Realize this topic is rather old but just wanted to update it that I went ahead and ordered caps from mouser that matched the spec of the ones I pulled off the board and got the old Firebox running again! Was even able to get it booting off a hard drive. Really appreciate all the insight offered!

FYI- Looks like you set it to pull updates from the 2.5.0 development snapshots but didn't upgrade to 2.5.0.

Sorted now thanks to Support

They are normally generated if they are missing when you try to update. What actual error are you seeing? Steve

@JeGr As haproxy terminates the TCP connection in a socket, and the state of that socket is not sinked to the secondary haproxy node the TCP connection will break when a failover is performed. Stick-table content can be synced.. but the state of all socket-connections is not. @adam65535 As for configuration changes on a running haproxy this should not have much notable impact on http connections as it would ask the browser nicely to close existing http connections, and new TCP-connection can be made to the already running new haproxy instance. And the old process keeps serving connections until the hard-stop-timeout (its default on the pfSense package is 15 minutes) or it will stop when no connections remain. Long existing connections like for a database connection or a ssh session, yes those would eventually break.. Or you would need a stop timeout of like 24 hours or something.. but that gives a risk of running lots of haproxy processes simultaneously if several changes are made during a day, risks like out-of-memory then arise...

Again: Pick an addon card, read up what chipset/controller it's using for the RS232 port and then check whether it is supported by FreeBSD. The PCIe bus has nothing to do with it.

1225v3 is the CPU. https://ark.intel.com/content/www/us/en/ark/products/75461/intel-xeon-processor-e3-1225-v3-8m-cache-3-20-ghz.html The prebuilds usually have similar or slower CPUs no? Is ECC really needed for pfsense and if you claim Single thread is that badly needed do you have any actual data to back that up because for my house even the 3770 should be faster than anything else I currently have set up or could reasonably buy. Also what about the NICs? I heard there are issues with fake NICs and wondering on prices for NICs because I have to do the used/generic route.

@Boab said in adding new subnet to existing WAN: I think I may have resolved it still checking. Writing it up on the forum and having a meal/break clears your head. will report tomorrow. Show us how you did it, with screenshots! Jeff

Problem solved : It was the default gateway for IPv4. It was using the IPv6 gateway. I think the new version applies a more strict policy. ;)

Welp turns out this whole ordeal had nothing to do with Verizon or my ONT. I did the packet capture and the mystery device sending DHCP signals to the WAN was the pfSense box's own baseboard management controller. My board's BIOS has an option to disable the IPMI function which is supposed to disable BMC networking along with it, but evidently that doesn't work as explained, or is broken. And even though I'd never connected that network interface to anything, the BMC wants a DHCP lease. I logged into the IPMI GUI, set a static config, and I'm now nearing 24 hours of uninterrupted uptime. The 0.0.0.0:67 - 255.255.255.255:68 entries haven't shown up again in packet captures or the firewall logs. I'm very happy this was smoothed out and thank you @Derelict for the tip to look at the MAC addresses. @dtruesdale For anyone else in this situation, a few more tips: You can just set an IPMI address, netmask, and gateway in the BIOS. This is all that's really necessary so you don't actually need expose the BMC to the network. If you fully configure IPMI and intend to leave it network-accessible, you'll of course want to change the default ADMIN/ADMIN username and password. Through significantly more trial and error than it should have taken, I found that even the latest version of my board's IPMI firmware is so old that it doesn't allow special characters in the user passwords. Despite Supermicro support pages saying that the max pw length is 20 characters, I wasn't able to use more than 16. There's also a handful of service ports that are enabled by default so check those out. This site has easy instructions to reset the admin pw for if (when) you lock yourself out: http://tcpip.me/2018/06/23/how-to-recover-forgotten-ipmi-credentials-on-pfsense/

No. You can "update" by backup'ing your configuration and installing 2.4.4 from USB/Image/ISO medium though. If you put that configuration either on the stick or installing over the current installation (and choose recover config in the installer) you should get a 2.4.4 installation with your current configuration. But WAN/internet access is required after installation to correctly re-install packages etc.

Thank you..

Thanks Steve!

@dtruesdale Wow, that was fast. I just posted the topic! I'm going to review this right now- thanks!

Same problem or same question?

I've just experienced this bug, as well. I'm currently running 2.4.4-RELEASE-p1 (amd64). To resolve, I had to kill filterdns and re-save the affected alias table. The affected fqdn entry was a local host (dhcp) and also manually entered in dns resolver. nslookup on the hostname worked fine, but the IP address wouldn't populate in the alias table. Once I killed filterdns and re-saved the alias table, all is working again. I already had the firewall table size increased to 400k, so that wasn't the issue for me.

no i dont thing so i could update and install just fine from cli!!!it was just after the pfbkocker-devel update before that it was working just fine i dont know that is what actually caused the problem because i updated pfblocker and left then came the next day ours apart and tried to install another package but couldnt. Tried the same package from cli and it installed just fine. i could pkg update no errors and pkg upgrade no errors only on the webgui it was not working.

You speak the truth, Sir John. Kom! Or anyone, really..... I am not satisfied and need to make some slight adjustments, if you would assist, please. First, pfsense was kindly loaded on this device for me before shipping. It is 2.4.4 but.... I like to load my own software, call me paranoid. The first issue is, not familiar with much UNIX or really not yet cozy with anything non-Windows unless we go back to DOS of early 90's, I hesitate to download from the pfsense site, to memstick (USB thumb drive, AMD64, New York will be my choice) and booting from this to my mini-pc, which already has pfsense. I wonder, if I should format this SSD first. Also, I wonder even more (just kidding, I'll be doing this) if my Bios is set to boot from USB... I'll be sure. But, should I wipe this SSD? then re-load pfsense? Let me note that I had no cozy installer at any point, the thing went right to work and wanted 1 of 16 options because they apparently made choices for me and there was ZERO literature in the mini-pc box. Nothhing. Not a scrap of info or explanation, and let me back up a sec.... ISP's modemwith no Wifi, (WAN from the Great Wide World) to----->Mini-pc with pfsense to----->New switch with Wifi, 4 lan ports (formerly known as Asus rt ac3200, now a sad expensive WAN disabled switch.... Or is WAN disabled? Hmm...) There was a possible conflict. Address conflict. Forgive if subnet is incorrect but it appears ISP's modem was my WAN---->re0---->v4/DHCP4---->blah.168.0.101/24 (not alarmed by this) my LAN----->rl0---->v4----->blah.168.1.1/24 and the problem was, if there was one, is that the WAN- disabled Asus wifi router (now sad switch with wifi) has a default address stamped on the bottom exactly like my LAN which should be the mini-pc's LAN (or rl0) and even though the WAN is disabled, Idk if it's a problem. This configuration happened after I, moments before, didn't want any vlan nonsense configured and entered n for no, still ok but it naturally pfsense wanted to know what re0 was because: "Network Interface Mismatch-running interface assignment option." re0- link state changed to down r10-link state changed to down and so, I did this unplug trick instead of 'a' for auto because someone said to. I did a thing in college once, because someone said to, and wound up at the infirmary with a... well never mind that story. Sorry. Anywho, it wanted a WAN interface name so when I unplugged: re0 link state changed to down, and when I plugged back in.... re0 link state changed to up Therefore I concluded I was in the right hole. I could comment further on that but won't in mixed company . I entered re0 for WAN to confirm. Then, it wanted LAN interface name so i did the unplug trick on the cable going to the poor demoted Asus wifi router and upon unplug,-> link state down, and plugged back in,-> link state up, therefore I declared myself clever. 2 holes in 1, Although I had 4 holes to choose from. Yet now, this conflict as stated above: WAN---->re0---->v4/DHCP4---->blah.168.0.101/24 and LAN----->rl0---->v4----->blah.168.1.1/24 and default IP on Asus: blah168.1.1 remember, so at this point I'm worried a bit... Mini-pc with pfsense should be my LAN (rl0) with blah168.1.1/24 and then from pfsence mini to switch (Asus wifi being the switch with 4 LAN ports and 1 forever empty deactivated WAN), nothing but a thing with 4 LAN ports with WiFi, that I can theoretically plug 3 clients (laptops, say) and said clients would have an Ethernet connection, and my iPhone there would have a WiFi connection, and all 4 devices protected by my nice mini pc router/pfsense firewall/DHCP server. Knowing I disabled the WAN on ASUS I had to assign DHCP duty to pfsense so option 2 let me set and configure 2 interfaces (re0 and rl0) and I believe I should now set a new LAN ipv4 (rl0) to blah168.1.2/24, not worry about any new WAN upstream gateway nonsense (ENTER for none) or any ipv6 stuff (ENTER for none) then 'y' for hellyes when it asks if I want to enable DHCP on the LAN (pfsense mini pc). Then give it a range of (24?) IP addresses. I say blah168.1.3 as starting point, taking any worry about the Asus's default IP being 1.1 (although it should not matter if I disabled the WAN in the Asus anyway, should it?) and an ending point... Umm I'm not sure what to put. Blah168.1.24? This would give: WAN---->re0---->v4/DHCP4---->blah.168.0.101/24(ISP) LAN----->r10---->v4/ipv4----->blah.168.1.2/24(mini pc) before I change DHCP duties to pfsense. Wifi router just a switch with wifi, and 3 Ethernet client ports with IP's between blah168.1.3 and blah186.1.24. or .26 or .27, idk I'm asking what that end range number should be, as ISP is .0 end range must be blah168.1.24. Correct? Alternately, nothing plugged into the Wifi router but the line from mini pc, and everything could be on Wifi until I ran so slow nothing did anything, or 1 laptop plugged in Ethernet port on switch, 1 empty port, and whatever Wifi devices I choose until no more speed at all.. This is perfectly reasonable, yes? I'm not hooking any client up either way until I know, and when I know, I still need help knowing how to properly re-download pfsense and boot from that USB stick, download to SSD, and configure as above. So I've taken my Asus wifi router, disabled WAN, and have a 4 port LAN switch with Wifi. I took the default Asus IP out of the picture just in case and there is no blah168.1.1 on my network. I don't know what that end IP range should be, which pfsense will be handling now as DHCP server, And before this I want to re-download and start over, but don't know if I should format my 128 gb SSD on the mini after checking the BIOS to make sure the mini will boot from USB stick, and last but not least.... Use entire 128 GB for pfsense? using the whole drive is recommended. But is this an OS where I can put a Bitdefender anti-virus and Nord VPN? or at least Nord OpenVPN (I doubt Bitdefender will run on anything but Windows or some Linux and I don't want Microsoft anything on my pfsense mini but Nord should not need Windows or even a Linux distro should it?) So I'm stuck bro. I might want other nifty programs on the mini running with pfsense, certainly OpenVPN, other cool stuff, but do I need to put a different OS on there, partition the drive, or what? Definately not CS101 questions. But I'm so close here, I have a working pfsense plan running with a crappy switch that is now unacceptable and going in the trash, this non-WAN Wifi router should be no different, I just need to re-download what some stranger from China loaded on and not waste all my SSD space I want later for OpenVPN and extra cool programs that compliment pfsense. It took me a long time to write all that. yet, one more thing I forgot.... I do have a spot for an HDD drive on the mini too if I want. Just have to plug on in. See the chord sticking up left side beyong the SSD? HDD ready. Have a couple laptop drives right over in the drawer in fact. [image: 1553168523737-fullsizerender.jpg] Whew my brain hurts.

Then just change your wan from dhcp to static and put in the info.. You will have to create the gateway then, etc.

As far as I know it's a FreeBSD issue, it may have been fixed already in 12. It could also be the BIOS reporting incorrectly to FreeBSD. Manufacturers love to test in Windows only and then ship! It would be tough for us to disable anything there by default as some systems boot from SD card. It's a relative minority of boards that are affected. Steve