If you need to know what the default cron jobs are (if they were deleted or altered), they can be found in the default config located in /conf.default/config.xml on the firewall.

Thanks for the suggestion, but cycling the cable model did not do anything. This turned out to be a firewall issue, and I still don't know with certainty what caused it. On the old (1.2) firewall, I had a block rule on the WAN port for all traffic on top of the list. When I replicated this, I think it behaved the way it it is supposed to, i.e. it blocked everything on the WAN port. It does not appear that this rule behaved as expected on pfsense 1.2.

As long as you have adequately sized hardware for your connection speed, the difference in end to end latency between say a 500 MHz ALIX and a quad core Xeon server is trivial. The majority of the Internet will be 30-80 ms from you or more depending on your physical location, microsecond differences don't have any noticeable impact.

You can install ezjail package and create a jail with 8.1 release and install ports for example. Nat + firewall rules remains on pfsense.

Hi Bob, I'm with Virgin and mine is left blank so I'm not sure why yours did not work without it? If you have removed the default allow any rule then you need to allow DNS traffic from the interface subnet to the interface address else websites will not load. I don't know enough about networking to know why setting that hostname makes it work for you or which is the best way to use, perhaps I'm doing it wrong? hopefully someone more educated can comment? Regards.

Squid seems to work now. I added a firewall rule to the LAN tab for allow the LAN computers to connect to the squid port (in my case 800). I also modified the squid config, removing the LAN interface from the listbox named "Proxy interface" (you could multi-select elements on it pressing the CTRL key), saved it, and after I re-added the LAN interface another time. This was done if the configuration had bad information related with the interfaces and ip aliases With this now it's working for me.

@jimp: The mount command probably failed, it's saying it can't find /dev/da0s1a Because the slice is formatted with FAT32 there will be no a partition. It is probably the fsck that is failing because there is no FreeBSD a partition in a FAT32 slice.

Just an update to this. The Draytek Vigor 120 works perfectly. A quick reboot of PfSense and the WAN connection came up.

Figure it out. Needed to mount the filesystem as rw then I could edit.

100% correct. even though the dlink NIC will work, but you will have issues with them. drop connections, packet mangling, etc. i learned this the hard way as well, but once spending time in the forums and reading the vast amount of information within…i have a very good understanding of the overall product and the in's/out's of pfsense.  ...however, being a microsoft guy for the past 15+ years...it did take me a little longer than it should have.  ;D @pat1974: What I find about of pfsense is that the hardware is really important. This is not highlighted enough on their website. When somebody is considering pfsense, it is important to consider the hardware. Coming from a Microsoft background, you don't think hardware compatibility problem immediately when you setup your freeBsd box, but you should, especially with a pfsense box since it doesn't uses the last updated distro of freeBSD. So when you buy brand new NIC, because pfsense is not the most recent distro it is quite possible your new hardware driver will not be available in the pfsense distro. I'm just saying this from experience, as I figure that the hardware was really important after buying it, and starting to setup my pfsense. Then when it didn't work I start reading more about pfsense, and realize all the above explanation. I think pfsense website should find a way to make it stand out on their home page. Something like: "BEFORE YOU START BUYING PARTS FOR SETTING UP PFSENSE, MAKE SURE THE HARDWARE YOU WANT TO BUY IS COMPATIBLE WITH PFSENSE DISTRO" Doing this type of warning will avoid a lot of headach, and maybe having the list of compatible hard drive easy to find :)

Just run that periodically and keep an eye on it. Looks like squid is using 1GB so far, it may keep going up, or something else may spring up using lots of RAM.

Glad you got this resolved. It's unusual to have a problem with Intel based NICs which is probably why it wasn't suggested initially. Incidentally you should be aware that pfSense is not Linux based. It's FreeBSD which isn't Linux.  ;) Steve

@hhs99: With the release of the 2.0 branch of pfsense, you can now run pfsense on the GB1000 and GB1200 from GTA. the 1.2.3 release would not boot properly. When choosing the CF Card try to stick with cards that are close to the same size as the stock card unless you have a PCI vga card as the values are stored in the bios. My boxes had 64mb cards in the and the 512mb worked but the 1Gb and 2GB cards did not. If the console refuses to work after interface assignment, login to ssh and kill the apinger process as it tends to go nuts and make the box unstable at random times. Other than that it makes a stable box. If you have problems let me know and I can bump your config against mine. I have several of these GB1000. Do you know how to boot into the BIOS? What additional hardware is required?

If you removed bandwidthd (and siproxd I see) they didn't fully come out. Try switching to the other NanoBSD slice to see if it behaves better. First make extra sure there are no packages installed under System > Packages. It would be rather easy to run an ALIX out of RAM. It's normal to have a couple PHP processes going, but top doesn't show you the whole story, check the output of "ps uxawww" and see if it shows more about what PHP is doing, like if it's being used to run a certain script, like rc.filter_configure_sync, etc.

If you must share an interface for that, at least isolate it to a VLAN. There are security implications to running it on a shared segment. Someone could insert states into the state table if they have direct access to the sync interface, as they would if it were shared on LAN, by sending a specially crafted packet. The bandwidth requirements alone normally are enough to necessitate a dedicated interface for the sync traffic, but that depends on how fast the state table changes.

@ryanswj: @wallabybob: Did you enable DHCP Server on the LAN interface? (See Services -> DHCP Server) Nope, I don't think I have. Is that the cause of all my problems? It will be a factor. You said @ryanswj: I can see the Wireless AP that was created, but no IP addresses were assigned to clients. If you don't have an active DHCP server then clients won't be assigned an IP address. @ryanswj: Furthermore, why does the WebUI stop responding? Presumably because you have switched interfaces or reassigned LAN subnet IP address. If I was trying to make your configuration work I would first make ae0 (wired interface) the LAN and ath0 (wireless) the WAN. Then through the web GUI I would enter wireless configuration details and verify a wireless client could associate (using a static IP address on the client). Then I would choose assign interfaces and swap LAN and WAN (LAN as ath0, WAN as ae0) and reboot through the console. Wireless configuration can some times be challenge due to signal quality issues and (if your typing is as bad as mine) the challenge of correctly entering the encryption key. I have also found some encryption options don't work well with some clients so its best to sort that out BEFORE making the pfSense LAN interface a wireless interface. It has been my experience that a reboot has sometimes seemed to be necessary to persuade pfSense to correctly behave after major interface related changes such as swapping interface roles. You didn't explain why you might want to bridge WAN and LAN interfaces. I would be inclined to get it working as a router first. (I have a wired LAN and a wireless LAN bridged together on my pfSense and I need to NAT my internet access so its not appropriate for me to bridge WAN and LAN.) @ryanswj: Is my configuration correct (LAN and WAN)? I don't have enough information about your configuration to say.

Sysctrl Kernel default values to run squid,postfix,varnish for example are better on 64 bits.

@geluykens: My modem includes a router, so no ISP problem. Like wallabybob says, I have reconfigured the interfaces to different subnets: [modem in DHCP(isp)–---out X.X.0.1]–---[firewall in (DHCP)–---out X.X.2.1]–---[router in X.X.2.2–---out X.X.1.1]–---> network So I can't give the firewall WAN interface a static ip ? I just tried and everything stiil works. My setup now is: [modem in DHCP(isp)–---out X.X.0.1]–---[firewall in X.X.0.2–---out X.X.2.1]–---[router in X.X.2.2–---out X.X.1.1]–---> network Thx for the support.

I added a couple links and a couple extra lines in the embedded upgrade section. Should be a little more clear now.