Hello

just some info about my experiances.

with linux there are issues with core 2 duos and ide devices, usually linux doesnt boot or doesnt detect the ide device. since linux is usually more up to date with hardware I would asume that bsd has some catch up to do before it works properly

Try using a sata hard drive and an external usb cd rom drive

All updated no issues
RC ;D

@sullrich:

I plan on adding a checkbox to toggle the behavior on the next RC.

This is great news. Thanks.

I ended up installing BETA1, and then using the upgrade firmware feature. This seems to have upgraded me to RC1, but kept my bootloader at the default freebsd loader.

Some are and some aren't traffic shaping related - the trouble is the question keeps coming up and it's not a simple answer.  Pushing 10 Mb/s full size packets is a lot easier than pushing 10 Mb/s minimum size packets.  If you're installing packages (such as snort) you'll require more "grunt" and RAM than if you don't.  Until you have a meaningful understanding of the actual traffic profile it's impossible for anybody to provide guidance.

I would say that you should consider:

CPU: > 1 GHz - higher is better :)
RAM: 512 MB is a good minimum - if you're installing packages then add more
HD: Well, if you're not wanting packages it'll run happily from CF.  I'm using a 4 GB Microdrive with multiple packages and still have 2.7 GB of the 3.2 GB allocated to / free
NIC: Intel always gets recommendations

I suspect you'll find that the network cards matter more than anything else.

The it look it's ok, i've played around with it and i need 80 for the CF card to boot

ConSpeed = 9600
ConLock = Enabled
ConMute = Disabled
BIOSentry = Enabled
PCIROMS = Enabled
PXEBoot = Enabled
FLASH = Primary
BootDelay = 5
FastBoot = Disabled
BootPartition = Disabled
BootDrive = 80 F0 FF FF
ShowPCI = Enabled
Reset = Hard

but it still doesn't solve my problem

OK, I'm resurrecting this thread because I'd really like to get this to work.  So first off, if I set the "Listen on IP" (aka the "accept" line of the stunnel.conf file) for an stunnel config to anything except the pfsense box, stunnel won't bind properly.  So I changed the tunnel to basically accept the IP address of the pfSense box.  Here's an example of a tunnel I set up on the pfSense box:

Listen on IP:        192.168.0.1
Listen on Port:    999
Redirects to IP:    biteme.someremotehost.com
Redirects to Port:  2029

In this example, biteme.someremotehost.com is a DirectConnect hub.  Now I go to my client PC on the LAN (which is not running any sort of stunnel client) and set up a connection in my DirectConnect client to point to 192.168.0.1:999.  When I do that, the DC client sits there at:

*** Connecting to 192.168.0.1:999... *** Connected

In the pfSense logs I get:

stunnel: LOG5[12263:134766080]: DirectConnect accepted connection from 192.168.0.22:3393 stunnel: LOG3[12263:134766080]: SSL_accept: Peer suddenly disconnected

And that's it.  The DC client just kinda sits there for a while and nothing happens.

Does anyone have any ideas?  Perhaps I'm configuring/using this setup incorrectly?

Updating embedded is still considered experimental.  I suggest reflashing.

Hummm, thanks Hoba and thanks Chris!

I'll do an upgrade right now, but later I'll try to make a full install in order to change my hard drive to a bigger one! when I do this, I'll make copy of all my rrd graphs, maybe ntop also, in order to keep my lan History documentation.

I know it's off topic, but talking about rrd graphs, can I add between the 2days graphs and 1 month one,  another graph with one week lenght??

thanks again!

Last time I checked the use of standard FreeBSD alias' was not supported nor GUI configurable.
And your Alias' are in the same subnet. I thought that was a problem, but can't remember. I remember something about the second alias in a given subnet mask being set as a /32 to prevent problems.
192.168.0.0/22 would be 192.168.0.1-192.168.3.254

Yep.  We have tightened down a lot of areas to prevent foot shooting.  That configuration could definitely lead to issues down the road.

Packages are not supported on embeddeds. Search the forum. This has been discussed in detail already.

@mnsmani:

I am using Embedded Version….. System -> Package is not there....

Packages are not officially supported on embedded platforms due to limited hardware resources.
If you want to run snort and alike you better use the regular install on decent hardware.

These errors might be caused by some bad networkcomponent or cable. However, if it is only showing 1 error I would ignore it for now unless this number runs up or you see some traffic issues at that interface.

well that is why i need to add strings into the rc.conf
but i do not find it anywhere, so where other place i can add those strings that the system will load at startup ?

You talked about atheros chipsets that works, can you recommend a card that support and work in pfsense on 802.11/n mode as well?

@cmb:

What I recommend is only bridging OPT interfaces, as then the bridged interface doesn't need an IP.

I was thinking about that, but then LAN and WAN would be my manage / pfsync interfaces, which would be confusing name wise.

@cmb:

That's deceiving, it's actually broken in FreeBSD 6.x and greatly reduces throughput. http://pfsense.blogspot.com/2007/06/polling-and-freebsd.html

I read this link before I enabled it and the idea seemed sound: http://taosecurity.blogspot.com/2006/09/freebsd-device-polling.html .

@cmb:

That should never be necessary for any purpose, hence there is no supported facility for making manual ruleset changes.

True, it shouldnt be needed, just thinking that it would be nice to have just in case

When we started to use more than one IP using Virtual IP's we had to clear the ARP cache on the router connected to Pfsense.

It is running the latest…

Please search ….

I think, have a keyboard AND screen attached to a network appliance is a very very bad idea because anybody can do anything (password or no password)... the best is to have a serial console ...

Thanks…I didn't look in the UPDATES folder.  Any thoughts on how to get this installed on a blank CF card?  Last time I had the full EMBEDDED image to write using physdiskwrite.  The update looks like the unzipped folder structure.[

[quote author=cmb link=topic=5510.msg32948#msg32948 date=1184362432]
If that snapshot supports it, there's no reason 1.2b2 or any newer snapshots shouldn't support it (that I'm aware of at least).

Support for this card has gone in and out over the recent snapshots.  Not sure why.  Tested 1.2b2 and card was not recognized.

Ok now it works. I'm not sure what the problem was, because I don't want to test more. It seems a combinations of some things. Furthermore I had a problem caused by a to fast running RAM, because of a SPD failure. Now all is fine :)

In the PXE-Boot settings were also a failure. This works now too, but I tested it only with a VM, so the setup is still with BETA-1.

If there is interest, I could provide a Qemu-Image with a FreeBSD as base to install pfSense via PXE.