thx yes trying to connect with another vbox linux running,  I have reached the point of getting to pfsense and setting it up now. Just stuck on few settings which ill hopefully get from my VPN provider :) Ill pop back once I get these openvpn settings since there is an awful lot of unknowns.  Getting there with yours and others help thx !

ok, thank you very much!! :)

If you can ping only local machines pfSense probably has no default route. The WAN interface and DSL modem have public IPs but they are still local to a pfSense interface so it will have a route to them. Have you set a gateway on WAN? If you go to System: Routing: Gateways: Is the WAN gateway set as default? Steve Edit: Just noticed you can ping 8.8.8.8 so forget that!  ::) It's probably a DNS problem if you can ping IPs but not URLs. Do you have those Google DNS servers set in System: General:? When you try to ping google.com what is the actual error message? Can you ping from the pfSense VM?

@georgeman: @Azoic: i change the Interface to LAN, and transfer files from my server to any other machine on my network and back again, and nothing comes up in graph form either. Watch out there, traffic between two machines within the same LAN will not go through your router, so won't be graphed. Anyway, usually you do select LAN as the interface, since you most likely are interested in the bandwidth usage per device. As the problem itself, actually I really don't know what could be wrong. I installed it and started working right away (I'm using 2.0.3). Are you running full or embeded installation? Funny, i thought most people would want WAN as the monitored interface, so one can track ALL usage…..that's what i was looking for anyway. I did check everything i did, after i did it, but like i said, no graph's ever come up. It is weird, like i said, i'm sure i had it working before, but now i get the title page and nothing more. I tried making the LAN interface the monitored one, to see it's throughput, but still nothing comes up. It's kinda odd, i was thinking it might be with the code, as , most of the post's i read about issue's say files need to point to AMD 64 folder's and such, i thought maybe i needed 64bit arch. to run it, but i can't see how if the program runs on 32bit arch. aswell. I am guessing the thing is running, both the sys logs and the GUI say it is...but still no graphs..... I just don't know where to go next....

You should be able to use the appropriately sized 32bit nanobsd image. There are plenty of people running 2.1 on Alix (though I'm not on of them). Steve

Replying to myself, I still may need more RAM, but I've definitely found the primary source of the problem: mod_evasive.c.  Whoever, whenever they're doing it, the captive portal is being bombarded, resulting in the famous error and driving one PHP daemon up to 100% cpu.  After blocking the luser with a firewall rule, everything goes back to normal.

Bump

I made some progress on this, and I think there is a spot that needs improvement in the source of the dyndns script. When the curl function is called, the URL is built with an IP address derived from the hostname of checkip.dyndns.org, instead of actually the name. Original Line 1226 of dyndns.class:``` $ip_ch = curl_init("http://{$checkip}"); Improvement:``` $ip_ch = curl_init("http://{$hosttocheck}"); I understand we could first check to see if the name resolves, but curl should be called with a hostname, not an IP, so that the web server that runs the service can respond to the called service correctly, even if it has virtual hosts or a similar configuration on it. I stumbled upon this because the checkip.dyndns server that was resolving at the time, was not working correctly, and it was replying a generic dyndns page. On noticing this unreliability with the checkip service, I built my checkip service on a web server that runs virtual hosts, thus when curl called with an IP, it would not reply to the checkip service. Anyway, that doesn't resolve the issue Im having, but I feel its a better way to call curl with hostname rather than IP. The problem I still haven't been able to resolve, is that I'm still getting "route: writing to routing socket: No such process" notifications. The dyndns update seems to run twice each time (this is not related to the multiple cron bug that was resolved recently), and checkip.dyndns.org does service throttling and does not seem to like more than one request quickly, thus it would sometimes not reply and generate errors. Now with my own checkip service, the script always receives the public IP even if it executes mutliple times and updates fine, even if it does it twice, but still generates the "route: writing to routing socket: No such process" notification…

Yes.  However now I'm having trouble getting btsync to work thru the firewall.  But I guess that's a post for another area of the forum…

It can take much longer than you think. At least much longer than I expected.  ;) 2.1 is using self contained pbi files that contain all the package dependencies and as such are much larger than in 2.0.3. If you have a slow connection or slow flash media this can take some time. If it really has become stuck you can use the 'Clear package lock' button in Diagnostics: Backup/Restore: You should check the logs if you do use that to make sure the packages installed correctly. Steve

please up.

I see, that that makes sense. I thought they were designed based on the available memory. I'm not sure what states are though. I was going to give it 512mb starting and let it expand as it needed.

Good luck on that one, in some areas it's mandatory.

Yes as you have found you need to edit the fstab to mount the / and swap partitions from the correct location. Also as you found the AHCI handling changed between 2.0.X and 2.1. 2.1 is able to see more hardware which can change the apparent mount locations. What does your current fstab look like? You can list it at the console with 'cat /etc/fstab'. You can probably also run that in Diagnostics: Command Prompt: You can edit it in Diagnostics: Edit File: Steve

Did you have a gateway setup on your 192.168.25.1??  Pointing to itself maybe??  Setting gateways when there should not be one seems to be a common area of problems with people with little or no network experience.

That is the correct behavior for a Nanobsd install. There is an option to mount the filesystem RW permanently in the webgui but it shouldn't be needed. I would suggest the package may not have installed correctly. Steve

Hmm, not sure if the autodetect works on the Marvell NICs. Just enter the names manually. They are listed on the screen. The four on the left are the sk NICs, far left is sk0. So for example enter sk0 for WAN and sk1 for LAN. Steve

RAM is 16 GB, as stated in my signature (and a few times higher in the thread), as it has been since I actually deployed in February 2013 (two identical systems on different networks, second one deployed in July 2013 - some i386 fiddling before building the 64bit systems for serious use.) One is still running 2.0.3 Cache detuned to 7GB RAM and 160 GB disk with the post-2.1 troubles. Typical daily throughput in the 30GB range, 150-175 users (per lightsquid - about 100 people, but people with multiple devices get counted twice or three times) I am a bit disturbed by the url_rewrite_chrildren being set to 50, but asking to be set to 15-16 as though they are still at 5. 50 was picked since the largest number I found was 52, while most were suggesting the teens, so it seemed like it would cover most of the issues with that - but it's not clear that it's "taking." I also added the vm.pmap.shpgperproc tunable in system tunables due to complaints in the main system log about "Approaching the limit on PV entries" and raised it from 200 to 500. $ cat /usr/local/etc/squid/squid.conf # Do not edit manually ! http_port 172.XX.XX.1:3128 http_port 127.0.0.1:3128 transparent icp_port 0 pid_filename /var/run/squid.pid cache_effective_user proxy cache_effective_group proxy error_directory /usr/pbi/squid-amd64/etc/squid/errors/en icon_directory /usr/pbi/squid-amd64/etc/squid/icons visible_hostname localhost cache_mgr admin@localhost access_log /var/squid/log/access.log cache_log /var/squid/log/cache.log cache_store_log none logfile_rotate 14 shutdown_lifetime 3 seconds # Allow local network(s) on interface(s) acl localnet src  172.XX.XX.0/255.255.192.0 uri_whitespace strip cache_mem 7200 MB maximum_object_size_in_memory 3200 KB memory_replacement_policy heap LFUDA cache_replacement_policy heap LFUDA cache_dir aufs /squid/cache 160000 128 256 minimum_object_size 4 KB maximum_object_size 4000000 KB offline_mode off cache_swap_low 50 cache_swap_high 80 # No redirector configured # Setup some default acls acl all src 0.0.0.0/0.0.0.0 acl localhost src 127.0.0.1/255.255.255.255 acl safeports port 21 70 80 210 280 443 488 563 591 631 777 901  3128 1025-65535 acl sslports port 443 563  acl manager proto cache_object acl purge method PURGE acl connect method CONNECT acl dynamic urlpath_regex cgi-bin \? cache deny dynamic http_access allow manager localhost # Allow external cache managers acl ext_manager_1 src 127.0.0.1 http_access allow manager ext_manager_1 acl ext_manager_2 src 172.XX.XX.1 http_access allow manager ext_manager_2 http_access deny manager http_access allow purge localhost http_access deny purge http_access deny !safeports http_access deny CONNECT !sslports # Always allow localhost connections http_access allow localhost quick_abort_min 4000 KB quick_abort_max 0 KB quick_abort_pct 40 request_body_max_size 0 KB reply_body_max_size 0 deny all delay_pools 1 delay_class 1 2 delay_parameters 1 -1/-1 -1/-1 delay_initial_bucket_level 100 # Throttle extensions matched in the url acl throttle_exts urlpath_regex -i "/var/squid/acl/throttle_exts.acl" delay_access 1 allow throttle_exts delay_access 1 deny all # Custom options redirect_program /usr/pbi/squidguard-amd64/bin/squidGuard -c /usr/pbi/squidguard-amd64/etc/squidGuard/squidGuard.conf redirector_bypass off url_rewrite_children 50 # Setup allowed acls # Allow local network(s) on interface(s) http_access allow localnet # Default block all to be sure http_access deny all

I was having the same error (new 2.1 installation - firefox browser, with IE everything was fine… go figure) see this discussion as well http://forum.pfsense.org/index.php/topic,49165.msg367262.html#msg367262 Anyway for me the solution was this: I noticed that everything was linking to /usr/pbi/bandwidth-amd64/bandwitdth with the exception of /usr/local/bandwidth/etc and /usr/local/bandwidth/htdocs so I made softlinks from those to the relatives under /usr/pbi/bandwidth-amd64/bandwidth and now everything works ok. /usr/local/bandwidth/bandwidth was already a symlink to /usr/pbi/bandwidth-amd64/bandwidth/bandwidth so I have just completed the set  :D mmmh... maybe I was not clear, If anyone wants help just reply to this. -bu