@fastcon68: I do have the vlans setup up for 2 and 3. I have the opt1 interface and the opt2 interface bridged to the lan subnet. @fastcon68: I really do want to isolate the two vlans away from the other network. I have machines that should only see the wan and nothing else. Do not bridge them to Lan then (did you read the article about network bridging???) Create pass rules for OPT1 to WAN only and similar for OPT2 to WAN. @fastcon68: I have setup the IPSEC rules as well, I can ping the out to the my sites but they can come back my way.  that is cause issues for me.  Any thoughts? Huh, what do you mean? Usually that's the desired behaviour to have a two way communication between IPSec endpoints. …however, on the IPsec rules tab you can control what's allowed in and what's not.

You're running on CF - are you using embedded (the recommended version for running on CF) or Full? Have you verified the hardware (particularly the memory) is good?  A quick run through with memtest86+ (or similar) may be a good idea.  Another useful tools is Prime95 (to check that the CPU and cooling are ok). More details on the "crash" are needed.  At the minimum you need to say whether: a) The entire system reboots b) The entire system hangs and i) You can access the local console ii) You cannot access the local console c) Just the Captive Portal stops responding

@onhel: Might want to take a look at this thread http://forum.pfsense.org/index.php/topic,7028.msg41362.html#msg41362 //////////////////////\//////////////////////////\ Thank you - I so hate the noob level - could a moderator close this post of mine before it wastes too much space - (and time) again - ( cant say it enough) thanks!

Snort 2.7.0.1_3 is the only package I currently have installed. Regards Ben

Thanks for the reply. My question is will this work - with the subnetting in particular. If I have a 26 bit range if IP addresses assigned by my provider. Can I just create 5 networks out of that space by increasing the subnet to 28 bit without any additional configuration changes? -Toz

@Cry: You're contradicting yourself.  Either you're running this on physical hardware, or in a virtual system (VMWare etc).  Which is it? Physical hardware. Ended up installing vmware server. Booting the livecd iso within vmware and installed to the CF. After finishing the install, pull the CF card and installed it in the real hardware, just needed to reconfigure the interfaces.

Thanks GruensFroeschli for the quick reply. I'll try the fix on the given link. :)

load the phpsysinfo package and this is one way that you can see how many processors are in use. RC

pkg_add -r rsync

For clarification, there was a period of time where the update just defaulted to the non SMP kernel on upgrade.  It now prompts for the kernel type on upgrade.

That error is "normal", I'm not sure where it comes from but it's not the cause of your issues. Is the LAN and WAN on the same subnet by chance? That won't work. Aside from that, no other issues come to mind that would cause problems in this type of setup.

The released version of snort and the version available in the packages aren't necessarily going to be the same thing. As for the updates - if you visit the "Installed Packages" page it'll show you any packages that have updates to apply.  See, simple ;)

I know that much  ;D I guess I can play around with the settings.

General advice is to go with 1.2 (as you'd have seen if you'd searched the forum).

@eweri: Login via ssh and than /etc/rc.conf_mount_rw mv /etc/ttys /etc/ttys_back cp /etc/ttys_wrap /etc/ttys reboot This worked for me, thanks

I also tired with antoher CD drive and it doesnt worked until i replaced RAM. As i mention before…after i replace ram it worked.

Install the full version of pfSense Ensure you have   a) "enough" RAM (value of "enough" varies according to your network and needs, but I'd suggest that 256 MB is the absolute lowest)   b) fast "enough" CPU (the better the network cards you have the less this may matter - varies according to your network and needs)   c) Good network cards - Intel Server cards are preferred, but anything other than RealTek is a good start (lower quality cards will put more load on the CPU) Install Squid Configure according to taste ;)

@jle2005: No, if your subnet mask is 255.255.255.248 then you should use /29. You should also check the Gateway and DNS for the right IP setting. My mindset was I'm configuring the NAT that is why the /32 netmask, anyways, it's now working when set to /29.  So simple yet overlooked. Thanks.