Solved… To answer the last post, the box in which we're having problems is the same box that wrote the configuration to floppy. The problems was ACPI.  This is an older PII and ACPI needs to be disabled in order for the FreeBSD to: 1. See the floppy 2. Do anything with the NICs, 3. Not get "stalled" messages for USB mass-storage. Once we disabled ACPI, all was well Thanks for suggestions and help.

Have a look at our recommended vendors list ( http://www.pfsense.com/index.php?id=40 ). If you want  to use packages you need a unit that can carry a hdd and which is upgradeable with RAM. Wraps or Soekris are far too underpowered for what you want to do. Depending on wether you need a fanlass desktop solution or a 19" appliance with fans you will find several options at our recommended vendors. However I would not use something lower than 1 GHz and at least 1 GB RAM if you want to run Squid and Snort. These boxes should be able to push some bandwidth too (for LAN to LAN traffic).

@hoba: We use caching for the config.xml to speed up processing it. Directly editing the config.xml on a running system won't work unless you empty the cache and reboot. Glad you got it going  :) It wasn't a live system.  I was editing it after mounting the drive in a FreeSBIE booted system. Also, would it be possible to allow entry of an IP address during the first boot after putting the drive back in the Nokia?  This would be after the interfaces are set. or An option to enable the Serial Console Below is a snippet of what we currently see and possibly where the new options are set.. –---------------------------- The interfaces will be assigned as follows: LAN  -> fxp0 WAN  -> fxp2 <new option=""><------Request IP address for LAN (this is needed so we can get to the web interface and enable serial console... or <new option=""><------Request serial console enable...  ie:  Enable Serial Console Do you want to proceed [y|n]?y Updating configuration…done. ------------------------------</new></new>

Unsupported but give it a try: http://wiki.pfsense.com/wikka.php?wakka=UsingProjectEvilOnpfSense

Don't think it will work (and with no management inteface I really doubt it). This looks more like a "seperator" where you have an uplink at port1 (to this port all other ports have access) but no traffic is granted between the other ports (like client at port 2 doesn't see other clients at other ports and vice versa). This maybe makes sense for hotelsetups where you want to let out all guests to the internet but want to prevent that guest a tries to access guest b's notebook. To be used with pfSense it's useless as it doesn't support vlan tagging.

Have a look at http://<pfsense-ip>/status.php (it's a hidden page). At the bottom you'll find the dmesg output. Have a look through it to see which devices all use IRQ5.</pfsense-ip>

hi thanks for the help. as of now, still trying to get everything basic up and will b going for a test run soon. the biggest problem with the users now is torrents n worms/trojans lurking around the network. thanks.

k cool ill check that out cheers.

Unfortunately there doesn't seem to be a marvel driver available that doesn't have the one or the other issue. Scott already tried hard to get it working and tested every available driver to no success. Atm marvel chipsets and pfSense don't seem to be a good combination.  :(

You can manually assign macadresses through hidden config.xml flags (though I was pretty sure we have some code in place that does that automatically for invalid macs as this is a prolem with nokia IP330 boxes as well). Have a look at http://faq.pfsense.com/index.php?action=artikel&cat=10&id=38&artlang=en&highlight=hidden how to do this. Regarding the Marvel chipsets, the drivers seem to have lots of problems. Scott did a lot of testing to get a nexcom with marvels to work but there doesn't seem to exist any marvel driver that dioesn't have the one or the other issue atm.

dipswitches haven't been bad either  ;D

The netgear stuff is pretty cheap. I personally never had issues with them but I also haven't used them in stacked configs yet. HP shouldn't be too expensive either.

This is not a pfSense issue, but rather a Freebsd issue. Post on their forums to see if support for that hardware is planned.

Only i386 versions of pfSense exists currently. No, there is no plans to support sparc.

Oh, and if anyone knows of any other makes of "USB modules" like this (that can be plugged into the motherboard), some pointers would be great. I guess, in the end, all I really want is to get something compatible that I can house inside the case and will accept a pigtail antenna.

1. Yep, regular usb1.1 ports 2. Could but haven't found a decent use for it 3. Why not make your own?…..takes about 20 minutes with a soldering iron 4. Yes they are but since you can still manage vi the RS232 port this is more for convienence 5. I've used a k6-2 380 oc'd to 400 w/out a problem 6. Good luck with the bios flashing, didn't find anything decent 7. Yep 8. Some of the dip switches set the RS232 configuration while other sequences offer a similar function to holding certain keys on a keyboard down while it boots to reset the device's configuration while it is running the OS from Nortel. BTW, this has been discussed awhile ago on the FAQ's: http://faq.pfsense.org/index.php?action=artikel&cat=2&id=27&artlang=en&highlight=contivity Also, if you look around online there's a thread somewhere if you lookup the motherboard model you'll find some more information that has come across over the years. My only gripe with the series is that there is no real mention between the different models.....ie the "contivity 100" has been around for over 10 years with many different hardware configurations but yet they still keep the same model number....the only key for use with pfsense is any of the original "Bay Networks" variants are too old for use as they had a soldered on AMD 486 series CPU. I haven't seen any 1st generation Nortel branded ones but from what I have seen the hardware seems to work pretty well for at home or in a small office....in a larger setup the CPU tends to be the limiting factor when you want to setup site-to-site VPN links. Your best bet for bios flashing would be to extract the current bios and see what features are disabled on the current bios and then attempt to reload it later.

YEAH i get it to work: Mini HowTo which works on the WRAP System with Microdrive and Package Mode: 1.) Install the Live-CD 1.0.1 on the Microdrive ! Use the Format Tool and Partion Mode. 2.) DO NOT USE THE Bootloader on the Microdrive ! 3.) After Installation reboot… 4.) Get the Image from the Embedded Mode on an USB Stick or other medium 5.) Boot the live cd again, use the Shell number 8 or something.. 6.) Mount the Microdrive (/dev/ad4s1a) in my Examble to /tmp/ata 7.) Mount the Image : gunzip pfSense-Embedded.img.gz mdconfig -a -t vnode -f pfSense-Embedded.img mkdir /tmp/mnt/embedded mount /dev/md8a /tmp/mnt/embedded 8.) Delete the old Boot on the microdrive (/tmp/ata/boot) If you can't delete all move the /tmp/ata/boot to boot.old.. 9.)Copy the hole Boot to the microdrive (cp -R /tmp/mnt/embedded/boot to /tmp/ata/) 10.) copy the files from etc to the microdrive cp /tmp/mnt/embedded/etc/ttys /tmp/ata/etc/ttys look in the /tmp/ata/etc/platfrom file (It must containt the word pfSense 11.)last change the config.xml in /tmp/ata/cf/conf/config.xml vi /tmp/ata/cf/conf/config.xml search for sis0 change it to the IP you want to use at the beginning. <interfaces><lan><if>sis0</if> <ipaddr>10.106.0.1</ipaddr> <subnet>24</subnet> 12.) type sync 13) type sync shutdown -h now Remove microdrive but into Wrap boot and now you can configure the other thinks over web gui (http://10.106.0.1) in my Example .... HAVE FUN... Mfg PsYcHo012</lan></interfaces>

OK, tried to locate a default config.xml with hidden features from the FAQs link. The link in there (http://pfsense.com/cgi-bin/cvsweb.cgi/pfSense/conf.default/config.xml?rev=1.19;content-type=text%2Fplain) is broken and I am not smart enough to locate it on my own.  :-\ From searching the forum I read that there were RRD issues in the recent past. Have they been solved so far? Most posts were affecting a pingable ISPs WAN gateway and not using the extra XML flag. I have found hints on <use_rrd_gateway>and inserted it as follows: @config.xml: <pfsense><version>2.8</version> <lastchange><theme>corporate</theme> <system><use_rrd_gateway>217.5.100.222</use_rrd_gateway> <optimization>normal</optimization> …</system></lastchange></pfsense> but still my WAN quality RRD graph shows 100% packet loss. This might be due to the fact that -even after a couple of changes & reboots- the shell script updaterrd.sh still references my not pingable ISP's WAN gateway which is set dynamically by PPPoE on each connect: @updaterrd.sh: … get_quality_stats_wan () { packetloss_wan=100 roundtrip_wan=0 local out_wan out_wan=ping -c 5 -q 217.5.98.186 if [ $? -eq 0 ]; then … Any ideas on why <use_rrd_gateway>217.5.100.222</use_rrd_gateway> is not used? Before experimenting with the config.xml I upgraded to: pfSense-Full-Update-1.0.1-SNAPSHOT-02-09-2007.tgz Thanks for your input (and this great software, of course!)</use_rrd_gateway>

The linitx is a very nice platform (I have 2 in service at customerlocations) and powerful enough to produce high LAN to LAN throughput. It's also powerful enough to handle much more than the required 5 mbit/s. Once pfSense fully supports the via padlock technology that the in this device used cpu offers vpn encryption will be done "on the fly" without causing much processorload. I rather would go a linitx fx5620.