@Sensi: All the entries are IGMPs with a source of the router a destination of 224.0.0.1 (haven't a clue on that) on the interface of wan So if the firewall is dropping your traffic to 10.64.0.100 it is not logging it. For now you can ignore those entries in the firewall log which don't have a source IP address of 10.7.0.101 and a destination address of 10.64.0.100. Please show your firewall rules for VLAN7 including any alias OR go through the rules for VLAN7 yourself to verify that access to vlan64 is allowed. Another possibility is that 10.64.0.100 has some sort of firewall (e.g. Windows firewall) that is blocking tracert. Please check that out.

As long as it sounds right then I'm happy. Thanks

I just thought I'd update this thread.    I never did get pfSense with the DSL modem.  The modem is old an 10base-T so maybe that was the issue. The NIC cards I had are bge and re. Using the exact same hardware (and using the new Pfsense 2.0 (not the RC3) and a cable modem everything worked first time. Thanks for the help.

I am with you guys. I would like to see a 2.0 appliance for vmware. Any idea when it will be coming out?

@dreamslacker: @cmb: install with the drive in another system, choose the embedded kernel option, and move the drive over when finished. Is there any difference between choosing the Embedded Kernel option and configuring a VGA install to use Serial Console (in the WebGUI) instead? If memory serves, I think the embedded kernel doesn't support SMP.  When I just installed my net6501 I did a full install with the SMP kernel on a virtual machine (in case Soren ever gets around to enabling hyperthreading on the Atom), checked the box for serial output in the Web GUI, then moved the drive to the 6501.  Works like a charm.

The settings under diag>nanobsd all seem right, the correct partition is selected.. it all appears fine. It should noted this is an ancient CF install on a watchguard x700, being upgraded, modified, hacked, countless times over the years, there is no question about it, this is no doubt my own fuckup somewhere. You know the drill, its buried in the rack, and its always just 'easier' to hack than fix. If it works (TM), and all that. The only reason the problem has come to my mind recently is an (non IT gear related, all RCCB) RCD issue that has caused some semi-infrequent, yet very annoying power drops (ups can only last that long, and cant afford diesel or independent power.. electrician has been called, its the 3rd time trying to find this @*!# fault). Thus I'm giving up; and making the network fully autonomous, so it can pull itself from cold->operational by itself. Nevermind, the only sensible approach to all this is to use this brilliant excuse to do what I've should have done some time ago; do a clean install, and perhaps use this opportunity to move my ass to pfSense 2.0.. Thanks, your reply finally put some sense in me :) MeatPuppet

Hi, to silence the log messages in the future is certainly correct. I´m not worried about these log messages, but how I get my RRD graph working now? What can be done on my side? Tobi

md == memory disk. Some big packages use too much space in the md-mounted partitions, you just can't install those on embedded. Why you would want a file server on your firewall at all, much less one running from CF, is beyond me. Don't do it.

You do not need to change the root password. The root password is the admin password you setup in the GUI. As far as starter Tips go… You can track bandwidth usage with iftop or in the GUI under status->traffic graph To reduce lag get top notch gig NICs. The cheap stuff has always caused problems You can track overall bandwidth usage with the RRD graphs. To have DNS working completely have DHCP register DNS entries under Services->DNS forwarder Port forwarding is completely different than IPcop. Start your port forward entries in Firewall->NAT The final tip I have is to check the forums. Everything you need to know about gaming with pfsense and problems you may run into are documented within the forum and the wiki. Also dump your ISP. Find an ISP that doesn't limit your usage. You're paying for it so why should you pay more for your bandwidth.

I went through the installation I have a strange problem I can not access the web interface from a PC with Linux Is there a way to set up the router quickly There's lots and lots of settings is there an option to access the web interface from the computer the pfsense is install on

Me very stupid at times!!  Found it and fixed in 10 seconds after I posted. Sorry!!

@Summer: is it possible to install pfsense on a machine  and then move the disk with pfsense installed to another machine that hasn't the same architecture? I have done this a couple of times.  think jimp has covered all the issue I had.

Odds are the search list isn't in the right format, there is a recent ticket for that. Clear out the search list and see if it works.

To help anyone else who has this problem, I think it was down to the firewall rules somehow going.  I might have somehow deleted them when I was editing the config file.

that is possible, but problem could reside almost everywhere

Will do. Many thanks

I re-installed, this time using the default kernel rather than the embedded kernel.  Everything works fine.  The webgui comes right up. The embedded kernel and my hardware dont seem to get along.

pfSense automatically listens for connections to the settings page from all interfaces, but only opens the firewall by default on the LAN interface (you can disable the "anti-lockout" rule in settings, but be careful). If you wanted to access the settings page from the WAN, for example, just add a rule to the WAN to allow access from anywhere to the WAN IP address, protocol HTTPS (port 443) TCP, and you will be able to access it remotely. Same is true of any other interface, add a similar rule for access to the interface IP, from any or specific IPs as desired. Or, add explicit block rules if you want to or if you've opened it up with other rules. I also tend to change the listening port to something other than 443 so I don't interfere with port-forwarding of HTTPS and am on a non-standard port (less likely to be target of random scans from Internet or guesses internally).