Are you going through some kind of proxy?

Something is definitely intercepting and interfering with the HTTP requests made by the firewall, those responses don't appear to be coming from our servers.

Doing a search on "ipdiags.ha" yields some interesting results…
http://forums.att.com/t5/Features-and-How-To/sometimes-universe-adds-quot-cgi-bin-ipdiags-ha-quot-on-all-my/td-p/3041327

@dmauld:

Bonus question: Will pfSense work with the Alfa USB AWUS036NHA?

It appears to be a "high powered" USB WfI adapter using an Atheros chipset.
I have seen "high powered" devices on eBay but using the supported Ralink RT3070 chipset.

Look at your :R :FA, etc

Firewall will pass traffic based upon state, if you get a state mismatch then traffic can be blocked.  If traffic shows FA,

TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR

Its a Fin Ack - but if firewall does not show correct state for the session then it would block that sort of packet.

if you reboot pfsense, or clear the states then yeah you can see those quite often.  Or wireless can happen too if you drop packets and then get packets with wrong state on them, etc.

Common to see such traffic.

You might be able to do this using VLANs but it would be far easier to add a second interface to the VM host machine.

Use the second interface to connect to your wifi device. That device is a wireless router but you want it to act as an access point only. So you need to disable DHCP in the wifi router and then connect the pfSense LAN interface (the new NIC) to one of the LAN sockets on the wifi device. Thus all wifi traffic should be handled directly by pfSense.
That would be the case for most home wifi routers but some may have further configuration options and other hurdles to cross.

Steve

Great.  Thanks for the info.  My company is slow at approving updates, so v2.0.3 might be an official release by then.  Either way, this is good to know

Much easier yet to use a FreeBSD box/vm to image the cards, then mount and copy the config before ever putting it in the target device :-)

I am also having this in my sys log.

Mar 11 22:52:12 lighttpd[53690]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'upqchi07vFfAFuBjnIKGIwiLrHo3Vt68T3yqvhQu2TqetQ78roy7Q6bpTfDUtYFR593/MA' (attacker '192.168.2.77', file '/usr/local/captiveportal/index.php')
Mar 11 22:52:12 lighttpd[53690]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'upqchi07vFfAFuBjnIKGIwiLrHo3Vt68T3yqvhQu2TqetQ78roy7Q6bpTfDUtYFR593/MA' (attacker '192.168.2.77', file '/usr/local/captiveportal/index.php')
Mar 11 22:52:08 lighttpd[53690]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'upqchi07vFfAFuBjnIKGIwiLrHo3Vt68T3yqvhQu2TqetQ78roy7Q6bpTfDUtYFR593/MA' (attacker '192.168.2.77', file '/usr/local/captiveportal/index.php')
Mar 11 22:52:08 lighttpd[53690]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'upqchi07vFfAFuBjnIKGIwiLrHo3Vt68T3yqvhQu2TqetQ78roy7Q6bpTfDUtYFR593/MA' (attacker '192.168.2.77', file '/usr/local/captiveportal/index.php')
Mar 11 22:52:07 lighttpd[53690]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'upqchi07vFfAFuBjnIKGIwiLrHo3Vt68T3yqvhQu2TqetQ78roy7Q6bpTfDUtYFR593/MA' (attacker '192.168.2.77', file '/usr/local/captiveportal/index.php')
Mar 11 22:52:07 lighttpd[53690]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'upqchi07vFfAFuBjnIKGIwiLrHo3Vt68T3yqvhQu2TqetQ78roy7Q6bpTfDUtYFR593/MA' (attacker '192.168.2.77', file '/usr/local/captiveportal/index.php')
Mar 11 22:52:06 lighttpd[53690]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'upqchSo7uFLEFuVgnIKGIwiLrHo3Vt68T3yqvhQu2TqetQ78roy7Q6bpTfDUtYIftZ33Mx4GKwAg9mY3qw' (attacker '192.168.2.16', file '/usr/local/captiveportal/index.php')
Mar 11 22:52:06 lighttpd[53690]: (mod_fastcgi.c.2676) FastCGI-stderr: ALERT - configured request variable name length limit exceeded - dropped variable 'upqchSo7uFLEFuVgnIKGIwiLrHo3Vt68T3yqvhQu2TqetQ78roy7Q6bpTfDUtYIftZ33Mx4GKwAg9mY3qw' (attacker '192.168.2.16', file '/usr/local/captiveportal/index.php')

I hope to know what is causing this.

Is this a full install or NanoBSD?

I've seen the "…....." happen before on NanoBSD if someone accidentally uploads a full CF image instead of an upgrade slice before, but that's the only way I can recall it happening.

FreeBSD has it, you can make/use labels for slices, but the installer code for full installs doesn't (yet) make or use them.

Hey Steve!

I made no manual changes to the baud rating. Literally, I installed PFsense, loaded up the web_gui, and have only enabled disabled the serial console from that menu.

I wish I could get the blasted serial console to work though, (in the event I fubar something). I hate popping this IDE drive out every-time I screw something up! LoL!

EDIT Sorry, I forgot to mention, this is V2.02

Interestingly enough, I no longer have to kill/reinitialize the web-configurator (lighttpd) every 5 minutes when it becomes unresponsive now that I'm running a full-on install. That's a plus!

Thanks Steve!!! I really appreciate that.

Given the number of inetd instances there must be a significant number of reflected connections. Best to either not use reflection in that case, or upgrade to 2.1 and use "pure NAT" mode reflection. That's not in and of itself causing the crash I don't think, wallabybob covered that, but it's definitely not helping things.

Hi Guys

I finally got a resolution to my horrendous webgui speeds and web traffic through my pfsense router. It turns out our WAN was connected to a dodgy piece of Cisco hardware (Line Card) and it was causing all sorts of problems foe specific traffic from Windows machines only! Here is the explanation I got form our provider.

_We believe we have hit a bug with the particular hardware revision that card is. It drops packets of certain sizes which matches up with that we were seeing with duplicate acks and retransmits that looked like they weren't being acknowledged. I am going to have to look further into why Windows appeared to be affect but other operating systems we tested weren't.

The second line card in our colo router is a newer revision which doesn't suffer from the bug._

This report came just before I was about to do a full reinstall of our router thinking there was some major problem with pfsense. Pheeeew bullet dodged.

I would think your best bet would be to buy some support
https://portal.pfsense.org/index.php/support-subscription

They should be able to provide you the information and guidance you need without having to come on site to be honest.

Thanks Steve for all of your help.

I have a 2.5'' IDE drive I'm going to pull from a laptop. I need to secure a NULL serial cable (I believe I have one in my shop.) I'll begin this project over the weekend.

@Jason:

@repa:

Can a

Intel Xeon 2-Core E3-1220LV2 2,3GHz 3MB 5GT/s with 8 GB RAM handle this ?

or better take a Intel Xeon 4-Core E3-1265LV2 2,5GHz 8MB 5GT/s

Unless you're using Squid, Snort, etc., the dual-core is likely to be the better choice as many of the components of pfSense are single-threaded.  8GB of RAM is also overkill unless, again, you're using snort or squid, or unless you've got hundreds of thousands of states.

To do HA you're going to need two boxes.  They don't need to be identical, but it will probably help you out in the long run if they are.  Make sure you plan for a dedicated NIC for traffic between them.

Also some systems will let you limit active cores and therefore run in turbo mode which can gain you a bit, as well as disabling HT as it typically wont help you on pfSense.

We use E3-1280V2's and they work just fine, with HT disabled as 4 cores is plenty.

It should be very simple. I recommend that you backup the configuration file first. If you wan to be paranoid, get another disk, CF, etc and install the new version on it, that way if anything goes wrong you can just put back the old disk.

So I am curious is this "Zyxel modem" really just a modem or is it already a gateway doing nat?  What is the model number of this zyxel modem.

@wallabybob:

@genhed:

It seems that there is no driver for this device. Any ideas if it'll ever be supported?

It might be worth trying a pfSense 2.1 snapshot build because that includes more up to date device drivers than the 2.0.x builds.

2.1 produced the same results. I even tried FreeBSD 9.1 and it gives the same messages for the SD host controller. I'll just use the USB pen drive. Thanks for the help though! :)