@davidh1234 It looks like my copy/paste format got all wrong.

@jmorfali Do the webservers use pfSense as their default route? If not then the 'transparent' option is out the window.. There are basically 3 options then to achieve it: TransparentClientIP (possible for all TCP protocols, but does require the webservers default-route and reply traffic back through pfSense..) Seems your environment doesn't currently meet these requirements.. HTTP-forward-for-header (requires that haproxy is operating in http mode so it can insert the http-header, also requires to configure the webserver to use this header for its logging and other actions inside the web application..) Proxy-Protocol (can be used with all TCP protocols but does require that the target server is configured to understand this protocol..) https://www.haproxy.com/blog/haproxy/proxy-protocol/ not a lot of 'server applications' are ready to receive this but some can..

@jludrosky said in New install of 2.4.5 no bookable image: Also the check sum is diffrent before I extract it. Check sum from site fda93684669ad0b2b9e314a53d5c7272076484a6b714d60d5e06f14e1c7ce049 Check sum before extractrion FDA93684669AD0B2B9E314A53D5C7272076484A6B714D60D5E06F14E1C7CE049 Check sum after extraction FB1D253F9C594A7E32418CF43E4B56CF17976CE4FDB6061FDAE559B1BD15DF11 The posted checksum is for the compressed gzip archive. So your "before extraction" value is what you would check to validate the download was not corrupted on your end. After you extract the ISO (or USB memstick image) the checksum will be different and not valid for "validating" the downloaded ISO. The image will be a FreeBSD-11.3-STABLE operating system. The 2.5.0 DEVEL snapshots are FreeBSD-12.1-STABLE. Don't know if that might matter to whatever device you are trying to "mount" the image on. The preferred method these days is to create a USB image using the "memstick" download option. Of course a conventional ISO should work fine once burned to a CD using the proper tool. Not really sure what your issue could be. Lots of folks have used the installers for pfSense Community Edition recently. I assume you are following the instructions as posted here: https://docs.netgate.com/reference/create-flash-media.html#Rufus? You might also want to peruse through this thread from a few months ago: https://forum.netgate.com/topic/141197/can-t-create-uefi-bootable-usb-stick.

I had pulled the other NIC out trying to diagnose. This is just a test computer for now. If I need a better NIC, I'll install :)

hi, yes I set 8.8.8.8, no luck

Thanks very much for the suggestion.

Workaround is to kill the squidGuard post install process, the installation of remaining packages will the complete. I then rebooted and manually reinstalled just the squidGuard package. There seems to be a bug that was reproducible at least on my end.

That error is common on many systems and usually not a problem. I doubt that system actually has a parallel port. Steve

When adding directives to /boot/loader.conf.local you don't use set on the contents. In there, you would just have: kern.vty=sc

flashed latest firmware and all is ok now

You are seeing exactly the same error from pkg-static update? If not what do you see? Steve

Na didn't see any speed increase.. All runs well really.. Just learning Port forwarding etc and firewall rules.. Pfsense is alot more complex than a basic netgear router haha. Once again appreciate all the help... Legends..

Managed to do it, merged snapshots, mounted in windows, used an EFS file explorer, found original config was 0bytes, used a backup recurring file, restored config - all back up :)

Thanks for your answer. I will check it when the new device is delivered.

I have managed to export/import most of the configs that I need from the old one to the new one, so I'm not too worried about this problem anymore.

Thank you, I disabled the corresponding trigger in Zabbix. I read that same reasoning would apply, in general, to computers with SSD. Better have plenty of memory.

A ticket for older release? https://soft.uclv.edu.cu/pfSense/ Thank you Google for helping us out!

Guys, Mystery solved. All my fault, plus assistance from the H/W manufacturer ... Seems that port0 MAC ended :0b and port1 ended :0a, so I basically had them labeled the wrong way around. PfBlockerNG was set up on the 'outside' port, hence what I was seeing. Like I said - all my fault, but I'd still love to have a minute with the olympic class ^%$ head that designed it this way. Hope someone else benefits from this experience. Chip

pfSense. -Rico