If you just want to learn pfSense, pick up a cheapo box on eBay. No reason to go all-out on an appliance with less power than a $100 server :) (or better yet, run it in a VM network)

Awesome. Many thanks! :)

thank you, I will

default - 10.10.10.1 - us - 0 - 651 - 1500 - re0 That is definitely a problem. The default route should be your Broadband router IP. Look in System->Routing and see what gateways are defined. Get rid of any extra ones (specially any on LAN) and set the WAN gateway as default. Then reboot if it doesn't work. Until you can get the default route correct, it's not going to work. For example, the default route on one of my systems has: default 202.x.y.193 UGS 0 4284905 1500 vr1_vlan100 202.x.y.193 is the address of my ISP gateway. In your case it needs to be the address of your broadband router.

The easy install will always try to make 2x the RAM size in swap. If you really need a disk that small, manually sizing the partitions is required. You're hurting yourself more than you're helping by trying to run a full install on a small virtual disk with little or no swap.

Ok. Here's a thread describing a very similar (maybe identical) problem: http://forums.freebsd.org/showthread.php?t=18463 Not really a useful outcome though. I would try changing the HDD mode in the bios. If the SATA mode is set to AHCI try legacy or IDE compatible. It could just be dead drive. Could be a bad cable or cable not inserted fully. Steve

I've run into space issues before - I would delete all packages AND reset the RRD data to clean out all the saved graph data too - even if you're not using RRD now it's still a good idea to clean out the data if you've ever used it in the past. Then upgrade.  When you've upgraded, add the packages back in but install the bigger packages first (ie Avahi) and the smaller packages last (blinkled etc). CF cards are cheap these days so there's no reason not to have a 4Gb card but you can run out of RAM as well as disk space so a larger CF card isn't necessarily going to solve your problems.

@netritious: Glad to see you got it worked out op. A couple of questions though. both IE and Firefox dont really like a 9Mb hostfile How the heck did you end up with a 9MB hosts file? ::headscratcher:: I just checked mine and with 15,000+ entries it's barely 500KB. Based on some simple math (15,000*2)*9, you're sporting somewhere around 250,000 lines in the hosts file. Just curious. DNS is absolutely the way to go. Domain name resolution is domain name resolution, whether it's DNS or a hosts file. I'm just curious why "absolute" was used when from my experience, anything computing/internet/technology is anything but. Again, just curious. My hosts file i made was something along the lines of 2 million entries, it took notepad 10 minutes to write just to view it…...hence the reason i gave up on that idea....when your trying to block the ENTIRE Internet via a host file...it's going to get rather big...TEE HEE....i gave up on it after adding every blacklist google could find.....bloody thing was impressive, but not at all useful. But with the suggestions offered to my 1st post, and some lateral thinking i got 90% of what i wanted, all Chat Social and Anime sites are blocked and 95% of game sites are blocked, all i need to fix now is the Porn....some still slips through.

Thanks for coming back with that.  :) I assume you mean /dev/cuaU0.0 and that cdu was just a typo? Important to note that the capital 'U' in the name indicates a USB attached device. Steve

Well…I swapped the one I had from WAN to LAN, and to do that I was forced to add the second one as WAN. Anyway, I've scrapped the bare metal plan for now since none of my wireless hardware is supported and am installing it on a KM. And it's working quite well, so I'll probably just go that route now...

Yep, should be fine. See the upgrade guide: https://doc.pfsense.org/index.php/Upgrade_Guide Steve

I run Celeron Coopermine ( Socket 370 ) 1000MHz… But one hour ago, I found that CPU fan have failure. Radiator was overheated and fan stops.  ( I do not have spare cpu fan for such old socket ) In that case, I decided to move on a "new" platform - Dell CPU Pentium 4 2.4GHz with 2GB RAM For now everything works fine, even with 2.1-RELEASE (i386) ( on new PC ) thanks a lot Jack

Have you tried this? set hw.clflush_disable=1 boot https://doc.pfsense.org/index.php/Boot_Troubleshooting#Vendor-Specific_Issues

SOLVED….The Motorola cable modem configuration was reloaded and upgraded from 3.3.1 to 3.5.8 and finally replaced with a Ubee DDW3611.  Replacing the modem solved the problem with the intermittent incoming/ARP issues. So the Pro 1000VT is now working.  I never determined why the firewall ARP replies wouldn't satisfy the old modem.  It might have been a CM issue or MSO problem that was cleared by replacing the modem. Thanks for all the help.

Curious to what "all" your refer to that talk about 2 lan interfaces with 1 wan interface..  its a router/firewall - your going to want 2 interfaces or how do you route between anything ;)  Or firewall between anything? ;) You could have 3 sure, you could have 6, etc.  Where you have multiple WAN, and multiple LAN, etc. If you put a gateway on the interface then pfsense would treat that as a WAN interface - so this would be connected to whatever network you have a gateway to get to other networks (internet normally)  Your lan interface as pfsense would see it would be where your clients connect that want to get through to the networks on the other side of pfsense, ie pfsense's wan. Sure you could use a captive portal to let them out or not, etc.

wow many many thx mate this now enlighten me.

Check your DNS settings also (System > General) and make sure you don't have something there tied to the LAN interface

This was a very frustrating bug. Thanks to every here for sorting it out. @phil.davis: /etc/rc.update_bogons.sh IPv4: egrep -v "^192.168.0.0/16|^172.16.0.0/12|^10.0.0.0/8" /tmp/bogons > /etc/bogons IPv6: egrep -iv "^fc00::/7" /tmp/bogonsv6 > /etc/bogonsv6 http://tools.ietf.org/html/rfc5735 0.0.0.0/8 - Addresses in this block refer to source hosts on "this" network.  Address 0.0.0.0/32 may be used as a source address for this host on this network; other addresses within 0.0.0.0/8 may be used to refer to specified hosts on this network ([RFC1122], Section 3.2.1.3). Protocols like DHCP (where the source [client] is trying to find out its IP address) need to put something in the source IP field. 0.0.0.0 is a good choice. So, there is an argument that 0.0.0.0/8 (or at least some of it) is "link-local" IPv4 address space. So it is not appropriate to consider it "bogon", as it is used legitimately on any local link by whatever protocol has the need.