That is the correct behavior for a Nanobsd install. There is an option to mount the filesystem RW permanently in the webgui but it shouldn't be needed. I would suggest the package may not have installed correctly.

Steve

Hmm, not sure if the autodetect works on the Marvell NICs. Just enter the names manually. They are listed on the screen. The four on the left are the sk NICs, far left is sk0.
So for example enter sk0 for WAN and sk1 for LAN.

Steve

RAM is 16 GB, as stated in my signature (and a few times higher in the thread), as it has been since I actually deployed in February 2013 (two identical systems on different networks, second one deployed in July 2013 - some i386 fiddling before building the 64bit systems for serious use.) One is still running 2.0.3

Cache detuned to 7GB RAM and 160 GB disk with the post-2.1 troubles.
Typical daily throughput in the 30GB range, 150-175 users (per lightsquid - about 100 people, but people with multiple devices get counted twice or three times)

I am a bit disturbed by the url_rewrite_chrildren being set to 50, but asking to be set to 15-16 as though they are still at 5. 50 was picked since the largest number I found was 52, while most were suggesting the teens, so it seemed like it would cover most of the issues with that - but it's not clear that it's "taking."

I also added the vm.pmap.shpgperproc tunable in system tunables due to complaints in the main system log about "Approaching the limit on PV entries" and raised it from 200 to 500.

$ cat /usr/local/etc/squid/squid.conf # Do not edit manually ! http_port 172.XX.XX.1:3128 http_port 127.0.0.1:3128 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/pbi/squid-amd64/etc/squid/errors/en icon_directory /usr/pbi/squid-amd64/etc/squid/icons visible_hostname localhost cache_mgr admin@localhost access_log /var/squid/log/access.log cache_log /var/squid/log/cache.log cache_store_log none logfile_rotate 14 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src  172.XX.XX.0/255.255.192.0 uri_whitespace strip cache_mem 7200 MB maximum_object_size_in_memory 3200 KB memory_replacement_policy heap LFUDA cache_replacement_policy heap LFUDA cache_dir aufs /squid/cache 160000 128 256 minimum_object_size 4 KB maximum_object_size 4000000 KB offline_mode off cache_swap_low 50 cache_swap_high 80 # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 acl sslports port 443 563  acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? cache deny dynamic http_access allow manager localhost # Allow external cache managers acl ext_manager_1 src 127.0.0.1 http_access allow manager ext_manager_1 acl ext_manager_2 src 172.XX.XX.1 http_access allow manager ext_manager_2 http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost quick_abort_min 4000 KB quick_abort_max 0 KB quick_abort_pct 40 request_body_max_size 0 KB reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 # Throttle extensions matched in the url acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl" delay_access 1 allow throttle_exts delay_access 1 deny all # Custom options redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf redirector_bypass off url_rewrite_children 50 # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny all

I was having the same error (new 2.1 installation - firefox browser, with IE everything was fine… go figure) see this discussion as well http://forum.pfsense.org/index.php/topic,49165.msg367262.html#msg367262

Anyway for me the solution was this:

I noticed that everything was linking to /usr/pbi/bandwidth-amd64/bandwitdth with the exception of /usr/local/bandwidth/etc and /usr/local/bandwidth/htdocs

so I made softlinks from those to the relatives under /usr/pbi/bandwidth-amd64/bandwidth and now everything works ok.

/usr/local/bandwidth/bandwidth was already a symlink to /usr/pbi/bandwidth-amd64/bandwidth/bandwidth so I have just completed the set  :D

mmmh... maybe I was not clear, If anyone wants help just reply to this.

-bu

I put a fix in the upgrade code for that, should self-correct one 2.1.1 comes along (or you gitsync to RELENG_2_1)

If you just want to learn pfSense, pick up a cheapo box on eBay. No reason to go all-out on an appliance with less power than a $100 server :) (or better yet, run it in a VM network)

Awesome. Many thanks! :)

thank you, I will

default - 10.10.10.1 - us - 0 - 651 - 1500 - re0

That is definitely a problem. The default route should be your Broadband router IP. Look in System->Routing and see what gateways are defined. Get rid of any extra ones (specially any on LAN) and set the WAN gateway as default. Then reboot if it doesn't work. Until you can get the default route correct, it's not going to work.
For example, the default route on one of my systems has:

default 202.x.y.193 UGS 0 4284905 1500 vr1_vlan100

202.x.y.193 is the address of my ISP gateway. In your case it needs to be the address of your broadband router.

The easy install will always try to make 2x the RAM size in swap. If you really need a disk that small, manually sizing the partitions is required. You're hurting yourself more than you're helping by trying to run a full install on a small virtual disk with little or no swap.

Ok.
Here's a thread describing a very similar (maybe identical) problem: http://forums.freebsd.org/showthread.php?t=18463
Not really a useful outcome though.

I would try changing the HDD mode in the bios. If the SATA mode is set to AHCI try legacy or IDE compatible.

It could just be dead drive. Could be a bad cable or cable not inserted fully.

Steve

I've run into space issues before - I would delete all packages AND reset the RRD data to clean out all the saved graph data too - even if you're not using RRD now it's still a good idea to clean out the data if you've ever used it in the past.

Then upgrade.  When you've upgraded, add the packages back in but install the bigger packages first (ie Avahi) and the smaller packages last (blinkled etc). CF cards are cheap these days so there's no reason not to have a 4Gb card but you can run out of RAM as well as disk space so a larger CF card isn't necessarily going to solve your problems.

@netritious:

Glad to see you got it worked out op. A couple of questions though.

both IE and Firefox dont really like a 9Mb hostfile

How the heck did you end up with a 9MB hosts file? ::headscratcher:: I just checked mine and with 15,000+ entries it's barely 500KB. Based on some simple math (15,000*2)*9, you're sporting somewhere around 250,000 lines in the hosts file. Just curious.

DNS is absolutely the way to go.

Domain name resolution is domain name resolution, whether it's DNS or a hosts file. I'm just curious why "absolute" was used when from my experience, anything computing/internet/technology is anything but. Again, just curious.

My hosts file i made was something along the lines of 2 million entries, it took notepad 10 minutes to write just to view it…...hence the reason i gave up on that idea....when your trying to block the ENTIRE Internet via a host file...it's going to get rather big...TEE HEE....i gave up on it after adding every blacklist google could find.....bloody thing was impressive, but not at all useful.

But with the suggestions offered to my 1st post, and some lateral thinking i got 90% of what i wanted, all Chat Social and Anime sites are blocked and 95% of game sites are blocked, all i need to fix now is the Porn....some still slips through.

Thanks for coming back with that.  :)

I assume you mean /dev/cuaU0.0 and that cdu was just a typo? Important to note that the capital 'U' in the name indicates a USB attached device.

Steve

Well…I swapped the one I had from WAN to LAN, and to do that I was forced to add the second one as WAN.

Anyway, I've scrapped the bare metal plan for now since none of my wireless hardware is supported and am installing it on a KM. And it's working quite well, so I'll probably just go that route now...

Yep, should be fine. See the upgrade guide:
https://doc.pfsense.org/index.php/Upgrade_Guide

Steve

I run Celeron Coopermine ( Socket 370 ) 1000MHz…
But one hour ago, I found that CPU fan have failure. Radiator was overheated and fan stops.  ( I do not have spare cpu fan for such old socket )
In that case, I decided to move on a "new" platform - Dell CPU Pentium 4 2.4GHz with 2GB RAM

For now everything works fine, even with 2.1-RELEASE (i386) ( on new PC )

thanks a lot

Jack

Have you tried this?

set hw.clflush_disable=1 boot

https://doc.pfsense.org/index.php/Boot_Troubleshooting#Vendor-Specific_Issues

SOLVED….The Motorola cable modem configuration was reloaded and upgraded from 3.3.1 to 3.5.8 and finally replaced with a Ubee DDW3611.  Replacing the modem solved the problem with the intermittent incoming/ARP issues.

So the Pro 1000VT is now working.  I never determined why the firewall ARP replies wouldn't satisfy the old modem.  It might have been a CM issue or MSO problem that was cleared by replacing the modem.

Thanks for all the help.