Why don't you just look at the permissions of the current ones? E.g. $ ls -l /usr/local/www/themes/pfsense_ng_fs/ total 150 -rw-r--r--  1 root  wheel  29014 May  5 04:22 all.css -rw-r--r--  1 root  wheel  28792 Aug 25  2014 all.css.orig -rwxr-xr-x  1 root  wheel  4068 May  5 04:22 apple-touch-icon.png -rw-r--r--  1 root  wheel    349 May  5 04:22 bottom-loader.js -rw-r--r--  1 root  wheel  1406 May  5 04:22 favicon.ico -rw-r--r--  1 root  wheel  1218 May  5 04:22 graphlink.css drwxr-xr-x  5 root  wheel  1024 May  5 13:19 images drwxr-xr-x  4 root  wheel    512 May  5 13:19 javascript drwxr-xr-x  2 root  wheel    512 May  5 13:19 jsevents -rw-r--r--  1 root  wheel  9478 May  5 04:22 loader.js -rw-r--r--  1 root  wheel  21297 May  5 04:22 login.css -rw-r--r--  1 root  wheel  6856 May  5 04:22 menu.inc -rw-r--r--  1 root  wheel  3726 May  5 04:22 new_tab_menu.css -rw-r--r--  1 root  wheel    10 May  5 04:22 no_big_logo -rw-r--r--  1 root  wheel  3962 May  5 04:22 rrdcolors.inc.php drwxr-xr-x  2 root  wheel    512 May  5 13:19 styles -rw-r--r--  1 root  wheel  21003 May  5 04:22 wizard.css

use pfblockerNG or use the firewall to block all https sites and let squidGuard block http use http://www.tcpiputils.com/browse/as/32934 copy all the facebook IP CIDR ex:31.13.71.0/24

@Escorpiom: What you want is a transparent bridge. You can't route in the scenario you described. You would have to configure two different subnets. If PfSense can work as a transparent bridge, then you may be able to use some of the functions it offers. Cheers. ok, that makes sense.  i just wanted to make sure there wasn't an easier way of doing it.  thanks for the reply.

You can't change that without editing the error page.  Read this post if you want to know about creating your own custom error page for squidGuard.

@doktornotor: Did the box reboot at all after upgrade? https://redmine.pfsense.org/issues/4653 i could have sworn it rebooted after the upgrade, guess it didnt! i'm a noob. Thanks for the help, its much appreciated!

Sorry Guys I'm having a real problem understanding why the rule for OPT2 is wrong and causing the inbound speed issue (especially as the active rule in my previous post is one created by PFSense itself). I have tried source: * and destination: * as shown in the above attachment but that doesn't help with the speed either. Can you explain? or even suggest what the firewall rule for this simple test should be? (Note: with no rules for OPT2 the iperf test obviously fails as all traffic defaults to blocked). As requested attached is a diagram. I'm testing on the OPT2/igb2 interfaces on both boxes as a simple case but the same speed issue is present on the LAN and FAILOVER interfaces (not tested the WAN side but I'd be amazed if that didn't have the same issue). Also as requested here's the interface config from the PFSense booted box: igb0: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:30         inet6 fe80::ec4:7aff:fe32:5c30%igb0 prefixlen 64 scopeid 0x1         inet 192.168.1.247 netmask 0xffffff00 broadcast 192.168.1.255         inet 192.168.1.254 netmask 0xffffff00 broadcast 192.168.1.255 vhid 2         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active         carp: MASTER vhid 2 advbase 1 advskew 0 igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:31         inet6 fe80::ec4:7aff:fe32:5c31%igb1 prefixlen 64 scopeid 0x2         inet 10.10.1.1 netmask 0xffffff00 broadcast 10.10.1.255         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect         status: no carrier igb2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:32         inet6 fe80::ec4:7aff:fe32:5c32%igb2 prefixlen 64 scopeid 0x3         inet 10.9.8.1 netmask 0xffffff00 broadcast 10.9.8.255         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active igb3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500         options=407bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso>ether 0c:c4:7a:32:5c:33         inet6 fe80::ec4:7aff:fe32:5c33%igb3 prefixlen 64 scopeid 0x4         inet X.X.X.106 netmask 0xffffffe0 broadcast X.X.X.127         inet X.X.X.108 netmask 0xffffffe0 broadcast X.X.X.127 vhid 1         nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)         status: active         carp: MASTER vhid 1 advbase 1 advskew 0 pflog0: flags=100 <promisc>metric 0 mtu 33144 pfsync0: flags=41 <up,running>metric 0 mtu 1500         pfsync: syncdev: igb1 syncpeer: 10.10.1.2 maxupd: 128 defer: on         syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384         options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet 127.0.0.1 netmask 0xff000000         inet6 ::1 prefixlen 128         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7         nd6 options=21 <performnud,auto_linklocal>enc0: flags=0<> metric 0 mtu 1536         nd6 options=21 <performnud,auto_linklocal>ovpns2: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500         options=80000 <linkstate>inet6 fe80::ec4:7aff:fe32:5c30%ovpns2 prefixlen 64 scopeid 0x9         inet 10.0.8.1 --> 10.0.8.2 netmask 0xffffffff         nd6 options=21 <performnud,auto_linklocal>Opened by PID 85860</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></up,running></promisc></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,tso4,tso6,lro,vlan_hwtso></up,broadcast,running,promisc,simplex,multicast>  

@deltix: If your modem is one of those USB 3g/4g/ modems I would recommend to use it directly with PfSense if possible/compatible. PfSense can do everything you need without Tomato router. If your USB modem is not supported by pFsense try putting Tomato router in bridge mode. If that is not possible you might have to do double NAT. But you really want PfSense to handle everything. Nah, it's an external 4g wireless receiver that is up on a 30' tall antenna and connects to my router's WAN port via ethernet cable.

Yes.

Thanks.  Thinking I might stay with 2.0.1 for a while.  I think I know why we're having slight issues with it.  Somehow, the second box has a different password.  That means the two aren't working in CARP. I have a monitor and keyboard in the Comms Room and, I believe I can change the password easily with those. If I do upgrade, I'll try and image the disks first.  Have bought some 8Gb Kingston USB sticks for that and got a copy of Clonezilla from Tuxboot.

@cmb: You can with the embedded version, quite a few people do that. I'd advise against cheap no-name USB sticks as they tend to not be very reliable for always-on long term usage (judging from the experiences of those here in the past who've tried them). If you have to boot from USB, my recommendation is these: http://www.amazon.com/dp/B00IVPU894/ http://www.amazon.com/dp/B002HGFKR8/ (buy whatever color is cheapest) The Samsung MicroSDHC/XC "PRO" cards all use MLC flash.  I've been using these with full installs for a while now and have had no failures.  I also use them in my home PBX, my RetroPie box, my micro voice recorder, and my car.  Amazon had them on sale a while back and I bought like 20 in varying sizes… Lexar actually makes a better card reader, one that supports USB 3.0 speeds and really lets the Samsung cards fly, but unfortunately they don't sell it separately.  If you want a cheaper SDHC card for use elsewhere though, you could always buy this and then just use the reader for your pfSense install. http://www.amazon.com/dp/B00IF4OC1G/

hi, thx, for your time, for now i am on v2.2.0 x64 (at start point) with all working well. Pleas can you help me, how to check logs (where are located, i upload all here) if i am on start position (are overwriten or append)?

Dredging up an old thread here but seeing as nobody responded… If you're monitoring the thread and havne't got this working please ask again.  :) Steve

hello havent seen that same prob on nanobsd versio 2.2.1 TRIED installing full version of 2.2.1 =tested for 2 hours and was okay =booted the following morning and dhcp not working =statically put ip address on PC and start the webgui which gives again 503 =checked the console on bootup messages and found fcgicli: Could not connect to server(/var/run/php-fpm.socket)   pfSense (pfSense) 2.2.1-RELEASE amd64 Fri Mar 13 08:16:49 CDT 2015   Bootup complete

@Gertjan: Set up by hand and then do a restore, selecting ONLY DHCP settings … from your config.xml  ;) I didn't know you could selectively restore bits of the config.  If this problem persists, I will definitely check that out.