Just thought I'd follow up. This was fixed with the referred build. We are currently running 2.0-RC3 in multiple production environments without issue. The Dell R310's were great choices from a pricing and feature perspective, and work great with pfSense 2.0. Thanks.

@fmertz: https://github.com/fmertz/fbled The code was updated again: This is a (very) minor code update, no new executables were created. The source code now checks that the host system is x86. It compiles the LED code if it is, otherwise, it compiles with the emulator (the text "debug" version). This is for completeness, and the fun of having code compiling on all platforms where the OS runs. I have tested Linux/eglibc with ARM, SPARC, PowerPC and MIPS. It should compile and run on non x86 FreeBSD as well, but I don't have anything available to test with. Again, fairly pointless, but fun nonetheless. A Linux SPARC build session goes like this: fcm@NetraX1B:~$ git clone git://github.com/fmertz/fbled.git Cloning into fbled... remote: Counting objects: 83, done. remote: Compressing objects: 100% (72/72), done. remote: Total 83 (delta 44), reused 13 (delta 5) Receiving objects: 100% (83/83), 108.40 KiB, done. Resolving deltas: 100% (44/44), done. fcm@NetraX1B:~$ cd fbled/ fcm@NetraX1B:~/fbled$ ./autogen.sh **Warning**: I am going to run `configure' with no arguments. If you wish to pass any to it, please specify them on the `./autogen.sh' command line. processing . Running aclocal  ... Running autoheader... Running automake --gnu  ... configure.ac:9: installing `./install-sh' configure.ac:9: installing `./missing' Makefile.am: installing `./depcomp' Running autoconf ... Running ./configure --enable-maintainer-mode ... checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes ... checking for struct if_data.ifi_opackets... no configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: executing depfiles commands Now type `make' to compile. fcm@NetraX1B:~/fbled$ make make  all-am make[1]: Entering directory `/home/fcm/fbled'  CC     fbled.o  CCLD   fbled make[1]: Leaving directory `/home/fcm/fbled' fcm@NetraX1B:~/fbled$ uname -a Linux NetraX1B 2.6.32-5-sparc64 #1 Tue Jun 14 11:30:39 UTC 2011 sparc64 GNU/Linux fcm@NetraX1B:~/fbled$ ./fbled fbled 0.1.3.2 S[..*.....] L[........] T[........] 3[........] A FreeBSD session goes like this: [fcm@BSDDev ~]$ git clone git://github.com/fmertz/fbled.git Cloning into fbled... remote: Counting objects: 83, done. remote: Compressing objects: 100% (72/72), done. remote: Total 83 (delta 44), reused 13 (delta 5) Receiving objects: 100% (83/83), 108.40 KiB | 36 KiB/s, done. Resolving deltas: 100% (44/44), done. [fcm@BSDDev ~]$ cd fbled/ [fcm@BSDDev ~/fbled]$ ./autogen.sh **Warning**: I am going to run `configure' with no arguments. If you wish to pass any to it, please specify them on the `./autogen.sh' command line. processing . Running aclocal  ... Running autoheader... Running automake --gnu  ... configure.ac:9: installing `./install-sh' configure.ac:9: installing `./missing' Makefile.am: installing `./depcomp' Running autoconf ... Running ./configure --enable-maintainer-mode ... checking for a BSD-compatible install... /usr/bin/install -c ... checking for struct if_data.ifi_opackets... yes configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: executing depfiles commands Now type `make' to compile. [fcm@BSDDev ~/fbled]$ make make  all-am   CC    fbled.o   CCLD  fbled [fcm@BSDDev ~/fbled]$ uname -a FreeBSD BSDDev 8.2-RELEASE FreeBSD 8.2-RELEASE #0: Fri Feb 18 02:24:46 UTC 2011    root@almeida.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC  i386

@nfisher: . . . am still getting that error over and over again: dhcpd: parse_option_buffer: malformed option vendor-class. <unknown>(code 1027): code tag at end of buffer - missing length field</unknown>. I don't care so much though as long as it stays up. Suggestion: on a console or SSH session to pfSense, give the shell command # tcpdump -i IF -c 10 -e -vvv udp port 67 (replace IF by the FreeBSD name of the interface with the DHCP server). This should provide at least the MAC address of the system(s) sending the offending message.

never mind… found the answer it's normal the embedded has no video output / keyboard input only COM serial

Just about anything will cope with that bandwidth and Squid+SquidGuard, as long as you've got something with a 1 GHz+ processor and 1 GB+ of RAM you'll be fine with that. I'd a 1 GHz Via box with 512 MB of RAM and it handled Squid+SquidGuard on a 20 Mb/s link with room to spare (the main problem being the RealTek NICs). However, Snort will have a bigger impact, how much being determined by how you configure it and what rules you load. I've seen 3.2 GHz Xeon's brought to their knees on ~20 Mb/s links and lower spec systems having no problems on 100 Mb/s+ - all down to how Snort is set up. You probably want to look to 2 GB (or more) of RAM and as high a processor spec as you can justify - multi core being better than single core if you're wanting to run Snort and everything else.

Sounds like a faulty ground or perhaps you have a short or a miswired electrical outlet that's giving you a hot ground.

If you have a specific NIC that isn't being detected, then it's either a hardware issue (the card itself, your motherboard's PCI <whatever>bus, etc), or a driver issue (less likely if they are identical). There is no limit to the number of NICs pfSense will detect and use, only the limitation of your hardware. With VLANs and such you can get up into the hundreds or thousands of interfaces. The GUI doesn't look so pretty then in some areas, but it works.</whatever>

I hard a 200 plus foot run using realtek, intel, broadcom and a few different other nics.  I had issues until, I did one thing.  I took a managed switch created two vlans.  I plugged the external cable into the vlan1 with the firewall.  From the I connected my firewall internal vlan went out to the rest of the internal vlan. no issues from there. RC

I know this isn't pfSense related, becouse there is no such tool like ethtool, but I wrote 2 scripts to test offload settings. Be careful when using, this can cause network loss (for me for 20 seconds). #!/bin/bash #Script to enable or disable all offload engines for NICs and bonded/bridged interfaces. by TG IFACES="eth1 eth2 bond0 br0" for interface in $IFACES do sudo ethtool -K $interface rx on tx on sg on tso on ufo on gso on gro on lro on rxhash on #sudo ethtool -K $interface rx off tx off sg off tso off ufo off gso off gro off lro off rxhash off done #!/bin/bash #Script check offload options enabled IFACES="eth1 eth2 bond0 br0" for interface in $IFACES do sudo ethtool -k $interface done and should give something like that: ./offload_check.sh Offload parameters for eth1: rx-checksumming: off tx-checksumming: off scatter-gather: off tcp-segmentation-offload: off udp-fragmentation-offload: off generic-segmentation-offload: off generic-receive-offload: off large-receive-offload: off ntuple-filters: off receive-hashing: off Offload parameters for eth2: rx-checksumming: on tx-checksumming: on scatter-gather: on tcp-segmentation-offload: off udp-fragmentation-offload: off generic-segmentation-offload: on generic-receive-offload: off large-receive-offload: off ntuple-filters: off receive-hashing: off Offload parameters for bond0: rx-checksumming: off tx-checksumming: off scatter-gather: off tcp-segmentation-offload: off udp-fragmentation-offload: off generic-segmentation-offload: off generic-receive-offload: off large-receive-offload: off ntuple-filters: off receive-hashing: off Offload parameters for br0: rx-checksumming: off tx-checksumming: off scatter-gather: off tcp-segmentation-offload: off udp-fragmentation-offload: off generic-segmentation-offload: on generic-receive-offload: off large-receive-offload: off ntuple-filters: off receive-hashing: off

Also i try to install Ubuntu and it works! Thats what i get when i try to install pfSense http://img13.imageshack.us/img13/3228/img20110620142738.jpg

My connection is a 4.5mbps. Yes. It is slow and we're not exactly getting the 4.5mbps because of bad service for our country. The packages that are installed: [image: post1ak.jpg] The VPN: [image: post2ik.jpg] [image: post3r.jpg] The rest of the tabs are empty. There is a wireless access point connected to it and it's turned on and accessible via browser. Afaik, nobody uses it. EDIT: Turned off the wireless access point and there were no changes.

Your ACPI is broken (over 70,000 interrupts a second). Here's interrupt rates from my system (which does have ACPI enabled): vmstat -i interrupt                          total      rate irq0: clk                      143773392        999 irq1: atkbd0                          96          0 irq7: ath0 uhci1+              13672559        95 irq8: rtc                      18401627        127 irq10: rl0 ehci0                9685262        67 irq11: vr0 uhci0                4806754        33 irq14: ata0                      310276          2 irq15: ata1                          194          0 Total                          190650160      1325 Maybe a BIOS update will fix it. Maybe a more up to date build will fix it. Alternatively disable ACPI in the BIOS menu or on startup. You will find some hints on disabling ACPI if you search the forums for ACPI disable.

its allright now thanks i've done custom partition inorder to fix the problem

Hello, Could this setup pull through 1 Gbps connection? :-)

If only one card shows up in dmesg, that means that the OS itself only probed one card. I would look more at the hardware side of things - BIOS settings for add-on boards, etc. Try different PCI/PCI-e slots, etc. It could even be something specific to that particular NIC model. Using identical network cards works fine, I've done it many times, and many motherboards with multiple NICs use the same chip for both and they work fine. It's not a general problem, it's something specific to your hardware.

Normally that would not be a problem, the two slices are supposed to share the same config. However when moving to 2.0 the config file was changed quite a bit and 1.2.3 can no longer read it. 2.0 reads and updates it but you cannot go back. Two different versions of 2.0 can co-exist though. Steve

You are right.  Since I don't need GB lan, the real way to go is dual pci intel boards. I'll stick with that philosophy for the next year or so, and then re-evaluate.  I think I just had to accept the pci boards until pcie comes down in price. Thanks for the feedback!