@mevans336: Even with 1:1 NAT, the firewall doesn't allow ports 0-65535 through right? It only forwards those ports through NAT? Yes. That's true. Even if you 1:1 NAT and you dont create a firewallrule that allows traffic, it will be blocked by the firewall. I might have exaggerated with saying you expose ports to the internet with 1:1 NAT. You have seperate rulesets for the Firewall and NAT. But it's still a better approach to have 2 ways of security. 1: the firewall 2: no defined destination for inbound unwanted traffic.

It maybe won't fix the issue - but why are you using an obsolete Release Candidate? 1.2-RELEASE is available on the mirrors. There is one reason I can think of to start with RC3, which is if you have a system that won't boot with the uniprocessor kernel in 1.2-RC4 or 1.2-RELEASE, but you can still install 1.2-RC3 then upgrade to 1.2-RELEASE with the SMP kernel selected in that case. It would certainly make sense to clear the configuration and start again. If that doesn't work, and the box is still responding to the console, select bridging again then reboot. Does it work then?

Thanks, that helps! Mike

Probably everything is much simplier? 1)Did you enable ICMP at WAN interface in rules? By default everything is allowed at LAN that is why you have icmp reply connecting to LAN. 2) Does ifconfig shows WAN as up? 3) tcpdump at WAN. Can you see arp request/response after connecting PC? icmp requests?

I'm suggesting you take a different approach.  Rather than doing development on your firewall (which is a Bad Thing from a security perspective), do your development elsewhere, create a package and then install that package on the firewall. Questions regarding development builds are probably best taken to Development forum.

i tried; i can only quit the install without save.. so i run nox ComixWall and it's work! thanks

Well, after a bit of messing around, the BIOS does in fact SEE the drive, so all is functioning well. It will boot a good portion, but always fails at: Trying to mount root from ufs:/dev/da0s1a Manual root filesystem specification:   <fstype>:<device>  Mount <device>using filesystem <fstype>eg. ufs:da0s1a   ?                  List valid disk boot devices   <empty line="">      Abort manual input mountroot> ? List of GEOM managed disk devices: Manual root filesystem specification:   <fstype>:<device>  Mount <device>using filesystem <fstype>eg. ufs:da0s1a   ?                  List valid disk boot devices   <empty line="">      Abort manual input mountroot> See? Nothings listed. I don't understand.</empty></fstype></device></device></fstype></empty></fstype></device></device></fstype>

you should install vmware-server on your ubuntu  and then setup a pfsense virtual machine or if you have physical access you could wipe ubuntu off and install pfsense from scratch

What box?  I'm good, but my crystal ball is in for repairs ;) Note that 192.168.x.x IP addresses are RFC1918 (aka "private") IP addresses and will not be the DNS servers for your Virgin Media cable modems.  I'd suggest you read through the various documents and postings in the Dual WAN forum (and start a new thread there) - I've never done this so anything I advise is just educated guesswork.

However, FreeBSD has the binary packages and as FreeNAS is based on FreeBSD you may find that you can install the FreeBSD package.

ive got to part were says http://192.168.1.1/wizard.php i am on thir need to do settings i am online but still need to do setting etc for it [*Deleted by GruensFroeschli: No need to insult people that tried to help you… ]

More to the point, downgrading, especially for IPSEC is a very bad idea.  Many MANY things were fixed with IPSEC in the release versions.  Running an outdated (read: unsupported) version of pfSense is an exceptionally bad idea.

For those of you not already doing so: Limit the Source IPs in your external SSH rules Install SSH keys and do not allow logins without keys Rate limit connections as indicated in the forum. All the tools to limit your exposure to SSH bruteforcing are in place, its up to you to use them.

Thank you, this helped.  I ended up putting the jumper on the HDD pin limiting it to 32GB - this baby is a barraccuda 120GB, and I'll just assume it was too big or too fast by default. thanks for the help  guys, maybe you could add this fact to the doc. cheers me.

Ah, thank you - very helpful link.

I think the problem appears because you set the system to embedded while the media is mounted writeable. You could probably get rid of this "spam" by setting the file to platform pfsense again, performing a clean shutdown and then modifying the file back to embedded while pfsense is not running on this media so it boots up already with this file being set to embedded. You'll need another freebsd (or even pfSense) system to do this which sould not be too hard as you do this all in vm anyway.