Thanks a lot for the tips. I am getting who-has ARP requests hitting pfsense from the front end DSL modem. I statically assigned 192.168.0.2 to the pfsense MAC addr "which is the same as the front end modem's" and it was listed as unknown in the modem's DHCP reservation list and then.. wallah! It got named pfSense dynamically. I am still having issues getting to the front end modem from the pfSense router though.. pfSense interface list: WAN ipv4 192.168.0.2/24 LAN ipv4 192.168.1.1/24 It seems I am making headway though! About to go poke around in the pfSense web UI and disable the firewall to see if that is causing issues, though I cannot get into the web interface at this time via the address it should be on "192.168.1.1"…..

Have a look at this thread: http://forum.pfsense.org/index.php/topic,48947.msg269592.html#msg269592 Steve

The LiveCD install works great on VMware, I've run it for years that way.

I've had similar experiences with 2.1. I upgraded my 2.0.3 installation to 2.1, and it cannot get a DHCP address on the WAN. A fresh install had the same issues. Tried on several different systems, and none were able to get a DHPC address. Re-installed 2.0.3, and the WAN works fine.

The host OS should not be able to see the WAN NIC if it is bridged to the pfSense VM as you've seen. You can't have more than one OS attempting to control the IP properties of the NIC. IT would be best to have the IP settings on the WAN NIC set to 'none' in Windows but there isn't an option for that. Instead if you look at the WAN NIC properties it lists the protocols being used by the NIC. It should list 'virtual box' something (I can't remember exactly what it's called) that's the only protocol required. If you want you can disable the other protocols so that Viirtual Box is the only thing that can use that NIC. However, if it ain't broke….  ;) Steve

Well spotted.  :) That's very odd. Just to certain which image exactly was it you used the first time? Did you use the same image the second time? Steve

ok thanks.  since the clean install of 2.1 vga nano, i haven't had the apinger issue yet.  ill keep u posted. thank you

@eleanor: Hi, I would like to know what are best practices regarding running Snort on PFsense and using PFsense as FW as well as IDS solution. I instlalled and configured Snort on pfsense without a problem, but Snort has put my interfaces in promiscous mode (WAN inteface as well as LAN interface), thus making them unreachable. Therefore I couldn't connect with VPN to the pfsense anymore and I had to manually reset snort. Not sure I understand what you mean by "unreachable".  I use Snort on three interfaces (WAN, LAN and DMZ) and have no problem using the OpenVPN package for client connections. @eleanor: What are best practices to run Snort on pfsense? Thank you Most folks run it on the WAN interface using a combination of Snort VRT and Emerging Threats rules.  My personal recommendation is to run it on both the WAN and LAN interfaces with different rules on each.  For the WAN, I used the ET-CIARMY, ET-RBN and other block list rules containing known poor reputation IPs.  For the LAN side, I use the Snort VRT "Balanced IPS Policy" combined with some of the Emerging Threats Trojan and Worm rules. Bill

Hi, i can confirm this problem, i also had this when upgrading to 2.1. There seems to be one urgent bug inside of pfsense 2.1 regarding this. i tried all configurations to fix this also to change some kernel parameter but nothing seemed to help, only to downgrade back to 2.01! i could notice thate the outbound settings couldn´t configure /32 subnet but only bigger subnets that would result in confusing when finding the correct outbound ip in case you have multiple ips but need to set outbound for every ip (/32) in my opinion. kind regards, barnaba

thanks stephenw10 you are hero of of 2013, great minds think alike I was thinking since internet was not working (ports 3/4) I decided to go back to square one and copy the pfsense settings within interface & firewall rules just to see if internet can work but I did so without the openVPN settings which it did prove to work just fine. I noticed on OPT1/2 I left it on LAN Subnet under Source, how on earth did you figure out my Source setting was incorrect ? I set it to OPT1 subnet and did the same for OPT2 after reading your post, plugged in ports 3/4 and it popped up with internet connection. Added my OpenVPN settings and retried just now under Lan and ports 2/3/4 all working fine under my VPN provider :D I have further defaulted the gateway dns servers and assigned private servers instead so I do not get IP or DNS leaks, also paused OpenVPN and tested if it works ! I have saved the xml 4x I have renamed my pfsense box to Johnpoz under General Setup but it came back with an error which I ignored Relax I am messing around :P, thanks to all you guys including johnpoz I got there with a bit of testing and playing around I was surprised that most of the advanced and basic settings can be ignored or left on default… wish I knew that well before getting into pfsense. Next I will consider poe/switch to add more devices ! Merry Xmas all

There's an option to do it in System: Advanced: Miscellaneous: You have to reboot to see the change. Steve

Your WAN is getting a private IP in 192.168.1.0/24 - so  guess you have plugged it in to the internet modem/router that then goes to your ISP. That is fine for now while learning. Later you probably want to put the internet modem/router into bridge mode so it passes through the real internet IP to pfSense. Your problem is likely that your LAN is also 192.168.1.0/24 subnet (e.g. LAN IP 192.168.1.1). Having the same IPs on WAN and LAN side won't work. Run the wizard again and specify a different subnet for the LAN - pick another more obscure number in 192.168 - e.g. 192.168.42.1/24

thanks guys yes you were both right I was using free download manager.  Clicked cancel and then the xml config file popped right back up, its a life saver and now I can try and mess about with the other settings to get my other ports working knowing I can restore at will :)

Details needed: What hardware? What pfSense version? What type of install? (LiveCD, memstick, nanoBSD…) Post the console output so we can see what is missing that prevents you from being able to give valid answers for WAN/LAN devices.

Well its been a record 24hrs without a single loss of the lan side, so I am tempted to call this issue resolved. At the end of all of it, I think we can conclude the errors were due to a flaky sk1 (original LAN) port on the pfsense box.  Perhaps there would have been a quicker way to reach that conclusion, though as part of the "adventure" I certainly have a far better understanding of pfsense than I did when I dropped it in as the gatekeeper of my network. Thanks all for the help in troubleshooting!  I am going to go ahead and mark this thread as solved for now.  I can always change it back if I am wrong and the error comes back…. but it has survived 24hrs and a stress test without kicking out a single error... so I am going to go with it! :)

Hy, are there any news about - I've a similar problem in a lab-environment. Want to create "restricted cp admins" but they cant see nothing expect a browser "can't load page" … In the Logs I see the following line: php: /getstats.php: testadmin@1.1.1.1 attempted to access /getstats.php but does not have access to that page. Redirecting to services_captiveportal.php. BR n3ro