Thank you  :)

From here…. https://forum.pfsense.org/index.php?topic=97554.0 It would seem you could boot into single user mode (even on full install) enter the commands and enable TRIM. You would need your device name (might get that using the dmesg command and then doing the steps).  Might try later.

@beetlejelly: Is another process writing to this file and breaking unbound? No, that's typical of what happens when a file isn't fsynced and you lose power shortly after writing it. Should be worked around now, and reported upstream to be fixed in Unbound. https://redmine.pfsense.org/issues/5334

Shrew Soft should "just work" in 2.2.4. Early 2.2.x versions, there may have been issues there.

Yeah there are some similar things there on other pages. I think that should look fine in 2.3, but would appreciate a double check there.

I don't see pfSense mentioned anywhere in his post. It takes a special kind of person to come to a product forum and ask for help with a completely different, competing product.  That's likely why his question has sat for two days without reply.

@johnpoz: "Transfers were failing because name resolution failed - eventually - as best I could tell" In the middle of the transfer?  So where you doing sftp or what?  Or was that just some example and you have some application/script using sftp? As to the world being perfect and fair?  Ok - you can not get a switch to do a switches job?  How is that?  Who would only give you 10 IPs in a 10.x.x.x network?  The 10 address space has some 16 million addresses, you could have over 32k /24 networks.. What freaking idiot would set it up so a site/location/department whatever could only have 10 IPs??  Or that you would have to do nat inside your 10 space? Makes ZERO sense.. Fix that nonsense!!  Or you you know what there are 2 other major networks you could leverage in the rfc1918 space that give you another 1.1 million addresses to use.. That you should be natting private address space inside a companies network is just NONSENSE. Sanity and idiocy aside, this is not an environment I control.  I work with what I have, and I have 10 IP address in a private network range and I have many systems that I need to have behind those addresses. NAT works well in this case.  Those machines need access to each other and some systems on the 10.x private network.  They don't need access to anything outside those two networks. Now if you were supporting a different company and they were also using 10 that steps on yours, then yeah you would have to nat those between your 2 companies.  But that a single company would limit you to 10 ips in 10 space is just freaking ridiculous..  Bring that up to ever it is to be brought up to.. Get your IPAM guy fired if need be, clearly he has no clue to address space management if can only have 10 addresses to work with and have to nat your 75 machines..  Why could he not give you a /25 out of the some 65k /25's that are available in the 10 space?  How many network segments in your whole company network?? After running into these issues with 2.2.2, I took a breath and waited until 2.2.4 came out.  I set up with just IPV4 and so far it's working as I expected.  Whether that's correct or plausible is whole other question, but I'm working within my limited skills on this.

Can your clients on lan ping your router at 192.168.15.1?? Current pfsense using resolver as default.. So does not matter what you assign to pfsense to use for dns, clients that ask pfsense for dns would be using the resolver.  That has to have udp/tcp 53 outbound to the internet.  Does your nat router in front of pfsense block that?  Does your isp block that?  Is it just slow? Did you modify the lan rules?  By default all traffic is allowed, if your saying a client can not query 8.8.8.8 direct then you got something really basic wrong in your vm environment most likely.  I would do a simple ping to your 192.168.15.1 from client on 192.168.10 – if that does not work going to be real hard to use the internet in any fashion.

Hey terrific :) - I'm pleased I could help! All the best.

The name is based on the driver used, and the number is its order according to the system.  The system order may not match the order listed on the hardware itself.  If you have two NICs that are the same then you will have _xy_0, _xy_1, for example (the xy changes based on the NIC you are using.)  You might have to determine which is your WAN and which is your LAN/DMZ.

I found out that a lot of the older pfsense appliances including the FW-7535 / Netgate 7535 have an issue with the BIOS that makes the "dd-ed" nano images unbootable. The instructions to dd then fixup per: _https://doc.pfsense.org/index.php/Embedded_install_on_Netgate_Hamakua Plug the CF into a working pfSense or FreeBSD system and then run: boot0cfg -v -B da0 Where da0 is the CF device. Check the boot log to confirm that the device is correct. Alternatively, use mdconfig( 8 ) to mount a .img file to /dev/md* so it can be modified as above (except using md* rather than da0) before writing to boot media. After making that modification, place the CF back in the unit and boot as usual._ Are correct for the FW-7535. Only one more question - will future updates blow up ? Will 2.2.4->2.2.x have issues? Will 2.2.x-> 2.3.x have issues? If anyone knows for the pfsense / netgate appliances that have a BIOS with issues that require manual boot0cfg fixups what the upgrade path is can you let me know here?

Did a little reading on the FreeBSD boards and there appear to be potential issues with the install of the boot loader and some SATA implementations. Does the BIOS have any settings for the HD interface mode -> IDE/SATA/AHCI (etc.)? These are usually in the "Integrated Peripherals" section of the BIOS or some such. Was the 80GB drive running 2.2.4? If not you might want tor try an older (2.1.5?) install first and then try an in place upgrade. I'm sure there's a way to get this puppy up and running, but without seeing the actual system I'm stuck imagining my trial and error procedures.

I use local.lan ;)

TY for the reply and advice. I wasn't intending to install embedded and only full. Just wanted to know how to break up the installation.

Arguably the best solution is to retire FTP entirely and move to SFTP. The FileZilla client supports SFTP. I don't believe vsftpd supports SFTP (there are some sites claiming it does, but those I looked at are talking about FTPS - FTP over SSL, which is a different thing entirely). proftpd with mod_sftp installed does support SFTP. Don't forget SFTP defaults to using the SSH port, TCP port 22. If necessary, you can use an alternate TCP port of your choosing.

setup the wan use it as if it were a lan