follow instructions on this topic to fix it:

http://forum.pfsense.org/index.php/topic,44224.msg229418.html#msg229418

Will check tomorrow - time to go home here

Problem resolved.  From my notes:

To edit fstab on embedded flash:
On separate machine, Boot into pfSense from the Live CD
Do not select Recovery or Installation options, let the system boot until the menu appears
Pick option 8 to drop into a pfsense shell prompt
From the shell mount the CF which is likely /dev/da1s1a to /mnt
Proceed to edit the /etc/fstab file to reflect the correct device ad0s1a
NOTE: The fstab file indicates that the drive is to be mounted rw.  Is this correct?  Also, I think I killed the swap install onto the flash card by specifying 0 bytes for swap space size.
SUCCESS!!  This process seems to have worked.  fsSense booted up fine.

That's exactly what I thought, 'DHCP comes before IP and TCP surely'.
Wikipedia is never wrong!  ::)

Steve

If you need to know what the default cron jobs are (if they were deleted or altered), they can be found in the default config located in /conf.default/config.xml on the firewall.

Thanks for the suggestion, but cycling the cable model did not do anything. This turned out to be a firewall issue, and I still don't know with certainty what caused it. On the old (1.2) firewall, I had a block rule on the WAN port for all traffic on top of the list. When I replicated this, I think it behaved the way it it is supposed to, i.e. it blocked everything on the WAN port.
It does not appear that this rule behaved as expected on pfsense 1.2.

As long as you have adequately sized hardware for your connection speed, the difference in end to end latency between say a 500 MHz ALIX and a quad core Xeon server is trivial. The majority of the Internet will be 30-80 ms from you or more depending on your physical location, microsecond differences don't have any noticeable impact.

You can install ezjail package and create a jail with 8.1 release and install ports for example.

Nat + firewall rules remains on pfsense.

Hi Bob,

I'm with Virgin and mine is left blank so I'm not sure why yours did not work without it?

If you have removed the default allow any rule then you need to allow DNS traffic from the interface subnet to the interface address else websites will not load.

I don't know enough about networking to know why setting that hostname makes it work for you or which is the best way to use, perhaps I'm doing it wrong? hopefully someone more educated can comment?

Regards.

Squid seems to work now.

I added a firewall rule to the LAN tab for allow the LAN computers to connect to the squid port (in my case 800).

I also modified the squid config, removing the LAN interface from the listbox named "Proxy interface" (you could multi-select elements on it pressing the CTRL key), saved it, and after I re-added the LAN interface another time. This was done if the configuration had bad information related with the interfaces and ip aliases

With this now it's working for me.

@jimp:

The mount command probably failed, it's saying it can't find /dev/da0s1a

Because the slice is formatted with FAT32 there will be no a partition. It is probably the fsck that is failing because there is no FreeBSD a partition in a FAT32 slice.

Just an update to this. The Draytek Vigor 120 works perfectly. A quick reboot of PfSense and the WAN connection came up.

Figure it out. Needed to mount the filesystem as rw then I could edit.

100% correct. even though the dlink NIC will work, but you will have issues with them. drop connections, packet mangling, etc.

i learned this the hard way as well, but once spending time in the forums and reading the vast amount of information within…i have a very good understanding of the overall product and the in's/out's of pfsense.  ...however, being a microsoft guy for the past 15+ years...it did take me a little longer than it should have.  ;D

@pat1974:

What I find about of pfsense is that the hardware is really important. This is not highlighted enough on their website.
When somebody is considering pfsense, it is important to consider the hardware.

Coming from a Microsoft background, you don't think hardware compatibility problem immediately when you setup your freeBsd box, but you should, especially with a pfsense box since it doesn't uses the last updated distro of freeBSD.

So when you buy brand new NIC, because pfsense is not the most recent distro it is quite possible your new hardware driver will not be available in the pfsense distro.

I'm just saying this from experience, as I figure that the hardware was really important after buying it, and starting to setup my pfsense. Then when it didn't work I start reading more about pfsense, and realize all the above explanation.

I think pfsense website should find a way to make it stand out on their home page.

Something like: "BEFORE YOU START BUYING PARTS FOR SETTING UP PFSENSE, MAKE SURE THE HARDWARE YOU WANT TO BUY IS COMPATIBLE WITH PFSENSE DISTRO"

Doing this type of warning will avoid a lot of headach, and maybe having the list of compatible hard drive easy to find :)

Just run that periodically and keep an eye on it. Looks like squid is using 1GB so far, it may keep going up, or something else may spring up using lots of RAM.

Glad you got this resolved.
It's unusual to have a problem with Intel based NICs which is probably why it wasn't suggested initially.
Incidentally you should be aware that pfSense is not Linux based. It's FreeBSD which isn't Linux.  ;)

Steve

@hhs99:

With the release of the 2.0 branch of pfsense, you can now run pfsense on the GB1000 and GB1200 from GTA. the 1.2.3 release would not boot properly. When choosing the CF Card try to stick with cards that are close to the same size as the stock card unless you have a PCI vga card as the values are stored in the bios. My boxes had 64mb cards in the and the 512mb worked but the 1Gb and 2GB cards did not. If the console refuses to work after interface assignment, login to ssh and kill the apinger process as it tends to go nuts and make the box unstable at random times. Other than that it makes a stable box. If you have problems let me know and I can bump your config against mine.

I have several of these GB1000. Do you know how to boot into the BIOS? What additional hardware is required?

If you removed bandwidthd (and siproxd I see) they didn't fully come out. Try switching to the other NanoBSD slice to see if it behaves better. First make extra sure there are no packages installed under System > Packages.

It would be rather easy to run an ALIX out of RAM.

It's normal to have a couple PHP processes going, but top doesn't show you the whole story, check the output of "ps uxawww" and see if it shows more about what PHP is doing, like if it's being used to run a certain script, like rc.filter_configure_sync, etc.

If you must share an interface for that, at least isolate it to a VLAN. There are security implications to running it on a shared segment. Someone could insert states into the state table if they have direct access to the sync interface, as they would if it were shared on LAN, by sending a specially crafted packet.

The bandwidth requirements alone normally are enough to necessitate a dedicated interface for the sync traffic, but that depends on how fast the state table changes.