@Ryu945: Kingston [image: 5pNO1xY.jpg]

If you want to play it safe, I'd go for the second choice. That way you have a rollback option if the new hardware gives you any grief.

You can backup the IPSEC part of the config, modify the XML for each site and restore it to each box.

I too had an issue with installing pkg. Turns out I was just impatient and terminated the job before the update could complete. I just had to run a "pkg update -f" to get the info from the repo, then I could ACTUALLY see the packages available. HOWEVER, I am running into an issue where I dont have enough free space on a brand new installation (using stock 1gb card). Literally need 1mb to download flashrom package. Any way to allocate the remaining space from /cf to rootfs? All I need to do is flash the bios so I can use the hdd I have laying here, but it wont boot without the bios being updated iirc. edit Guess I should specify that I am running on a Watchguard XTM 5 series Firewall with upgraded CPU/Ram. edit2 Re-wrote the image to the CF card and installed flashrom first off, went without a hitch.

added to all that, Buechler's book is surly talking about 'updates' …. just apply  ;)

You should re-install pfSense completely. The reason you see the main page only is that you are logged in with a restricted username/password combination which doesn't give you access to all areas, only traffic shaper. Are you able to download a backup config from it?

What type of hardware are you running this on?

how did you manage to get to 2.2.2 ? the latest stable release = 2.2.4

[image: 60905694.jpg]

Good to hear you got it going. For the record, you ought not be able to ping the outside interface from inside the LAN anyway, at least not with the default firewall rules. The fact that your two internal hosts can't ping one another despite being on the same LAN is odd, but if it isn't causing you any problem then I guess it's all good.

@jimp: Your screenshot does not show where you set the suggested variable. Also, settings in loader.conf.local only apply at boot time, so after altering the file you must reboot the firewall. I have set in the loader.conf and restarted the firewall. but the set value does not appear when i typed the command sysctl vm. [image: boot11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111.png] [image: boot11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111.png_thumb]

Mixed USB 1 & 2 …. This device (PC ?) dates from what year ??

For what its worth, I was able to crack open the case, pull out the CF, install 'netgate-2.2-RELEASE-4g-i386-nanobsd.m1n1wall.img' to the CF and it successfully boots into 2.2 (free bsd 10.1).  So the question becomes, why won't the auto upgrade work and what the heck is stopping the device from booting after.

Is there a list of URL's and ports that need to be unblocked to allow upgrades/package installations ? Depending on what they're using to filter you, could you not simply ask them to whitelist *.psense.org?

i write from Italy. I had the same problem on Win 7 64 bit / Chrome 64 bit. I have solved in this very simple way. Uninstalled Chrome completely (iobit uninstaller free). Reinstalled, logged in the chrome account for the favorites (in which i have the favorite for web interface). Logged in pfsense. All good. In other PC (generally i have ubuntu 64 or some free unix, windows is only on the pc that have programs not virtualizable for windows) I had no problem. When i had the problem, the metallic theme was not affected. Only ng_theme was affected.

Did you download the correct ISO for your hardware? (aka: AMD64 and not i386)

Ok, I bit the bullet and tried to upgrade from 2.2.2 to 2.2.4: same result  :-\

They're not down, not building at the moment. Haven't really been any changes. Should be back later this week if not later today.

Hi silfen, I don't know if you already solved this, but we have a similar configuration, but virtualized. And yes, we use VLANs to segment different traffics (operation LAN, WAN or different WANS, clients LANs). You must use a VLAN tagged dot1q cappable switch. Then you can use just one port as minimun to interconnect pfSense with the switch and configure that port on the switch as VLAN tagged port with all VLANs available 1-4096. On the pfSense you set that interface as VLAN, and then you can create many VLANs as you want and assign as virtual interfaces on pfSense. You can create then each VLAN for each customer + internal traffic, management, WAN, etc. VLANs for internal purpouse. In that way you isolate each customer from each other not just at layer 3 IP/routing network range, but layer 2 MAC address. You can even have the ESX Ethernet port configured as VLAN tagged and assign each VM to each VLAN number. We have a testing VM (windows or linux) too that we can switch to any VLAN number to test anything as we were connected at the same customer LAN. For the WAN public IPs, you can create Virtual IPs on the pfSense to NAT by ports or 1:1 to the interal IPs or even you can create a VLAN with the some Public IPs if the customer require a public IP at their VM. Regards JP