Hi, your right a dont have to expect any reply from anyone, but normaly there are some guyes who will answer in 24h ;). need commercial support? And thats why the pros didnt answer and only the good guys do so ;). BUT, folks i have to apologize - sorry for my bad words, but time is one i never have enough. I read the howto exactlier and find the point of geom, which i overread while i thinking it has something to do with geo-redundancy, but i found out that this is the option for raid…. ok sorry for that and ashes on my head...

Hi ALL, I re-downloaded the ISO image and burnt it a new CD and tried to install. VIOLA … it worked. I am marking th thread as SOLVED :)

It works. Thanks!!! :)

I had the same problem (ROOT MOUNT ERROR) with USB mem stick. Also tried external usb CD. Choosing boot psSense with ACPI disabled, I finally installed pfSense

The RRD graphs work using pf's counters, so they will not work with pf disabled. pfTop works using pf states, which do not exist if pf is disabled. For a console program like that, I prefer iftop. For graphing you'll need to graph from a different machine via SNMP if you want graphs.

As always - thanks Steve. Not sure why but I have a problem finding stuff using the search function - pity there isn't a sort-by-date. OK - now I start my next project - just waiting for the right 2.5" HDD on Ebay :)

@jonallport: I'll apologise on behalf of everyone else for keeping you waiting. As far as I know there is no issue using spamd in front of Exchange; it's a largely standards-compliant SMTP server so you shouldn't have anything to panic about with spamd unless you have a large number of contacts in China or Korea. Thanks for the reply, but no apology is necessary.  I remember this place being way more active about 2 years ago when I was heavy into using pfSense…  Thanks in advance.  I already have the setup going in my lab and feel that I can make the switch tomorrow evening. Thanks, -Morgen

So apparently my additional nics just got incremental em names.  All of my existing rules, etc stayed the same.

@phil.davis: There is not a way to easily "guess" the bandwidth of an interface at present - many people will have a 100Mbps ethernet cable between their WAN port and frojnt-end modem device. The front end connection to the internet will usually be much slower than this (depending what their hardware does and what they have paid for from the ISP). It would be easy enough to add an attribute to the Interface configuration page that lets you define the expected real throughput speed for the interface. Then, if something was set in there, things like Traffic Graph could start scaling at that rate. If things like this are done, then it would also be good to have a "Save" button on the Traffic Graph page so users can decide what graph settings they want as default. Exactly. I would enter, for example, that opt2 (or wan2) should be maximum with 16.000 kbit/s. If the real Bandwith never reaches this limit, its totally ok. I just want to see, what percentage of the technical-maximum is reached at the moment. For a LAN-Interface this would be 100 Mbit/s or 1 Gbit/s. I may be ablt to code that into the pfsense-GUI, but for saving this setting to the pfsense-harddrive, i may neet to look into it more deeply. PHP is one thing, but the saving-functions and the config-db…. well, i would love to have this coded into pfsense by one of the pfsense-programmers themself. So i dont need to learn, what they already know and so everyone can have this option in the next update. What about it, PFsense-team? :)

@necron: First of all, thanks for the clear tutorial! Question though, how do you guys handle admin accounts when authenticating with AD? For instance: I have the default admin and another two admin accounts created. I then made the AD link which works fine, but when I log on with one of the two custom admin accounts the 'no page assigned' error appears. Default account keeps working though, but that one has a huge random password :) Add a group. Click the group and add privileges :)

pfsense console option 8 allows you to drop to a standard unix shell and run all sorts of diagnostics. You can run from the basic ifconfig to check if the interfaces are correctly configured, to ping to check for connectivity, up to tcpdump (which however requires some technical background)

Yes, you manage pfSense from the LAN interface by default. You can of course change that.

@tim.mcmanus: Are you power cycling the cable modem each time you connect it to a new device?  Some of those cable modems have a habit of grabbing the first MAC address they are connected to and refuse to talk to anything else until you power cycle them.  That's the first thing I'd try to do.  If it still doesn't work, reply back. Right after I posted this I tried that and it worked! Before I just unplugged the modem for 30 seconds but, I needed to unplug the modem and take out the battery and unplug the server and take out its power supplies. After about 5 minutes with them off, I turned it back on and It got an IP right away and it works great!

did you edit the default lan rules on pfsense?  By default there should be a rule that allows anything on the lan subnet to go ANYwhere.

Are you going through some kind of proxy? Something is definitely intercepting and interfering with the HTTP requests made by the firewall, those responses don't appear to be coming from our servers. Doing a search on "ipdiags.ha" yields some interesting results… http://forums.att.com/t5/Features-and-How-To/sometimes-universe-adds-quot-cgi-bin-ipdiags-ha-quot-on-all-my/td-p/3041327

@dmauld: Bonus question: Will pfSense work with the Alfa USB AWUS036NHA? It appears to be a "high powered" USB WfI adapter using an Atheros chipset. I have seen "high powered" devices on eBay but using the supported Ralink RT3070 chipset.

Look at your :R :FA, etc Firewall will pass traffic based upon state, if you get a state mismatch then traffic can be blocked.  If traffic shows FA, TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR Its a Fin Ack - but if firewall does not show correct state for the session then it would block that sort of packet. if you reboot pfsense, or clear the states then yeah you can see those quite often.  Or wireless can happen too if you drop packets and then get packets with wrong state on them, etc. Common to see such traffic.

You might be able to do this using VLANs but it would be far easier to add a second interface to the VM host machine. Use the second interface to connect to your wifi device. That device is a wireless router but you want it to act as an access point only. So you need to disable DHCP in the wifi router and then connect the pfSense LAN interface (the new NIC) to one of the LAN sockets on the wifi device. Thus all wifi traffic should be handled directly by pfSense. That would be the case for most home wifi routers but some may have further configuration options and other hurdles to cross. Steve