Thanks jimp - that was it, or atleast there was a problem in the config.xml.  There was a duplicated gateway_item with same name and interval section was  missing the opening tag

<gateway_item><interface>wan</interface> <gateway>dynamic</gateway> <name>WAN_DHCP</name> <weight>1</weight> <ipprotocol>inet</ipprotocol> <interval><defaultgw></defaultgw></interval></gateway_item> <gateway_item><interface>wan</interface> <gateway>dynamic</gateway> <name>WAN_DHCP</name> <weight>1</weight> <ipprotocol>inet</ipprotocol> <interval><defaultgw></defaultgw></interval></gateway_item>

Now it looks to be working, I opened up the gateway and shows the 10 I put in there on edit.  I am also able to edit it now, and changes stick.  Odd wonder how long that has been messed up.  Thanks!!!

Update - 12/9/2012 12:20 PM PST
Changed to source full bogons lists from http://files.pfSense.org/lists/
A few fixes

Attached patch file Update_Bogons.patch - 12/9/2012 12:20 PM PST
To apply patch: patch -F0 -N -p0 -i "./Update_Bogons.patch"

Uploaded zip file with a j-peg extension.  Remove the .jpg extension from downloaded file.

Example System Logs Output:

Dec 9 03:01:01 root: Bogons IPv4 Update: Starting up. Dec 9 03:01:01 root: Bogons IPv4 Update: Sleeping for 34589 seconds to disperse update downloads. . . . Dec 9 12:37:30 root: Bogons IPv4 Update: Beginning the update cycle. Dec 9 12:37:31 root: Bogons IPv4 Update: File downloaded http://files.pfsense.org/lists/fullbogons-ipv4.txt Dec 9 12:37:31 root: Bogons IPv4 Update: File downloaded http://files.pfsense.org/lists/fullbogons-ipv4.txt.md5 Dec 9 12:37:31 root: Bogons IPv4 Update: MD5 Hash Match. Dec 9 12:37:32 root: Bogons IPv4 Update: 9 addresses added. Dec 9 12:37:32 root: Bogons IPv4 Update: 11 addresses deleted. Dec 9 12:37:32 root: Bogons IPv4 Update: Ending the update cycle.

Update_Bogons.zip.jpg

just a bit of an update.

if i manually start snort from the command line it work fine.

ie: '/usr/local/bin/snort -R 4941 -D -q -l /var/log/snort/snort_pppoe04941 –pid-path /var/run --nolock-pidfile -G 4941 -c /usr/local/etc/snort/snort_4941_pppoe0/snort.conf -i fxp0' > /var/run/snort_pppoe04941.pid

however if i use the snort.sh, it does not startup. im certain it has to do with the "-i pppoe". I'm not the greatest sh programmer. any suggestions on how to fix the snort.sh to use the right interface name?

rc_start() {

For Each Iface Only try to restart if snort is running on Iface

if [ ! -f /var/run/snort_pppoe04941.pid ]; then
/bin/pgrep -xf '/usr/local/bin/snort -R 4941 -D -q -l /var/log/snort/snort_pppoe04941 –pid-path /var/run --nolock-pidfile -G 4941 -c /usr/local/etc/snort/snort_4941_pppoe0/snort.conf -i pppoe' > /var/run/snort_pppoe04941.pid
fi
/bin/pgrep -nF /var/run/snort_pppoe04941.pid
if [ $? = 0 ]; then
/bin/pkill -HUP -F /var/run/snort_pppoe04941.pid -a
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort SOFT START For wan(4941_pppoe0)…"
else

Start snort and barnyard2

/bin/rm /var/run/snort_pppoe04941.pid
/usr/local/bin/snort -R 4941 -D -q -l /var/log/snort/snort_pppoe04941 --pid-path /var/run --nolock-pidfile -G 4941 -c /usr/local/etc/snort/snort_4941_pppoe0/snort.conf -i pppoe
/usr/bin/logger -p daemon.info -i -t SnortStartup "Snort START For wan(4941_pppoe0)..."
fi

sleep 2

if [ -f /var/run/barnyard2_pppoe04941.pid ]; then
                /bin/pkill -F /var/run/barnyard2_pppoe04941.pid -a
/bin/rm /var/run/barnyard2_pppoe04941.pid
else
/bin/pkill -xf '/usr/local/bin/barnyard2 -r 4941 -f snort_4941_pppoe0.u2 –pid-path /var/run --nolock-pidfile -c /usr/local/etc/snort/snort_4941_pppoe0/barnyard2.conf -d /var/log/snort/snort_pppoe04941 -D -q'
        fi

}

@ermal:

Have you configured your proxy under system->advanced?

Yes. As i wrote i can update system to new version using this proxy but when i want see available packages i can't do this.

I think packages system doesnt use proxy settings.

My configuration:

pfsense:
en0 1.1.1.1/32
en1 192.168.0.1/24

proxy:
eth1 192.168.0.2/24

After unplugging cable from en0 of pfsense i can update my system to new version but i cant check available packages.

It's far from useless, it shows what it's supposed to show, and that info is very much useful. Would be nice to have more detailed stats on the limiters at some point.

Problem solved after I updated to latest firmware. (mine was 6 days old)

The sweet thing with NAT reflection is when you have mobile devies like smartphones or ipads you will access the network from outside and inside from the same device and then nat reflection is a must.
Lets say you got like 5 different services port forwarded from one public IP to different servers(ip's) how can the mobile device know when its on the internal network and must use internal ip and port numbers, and when its on 3G access it must use one public address and another port number.

Else Iam forced to use VPN and then only use internal IP's and port numbers, but VPN header over 3G and watching movies on my buissniess trips is not always that great. (I only use vpn/ipsec for my ipad to access my windows terminal servers)

That did the trick! I had to set to Local Database & NONE as suggested, and that fixed it.

Thanks!

@phil.davis:

Note that the console menu has an option "111" that is not displayed. That makes more effort of stopping and restarting stuff related to the WebGUI. If 11 doesn't do the job from the console menu, then try 111.

Note that from 5 Dec 2012, console menu option 11 does the same thing as option 111.

Confirmed fixed in commit by Jimp https://github.com/bsdperimeter/pfsense/commit/e670244759cb73a5d9386b3b7c42e706e1a6d90c
Either make the small edit or it will be fine on the next snapshot.

Solved.

downloaded latest nightly build that i installed, reran it, and now it works.

my guess is that you should uninstall widescreen BEFORE upgrading. just a thought, maybe a prereq/compatibility check before any upgrades take place would help.

btw, i love this product.

Great, many many thanks! Tried the new .inc file on my pfSense KVM. The generated server configuration looks good and works fine!

That works.  Good job.  Thanks.

Should be going again now. Something hiccuped on the network a couple days ago and it was just sitting there waiting. Normally it loops until it finds a new commit but for some reason it couldn't talk to github and just bailed instead.

Some changes happened on the tools repo, too, so it may take a run or two to fix things up and get a good snap out of it.

Calling something that contains the firewall rules Firewall>Rules is pretty logical. It's never confused anyone. Renaming it would render obsolete thousands of references all across the Internet, there'd have to be a really good reason to do so and I don't see any reason at all.

Hi Guys,

Thanks for all of the replies. I had tried to make the USB with the unetbootin software + the LiveCD image, however it wouldn't boot. I have now used an external CD-ROM disk with the system and it has booted without issues. I didn't think it would be so hard to make a USB drive boot on my system.

Either way thanks for all of the help and the crisis has been averted.

Cheers.

Yes, problem solved. I've also updated the vm (a virtualbox running inside an ubuntu 12.10) to the lastest version (2.1-BETA0 (i386) built on Thu Nov 29 19:50:12 EST 2012) and everything runs smooth !

Thank you for the good work pfsense team !

I can't seem to reproduce this on a VM on a Nov 29th snapshot.

The only change in the last 3 months or so was some parameter encoding I changed at the end of October, and one of those fields was the id field, so I could see that being a potential issue, but given that I can't seem to reproduce what you're seeing it's a bit of a conundrum.

Do you mind posting the contents of the gateways section of your config.xml?

I don't remember when I last saw this, but the text issue seems to have been fixed with Firefox 17.0.1.  I still see the change on the right side of the dropdown menu graphic as I put the pointer over each item, but the text appearance now stays the same throughout the page.