@canefield: Dear all, Does somebody has any suggestions/ideas running or not running pfSense on a virtual environment? I know, it is best to use it as a seperate box indeed, but what happens while virtualized. Does pfSense support it? How about giving resources to it. How much CPU, RAM should I reserve for it? Because VMware is using a smarter way of resource managent I can only guess such things. Is there a formula? While installing a noticed pfSense had identified it as a virtual machine/platform. So I suppose it is working perfectly under VMware. The other reason I post this is because I think on some point something is lacking. For instance; I had a well-working environment with pfSense, Snort, Squid3 en Varnish. Suddenly, while no configurations where been applied or changed, services stoped abruptly without any trace. How reliable is pfSense in VMware vSphere? Something I really want to make crystal clear…a like pfSense and its features enormous Thanks in advance, Canefield We use pfsense under vshpere for multi-wan/captive portal purpose with 15 interfaces (VLANs). It works very well. 2 CPU and 1Go ram. It's a little bit too much (512 should be enough) but we have a lot of ram available.

We're big fans of jails, this server and all our others run in jails. Can't do the things a firewall needs to do when running within a jail though. They're great for server type uses, not possible for something like a firewall though.

I'd guess that you end up with the pfSense WAN interface and the LAN interface on the same subnet (192.168.1.0/24) which is an invalid configuration. If that is the case it might be easiest to change the pfSense LAN interface to (say) 192.168.8.1/24 and adjust the DHCP range accordingly.

It's not ie it's le (lower case L). You should only use e1000 type NICs in VMware though (which are em).

Thanks, I will take a look this weekend to figure out what is going on and post the results here.

I have a hard drive and also the cd drive. Machine can boot from either one. I was trying to see if I could use the flash drive to run pfSense but unfortunately my MB does not cooperate. I will try as you suggested tonight and let you know if I get any further. thanks for your time.

Okay will do. Thx

pfSctl is a client program that connects to check_reload_status and issues various commands, like a command to reload the filter, etc. It's possible that in some cases something tries to trigger one of those actions before check_reload_status is ready, but at bootup it's not a big deal since it will happen as soon as possible anyhow.

no, but can pkg_delete them individually.

Erase the value so the field is blank. That should work and have the same effect.

That, of course, fixed it. Thank you! It is weird - I have no idea why it was set to snapshots - it is a setting I never changed. Maybe because I set this up before the final release of 2.0? Anyway - problem solved. Again - thank you!

I ditched the usb method and hooked up a external cd-rom drive. Pfsense is installed now.

@dLockers: @jaredadams: "it" = ? "config file" = ? I assume you're referring to what Steve just told me, but just like in the other thread you gave no indication what those things are. In case anyone else finds this thread, this is what works for me regarding the MaxTerm 8300B, with a 4GB CompactFlash card (SanDisk, if it makes any difference). 1.) Install on the CF card as normal 2.) Boot into safe mode (Option 4 IIRC - you need VGA or console access) 3.) Go to WebConfigurator 4.) Diagnostics > Edit File 5.) Enter '/boot/loader.conf' for the file 6.) The file is blank currently, add 'ahci_load="YES"' 7.) Reboot, should work fine. I have tried adding ata_dma before and it didn't seem to work, however try adding: hw.ata.ata_dma="0" hw.ata.wc="0" If you still have issues. @jaredadams: SOLVED 1.  Boot pfsense in safemode 2.  Once booted fully enter the shell 3.  i changed folders to /boot 4.  run command mount -u / 5.  run command vi loader.conf 6.  enter two lines of code supplied by Steve (THANKS!) @stephenw10: hw.ata.ata_dma="0" hw.ata.wc="0" 7.  save 8.  exit shell 9.  reboot Now THATS how you write a resolution post.  With the way I named it, this thread will more than likely show up in searches in the future.  Glad we gave a resolution.

Exactly. Most dyndns client programs will ping out to some site in order to determine what their outgoing IP is, they don't rely on reading it from the machine they run on. E.g. www.pfsense.org/ip.php The advantage of running it on pfSense is that it would know immediately if the IP changes where as running on the server behind there will be some delay. Since the pfSense dyndns client does not appear to be setup for multiwan it won't failover correctly. So although there is a built-in feature exactly as you suggested it's not usable in this situation. I'm still half expecting one developers to come in here and tell me I'm not reading it right.. ::) Steve

Thank you both for your replies. You were both right, somehow when flashing for the second time I forgot the '-O-' argument to wget, meaning nothing was really written to the CF card :-[ I just flashed it correctly and it works like a charm! Sorry for wasting your time… At least I learned what /dev/mdX stands for ^^ (I'm fluent in linux but have zero *bsd experience...) Best, Thomas

Learn to look through the code, matrix style!  :P The config file to look at is: http://www.pfsense.org/packages/pkg_config.8.xml Any package containing <noembedded>true</noembedded> can't be run on Nano. However some that can, Squid for example, are very restricted. Packages that can't run on nano/embedded look to be: pure-ftpd ntop Light Squid Freeswitch phpSysinfo Steve

When you're booted, from a shell, try this: /sbin/sysctl kern.geom.debugflags=16 gpart set -a active -i /dev/ad0s1a ad0 /usr/sbin/boot0cfg -s ad0s1a -v /dev/ad0 /sbin/sysctl kern.geom.debugflags=0 Assuming your drive is ad0 Or you could try running "boot0cfg -B" on its own to replace the MBR. Or failing all of that, backup your config, run a low-level format on the drive from start to end, and reinstall. That would be the last resort "dust off and nuke it from orbit" option.

You probably need to bridge the WAN and LAN if your servers inside have to recognize it's own IP. If you need an internal network too then add a add a second interface for it. I think that most use a second interface OPT1, renamed DMZ or SERVERS etc. as the Bridged interface and the LAN for a NAT internal network. The Book has some info on setting up a bridge, and I am sure there is some info online etc. There are some routing challenges between the networks in this senario, because you gateway is now your ISP's router and that won't know how to get to your internal LAN network. If you don't need a second interface then just bridge the WAN and LAN. Select Interfaces -> Assign: Select 'Bridges' tab and click the + in the grey box to assign the bridge. Select WAN and LAN and away you go. Only click advanced if u know what you are doing. Hope this helps.