This worked out. Wan = /30 Lan = /24 local 192.168.100.x with dhcp Opt1 = /27 And I had to enable ports (80, 443, 21, etc) on all interfaces Thanks for the help

ok, it should be OK in the next snap now. I didn't notice that it was also in the "remove list".

Looks like you might have a blank user entry in that config.xml. Make sure you don't have any entries like "<user>" in there. If you do, remove them. Also make sure it doesn't exist on the primary. If it does, you'll need to fix it there, too.</user>

Thanks, Steve!

After installing FreeBSD 9.1.0 (i386) on the box, I was able to get the fans under control through this process: Installing the compat4x-i386 package. Extracting the contents of http://people.freebsd.org/~jcagle/hpasm-7.22.tar.gz and modifying the INSTALL script to accept my version (ie. changing the if statement to accept '9' as valid rather than just 4 or 5 for these older versions of FreeBSD). Running the modified INSTALL script and (hey presto) fans are much quieter now.  The hpasmd daemon loads automatically on each reboot. When I attempted to replicate this on pfSense 2.0.3-RELEASE, hpasm installs but hpasmd coredumps when executed. What this tells me is: I'd probably need to investigate if the COMPAT_FREEBSD4 flag is enabled in the default 2.0.3 kernel (I assume that it is not); It is possible to get these fans under control under stock FreeBSD and likley to be possible (if the answer to the point above is no) through custom built pfSense kernel; and If I wanted to do this on pfSense, I probably wouldn't be able to blindy follow the web gui upgrades without checking that these modifications were preserved. So, problem (probably  :-) solved

You know, I just assumed that was a 2.x feature not 2.1 specific. I know I didn't see it on 1.2.2 and 1.2.3 but I've been using 2.1 for a looong time now (was using the old 2.1 IPv6 Development version) so it all seems like a blur to me sometimes. For CPU clock speed, I recall seeing two different measurements under CPU type on the dashboard, but it was in a VMware ESXi install so that may have had an impact on it. I doubt it was "live", it would probably refresh whenever you refreshed the screen and it may be a 2.1 specific feature but I remember seeing it at one point.

Thanks a lot for the quick response, that's exactly what I did. 'Upgrade from console' option in ssh menu works great.

Bad hardware sucks…  Can really have you pulling your hair out.

@acrane: Hey, I have a pf firewall that is being used in a production environment, that has a few hundred IPs configured and a lot of rules. The box needs replacing and I thought I would switch to pfsense s I've been using it at home and love it. I was wondering if there was any way to convert/import the pf.conf file so that pfsense could use it. You could do this yourself with a text editor and some macros (or vi). Just create a rule in the UI so that you can look at how it gets saved in the config.xml file (see /conf/config.xml). From there you can figure out how to take your list and manually create the additional entries in the config.xml file. Depending on what you've got and how good you are with macros it might be easier than entering all of them in the UI. Once you put the new config.xml in place, reboot and pfSense will pickup the changes.

There is no such guide that I'm aware of. If you write one, it may live here on the forum, perhaps as a sticky. I'm not sure that's a practice we'd want to actively encourage through putting it on the wiki, since there is quite a lot of room for error when making any changes to the config, especially automated changes.

You probably need to restore your settings…  Worse case, set pfsense to default and reconfigure.  If you have done it once successfully, second time should be very fast.  Also, make sure you set up DNS.  People often think they have no internet but really they do. If you open the gateway monitor, is it online or offline?

Out of interest why did you choose 'pass' the first time? Create associated rule is the default setting. Also you may find that your servers appear to all use the same public IP for outgoing traffic unless you set manual outbound NAT rules. Steve

@jimp: You'd need to run a packet capture watching for connections to your firewall on port 8443, and see what the source IP of the traffic ends up being there. i finally found it was my spiceworks network scanner, that was scanning the pfsense, and causing the error in the logs.

Stephen10 - I was forced to add the additional virtual WANs because I really would rather have use VIPs but had no idea how to get them to work because the ISP was binding to MACs and when I tried the VIP route they wouldn't give me an IP.  Stingy guys….

The captive portal works at layer 2 so if you have problem at layer 3, ip address - routing etc, the captive portal is likely the only thing you will see. Check that the pfSense DHCP server is handing out the correct IP address etc. I confess that I don't use the captive portal anyway currently so I'm perhaps not the right person to answer this. Anyone else? I'm not sure what you mean by 'ath0-WAN'. You should have one WAN, alc0, and one LAN, ath0. Steve

@Chucko: On this hardware, is there any benefit to installing the amd64 version of pfSense? Probably only if you have more than 3GB RAM.

I love a good pfSense story.  Glad it worked out, it's only going to get better.

Cheers kejianshi.  I owe you lunch man.  Be excited that your knowledge made the light turn on  ;D

I second the "bad drive" diagnosis - though it could be RAM, power, heat, etc. If it always crashes in the exact same place every single time, it's probably the HDD.

@kejianshi: Yes - I have a Bank Routing Number and Account Number for expressing appreciation… I only take beer… so, if you manage to set up beer-over-ip tunnel, I'll be happy to be your guest. :D