Did some more testing.

If NAT sync is turned on in XMLRPC Sync config the outbound NAT's are synced and any extra rules on the backup, even if the "do not sync" checkbox is set on it, is removed.  If the "do not sync" is set on the master for a outbound rule that rule is not synced, but any additional rules not on the master are removed from the backup.

If I turn off NAT sync in the XMLRPC Sync config we dont get the outbound rules being wiped out on the backup.  Obviously we loose the 1:1 and other NAT rules being synced as well.

In 2.0.2 perhaps the NAT sync is not evaluating the "do not sync" explicit rule on the backup before removing rules?

@Nazarene:

the mirrors i have found are for Compact Flashes, memory sticks and live cd's. can someone point me in the right direction with say a link to where i can get a mirror tht i can casually burn to dvd.

The LiveCD is also the install CD so the version you want is almost certainly this:
http://files.nyi.pfsense.org/mirror/downloads/pfSense-LiveCD-2.0.2-RELEASE-i386.iso.gz

If you have more than 4GB of RAM you may want the 64bit ISO instead but you probably don't need that.

Steve

That could be from NTOP I installed a few days ago, it looks like its the type of libraries it would install now that you mention it, the only other package I have on this firewall is open-vm-tools.

@extide:

Depends on how the rules are created, if they are generic rules then they don't apply to any specific interface. If they are bound to an interface it would be the friendly name like LAN or WAN or OPT1, etc, not the freebsd name like em0.

I would say just export your config, build the new box, import the config and then see where you stand. You should be pretty much ready to go, you will just need to reconfigure the interfaces themselves, but the rules should be fine.

Awesome!  Thank you very much for clearing that up.  Knowing that it may not be a waste of time makes me a little more comfortable bringing down the network to attempt this.  I'm going to give it a go.

I think so

Well, it's a Roadrunner ethernet handoff..  I thought of that and rebooted the cable modem.  No change.  But, It's a question I just sent them to be safe.

Why not try using the Pre-Built OVA files for Virtual Machines?

http://snapshots.pfsense.org/FreeBSD_RELENG_8_3/i386/pfSense_HEAD/virtualization/?C=M;O=D

Thats good to know, I will keep that in mind in the future.

@matguy:

That appears to be a Optiplex 520 DT motherboard, as shown here:

http://support.dell.com/support/edocs/systems/opgx520/en/ug/sdabout0.htm#wp1075336

As far as you're concerned, that's a pair of standard PCI slots.  That longer one is made to function also with a riser card, which in some cases may provide a single or a pair of PCI slots (maybe a PCI-Express x1, I didn't fully research that) at a right angle to the motherboard, but functions as a standard PCI slot without the riser card.

Note, some PCI-X (not PCI-Express) cards may fit in the shorter, standard PCI slot, I would not try to fit a PCI-X card in the longer slot (nor PCI-Express, for that matter ;) )

Thanks very much for that info
All i see on the SFF is GX520.

I just bought an
PCI 3Com 3C905CX-TX-M 10/100 and ill let you know how i go. Intel chipset seems to work better with pfsense

Had the same issue yesterday, seems the filesystem on the usb was incorrect, Ive always used unetbootin for other projects but did not work for this. Re-imaged with win32discimager and worked perfectly.

@onhel:

Might be a silly question but is the drive recognized in the BIOS and is it set as the first boot device?

Yes.

@onhel:

Secondly, are you using that CF Adapter as a SATA device or USB?

SATA, but I have tried both. I do think the issue may be related to the reader, as I'm able to boot off a 4GB USB thumbdrive with the same image.

@jaredadams:

I thought I read around here to use a smaller image than the CF.  Try using the 2GB image on the 4GB stick.

I had never heard this before. Are you sure this isn't in relation to people with large CF cards (over 4GB?). I tried this as well, no luck. I'm going to try getting a new SATA/CF adapter and see if that works.

@wallabybob:

There is a crucial detail that seems to reasonably regularly get overlooked: you have to write the UNCOMPRESSED image to the "raw" CF, not to a partition of the CF. (The first sector of the uncompressed image becomes the MBR and partition table of the CF and that partition table specifies that the CF is bootable.)

This is exactly what diskpart/physdiskwrite does. Also, the latest versions of physdiskwrite can handle gzip files as it has zlib incorporated so there is no longer a need to uncompress.

@wallabybob:

This suggests to me that the CF is not being seen by the BIOS in its scan looking for devices with a partition marked "bootable" or the CF doesn't have a bootable partition, perhaps because it wasn't written correctly.

I think you're right here. The partitions are good with the first active, and the BIOS is showing the device, but perhaps the CF itself isn't being read. I'm going to swap it for another reader. Thanks.

Thanks,
Ben

If you have the 2009* dir there, that means you upgraded to 2.1 and then downgraded to 2.0.x, which isn't supported.

If auto update did that, someone must have selected the snapshots url from the drop-down menu at some point.

on i386 ?

on amd64 start but not working very well.

That fixed it. Thanks!

Yeah, I expect it had to do with TRIM support (not sure if TRIM is yet supported in the FreeBSD version being used), but with a large enough SSD to have spare/slack space this would likely be less of an issue. And the point about a reliable manufacturer/brand/model is very good. This isn't something that NEEDS the high speeds an SSD can provide but it does need the reliability potential.

So I just wanted to post an update about this. I know mjimlay from another forum and am the one who recommended pfSense to him. He engaged me to help him get this setup and wow was this a PITA. Long story short, I left the "142" address on ESXi so I could maintain remote connectivity to the host and attempted to use the "192" address on pfSense as he did. I could sometimes get it to save the gateway if I added the gateway in the interface setup (but could never get it to save if I added the gateway in the gateways page). This gateway would briefly show as online then go offline, probably due to come check in the background.

I would have preferred to have the "142" address on pfSesne WAN and use the "192s" as VIPs (which I think is their intention) but I couldn't maintain connectivity to the host doing this. I then got the bright idea to alter the subnet mask. One of the OVH docs I read mentioned I could set the gateway to /24 instead of /32 and it would still work. I figured if that works, let's see what mask I need to use to make the "142" gateway be in the same subnet as the "192" address I'm configuring. The only valid mask for that is /1 so I tried it and surprisingly it worked. The gateway stays online and hosts behind pfSense have connectivity. This may not be the correct way to have handled this but it worked.

@jimp:

I'd be seriously suspicious of the hard drive in that case. Not an intrusion.

In that case…does pfSense have any SMART tools?

EDIT: Never mind, found Diagnostics>SMART. It says everything is hunky dory. Hmm, guess I need to run a surface test. That'll only take a few days...

Would it be feasible to just boot off a USB stick? Would I need to worry about wearing out the memory?

EDIT2: Running a long offline test now. Also, since I got the GUI back up, got notice of a kernel panic from a couple of days ago. Not sure if it's related to the disk corruption or not.

I would say little to no difference.  In some theories the larger images might help with wear leveling, if that's even a feature of the firmware of the CF card, but at the same time it's highly possible that if the card did have wear leveling it'd still work even with a smaller partition.  Again, at the same time, it's not like the Nano versions are writing to the cards much.

Some info/discussion here: http://forum.pfsense.org/index.php/topic,55760.msg298016.html#msg298016

If someone has more/better/deeper info, I'd be interested as well.  I'm building a new box and I'm debating "things".

(I have a bunch of IDE to CF adapters, but only 256MB CF cards, so I'd have to buy new, or I've got a few physically small 1GB and 2GB USB sticks sitting around, or…)