Switch to Intel nics.  Upgrade bios to latest version.

Yes

if had a similar problem, trying to install 1.2 Beta-2 and after the installation bootloader always kept saying: can't find kernel, until I see, that the hd was connected to the second IDE channel. So I plugged the hd into the first IDE channel and voila, after a fresh install (config backuped) pfsense starts. Maybe you have the same problem. Try to connect the harddrive to Sata1

Hello

just some info about my experiances.

with linux there are issues with core 2 duos and ide devices, usually linux doesnt boot or doesnt detect the ide device. since linux is usually more up to date with hardware I would asume that bsd has some catch up to do before it works properly

Try using a sata hard drive and an external usb cd rom drive

All updated no issues
RC ;D

@sullrich:

I plan on adding a checkbox to toggle the behavior on the next RC.

This is great news. Thanks.

I ended up installing BETA1, and then using the upgrade firmware feature. This seems to have upgraded me to RC1, but kept my bootloader at the default freebsd loader.

Some are and some aren't traffic shaping related - the trouble is the question keeps coming up and it's not a simple answer.  Pushing 10 Mb/s full size packets is a lot easier than pushing 10 Mb/s minimum size packets.  If you're installing packages (such as snort) you'll require more "grunt" and RAM than if you don't.  Until you have a meaningful understanding of the actual traffic profile it's impossible for anybody to provide guidance.

I would say that you should consider:

CPU: > 1 GHz - higher is better :)
RAM: 512 MB is a good minimum - if you're installing packages then add more
HD: Well, if you're not wanting packages it'll run happily from CF.  I'm using a 4 GB Microdrive with multiple packages and still have 2.7 GB of the 3.2 GB allocated to / free
NIC: Intel always gets recommendations

I suspect you'll find that the network cards matter more than anything else.

The it look it's ok, i've played around with it and i need 80 for the CF card to boot

ConSpeed = 9600
ConLock = Enabled
ConMute = Disabled
BIOSentry = Enabled
PCIROMS = Enabled
PXEBoot = Enabled
FLASH = Primary
BootDelay = 5
FastBoot = Disabled
BootPartition = Disabled
BootDrive = 80 F0 FF FF
ShowPCI = Enabled
Reset = Hard

but it still doesn't solve my problem

OK, I'm resurrecting this thread because I'd really like to get this to work.  So first off, if I set the "Listen on IP" (aka the "accept" line of the stunnel.conf file) for an stunnel config to anything except the pfsense box, stunnel won't bind properly.  So I changed the tunnel to basically accept the IP address of the pfSense box.  Here's an example of a tunnel I set up on the pfSense box:

Listen on IP:        192.168.0.1
Listen on Port:    999
Redirects to IP:    biteme.someremotehost.com
Redirects to Port:  2029

In this example, biteme.someremotehost.com is a DirectConnect hub.  Now I go to my client PC on the LAN (which is not running any sort of stunnel client) and set up a connection in my DirectConnect client to point to 192.168.0.1:999.  When I do that, the DC client sits there at:

*** Connecting to 192.168.0.1:999... *** Connected

In the pfSense logs I get:

stunnel: LOG5[12263:134766080]: DirectConnect accepted connection from 192.168.0.22:3393 stunnel: LOG3[12263:134766080]: SSL_accept: Peer suddenly disconnected

And that's it.  The DC client just kinda sits there for a while and nothing happens.

Does anyone have any ideas?  Perhaps I'm configuring/using this setup incorrectly?

Updating embedded is still considered experimental.  I suggest reflashing.

Hummm, thanks Hoba and thanks Chris!

I'll do an upgrade right now, but later I'll try to make a full install in order to change my hard drive to a bigger one! when I do this, I'll make copy of all my rrd graphs, maybe ntop also, in order to keep my lan History documentation.

I know it's off topic, but talking about rrd graphs, can I add between the 2days graphs and 1 month one,  another graph with one week lenght??

thanks again!

Last time I checked the use of standard FreeBSD alias' was not supported nor GUI configurable.
And your Alias' are in the same subnet. I thought that was a problem, but can't remember. I remember something about the second alias in a given subnet mask being set as a /32 to prevent problems.
192.168.0.0/22 would be 192.168.0.1-192.168.3.254

Yep.  We have tightened down a lot of areas to prevent foot shooting.  That configuration could definitely lead to issues down the road.

Packages are not supported on embeddeds. Search the forum. This has been discussed in detail already.

@mnsmani:

I am using Embedded Version….. System -> Package is not there....

Packages are not officially supported on embedded platforms due to limited hardware resources.
If you want to run snort and alike you better use the regular install on decent hardware.

These errors might be caused by some bad networkcomponent or cable. However, if it is only showing 1 error I would ignore it for now unless this number runs up or you see some traffic issues at that interface.

well that is why i need to add strings into the rc.conf
but i do not find it anywhere, so where other place i can add those strings that the system will load at startup ?

You talked about atheros chipsets that works, can you recommend a card that support and work in pfsense on 802.11/n mode as well?

@cmb:

What I recommend is only bridging OPT interfaces, as then the bridged interface doesn't need an IP.

I was thinking about that, but then LAN and WAN would be my manage / pfsync interfaces, which would be confusing name wise.

@cmb:

That's deceiving, it's actually broken in FreeBSD 6.x and greatly reduces throughput. http://pfsense.blogspot.com/2007/06/polling-and-freebsd.html

I read this link before I enabled it and the idea seemed sound: http://taosecurity.blogspot.com/2006/09/freebsd-device-polling.html .

@cmb:

That should never be necessary for any purpose, hence there is no supported facility for making manual ruleset changes.

True, it shouldnt be needed, just thinking that it would be nice to have just in case

When we started to use more than one IP using Virtual IP's we had to clear the ARP cache on the router connected to Pfsense.

It is running the latest…