It looks like a larger amount of RAM is taken up for paging, couild this be ZFS file system?

SYSTEM MEMORY INFORMATION: mem_wire: 1198047232 ( 1142MB) [ 63%] Wired: disabled for paging out mem_active: + 76308480 ( 72MB) [ 4%] Active: recently referenced mem_inactive:+ 127647744 ( 121MB) [ 6%] Inactive: recently not referenced mem_cache: + 0 ( 0MB) [ 0%] Cached: almost avail. for allocation mem_free: + 497741824 ( 474MB) [ 26%] Free: fully available for allocation mem_gap_vm: + -258048 ( 0MB) [ 0%] Memory gap: UNKNOWN -------------- ------------ ----------- ------ mem_all: = 1899487232 ( 1811MB) [100%] Total real memory managed mem_gap_sys: + 50384896 ( 48MB) Memory gap: Kernel?! -------------- ------------ ----------- mem_phys: = 1949872128 ( 1859MB) Total real memory available mem_gap_hw: + 197611520 ( 188MB) Memory gap: Segment Mappings?! -------------- ------------ ----------- mem_hw: = 2147483648 ( 2048MB) Total real memory installed SYSTEM MEMORY SUMMARY: mem_used: 1522094080 ( 1451MB) [ 70%] Logically used memory mem_avail: + 625389568 ( 596MB) [ 29%] Logically available memory -------------- ------------ ----------- ------ mem_total: = 2147483648 ( 2048MB) [100%] Logically total memory

Hi all, apologies for the delay. Took me awhile to find another identical gigabit card to test with since cleaning the riser and card connector with isopropyl didn't work unfortunately. I also had to get a new modem from ISP since mine was way out of support.

It is now working fine with DHCP, appears to have been hardware gremlins in the gigabit card and the old modem being clunky with DHCP.

@videogamingtown said in First time install - Web interface not loading?:

Got it working after changing the subnet, thanks.

👍. Glad you got it sorted out.

My PC is in network 172.23.134.0 and i can ping normally in this network. I don't know if this are being a problemm

You can ping 8.8.8.8 from this network? If so then what is the problem?

I cannot help if you are only going to provide little pieces of information each time you think it may or may not help. Provide a full diagram of your network and all LANs, servers (squid?), smart switches. For example, in that diagram show LAN A is able to ping 8.8.8.8 but not access a website, LAN B cannot ping and so on. Are all 3 LANs different interfaces on pfsense? Show that in the diagram.

Awesome, thanks @viktor_g :)

I'm pretty new to BSD so was hoping there might be a workaround. Appreciate you taking the time to set it out 👍

@calical
So enabling the DNS forwarder resolved the issue for you as well?

@jrhatigan

hi

So you have modem... ok
what can be seen here:

6be12df5-263e-4c7d-9586-63a46c38ffb3-image.png

9afbcd1c-2ff2-45b5-ab0d-3561ae522762-image.png

++++edit:

-WAN is set to DHCP
so far (previous config / router), have you got the WAN IP address with DHCP?

-I've reset my modem, 10 min unplugged (not a combo router)
it doesn't "reset" - just a cold start 😉
10 min? it may be little, everyone here suggests more time, but it can be ISP dependent (DHCP lease)

-ping through pfsense diag from WAN to 8.8.8.8 is coming up as all packets lost
this is normal if you don't have a WAN connection the ping can't work outwards 8.8.8.8

OK, it seem this is not working after all and I am really struggling to understand why.

The issue exists under 2.4.5 and 2.4.5-1. But not 2.4.4-3.

the LAN interface is a bridge comprising vtnet0 and vtnet1.10. vtnet1.10 currently carries traffic, via managed switch, from an Asus access point (both Wireless and wired). pfSense is a Proxmox VM with vtnet0 & vtnet1 on Proxmox bridges. Latter bridge is set 'VLAN aware'. All devices on the bridge are in the same subnet 192.168.0.0/24. pfSense's IP on LAN (bridge) interface is 192.168.0.1.

Under pfSense 2.4.4-3, hosts connected to vtnet0 (eg proxy, pihole) see the real IP of incoming connections from clients on vtnet1.10. No problem.

Under pfSense 2.4.5+, this is also true. Other than for DNS traffic: Hosts on vtnet0 will always see the pfsense LAN IP 192.168.0.1 as the remote device. The DNS replies are still successfully received. The effect is something akin to NAT between the two component interfaces of the bridge, but only for DNS traffic.

I have dumped the nat & firewall rules from the command line and do not see anything that might target DNS specifically in this situation. As I say, it worked OK under pfSense 2.4.4-3. The pihole could discern the ip addresses of all the clients. Now it only sees those on vtnet0 and for those on vtnet1.10, it only ses the pfsense LAN IP.

Ok.

Your nearly there.
Contact the admin of your pfSense. Ask him why he installed bind - and why he didn't terminate the setup.
Explain him it's impossible to have tow web servers on the same server or two mail servers or two DNS caches/resolvers/forwarders that listen to the same ports : 953 in this case.
Let him make up his choice, an relocate port 953 of the two process : unbound or bind.
Port 953 is the 'control' port. Fr bind, it's the rndc program that use this port to control the bind while it's running.

Thank you guys, I will talk to netgate.

@cfbcfb said in Wan not coming up, fresh install.:

Connected to the router via wifi and my phone, got a "this network wants you to sign in" and when I clicked that, it brought up the comcast login

That's your OS / brower playing the captive portal detection mode !
That means your WAN is using a RFC1918 IP, and when you start your bowser it hits the GUI web server of the modem, because it's router part is redirecting the browser requests to it's internal Web GUI, where you have to login.

What about playing with these option on the WAN interface :

37b478df-9583-49cc-9cf0-9fd448fc633f-image.png

See manual - Advanced Configuration.

Thanks all for the suggestions. Of course, the tutorials all had one external physical port for WAN and the private for the LAN, then never really explained how to connect the LAN part to a physical port.

So if I have this right, I have TWO externals, one for WAN and one for LAN, set autostart on the vm (I think its set that way already as pfsense came up started after a reboot) and disable VMQ if its there. I did look at the hardware acceleration and saw IPSEC accel and something else (forget) which sounded helpful, but this is my first enterprise grade card.

Cheap on amazon right now, $32 "renewed" (server pull from a proliant. Look for hp four port enterprise to find it. Two intel Gb controllers, four ports.

I'll give it a go in the morning and report back how it went. If all else fails, I have an unfortunately large cube with an i5-6400, 8GB of ram and a small SSD. Love to have it on this always-on machine with the water cooled 6700K and 32GB, but if the vm/pfsense thing just keeps stymieing me, guess I'll run it dedicated and play with trying to get it working on the vm on the bigger machine.

Been in computers for 40 years, and this is my first VM and "make your own router/firewall" experiment. I already had a fun time using Windows Spaces (sort of a software raid capability with parity) with a mishmash of old 2GB drives, four of them made a 7.5GB parity fault tolerant array. Cool, the drives can even be different sizes and/or geometries, internal or external usb/esata and it still uses the whole thing, like JBOD but with parity. Plus 550MB/s reads and 250MB/s writes with 4 old 5400 rpm WD green drives of varying age.

Anyhow, I'll report back in tomorrow. Thanks for the support and understanding, you don't always get nice helpful folks on forums.

So the issue is smp

https://people.freebsd.org/~kuriyama/www/smp/index.html

smp in relation to "Safe Mode" was discussed here:
https://forums.freebsd.org/threads/pfsense-what-exactly-is-that-safe-mode.56524/

To resolve this issue, I went into pfsense admin. Go to Diagnostics / Edit File.

Find file: /boot/loader.conf

Add the following:

kern.smp.disabled=1

Reboot

Note: Disabling smp has some performance side-effects.

Issue resolved after attaching USB LAN card. Now I am getting full upload and download speed with MDS and SNORT enabled. It is stable for now lets see how it work for one week :)

All good sorry. No idea what happened

Today testing with rum USB WiFi adapter.
Removed previously used WiFi interface, reboot, install new settings, in most default settings.
Crashed only when I set Access Point mode for WiFi adapter.
On Client modes work w/o crash.

P.S. Early version of pfSense was ok on AP mode.

@jimp Since it's happened twice to me (and I only find a very few instances of anyone else having the issue), I'm assuming there must be something marginal about my SG-4860. Hopefully, that won't grow into anything worse. But, next time, I'll try to remember to watch it through the console.

Thanks for the reply.

@154218K2 FWIW, the system in my sig works fine on 2012R2. What server ver? Tried Gen 1? Yes, I did have the 2.4.5 CPU problem, but I had checkpointed before update so rollback was no issue. I'd probably create a fresh 2.4.5-p1 Gen 1 machine and restore your backed up config, and give it the same MACs as your previous machine so limited downtime if you have to turn one off and the other on. HTH

As a last resort, I have tried to install pfSense 2.4 using ZFS as the file system and it finally installed. ☺

However, I am seeing some error message after completing the boot. Here is what I am getting:

CAM status: Uncorrectable parity/CRC error
Retrying command
WRITE_FPDMA_QUEUED. ...

I have just validated the disk a few days ago and don't believe that there is a physical problem with the disk. So, I am assuming that it is once again some kind of compatibility issue. Will do some research on it, but at least I can now take a look at the Web UI.

Finally some progress!