Thanks for the tip.  If the kernels are the same between the two then it must be something to do with one of the boot config files like you mention.  I haven't yet figured out what is different between the two loader.conf.local files that causes the driver to not be loaded but at least gives me a good start so I don't go fishing down the wrong hole!

Even 65536 is likely too high.

quoting: http://www.freebsd.org/doc/handbook/configtuning-kernel-limits.html

The NMBCLUSTERS kernel configuration option dictates the amount of network Mbufs available to the system. A heavily-trafficked server with a low number of Mbufs will hinder performance. Each cluster represents approximately 2 K of memory, so a value of 1024 represents 2 megabytes of kernel memory reserved for network buffers. A simple calculation can be done to figure out how many are needed. A web server which maxes out at 1000 simultaneous connections where each connection uses a 6 K receive and 16 K send buffer, requires approximately 32 MB worth of network buffers to cover the web server. A good rule of thumb is to multiply by 2, so 2x32 MB / 2 KB = 64 MB / 2 kB = 32768. Values between 4096 and 32768 are recommended for machines with greater amounts of memory. Never specify an arbitrarily high value for this parameter as it could lead to a boot time crash. To observe network cluster usage, use -m with netstat(1).

If each cluster represents approximately 2K of memory, 65536 = 134,217,728 bytes or 128MB or ram, just for mbufs.  In reality, a bit more than this (65536 * (2048 + 256), so around 144MB) is used.

If you have diff NICs, it'll prompt you to re-assign them after restoring the config. Other than that it'll work seamlessly.
https://doc.pfsense.org/index.php/Configuration_Backup_and_Restore

I prefer manually changing the NIC assignments in the XML before restoring the config, but that's probably mostly a bias of working with systems that tend to be more complex than the average user's, with more NICs, VLANs, etc. and it's faster for me to update the XML than click through the assignments post-restore.

@stephenw10:

If you look in the MD5 file:

MD5 (pfSense-LiveCD-2.1.2-RELEASE-i386.iso.gz) = f020c4b03ae45eec13adc050d915aa5a

The checksum is for the gzipped file not the extracted ISO. The MD5 matched fine for me just now.

Steve

I see I have exposed my 'noob-ness' yet again.

I did indeed run the checksum on the extracted ISO instead of the gzipped file.

Thank you very much for clearing that up Steve!

I see that people are very active on these forums - what a great community.

pffft

Hi,
What hardware are you using?
Which install type are you running? (32/64bit, nano/full/embedded, etc)
Are you using the default IP address for LAN?
Have you tried http and https?
Have you made any other changes?
Can you still ping the LAN IP address?

Steve

You can't transparently redirect HTTPS. You have to explicitly set the proxy in the browser settings or use an auto config URL.

I am stuck in the same spot, but investigating this- I see my available free space as only 907MB, the decompressed image is actually 986M. This is likely where I am getting hung up. I'll either have to find a way to clear some space or do a clean install and restore my config and rebuild packages  :-\

Not running Nano? Looks like a custom install.

Steve

Booted from a USB CD drive. Wouldn't boot completely; not sure why, last time I CD booted this system it had a SATA CD drive in it - perhaps some oddball interaction of it being a USB CD.

Had tried booting from USB stick, but that wasn't working.

Finally got it to boot by letting the CD boot to the point where it gives the various boot options (had been letting it go from there to option 1, and that was not working), and then choosing (3) boot from USB with the USB stick in. That finally let me install, and the system is now booting from hard disk to 2.1.2, just needs reconfiguring and cutting back from the temporary lash-up that's been replacing it.

@razzfazz:

You're not trying to boot from one of the USB 3.0 ports, are you?

Turns out I was. This did the trick. Thank you!

Check this page for instructions.

https://doc.pfsense.org/index.php/System_Patches

@cmb:

@oggsct:

Update: I was able to get this to install on 2 netgate devices but a third tried to go to the normal 2.1.2 and didn't change, shows that it is 2.1p1 and says there is an update available but the update never applies. Let me know if there is any information or logs I can provide to help, or if I need to break this into its own thread.

If you're still having issues, yes, please start your own thread with the info so it's easier to follow up.

Upon further digging the 2 that don't work are showing signs of a corrupted partition table. I will be replacing the compact flash cards in them. I don't see a need for a new thread currently. Thank you for your assistance and continued hard work.

Forgot to copy one of the stock files back into place after our debugging last week, sorry about that. All good now.

Reboot the box, stop at the loader prompt, type "show" and look for any em tunables you may have had set, for each of those, run "unset xxxxxx" where xxxxxx is the variable name of the tunable, when they're all unset, boot and see if it works.

Odds are that you either had an em tunable in /boot/loader.conf or /boot/loader.conf.local that either had no effect before and is honored now, or that is no longer necessary.

If it boots OK, edit those files and remove any em tunables and see if it reboots OK on its own the next time.

@doktornotor:

You have yet again rewritten "oh noes it does not work". I did not ask for definition of NAT reflection, but for details about what's exactly set up how and does not work. Also you have any good reason to use NAT + Proxy instead of Pure NAT?

I thought my last post was detailed enough. pfsense makes many things easy. I realize there is a lot going on behind the scenes, but it is just a simple drop down menu to enable it. Below is pfsense hint information for NAT Reflection and Pure NAT.

**"When enabled, this automatically creates additional NAT redirect rules for access to port forwards on your external IP addresses from within your internal networks.

The NAT + proxy mode uses a helper program to send packets to the target of the port forward. It is useful in setups where the interface and/or gateway IP used for communication with the target cannot be accurately determined at the time the rules are loaded. Reflection rules are not created for ranges larger than 500 ports and will not be used for more than 1000 ports total between all port forwards. Only TCP and UDP protocols are supported.

The pure NAT mode uses a set of NAT rules to direct packets to the target of the port forward. It has better scalability, but it must be possible to accurately determine the interface and gateway IP used for communication with the target at the time the rules are loaded. There are no inherent limits to the number of ports other than the limits of the protocols. All protocols available for port forwards are supported.

Individual rules may be configured to override this system setting on a per-rule basis."**

Reply to myself…

just had another failure, this time I checked the log's:

On Resolver Log i found:

failed to load names from /etc/hosts: Too many open files in system

And on System Log lot's of:

kernel: pid 65477 (dhcpd), uid 1002 inumber 5975 on /var: filesystem full

Googling the first entry i found that thread:
https://forum.pfsense.org/index.php?topic=63357.0

So I'll continue over there… ;-)