Tuning and Troubleshooting Network Cards It depends also a little bit on the available RAM in your pfSense box, RAM is cheap to get these days and not anymore limited since 64Bit hardware is in the game and available. So 8 GB RAM or 16 GB RAM would be not the problem for you as I see it right. You can easily high up the mbufs size explained how to do so, shown under the link above. Mostly the users are thinking that something goes wrong if there a perhaps 256 MB till 1 GB of RAM will be used, but the entire mix of their hardware and art and wise of the usage of the pfSense box, so at this days it is not really wrong to hug up the amount of RAM. 2 GB should be something as a good starting basis 4 GB if VPN and high Internet and/or network usage is in the game 8 GB if Squid and Snort are coming to that on top 16 GB if money is there and your hardware is supporting it

disabled NAT In usual all is opened if the NAT is down! There are two common ways to do so: Opening ports at the WAN interface Disable NAT and all is open At today many peoples want to create a so called transparent firewall by bridging ports together and disabling then the NAT function at the WAN Interface and yes the most of them don´t really know what they are doing, but they are thinking this transparent firewall is much more secure then the others. I really don´t know from where this knowledge is coming or will be spread out but in this way the security is not gaining up in your network, believe me please.

the hdd controller is faulty :-) Is this a SSD? Were you setting up the AHCI mode in the BIOS?

Silly question:  Are you sure you're assigning WAN to the proper NIC in pfSense? If I do a fresh install or add hardware on occasion, the NICs show up differently in pfSense. Only by writing down the MAC address of each NIC am I able to correctly reassign them at reboot.

@snm777: perhaps somehting about the SD cards is similar enough between the nanobsd and FreeBSD That something "similar enough" is the UFS filesystem with the SU+J disaster "feature". (It was turned off on nano in 2.2.4 because it's completely unusable with slow media.)

Yes, you don't have to use 1:1 NAT from your virtual IPs. However if you have added them for convenience you can override the 1:1 entry with a port forward to change the ports. Steve

Can you reach the package list fie: https://packages.pfsense.org/packages/pkg_config.10.xml Can you fetch that file from the pfSense command line? Steve

Coincidentally, I just did a new lagg+VLANs config yesterday. Works fine. Can't be done from the console. Assign your USB NIC as LAN, configure everything in the web interface from there. You can reassign VLANs.

@Abhishek: I am also facing same issue , i kept upgrade at 8Am , now its 04:19 PM  still not upgrade done That looks like a different issue.  Mine had nothing to do with package reinstallation.

Since you say you remove the graphics card that would imply a desktop or workstation type motherboard. If so check your BIOS to see if it's set to halt on all errors at boot and if so change it to none. I had to do this on my motherboard that wouldn't boot without a keyboard and mouse attached.

Completely flawless update Thanks for the hard work everyone!

I just changed the setup of the DHCP IPv4 server (running from the default 192.168.1.1 on LAN) "Gateway" was empty, I filled in "192.168.1.254" and restarted the DHCP IPv4 server on pfSense. I ripped out the RJ45 from my computer, and put it back in (my PC requested a new IP among others). Guess what, the IP handed out was the same, DNS was still 192.168.1.1 but the Gateway was … 192.168.1.254  ;D Yes .. my setup isn't broken - pfSense worked ... again.

just reboot it.

Aha! I did read the release notes before upgrading, but I didn't catch that (assuming you're talking about the forcesync patch for #2401).  I didn't equate "noticable slowness" with "takes forever", but I guess that's close enough. And in reading the bug, I see it's exactly what I'm experiencing. Thanks for the pointer!

So all of your devices are on same vlan and your switches are interconnected with 1 upstream connection to this router in the mail room, or do all the switches go directly to the uni router? If you only have one uplink to their router, you could just ask to have this block they gave you routed to you via a /30 or /31 transit network, then all their switches could maintain their same IP and you would just have pfsense as firewall between their network and the yours.  You could then allow them access to the IPs the switches are on and all your devices could maintain their public IPs you would just allow traffic at pfsense. Or you could nat off your network yes, you could then change all your switches to your private network and port forward to them via a public IP you put on pfsense wan.  Since you had a whole block to use.. You could the same switches IP and just forward to the new private IPs of the switches. The routed network is the cleanest option if you ask me. Your other option - which I don't like but would be to setup pfsense in transparent mode and bridge.  I would not recommend this option, but this is another way for you to leave all the ip addressing the same on your devices and their switches while still giving you a firewall between their network and yours. As to learning pfsense – just connect pfsense to one of your switch ports.  Put another switch behind it connected to pfsense lan interfacde and play with putting some devices behind pfsense.  This would be a mini version of option 2.

@cmb: Given that, it seems likely it's a hardware issue. Where it's a software issue, generally you'll find other reports via Google of similar backtraces, or within our crash reports. Yeah I would have expected hardware except this box has been a rock for 6 months now running pfSense, so I'm not sure what to think.  I would have used the cosmic ray excuse, but it's a Xeon E3 machine with ECC RAM.  It's behaving itself now so I'll just assume it wanted attention.  ;D

Same here…I've traded out NIC cards, drives, reloaded PFS a few times and an entirely new box.  I'm using Neoware Thin Clients with a 4GB DOM, 1GB of RAM, 1Ghz processor and Intel dual NIC.  I'm installing PFS 2.2.4  I've got this working on a few other Thin Clients with the same config but they were upgraded not freshly installed. Eventually it passes the "Configuring LAN interface…Starting DNS Resolver..." but it takes a very long time (up to an hour). kingsz1- Did you figure this out or are you using the kind of hardware I am?  What was the solution? Anyone else seen this or have any suggestions?