@heper: yes and hope for the best :) And actually I fully expect you will get a good result as long as the new hardware has the same number of interfaces (or more) as the old hardware. You will just have to do the interfaces assign at the console and it should all go.

What "router" do you have from your isp.  Do you also modem?  Or do you have a gateway modem/router combo. Pfsense meant to replace your router so it gets a public IP on its wan interface, and then you have your lan segment(s) Typical setup could be something like this - see attached Now you could have your lan side segments vlans all through the same switch or if you have physical like shown with say 4 nics total, you have 1 for wan, then 1 for your lan - then I would break out wifi on its own, and then you have another segment where you put stuff that you forward traffic too.  So this is pretty much isolated in its own dmz if you will. What switch(es) are we dealing with?  Why type of appliance are you looking at for pfsense - how many nics?  I personally would make sure it has 4.  3 you could get by with, well 2 even but 4 is the sweet spot if you ask me this allows to do full physical connections at full gig speeds with our having to vlan and hairpin interfaces, etc. [image: typical.png] [image: typical.png_thumb]

Thanks dotdash, your suggestion worked.

I can agree with killing off insecure crap.  If it weren't for stuff like this hacking would be alot less profitable.

I got the solution. I deleted the NAT again and created a new one without automatic rule linked to it. That's how I found the problem. The order of the auto-added firewall rule was wrong. It was added below the block-all rule, I just had to change the order, pretty simple if you think about it… Still I don't know why the rejecte packets weren't visible in the logfile. Thank you all for your replies. Greetz Daniel

Thank you - filer works great and has XMLRPC sync. Just what I needed. Best Regards Jan

Both of those are features, we don't merge features into maintenance branches. You can use the System Patches package to add that to systems where you need it in the mean time. The master branch will become 2.3 later this year.

@robi: @morphmkd: This is a virtual machine and I also have a snapshot from before the upgrade so I can go back and upgrade again (already tried this several times). Can you please elaborate on the procedure? Do you want me to go back to 2.1.5, make a backup, upgrade, uninstall all the packages, reboot and then restore the backup from 2.1.5? I'm also running a couple of pfSense instances as VMs. I never upgrade in-place. I'm always just taking a config backup of the running pfSense, creating a brand new virtual machine with the same parameters (similar NICs in the same networks), doing a completely fresh install from scratch with the new version, adding a temporary IP address to the LAN port just to access the default web interface, restore the config taken from the previous version. While it reboots, I just disconnect the NICs of the old VM from the network, and have the new one running in place of it. This way, I have an instantly running copy of pfSense running the previous version, no more than a NIC connection away. Yes, that's exactly what I ended up doing. :)

Good to hear it's working, now hopefully we can track down the original issue and fix that up. If other packages suffer the same fate, they deserve their own threads, hopefully their maintainers or others can work in a similar fix.

You simply select "I will install OS later" or something along that. Pick the ISO in the configuration and boot from it. Huge issue.  ::) [image: jC3ZT.jpg] [image: brBkm.jpg] (Screenshots stolen from here.)

Thanks doktornotor! :)

Thats good news for everyone.  Although, the words "work around" anywhere in his original post would have probably helped the masses to find it. Glad its working.

I had these errors on my squid log: 2015/03/18 12:54:28 kid1| Starting Squid Cache version 3.4.10 for i386-portbld-freebsd10.1... 2015/03/18 12:54:28 kid1| commBind: Cannot bind socket FD 18 to 192.168.2.1:800: (13) Permission denied 2015/03/18 12:54:28 kid1| commBind: Cannot bind socket FD 19 to 192.168.16.1:800: (13) Permission denied FATAL: Unable to open HTTP Socket Squid Cache (Version 3.4.10): Terminated abnormally. Using sockstats I didn't have nothing on the 800 port. I lurked around and I found the solution on the Bugtracker of pfSense [1]. Run this command on console or add it to System/Advanced/Tunables sysctl net.inet.ip.portrange.reservedhigh=0 [1] https://redmine.pfsense.org/issues/4196

When I got that error. I do a reboot (I think 2-3 hours it's time enought to do one upgrade) and after it I reinstall all the installed packages within the webconfigurator.

Just for reference, I have upgraded 8 Alix 2D13 from 2.2 to 2.2.1 "in some wild places" in the last <24 hours, all without a problem. They had all previously been upgraded from 2.1.5 to 2.2. As Steve asks, post info on what goes wrong - does not boot at all? what boot messages? what system log messages?…

@stan-qaz: sad puppy eyes with near zero effort! Ha, I know that.  ;) Steve

Yes vsphere is esxi

That is my project that I am working on. Its gor my digital forensics lab where ill have workstation lab to which ill be remoting into. Other than that I'm trying to make as complicating as possible where I'll be connecting other routers to the network. Im more of a Cisco IOS never used pfSense before. I'm just trying to get the pfSense 1 to work and get it online. If someone has a configuration file with multiple NIC's so I could try it out. Thanks!