.1.54828: Flags [F.], seq 110578, ack 556, win 993, options [nop,nop,TS val 887823608 ecr 105218501], length 0 10:04:12.432361 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54829 > 173.194.35.24.80: Flags [.], ack 174240, win 8192, options [nop,nop,TS val 105218947 ecr 887823607], length 0 10:04:12.433974 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54828 > 173.194.35.24.80: Flags [.], ack 110579, win 8192, options [nop,nop,TS val 105218947 ecr 887823608], length 0 [/code] now sniffing LAN interface (igb0) and LAN to IPSEC traffic passes, but again one way only [code] 10:17:02.289600 IP 10.13.10.18 > 192.168.79.1: ICMP echo request, id 1, seq 6889, length 40 10:17:07.167121 IP 10.13.10.18 > 192.168.79.1: ICMP echo request, id 1, seq 6890, length 40 [/code] pf rules are IPv4* any/any on both IPsec and LAN tabs and IPsec VPN network is not overlapping any other existing subnet. thanks [/s][/s][/s][/s]