LAN, WAN, etc do not matter. It only matters that you have a gateway, and it's set as default. Traffic will flow whichever way you specify that. If you only assign one NIC, it switches to "appliance mode" (so to speak) and you can do things like that without bothering with the additional unused interface

FYI the config is in the third slice, in my example above that is ad0s3 - if you're plugged in with USB in a card reader it may be da0s3

Backup config.xml are allways in Directory /conf/backup or /cf/conf/backup

Mmm … Fortunately somebody more informed than me pointed that out. Thanks for that  ;) Well then ... that pfsense box will only do routing / firewalling / NAT / VPN / ... not backups. I have a dedicated machine that does backups, another one which will handle media, etc Glad to hear that ... And I think it wouldn't changed much in my bills either, because I had another E-30 (an MSI) which has a single x16 slot and probably has the same problem. Therefore the microATX case I chose (FRACTAL DESIGN ARC MINI, rather nice I think) seems to be a good choice. If it is as you pointed out then I'll limit myself to doing only failover and leave link aggregation on the "client" machines and switches. I think you're right since one user in another forum pointed that out as well ... but as I said to him I think something's odd, because with a 100BaseT router (Zyxel) and everything else gigabit ethernet (1000Mbps) I couldn't get transfers above 12MB/s (instead of the theoricals 125MB/s). Will have to test that out again with this setup. In that case I'll just use 3 interfaces as failover  plus one WAN interface OR 2xWAN failovers and 2xWAN failovers connected to an average switch (definitively not a procurve). As a side note, do you know why the HP Procurves 1810-[8/24]g switches I bought costs a lot less than the 1800-[8/24]g ? Both support link aggregation and the 1810-* seems more energy efficient. Do you know anything about it ? Last but not least now the problem got reversed: I can perfectly access the WAN but couldn't get access to the web configurator but I can ping the LAN interface of the Pfsense box. This is so screwed up … could it be the OPT interfaces I enabled (though with different ip addresses) ? Many many thanks stephenw10  ;). Today you really helped me getting started with this router !

You may find this useful for setting up vlans. http://doc.pfsense.org/index.php/HOWTO_setup_vlans_with_pfSense

So far so good - tokk the nanobsd+vga 1GB image, placed it on an old CompactFlash and inserted it via an old CF2IDE-adapter into the router box - fine! Ordered 16 CF-cards and adapters for the several running and backup boxes to switch them all to this, and will report the exact brand and type if it works. Just in case somebody else faces those problems. By the way: the messages when booting from CD was this: acd0: FAILURE - READ_BIG ILLEGAL REQUEST … ...several times. Trying to mount root com cdXXX:... Configuring crash dumps.. So the boot process proceeded, and I didn't care because I supposed the read error was recovered. (this post and several others told me not to care: http://forum.pfsense.org/index.php?topic=24805.0 ) Tried 4 or 5 old CD-ROM drives, all the same. Those where not running in router boxes, but apparently aged while laying on the shelf...

Hi :) Thanks for all your information :) I have succeeded to set pfsense. I will put information here, in case if it can help somebody else :) My pfSense box is set  with 192.168.1.1 Carte Ethernet pfSense : Suffixe DNS propre à la connexion. . . : wminer.com   Description. . . . . . . . . . . . . . : D-Link DGE-530T Gigabit Ethernet Adapter (rev.B)   Adresse physique . . . . . . . . . . . : 00-26-5A-84-6F-3C   DHCP activé. . . . . . . . . . . . . . : Oui   Configuration automatique activée. . . : Oui   Adresse IPv4. . . . . . . . . . . . . .: 192.168.1.245   Masque de sous-réseau. . . . . . . . . : 255.255.255.0   Bail obtenu. . . . . . . . . . . . . . : 7 février 2012 13:59:53   Bail expirant. . . . . . . . . . . . . : 7 février 2012 15:59:53   Passerelle par défaut. . . . . . . . . : 192.168.1.1   Serveur DHCP . . . . . . . . . . . . . : 192.168.1.1   Serveurs DNS. . .  . . . . . . . . . . : 24.xxx.yyy.37                                       24.xxx.yyy.77   NetBIOS sur Tcpip. . . . . . . . . . . : Activé In the pfsense webgui Interfaces: Assign ==> Verified if you wan port is setted Interfaces: WAN Type DHCP Services: DHCP server  [checked] Enable DHCP server on LAN interface DNS servers                                      24.xxx.yyy.37                                      24.xxx.yyy.77 Status: Interfaces ==> Make sure your status is UP   ISP DNS servers (most be the same than above                                      24.xxx.yyy.37                                      24.xxx.yyy.77 Test in the pfsense box Diagnostics: Ping to 4.2.2.2                       Ping to google.com Ethernet adpter set (at the end) Get ip automaticallyautomatically Get DSN address automatically Test in the command line from your pc Diagnostics: Ping to 4.2.2.2                       Ping to google.com

Hm, found a 1.2.3 nanobsd with vga-support in jimp's folder at files.pfsense.org. It installed and booted just fine.

Thanks for the reply. I will look into that. We went ahead and moved forward across the board with a DNS based content filter, it was a better business move in general. However it does look like overall the problem was Squid related, as Ntop was installed just fine. Ill dig into it when i have a little more time.

I wanted to post my solution to my mount root problem.  I have had the same issue whether I was installing pfsense or FreeNAS.  Both are freebsd based.  My solution to both  was to change the sata emulation from legacy to native in the bios.  That fixed both issues.

no clue what the official word on this is …. what i would try is just install a new VM, install a clean 2.0.1, then insert config from the other vm

Thank you, I have confirmed this patch fixes the issues. Robbert

I'm using Ubuntu on all the machines. This is the working configuration of THE_PROBLEMATIC_MACHINE: Contents of "over-modem.sh": #!/bin/bash ifconfig wlan0 192.168.0.11/24 route add default gw 192.168.0.1 wlan0 ifconfig wlan0 route -n Execution output: ceremcem@cca-peynir:~$ sudo ./over-modem.sh [sudo] password for ceremcem: wlan0    Link encap:Ethernet  HWaddr 74:f0:6d:09:91:54            inet addr:192.168.0.11  Bcast:192.168.0.255  Mask:255.255.255.0           inet6 addr: fe80::76f0:6dff:fe09:9154/64 Scope:Link           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:68556 errors:0 dropped:0 overruns:0 frame:0           TX packets:60755 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:44370422 (44.3 MB)  TX bytes:15999975 (15.9 MB) Kernel IP routing table Destination    Gateway        Genmask        Flags Metric Ref    Use Iface 192.168.0.0    0.0.0.0        255.255.255.0  U    0      0        0 wlan0 0.0.0.0        192.168.0.1    0.0.0.0        UG    0      0        0 wlan0 traceroute output: ceremcem@cca-peynir:~$ traceroute google.com traceroute to google.com (173.194.67.106), 30 hops max, 60 byte packets 1  10.12.0.1 (10.12.0.1)  16.806 ms  16.599 ms  16.457 ms 2  172.25.35.25 (172.25.35.25)  16.365 ms  16.222 ms  16.096 ms 3  * * * 4  izmr-2-2-izmr-3-4.turktelekom.com.tr (81.212.222.41)  21.540 ms  21.479 ms  21.407 ms 5  uls-2-2-izmr-2-2.turktelekom.com.tr (81.212.26.210)  35.391 ms  37.496 ms  37.396 ms 6  ms-col-2-uls-2-2.turktelekom.com.tr (212.156.102.81)  92.361 ms  82.691 ms  91.997 ms 7  212.156.102.14.static.turktelekom.com.tr (212.156.102.14)  93.065 ms  93.257 ms  93.689 ms 8  209.85.254.92 (209.85.254.92)  92.202 ms 209.85.254.250 (209.85.254.250)  86.555 ms  94.451 ms 9  209.85.255.70 (209.85.255.70)  94.415 ms  94.342 ms 209.85.255.72 (209.85.255.72)  94.304 ms 10  209.85.240.158 (209.85.240.158)  107.233 ms 209.85.240.221 (209.85.240.221)  107.157 ms 209.85.240.158 (209.85.240.158)  107.118 ms 11  209.85.250.165 (209.85.250.165)  107.020 ms  106.941 ms 209.85.250.167 (209.85.250.167)  110.486 ms 12  * * * 13  wi-in-f106.1e100.net (173.194.67.106)  104.037 ms  103.917 ms  99.949 ms If I change the ip in that way, internet connection disappears: Contents of "over-pfsense.sh": ifconfig wlan0 10.0.1.11/24 route add default gw 10.0.1.1 wlan0 ifconfig wlan0 route -n Here is execution output: ceremcem@cca-peynir:~$ sudo ./over-pfsense.sh wlan0    Link encap:Ethernet  HWaddr 74:f0:6d:09:91:54            inet addr:10.0.1.11  Bcast:10.0.1.255  Mask:255.255.255.0           inet6 addr: fe80::76f0:6dff:fe09:9154/64 Scope:Link           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1           RX packets:70024 errors:0 dropped:0 overruns:0 frame:0           TX packets:61680 errors:0 dropped:0 overruns:0 carrier:0           collisions:0 txqueuelen:1000           RX bytes:46251309 (46.2 MB)  TX bytes:16106481 (16.1 MB) Kernel IP routing table Destination    Gateway        Genmask        Flags Metric Ref    Use Iface 10.0.1.0        0.0.0.0        255.255.255.0  U    0      0        0 wlan0 0.0.0.0        10.0.1.1        0.0.0.0        UG    0      0        0 wlan0 Here is traceroute output: ceremcem@cca-peynir:~$ traceroute google.com traceroute to google.com (173.194.67.105), 30 hops max, 60 byte packets 1  10.0.1.1 (10.0.1.1)  2.057 ms  2.972 ms  2.846 ms 2  10.12.0.1 (10.12.0.1)  11.241 ms  11.131 ms  19.620 ms 3  172.25.35.25 (172.25.35.25)  20.677 ms  21.907 ms  21.764 ms 4  * * * 5  izmr-2-2-izmr-3-4.turktelekom.com.tr (81.212.222.41)  26.902 ms  26.842 ms  26.620 ms 6  uls-2-2-izmr-2-2.turktelekom.com.tr (81.212.26.210)  39.045 ms  29.144 ms  30.038 ms 7  ms-col-2-uls-2-2.turktelekom.com.tr (212.156.102.81)  89.296 ms  89.214 ms  89.151 ms 8  212.156.102.14.static.turktelekom.com.tr (212.156.102.14)  100.893 ms  100.825 ms  100.748 ms 9  209.85.254.92 (209.85.254.92)  100.616 ms  100.556 ms 209.85.254.250 (209.85.254.250)  100.446 ms 10  209.85.255.74 (209.85.255.74)  101.237 ms 209.85.255.72 (209.85.255.72)  106.939 ms  106.875 ms 11  209.85.240.158 (209.85.240.158)  113.903 ms 209.85.240.221 (209.85.240.221)  112.697 ms  110.949 ms 12  209.85.250.165 (209.85.250.165)  99.229 ms 209.85.250.167 (209.85.250.167)  100.491 ms 209.85.250.165 (209.85.250.165)  102.901 ms 13  * * * 14  wi-in-f105.1e100.net (173.194.67.105)  220.406 ms  222.355 ms  220.278 ms ceremcem@cca-peynir:~$ From THE_PROBLEMATIC_MACHINE, I can ping the machine and browse the gui of pfsense but I can not have the internet sites (eg. google.com). I don't know how I could debug the problem any further… Any ideas?

Went home and tried it last night.  Everything is working as you would expect.  Thanks for the help.

This saved me bigtime today. Just upgraded a firewall(HP Proliant with 4x broadcom) with 1.2.3 to pfsense 2.0.1 and had all kinds of problems. Most annoying thing was that i could not SSH or HTTP at all(except for 1 time that the login screen showed, but it was so slow that I was never able to really login). After adding the above /boot/loader.conf.local, all was well. Tnx!

For the archives here, the current (updated) memstick image in my directory on files.pfsense.org should be working better now.

http://doc.pfsense.org/index.php/Upgrade_Guide#Changing_architecture_.2832_bit_to_64_bit_or_vice_versa.29_during_upgrade

It was a great learning experience, I have a solid understanding of troubleshooting pfSense installs and I know a bit more about partitioning for BSD!  I got it working last night routing one wireless connection into another, which was one of the tasks I wanted to try with this machine so I'm happy  :)

Jimp, Yeah, up for 19 days now on 2.0-Release with no issues.  So reverting back to 2.0 (with no config changes at all) fixed whatever my issue was.  I suspect it might just be that combination of hardware since I have 5 other boxen running 2.0.1 with no problems. If you'd like to investigate just tell me what you need.  I can reload that box with 2.0.1 whenever. Thanks.

I have the exact same problem. Removing /usr/local/pkg/squidguard* followed by a reboot get things back to normal. Thanks for the tip!