@draccusfly:

So disconnected the 4 ports from the HW firewall, connected the ports on the pfsense and reset the IP address in the LAN interface to match that of the H/W firewall.

The IP address changed from … to ... ? (It was my experience that some major configuration changes seem to require a restart to completely clear out the old details.)

@draccusfly:

At this point the internet goes down and doesn't come back up,

As seen where? from pfSense console? client computer connected to pfSense?

@draccusfly:

I cannot ping the LAN interface any more and generally bad things happen.

What ping command did you use and what does ping report?

@draccusfly:

Why do things change so much with just an IP address switch?,

If you want a detailed explanation you will need to provide more details of your configuration and how it changed.

@draccusfly:

So disconnected the 4 ports from the HW firewall, connected the ports on the pfsense

This suggests you have at least three "LAN" ports on the pfSense box. Unless these ports are bridged you will need to add firewall rules on the ports that aren't THE pfSense LAN port to allow traffic. (The default pfSense configuration is to allow connections arriving on the LAN interface and block connections arriving on the other interfaces.)

I am not familiar with the details of configuring Windows NICs for use with VirtualBox. I have used VirtualBox on Linux.

@xray_man:

It seems like Windows realizes there is nothing on the onboard NIC, so it pulls the network settings from the PCIx NIC.

I guess the PCIx NIC is configured to get an IP address by DHCP (Windows default).

I suspect that you probably want only the onboard NIC configured by DHCP (so you can access the Windows OS over the network) and the other two NICs configured in Windows with no IPv4 and no IPv6 and the two emulated NICs for the pfSense Virtual Machine BRIDGED in VirtualBox to the two PCIx NICs.

I'm not sure what is on this board, but in its BIOS settings:

If its got an option to use IDE mode in BIOS, I'd turn that on.
If it has SATA3 and you can turn that off and use SATA II or I, I'd do that.
I'd disable USB3.
I'd turn off anything mentioning RAID.
I would turn off "Plug and play OS".

If none of this works for you, like he said above, maybe try 2.1

UPDATE…  For me, disabling the built-in Broadcom NICs in the BIOS for the duration of the installation processed seemed the resolve the issue.

-ct

pfSense 2.0.3 Release –> FreeBSD 8.1 based --> http://www.freebsd.org/releases/8.1R/hardware.html

pfSense 2.1 RC --> FreeBSD 8.3 based --> http://www.freebsd.org/releases/8.3R/hardware.html

Done again the upgrade at the second : everything is OK out of the box …

The previous scenario happened like it's said before, but no log of it, 1000x sorry.

Something present in 2.0.1 and always present in 2.0.3 :
About 45 time per minute I have this entry in the system log :

siproxd[32769]: siproxd.c:444 ERROR:sip_message_parse() failed… this is not good

Later I'll report in another post the Intel NUC install, USB stick ready for HDD install, just need to find a few seconds to try it.

Phil

@armeol:

Hello
I have a problem with PFSense 2.0.3 installed on the Soekris 5501 router. In fact, I did a migration pfsense, version 1.2.3 to version 2.0.3. The upgrade went well. But when I turned off the Soekris router, it does not start properly, it stops at the prompt ">" see figure attach.

How can i to solve this problem so that the router starts normally?
Thank you.

If you are using a Kingston CF replace it with a SAN Disk and your problems will most likely go away.  There is apparently an issue with the Kinsgston and the reset line.  Or just type reboot, sometimes a few times, and it will eventually see the Kingston.

–----------

@mad_max0204:

…  clear information on installing pfsense on usb stick but limiting reads and writes as in embedded installation while keeping all of the functionalities of full installation.

I'd like to suggest an alternative.

The thing about Flash "write endurance" is that no-one can reliably predict failure - all is based probabilities associated transistors and management of wear leveling of erase blocks - all that that you know is that sooner or later it will. But then, … you can say that about non-solid-state storage too (with the caveat that probabilities favor the later)!

Since USB Flash memory sticks are very cheap, disposable redundancy may be is viable: buying a few 8GB sticks, backing up installed USB (using USB Image Tool http://www.alexpage.de/usb-image-tool/) image and then re-imaging backup onto a new stick as older one fails.

My experience is (with Sandisk USB sticks) is that they self-protect themselves - rendering read-only once write endurance prevents further writing, so, I can read latest writes before failure, should I need those logs.

Advantage for the implementation is that you have solid-state storage, consuming less power, producing less heat, lower susceptibility to environment whilst still having access to logs between reboots.

Admittedly, this isn't a scalable solution, but multiple pfSense installations is outside the context of this proposal.

@onlineph:

Jul 22 00:28:38 php: /snort/snort_preprocessors.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_imap_preproc file. Snort might error out!
Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_pop_preproc file. Snort might error out!
Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_gtp_preproc file. Snort might error out!
Jul 22 00:28:38 php: /snort/snort_preprocessors.php: Could not find the libsf_sip_preproc file. Snort might error out!
Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_imap_preproc file. Snort might error out!
Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_pop_preproc file. Snort might error out!
Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_sip_preproc file. Snort might error out!
Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: [Snort] Seems preprocessor/decoder rules are missing, enabling autogeneration of them
Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_imap_preproc file. Snort might error out!
Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_pop_preproc file. Snort might error out!
Jul 22 00:27:28 php: /snort/snort_interfaces_edit.php: Could not find the libsf_sip_preproc file. Snort might error out!

These error messages indicate something is seriously wrong with your Snort binary installation.  It looks like an entire library directory may be missing.  See if you have the directory /usr/local/lib/snort/dynamicpreprocessor and if it contains the files flagged as missing the system log entries (libsf_pop_preproc*, for example).  Have you downloaded a rule set, and if so which ones (Snort VRT or Emerging Threats or both)?

Try this to completely remove Snort and start over.

Go to System…Packages and then the Installed Packages tab.  Click the X beside Snort to remove it.
Get to a console prompt and run these commands

rm -rf /usr/local/lib/snort rm -rf /usr/local/etc/snort

The second command above might produce an error if the package removal properly removed that directory.  If it does, that's OK.
Reboot the firewall and then try to install Snort again.

Bill

hi,

sorry was very busy at past time.

tryed again with 2.0.3 and get those messages:

Jul 21 14:43:31 openvpn[21604]: IP_client:18020 TLS Auth Error: Auth Username/Password verification failed for peer Jul 21 14:43:31 openvpn[21604]: IP_client:18020 WARNING: Failed running command (--auth-user-pass-verify): external program exited with error status: 255 Jul 21 14:43:31 openvpn: user USER could not authenticate. Jul 21 14:43:31 openvpn: : ERROR! Either LDAP search failed, or multiple users were found. Jul 21 14:43:31 openvpn: : Now Searching in server AD_VPN, container CN=VPN_Users,OU=Group,OU=Group,OU=NAME,DC=NAME,DC=local with filter (samaccountname=USER). Jul 21 14:43:31 openvpn: : Now Searching for USER in directory. Jul 21 14:43:29 openvpn[21604]: IP_client:18020 LZO compression initialized Jul 21 14:43:29 openvpn[21604]: IP_client:18020 Re-using SSL/TLS context Jul 21 14:37:12 openvpn[18895]: Initialization Sequence Completed Jul 21 14:37:12 openvpn[18895]: Peer Connection Initiated with IP_Server:1194

going to have a look at the LDAP-Troubleshooting when having enougth time again ;-)

With the advent of IPV6 and the fact that we should all be getting routable public IPs for pretty much everything we own, I'm sure the US broadband industry is busy at work having meeting after meeting trying to figure out how to break it so its useless for anything other than X-Box and Hulu watching.
Maybe block port 23 for our protection?
And ports 80 and 443?  For our protection.
I'm giddy with anticipation to see how they will screw up a good thing for the next 3 decades….  Unless you +++  $$$
(I guess if you pay extra you don't need to be protected)

http://winscp.net/eng/docs/guides
http://winscp.net/eng/docs/screenshots

@kejianshi:

Well - When you say "VM" you are saying virtual machine.
So, you have a computer > hypervisor installed on computer > one or more OSs installed on hypervisor.

If your intent it to use the computer only for pfsense, you should not need to install VMs.
It should be installed directly to hardware.

If your intent is to use win8 and pfsense on a single box, you could also look into something like v-sphere or ESX.
I'v only used virtual box long enough to know I didn't like it much.

(Actually, I MUCH prefer to run pfsense seperately and virtualize everything else) - So much less issues.

What is your first language?

A Filipino newbie here.

I did it already. Have now successfully configured the VB and now running well. pf client may not able to connect wirelessly and wired via switch.

Thanks alot for your presence. Now, I had to deal with running the snort. I'll be here again if I fail to run it.

More power to you kejianshi!!!!

@onlineph:

@bardagspogi23:

??? guys help me send me step by step instruction for may disk usage almost full i don't know what will i do know or any one willing to service my pfsense

Hi, The link below might help you:

http://www.freebsd.org/doc/en/books/faq/disks.html#idp75817136

where u from

@wallabybob:

@onlineph:

I purchased new board, and as expected I got a ROOT MOUNT ERROR when attaching my HDD SATA (previously attached to the P4).

At the root mount error report type a question mark, tap the Enter key then post a screen shot or screen dump.

The root mount error occurs when the hard drive has a different device (e.g. was /dev/ad4 now /dev/ad2). The problem is relatively straightforward to fix PROVIDED the system recognises the hard drive.

I posted this question expecting that anytime my old board would gonna broke down (although I have tried already transferring my hdd to a new hardware environment) the silly part is, its the other way around, my HH broke down, 5 minutes preparing to back up its pfsense settings, now I lost that setting. sigh!

No problem.

Its also easy enough to put any of these on USB/Memstick/whatever with UNetbootin in ubuntu, which is an application that cost 1 Billion dollars…

(kidding - Its free)

pfSense 2.2 will be based on FreeBSD 10.x, so there will be a large leap in driver support there. Once we ship out 2.1 (hopefully soon) we'll start working more on that.

Use the Netgate firmware for the 7535 from here (It's not the 7541 but it's nearly identical, close enough):

http://www.netgate.com/firmware/2.0.1-RELEASE-rebrand/

Or if you have another FreeBSD or pfSense unit around, you can adjust the image file or disk manually…

http://doc.pfsense.org/index.php/Embedded_install_on_Netgate_Hamakua

If it was a missing beep binary it would never beep, not just start/stop.

Check your console, I suspect something is causing the boot to never fully complete.

I like to do this also - have an offline backup system ready to go in places where I have spare hardware. (With CARP or any solution with multiple boxes powered up together, all the hardware can be killed by the 1 lightning strike…).
You can restore the config, then it is good to get it to load all the packages when it first boots, so it is ready to go when needed. In practice, I find I need to plug it in as the real pfSense during some after hours period, let it boot up, download the packages it wants and start up. Actually, you can then leave it in place as the production unit and keep the previous production unit as the disaster backup hardware.
If your WAN uses DHCP, then you can plug the backup unit into some other internet connection, and it will get DHCP on WAN and download packages... But if it has a static IP set on WAN in the config, then the only way to get it to download packages is to plug it in as the real production unit. (Otherwise you have to change the config to make it connect on some other WAN, and then make sure you correctly reverse the changes you made so that the backup unit really is an identical config to the production unit.)