tnx dear stephenw10 and muswellhillbilly, :) unfortunately i have to do that, run a separate server

If you only add one interface you should be able to get to the webgui on that. There will be a default firewall rule that allows it when you have it setup in 'appliance mode'. However as soon as you add another interface it will go back to being a firewall and blocking everything on WAN so make sure you've set your own rules before that. If you've already added and removed another interface I'm not sure what will happen. You can always disable the firewall using: pfctl -d At the command line. After you added a rule to allow yourself to connect re-enable it with: pfctl -e Router on a stick usually refers to VLANs: http://en.wikipedia.org/wiki/One-armed_router Steve

That whole screen is for the WAN settings. At the top it says "On this screen we will configure the Wide Area Network information". For 99.9% of installs MAC Address, MTU and MSS are left blank - you should leave them blank unless you have some really special reason to need a magic value. For now, if you are leaving your front-end router/modem in its modem+routing mode, then you can leave Selected Type as "DHCP". It will be given a private address and default gateway from the front-end device that is in "front-end LAN =  pfSense WAN" and use that to get out to the internet. It will be just as if the whole pfSense box, and the "pfSense LAN" behind it are 1 client on the front-end LAN. In this configuration the pfSense LAN will NAT onto front-end LAN, then front-end LAN is NATed out to the real internet. At a later stage you can put your modem/router into bridge mode (so it stops doing "router") and passes the real public IP through to pfSense WAN.

thank you very much!

Thank you very much!

Wow, that was negative fun…. however this morning I watched it boot then saw the full pfsense menu come up via the console. Noticed the option to restore to a previous configuration - did that, and I am at least back to where I was.

I have a couple of inbound NAT rules pointing to other systems on the subnet.  But other than that there is nothing else.  It appears that removing this tick from the VPN connection properties has fixed the issue.  I have had no other negative feedback from our support agents so I have to assume that this change has fixed the issue. Still getting to grips with the system.. :) Drac

Updating to the most recent Github 2.1 release branch has solved the problems for me all together.

Your screenshots are not the way it was intended to be done. Maybe 2.0 allowed this and somehow it worked, I don't know, it has been so long since I used 2.0. I assume in this example: a) The local LAN is not really "/8" - maybe the local LAN subnet is just "10.2.1.254/24" b) There are other subnets available behind the router at 10.2.1.2 - that router might be a VLAN switch with L3 routing software also and lots of VLANs, or an ordinary router with lots of NICs or… The router hardware/firmware does not matter. For 2.1 (and it should work like this in 2.0 also): Change the "Gateway" setting on Interfaces->LAN to none. Leave LANGW defined in System->Routing (and make sure that WANGW is marked as the default) Add Static Routes to the networks behind 10.2.1.2, with gateway=LANGW. Make sure that Firewall-Rules-LAN has rules to permit traffic from (source) the subnets behind 10.2.1.2. If you get it working like this on 2.0 then it should upgrade to 2.1 with no trouble.

Fresh install, reload config…. the screeny shows no significant difference when switching from dashboard to RRD (just after going from RRD to dashboard). [image: fresh_install_2_1.jpg] [image: fresh_install_2_1.jpg_thumb]

Had the same issue…. The version dns error was resolved by flipping the following option: On the general settings page... Check the box that says to not use the dns forwarder for pfsense.

@stephenw10: On an Atom box is that? Steve Sorry, that would have been useful information…  It's a DN2800MT w/ 4GB of RAM and a quad-port i350.

There is no built-in/automatic accommodation for that. If you're on a full install, you can manually partition/format the new disk and then add an entry in /etc/fstab to mount it at each boot, then point whatever you want to that directory to use the disk. If you're on NanoBSD, fstab is not used so you'll need to add a shell command at bootup to mount the additional disk.

I have a mini-pci adapter in my firebox at home. It's this: http://wikidevi.com/wiki/Toshiba_PA3458U-1MPC Any similar Atheros card of that age should be good. It cost me nothing, I had it gathering dust, it provides useful out of band access when I unplug the wrong cable somewhere and also means I can see channel usage via the webgui. But.. I also have external APs that are much faster and give much better coverage. Steve

+1 for Viscosity. Tunnelblick is having serious issues with newer Mac OS versions, since 10.8.

In Snort's Global Settings, enable the option "Keep snort settings after deinstall" and save.