[pfSense Support] wrap 85.2
I have just upgrade from 84.6 to 85.2 (on wrap), modifying a firewall rule I got this error Warning: touch(): Unable to create file /filter_dirty because Read-only file system in /etc/inc/filter.inc on line 57 regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Output (mwatt) of a minipci wireless card
My view is that wireless can be considered in the same way The Net it. Unsafe. Howver generally people on it are uninterested in the data passing across it just because of sheer volume. If you have data that is sensitive or you just don't want people to view it use tunneling, that's what Ipsec and PPTP were invented for. i.e. leave your APs open and tunnel into your own network. My view is that lowering tx and using directional antennas is a courtesy thing. If you spend time thinking about your design you get better performance because you have less noise. Ivan. -Original Message- From: John Cianfarani [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 2:56 AM To: support@pfsense.com Subject: RE: [pfSense Support] Output (mwatt) of a minipci wireless card You'll never be safe from someone who wants to get your signal/data. But for typical laptop w/ integrated wireless reducing the power would help reduce the range. You deal with the 99% and try your best to protect yourself from the 1%. John -Original Message- From: Espen Johansen [mailto:[EMAIL PROTECTED] Sent: Saturday, September 24, 2005 5:57 PM To: support@pfsense.com Subject: Re: [pfSense Support] Output (mwatt) of a minipci wireless card Hi, I'm sorry but you guys need to read up on wireless. 1: Wireless output power has nothing to do with the range. If the receiving end uses a high performance antenna they can both talk and listen to your AP many miles away. 2. High power cards only gives you more noise. Stick to a cm-9 type card with high RX sensitivity. That will give you much better results. You can not restrict the range of wireless buy lowering the output RX power. Radio lan can not be restricted this way. It's a 2way communication, so anyone with a high gain antenna can both talk and listen to a low powered AP. Range for a 100mw card with a 32dbi directional antenna at NLOS is about 120KM so if you guys think that restricting the TX power is going to keep you safe from the next door internet café, then you are very much mistaken. Cheers and good night. -lsf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] wrap 85.2
Just some more info: cpu usage stay at 100% (it's the backup firewall), here is top output: last pid: 81653; load averages: 1.61, 1.50, 1.36up 0+00:59:28 09:47:25 23 processes: 1 running, 22 sleeping CPU states: 0.7% user, 0.0% nice, 1.4% system, 1.4% interrupt, 96.6% idle Mem: 8164K Active, 8056K Inact, 12M Wired, 4K Cache, 11M Buf, 89M Free Swap: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 271 root1 760 1292K 860K select 0:01 0.00% syslogd 74788 root1 760 5576K 2608K select 0:01 0.00% sshd 356 _pflogd 1 -580 1536K 1176K bpf 0:01 0.00% pflogd 79956 root1 760 2256K 1488K RUN 0:01 0.00% top 357 root1 -580 3656K 1800K bpf 0:01 0.00% tcpdump 1231 root1 1310 2868K 1756K select 0:00 0.00% mpd A carp (carp1) interface stays at init and doesn't go in backup status. (master is up) regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] 050.2 CARP won't go Master or Backup
0.50.2? I guess you are talking about 0.85.2, if not upgrade! ;-) I only have experienced such problems if the carpinterfaces didn't match the real ip/subnet-range of the real interface the carp interface is running on. Another thing to try is to manually disable and enable CARP at StatusCARP(failover) in the webgui. If it's working after that there might be a problem bringing up everything in the right order. There also have been some changes to CARP lately. You might want to run update_file.sh -all from the shell to grab the latest changes. Holger -Ursprüngliche Nachricht- Von: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 09:34 An: support@pfsense.com Betreff: [pfSense Support] 050.2 CARP won't go Master or Backup HI I have Carp running successfully on 0.50. Upgraded yesterday to 050.2 and CARP absolutely refuses to start. OPT1 is up. PPPoE is UP. CARP goes to INIT and does not ever go master or backup. I deleted all CARP configs and recreated everything from scratch. On both boxes CARP will not start. Hitting Disable / enable makes it go from disable to INIT.. but never starts. Even tried doing everything with the second box physically turned off. No difference. Any ideas? Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] wrap 85.2
Hello, Maybe this is a stupid question, in that case im sorry. But where can i find the latest image for a wrap system. And what size does my compactflash card has to be? I am new to pfsense, so forgive me my question. Greetz, Michiel de Jager On Mon, 2005-09-26 at 09:51 +0200, Rodolfo Vardelli wrote: Just some more info: cpu usage stay at 100% (it's the backup firewall), here is top output: last pid: 81653; load averages: 1.61, 1.50, 1.36up 0+00:59:28 09:47:25 23 processes: 1 running, 22 sleeping CPU states: 0.7% user, 0.0% nice, 1.4% system, 1.4% interrupt, 96.6% idle Mem: 8164K Active, 8056K Inact, 12M Wired, 4K Cache, 11M Buf, 89M Free Swap: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 271 root1 760 1292K 860K select 0:01 0.00% syslogd 74788 root1 760 5576K 2608K select 0:01 0.00% sshd 356 _pflogd 1 -580 1536K 1176K bpf 0:01 0.00% pflogd 79956 root1 760 2256K 1488K RUN 0:01 0.00% top 357 root1 -580 3656K 1800K bpf 0:01 0.00% tcpdump 1231 root1 1310 2868K 1756K select 0:00 0.00% mpd A carp (carp1) interface stays at init and doesn't go in backup status. (master is up) regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] wrap 85.2
Go to http://pfsense.com/index.php?id=22 and follow the link New Installs. Choose a mirror near you and download the embedded image (like http://pfsense.iserv.nl/downloads/pfSense-Embedded-0.85.2.img.gz ). Once you have a version Installed you'll find mini wrap upgrades in the downloadsection following the link upgrades. If you need help how to get this on your wrap follow this tutorial from our tutorials section: http://pfsense.iserv.nl//tutorials/wrap_install/wrap_install.htm Holger -Ursprüngliche Nachricht- Von: Michiel de Jager [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 11:38 An: support@pfsense.com Betreff: Re: [pfSense Support] wrap 85.2 Hello, Maybe this is a stupid question, in that case im sorry. But where can i find the latest image for a wrap system. And what size does my compactflash card has to be? I am new to pfsense, so forgive me my question. Greetz, Michiel de Jager On Mon, 2005-09-26 at 09:51 +0200, Rodolfo Vardelli wrote: Just some more info: cpu usage stay at 100% (it's the backup firewall), here is top output: last pid: 81653; load averages: 1.61, 1.50, 1.36up 0+00:59:28 09:47:25 23 processes: 1 running, 22 sleeping CPU states: 0.7% user, 0.0% nice, 1.4% system, 1.4% interrupt, 96.6% idle Mem: 8164K Active, 8056K Inact, 12M Wired, 4K Cache, 11M Buf, 89M Free Swap: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 271 root1 760 1292K 860K select 0:01 0.00% syslogd 74788 root1 760 5576K 2608K select 0:01 0.00% sshd 356 _pflogd 1 -580 1536K 1176K bpf 0:01 0.00% pflogd 79956 root1 760 2256K 1488K RUN 0:01 0.00% top 357 root1 -580 3656K 1800K bpf 0:01 0.00% tcpdump 1231 root1 1310 2868K 1756K select 0:00 0.00% mpd A carp (carp1) interface stays at init and doesn't go in backup status. (master is up) regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] wrap 85.2
Just a question (and maybe something I've overread in your original mail). You have pppoe on WAN. Is your CARP-Interface for WAN or for LAN? pppoe and dchp interfaces won't work together with CARP. You need at least 3 static IPs on WAN for this to work (1 for the master, 1 for the backup and 1 that can be shared). If your CARP IP is for LAN please post your LAN-settings of both boxes and your CARP-Interface config. Also make sure you have allowed the communication on the sync-interfaces so the machines can talk to each other. You also might look at the carp-tutorial, maybe you find something that's quite obvious by looking at it: http://pfsense.com/mirror.php?section=tutorials/carp/carp-cluster-new.htm Holger -Ursprüngliche Nachricht- Von: Rodolfo Vardelli [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 09:52 An: support@pfsense.com Betreff: [pfSense Support] wrap 85.2 Just some more info: cpu usage stay at 100% (it's the backup firewall), here is top output: last pid: 81653; load averages: 1.61, 1.50, 1.36up 0+00:59:28 09:47:25 23 processes: 1 running, 22 sleeping CPU states: 0.7% user, 0.0% nice, 1.4% system, 1.4% interrupt, 96.6% idle Mem: 8164K Active, 8056K Inact, 12M Wired, 4K Cache, 11M Buf, 89M Free Swap: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 271 root1 760 1292K 860K select 0:01 0.00% syslogd 74788 root1 760 5576K 2608K select 0:01 0.00% sshd 356 _pflogd 1 -580 1536K 1176K bpf 0:01 0.00% pflogd 79956 root1 760 2256K 1488K RUN 0:01 0.00% top 357 root1 -580 3656K 1800K bpf 0:01 0.00% tcpdump 1231 root1 1310 2868K 1756K select 0:00 0.00% mpd A carp (carp1) interface stays at init and doesn't go in backup status. (master is up) regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: [pfSense Support] wrap 85.2
Holger Bauer wrote: After reboot (third), carp interface goes up (as backup). The interface is a wan interface, but I have a router in front of it and not a modem Take care that this was an upgrade from 84.6 (working nicely) to 85.2 Now primary is a 84.6, secondary is 85.2 regards Rodolfo Just a question (and maybe something I've overread in your original mail). You have pppoe on WAN. Is your CARP-Interface for WAN or for LAN? pppoe and dchp interfaces won't work together with CARP. You need at least 3 static IPs on WAN for this to work (1 for the master, 1 for the backup and 1 that can be shared). If your CARP IP is for LAN please post your LAN-settings of both boxes and your CARP-Interface config. Also make sure you have allowed the communication on the sync-interfaces so the machines can talk to each other. You also might look at the carp-tutorial, maybe you find something that's quite obvious by looking at it: http://pfsense.com/mirror.php?section=tutorials/carp/carp-cluster-new.htm Holger -Ursprüngliche Nachricht- Von: Rodolfo Vardelli [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 09:52 An: support@pfsense.com Betreff: [pfSense Support] wrap 85.2 Just some more info: cpu usage stay at 100% (it's the backup firewall), here is top output: last pid: 81653; load averages: 1.61, 1.50, 1.36up 0+00:59:28 09:47:25 23 processes: 1 running, 22 sleeping CPU states: 0.7% user, 0.0% nice, 1.4% system, 1.4% interrupt, 96.6% idle Mem: 8164K Active, 8056K Inact, 12M Wired, 4K Cache, 11M Buf, 89M Free Swap: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 271 root1 760 1292K 860K select 0:01 0.00% syslogd 74788 root1 760 5576K 2608K select 0:01 0.00% sshd 356 _pflogd 1 -580 1536K 1176K bpf 0:01 0.00% pflogd 79956 root1 760 2256K 1488K RUN 0:01 0.00% top 357 root1 -580 3656K 1800K bpf 0:01 0.00% tcpdump 1231 root1 1310 2868K 1756K select 0:00 0.00% mpd A carp (carp1) interface stays at init and doesn't go in backup status. (master is up) regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: AW: [pfSense Support] wrap 85.2
Can you try to upgrade the second machine to 0.85.2 as well? I doubt that the latest changes (not only pfsense related changes but freebsd carp as well) prevent two machines with different versions to sync properly but this is something you should try next. Holger -Ursprüngliche Nachricht- Von: Rodolfo Vardelli [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 13:22 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] wrap 85.2 Holger Bauer wrote: After reboot (third), carp interface goes up (as backup). The interface is a wan interface, but I have a router in front of it and not a modem Take care that this was an upgrade from 84.6 (working nicely) to 85.2 Now primary is a 84.6, secondary is 85.2 regards Rodolfo Just a question (and maybe something I've overread in your original mail). You have pppoe on WAN. Is your CARP-Interface for WAN or for LAN? pppoe and dchp interfaces won't work together with CARP. You need at least 3 static IPs on WAN for this to work (1 for the master, 1 for the backup and 1 that can be shared). If your CARP IP is for LAN please post your LAN-settings of both boxes and your CARP-Interface config. Also make sure you have allowed the communication on the sync-interfaces so the machines can talk to each other. You also might look at the carp-tutorial, maybe you find something that's quite obvious by looking at it: http://pfsense.com/mirror.php?section=tutorials/carp/carp-cluster-new.htm Holger -Ursprüngliche Nachricht- Von: Rodolfo Vardelli [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 09:52 An: support@pfsense.com Betreff: [pfSense Support] wrap 85.2 Just some more info: cpu usage stay at 100% (it's the backup firewall), here is top output: last pid: 81653; load averages: 1.61, 1.50, 1.36up 0+00:59:28 09:47:25 23 processes: 1 running, 22 sleeping CPU states: 0.7% user, 0.0% nice, 1.4% system, 1.4% interrupt, 96.6% idle Mem: 8164K Active, 8056K Inact, 12M Wired, 4K Cache, 11M Buf, 89M Free Swap: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 271 root1 760 1292K 860K select 0:01 0.00% syslogd 74788 root1 760 5576K 2608K select 0:01 0.00% sshd 356 _pflogd 1 -580 1536K 1176K bpf 0:01 0.00% pflogd 79956 root1 760 2256K 1488K RUN 0:01 0.00% top 357 root1 -580 3656K 1800K bpf 0:01 0.00% tcpdump 1231 root1 1310 2868K 1756K select 0:00 0.00% mpd A carp (carp1) interface stays at init and doesn't go in backup status. (master is up) regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: AW: [pfSense Support] wrap 85.2
Holger Bauer wrote: H, the second machine is master I have tried adding a rule to master and backup got this rule without problem, I am not sure if carp sync works well, I tried rebooting the master and backup became master without problem, but cpu remained at 100% regards Rodolfo Can you try to upgrade the second machine to 0.85.2 as well? I doubt that the latest changes (not only pfsense related changes but freebsd carp as well) prevent two machines with different versions to sync properly but this is something you should try next. Holger -Ursprüngliche Nachricht- Von: Rodolfo Vardelli [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 13:22 An: support@pfsense.com Betreff: Re: AW: [pfSense Support] wrap 85.2 Holger Bauer wrote: After reboot (third), carp interface goes up (as backup). The interface is a wan interface, but I have a router in front of it and not a modem Take care that this was an upgrade from 84.6 (working nicely) to 85.2 Now primary is a 84.6, secondary is 85.2 regards Rodolfo Just a question (and maybe something I've overread in your original mail). You have pppoe on WAN. Is your CARP-Interface for WAN or for LAN? pppoe and dchp interfaces won't work together with CARP. You need at least 3 static IPs on WAN for this to work (1 for the master, 1 for the backup and 1 that can be shared). If your CARP IP is for LAN please post your LAN-settings of both boxes and your CARP-Interface config. Also make sure you have allowed the communication on the sync-interfaces so the machines can talk to each other. You also might look at the carp-tutorial, maybe you find something that's quite obvious by looking at it: http://pfsense.com/mirror.php?section=tutorials/carp/carp-cluster-new.htm Holger -Ursprüngliche Nachricht- Von: Rodolfo Vardelli [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 09:52 An: support@pfsense.com Betreff: [pfSense Support] wrap 85.2 Just some more info: cpu usage stay at 100% (it's the backup firewall), here is top output: last pid: 81653; load averages: 1.61, 1.50, 1.36up 0+00:59:28 09:47:25 23 processes: 1 running, 22 sleeping CPU states: 0.7% user, 0.0% nice, 1.4% system, 1.4% interrupt, 96.6% idle Mem: 8164K Active, 8056K Inact, 12M Wired, 4K Cache, 11M Buf, 89M Free Swap: PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 271 root1 760 1292K 860K select 0:01 0.00% syslogd 74788 root1 760 5576K 2608K select 0:01 0.00% sshd 356 _pflogd 1 -580 1536K 1176K bpf 0:01 0.00% pflogd 79956 root1 760 2256K 1488K RUN 0:01 0.00% top 357 root1 -580 3656K 1800K bpf 0:01 0.00% tcpdump 1231 root1 1310 2868K 1756K select 0:00 0.00% mpd A carp (carp1) interface stays at init and doesn't go in backup status. (master is up) regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] wrap 85.2
Scott Ullrich wrote: # cat platform wrap regards Rodolfo This is not correct. WRAP's should be running on a memory mounted /tmp/ What does /etc/platform say?If it does not say wrap, pleae change it and reboot. Scott On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: I have just upgrade from 84.6 to 85.2 (on wrap), modifying a firewall rule I got this error Warning: touch(): Unable to create file /filter_dirty because Read-only file system in /etc/inc/filter.inc on line 57 regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] wrap 85.2
Oddly I haven't seen this on my wrap installs :-/ There was a broken commit of /etc/filter.inc that would have exhibited this behavior on a wrap, but that didn't make it into 0.85.2 (just confirmed on one of my installs) Warning: touch(): Unable to create file /filter_dirty makes me think we missed a global $g somewhere. --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: This is not correct. WRAP's should be running on a memory mounted /tmp/ What does /etc/platform say?If it does not say wrap, pleae change it and reboot. Scott On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: I have just upgrade from 84.6 to 85.2 (on wrap), modifying a firewall rule I got this error Warning: touch(): Unable to create file /filter_dirty because Read-only file system in /etc/inc/filter.inc on line 57 regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] FYI: VPNs dropping off after a month
I'm still running 80.2 and thought I would mention my issue - in the unlikely event that the VPN code has not been updated since that release. So, If this hasn't already been spotted and resolved, keep this in mind when you are working on VPN components. I have 2 IPSEC VPN tunnels which run continuously and several others purely on demand. I had no problems at all until about the 24 day uptime mark, when I noticed all the tunnels had dropped for no apparent reason. Basically, the SA lifetime would expire and there would be no attempt to reconnect. I could bring them back up by simply reconfiguring them (which I'm guessing forces a restart of the IPsec daemon), but would only stay up for one lifetime and would only reconnect if the daemon was restarted. I screwed with it for a couple days, but after actually restarting the firewall, they have been running fine now for a few days. I'm not sure if this is a problem with the IPsec server, related to system uptime counters or something else entirely. Previously, I have had pfSense running on the same box for longer than 45 days with no issues. I'm due for an upgrade anyway... Ted Crow MCP/W2K Information Technology Manager Tuttle Services, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FYI: VPNs dropping off after a month
Try checking System - Advanced - Prefer old IPsec SAs The IPSEC code has been sync'd with m0n0wall since that version. Scott On 9/26/05, Ted Crow [EMAIL PROTECTED] wrote: I'm still running 80.2 and thought I would mention my issue - in the unlikely event that the VPN code has not been updated since that release. So, If this hasn't already been spotted and resolved, keep this in mind when you are working on VPN components. I have 2 IPSEC VPN tunnels which run continuously and several others purely on demand. I had no problems at all until about the 24 day uptime mark, when I noticed all the tunnels had dropped for no apparent reason. Basically, the SA lifetime would expire and there would be no attempt to reconnect. I could bring them back up by simply reconfiguring them (which I'm guessing forces a restart of the IPsec daemon), but would only stay up for one lifetime and would only reconnect if the daemon was restarted. I screwed with it for a couple days, but after actually restarting the firewall, they have been running fine now for a few days. I'm not sure if this is a problem with the IPsec server, related to system uptime counters or something else entirely. Previously, I have had pfSense running on the same box for longer than 45 days with no issues. I'm due for an upgrade anyway... Ted Crow MCP/W2K Information Technology Manager Tuttle Services, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] wrap 85.2
Yep, there was a small typo in filter.inc. It's fixed now. Scott On 9/26/05, Bill Marquette [EMAIL PROTECTED] wrote: Oddly I haven't seen this on my wrap installs :-/ There was a broken commit of /etc/filter.inc that would have exhibited this behavior on a wrap, but that didn't make it into 0.85.2 (just confirmed on one of my installs) Warning: touch(): Unable to create file /filter_dirty makes me think we missed a global $g somewhere. --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: This is not correct. WRAP's should be running on a memory mounted /tmp/ What does /etc/platform say?If it does not say wrap, pleae change it and reboot. Scott On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: I have just upgrade from 84.6 to 85.2 (on wrap), modifying a firewall rule I got this error Warning: touch(): Unable to create file /filter_dirty because Read-only file system in /etc/inc/filter.inc on line 57 regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] wrap 85.2
update_file.sh /etc/inc/filter.inc On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: Scott Ullrich wrote: Where? So I can fix on my board regards Rodolfo Yep, there was a small typo in filter.inc. It's fixed now. Scott On 9/26/05, Bill Marquette [EMAIL PROTECTED] wrote: Oddly I haven't seen this on my wrap installs :-/ There was a broken commit of /etc/filter.inc that would have exhibited this behavior on a wrap, but that didn't make it into 0.85.2 (just confirmed on one of my installs) Warning: touch(): Unable to create file /filter_dirty makes me think we missed a global $g somewhere. --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: This is not correct. WRAP's should be running on a memory mounted /tmp/ What does /etc/platform say?If it does not say wrap, pleae change it and reboot. Scott On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: I have just upgrade from 84.6 to 85.2 (on wrap), modifying a firewall rule I got this error Warning: touch(): Unable to create file /filter_dirty because Read-only file system in /etc/inc/filter.inc on line 57 regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] wrap 85.2
N...don't do that :) I split the shaper code off into another file, you will break if you simply follow this. /etc/rc.conf_mount_rw touch /etc/inc/shaper.inc /etc/rc.conf_mount_ro update_file.sh /etc/inc/shaper.inc update_file.sh /etc/inc/filter.inc --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: update_file.sh /etc/inc/filter.inc On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: Scott Ullrich wrote: Where? So I can fix on my board regards Rodolfo Yep, there was a small typo in filter.inc. It's fixed now. Scott On 9/26/05, Bill Marquette [EMAIL PROTECTED] wrote: Oddly I haven't seen this on my wrap installs :-/ There was a broken commit of /etc/filter.inc that would have exhibited this behavior on a wrap, but that didn't make it into 0.85.2 (just confirmed on one of my installs) Warning: touch(): Unable to create file /filter_dirty makes me think we missed a global $g somewhere. --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: This is not correct. WRAP's should be running on a memory mounted /tmp/ What does /etc/platform say?If it does not say wrap, pleae change it and reboot. Scott On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: I have just upgrade from 84.6 to 85.2 (on wrap), modifying a firewall rule I got this error Warning: touch(): Unable to create file /filter_dirty because Read-only file system in /etc/inc/filter.inc on line 57 regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] wrap 85.2
Bill Marquette wrote: Now I get this: Parse error: parse error, unexpected T_IF in /etc/inc/shaper.inc on line 129 regards N...don't do that :) I split the shaper code off into another file, you will break if you simply follow this. /etc/rc.conf_mount_rw touch /etc/inc/shaper.inc /etc/rc.conf_mount_ro update_file.sh /etc/inc/shaper.inc update_file.sh /etc/inc/filter.inc --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: update_file.sh /etc/inc/filter.inc On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: Scott Ullrich wrote: Where? So I can fix on my board regards Rodolfo Yep, there was a small typo in filter.inc. It's fixed now. Scott On 9/26/05, Bill Marquette [EMAIL PROTECTED] wrote: Oddly I haven't seen this on my wrap installs :-/ There was a broken commit of /etc/filter.inc that would have exhibited this behavior on a wrap, but that didn't make it into 0.85.2 (just confirmed on one of my installs) Warning: touch(): Unable to create file /filter_dirty makes me think we missed a global $g somewhere. --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: This is not correct. WRAP's should be running on a memory mounted /tmp/ What does /etc/platform say?If it does not say wrap, pleae change it and reboot. Scott On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: I have just upgrade from 84.6 to 85.2 (on wrap), modifying a firewall rule I got this error Warning: touch(): Unable to create file /filter_dirty because Read-only file system in /etc/inc/filter.inc on line 57 regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd - Original Message - From: Mojo Jojo [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK fellas, once again you are all very helpful.. Sorry for my rant earlier, I just got the wrong idea I guess... I will take all the questions and suggestions as well as any more you can provide today and take care of all of them later today. Just send me any questions you have about my install and I will dig, dig, dig and get you all I can. I would love to fix this.. Some quick info: WAN = T1 Router (Ascend) static IP LAN = Nothing hooked up here OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk etc.) BRIDGED TO WAN OPT 2 = Unused at the moment Hardware brands and specifics I am not sure of at the moment, I will have to dig a little more. Off the top of my head it looks something like this: AMD 2200+ CPU (Could be way off here, I have to check 512 Mb RAM (Corsair I think) Motherboard (via chipset, I think) WAN NIC (Onboard Yuck, I know) 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember which are assigned to which at the moment. I will get more specifics later. The big thing to remember here is this.. When this happens, the GUI still works, I just can't get to any of the servers behind PfSense.. Restarting PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. What logs should I look at for a clue? I wonder if I should stick a PC on the LAN interface just to see if I can get to it when this happens again. Maybe it's just the bridging from mt WAN to OPT 1 that takes a dump? - Original Message - From: Fleming, John (ZeroChaos) [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 12:55 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) /usr/crash.info ( netstat -in ; echo ) /usr/crash.info ( netstat -m ; echo ) /usr/crash.info ( top ; echo ) /usr/crash.info ( ps -ax ; echo ) /usr/crash.info ( find / -name *.core -print ; echo ) /usr/crash.info ( df -h ; echo ) /usr/crash.info ( ls -l /var/crash/* ; echo ) /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: On 9/25/05, Mojo Jojo [EMAIL PROTECTED] wrote: [snip] I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I do not feel you are bashing pfSense. It's funny because this is going to be difficult to track down without nobody else having the same issue. [snip] Are you running dhcp on the wan? What else can you tell us about the install because I didn't see too much of this type of information when I went back through my archives. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail:
Re: [pfSense Support] wrap 85.2
update_file.sh /etc/inc/shaper.inc There was a missing ; On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: Bill Marquette wrote: Now I get this: Parse error: parse error, unexpected T_IF in /etc/inc/shaper.inc on line 129 regards N...don't do that :) I split the shaper code off into another file, you will break if you simply follow this. /etc/rc.conf_mount_rw touch /etc/inc/shaper.inc /etc/rc.conf_mount_ro update_file.sh /etc/inc/shaper.inc update_file.sh /etc/inc/filter.inc --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: update_file.sh /etc/inc/filter.inc On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: Scott Ullrich wrote: Where? So I can fix on my board regards Rodolfo Yep, there was a small typo in filter.inc. It's fixed now. Scott On 9/26/05, Bill Marquette [EMAIL PROTECTED] wrote: Oddly I haven't seen this on my wrap installs :-/ There was a broken commit of /etc/filter.inc that would have exhibited this behavior on a wrap, but that didn't make it into 0.85.2 (just confirmed on one of my installs) Warning: touch(): Unable to create file /filter_dirty makes me think we missed a global $g somewhere. --Bill On 9/26/05, Scott Ullrich [EMAIL PROTECTED] wrote: This is not correct. WRAP's should be running on a memory mounted /tmp/ What does /etc/platform say?If it does not say wrap, pleae change it and reboot. Scott On 9/26/05, Rodolfo Vardelli [EMAIL PROTECTED] wrote: I have just upgrade from 84.6 to 85.2 (on wrap), modifying a firewall rule I got this error Warning: touch(): Unable to create file /filter_dirty because Read-only file system in /etc/inc/filter.inc on line 57 regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
Please gather that John requested and send to the list. Thanks. On 9/26/05, Mojo Jojo [EMAIL PROTECTED] wrote: OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd - Original Message - From: Mojo Jojo [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK fellas, once again you are all very helpful.. Sorry for my rant earlier, I just got the wrong idea I guess... I will take all the questions and suggestions as well as any more you can provide today and take care of all of them later today. Just send me any questions you have about my install and I will dig, dig, dig and get you all I can. I would love to fix this.. Some quick info: WAN = T1 Router (Ascend) static IP LAN = Nothing hooked up here OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk etc.) BRIDGED TO WAN OPT 2 = Unused at the moment Hardware brands and specifics I am not sure of at the moment, I will have to dig a little more. Off the top of my head it looks something like this: AMD 2200+ CPU (Could be way off here, I have to check 512 Mb RAM (Corsair I think) Motherboard (via chipset, I think) WAN NIC (Onboard Yuck, I know) 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember which are assigned to which at the moment. I will get more specifics later. The big thing to remember here is this.. When this happens, the GUI still works, I just can't get to any of the servers behind PfSense.. Restarting PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. What logs should I look at for a clue? I wonder if I should stick a PC on the LAN interface just to see if I can get to it when this happens again. Maybe it's just the bridging from mt WAN to OPT 1 that takes a dump? - Original Message - From: Fleming, John (ZeroChaos) [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 12:55 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) /usr/crash.info ( netstat -in ; echo ) /usr/crash.info ( netstat -m ; echo ) /usr/crash.info ( top ; echo ) /usr/crash.info ( ps -ax ; echo ) /usr/crash.info ( find / -name *.core -print ; echo ) /usr/crash.info ( df -h ; echo ) /usr/crash.info ( ls -l /var/crash/* ; echo ) /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: On 9/25/05, Mojo Jojo [EMAIL PROTECTED] wrote: [snip] I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I do not feel you are bashing pfSense. It's funny because this is going to be difficult to track down without nobody else having the same issue. [snip] Are you running dhcp on the wan? What else can you tell us about the install because I didn't see too much of this type of information when I went back through my archives. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Argg! My PfSense just died!
Just to be clear, if the boxes goes down again run those commands again without rebooting the box. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:35 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! Please gather that John requested and send to the list. Thanks. On 9/26/05, Mojo Jojo [EMAIL PROTECTED] wrote: OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd - Original Message - From: Mojo Jojo [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK fellas, once again you are all very helpful.. Sorry for my rant earlier, I just got the wrong idea I guess... I will take all the questions and suggestions as well as any more you can provide today and take care of all of them later today. Just send me any questions you have about my install and I will dig, dig, dig and get you all I can. I would love to fix this.. Some quick info: WAN = T1 Router (Ascend) static IP LAN = Nothing hooked up here OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk etc.) BRIDGED TO WAN OPT 2 = Unused at the moment Hardware brands and specifics I am not sure of at the moment, I will have to dig a little more. Off the top of my head it looks something like this: AMD 2200+ CPU (Could be way off here, I have to check 512 Mb RAM (Corsair I think) Motherboard (via chipset, I think) WAN NIC (Onboard Yuck, I know) 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember which are assigned to which at the moment. I will get more specifics later. The big thing to remember here is this.. When this happens, the GUI still works, I just can't get to any of the servers behind PfSense.. Restarting PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. What logs should I look at for a clue? I wonder if I should stick a PC on the LAN interface just to see if I can get to it when this happens again. Maybe it's just the bridging from mt WAN to OPT 1 that takes a dump? - Original Message - From: Fleming, John (ZeroChaos) [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 12:55 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) /usr/crash.info ( netstat -in ; echo ) /usr/crash.info ( netstat -m ; echo ) /usr/crash.info ( top ; echo ) /usr/crash.info ( ps -ax ; echo ) /usr/crash.info ( find / -name *.core -print ; echo ) /usr/crash.info ( df -h ; echo ) /usr/crash.info ( ls -l /var/crash/* ; echo ) /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: On 9/25/05, Mojo Jojo [EMAIL PROTECTED] wrote: [snip] I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I do not feel you are bashing pfSense. It's funny because this is going to be difficult to track down without nobody else having the same issue. [snip] Are you running dhcp on the wan? What else can you tell us about the install because I didn't see too much of this type of information when I went back through my archives. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -
RE: [pfSense Support] Argg! My PfSense just died!
Did you send in your config.xml? BTW add this to the list of commands to run (at the top). ( ifconfig -a ; echo ) /usr/crash.info; -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd - Original Message - From: Mojo Jojo [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK fellas, once again you are all very helpful.. Sorry for my rant earlier, I just got the wrong idea I guess... I will take all the questions and suggestions as well as any more you can provide today and take care of all of them later today. Just send me any questions you have about my install and I will dig, dig, dig and get you all I can. I would love to fix this.. Some quick info: WAN = T1 Router (Ascend) static IP LAN = Nothing hooked up here OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk etc.) BRIDGED TO WAN OPT 2 = Unused at the moment Hardware brands and specifics I am not sure of at the moment, I will have to dig a little more. Off the top of my head it looks something like this: AMD 2200+ CPU (Could be way off here, I have to check 512 Mb RAM (Corsair I think) Motherboard (via chipset, I think) WAN NIC (Onboard Yuck, I know) 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember which are assigned to which at the moment. I will get more specifics later. The big thing to remember here is this.. When this happens, the GUI still works, I just can't get to any of the servers behind PfSense.. Restarting PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. What logs should I look at for a clue? I wonder if I should stick a PC on the LAN interface just to see if I can get to it when this happens again. Maybe it's just the bridging from mt WAN to OPT 1 that takes a dump? - Original Message - From: Fleming, John (ZeroChaos) [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 12:55 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) /usr/crash.info ( netstat -in ; echo ) /usr/crash.info ( netstat -m ; echo ) /usr/crash.info ( top ; echo ) /usr/crash.info ( ps -ax ; echo ) /usr/crash.info ( find / -name *.core -print ; echo ) /usr/crash.info ( df -h ; echo ) /usr/crash.info ( ls -l /var/crash/* ; echo ) /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: On 9/25/05, Mojo Jojo [EMAIL PROTECTED] wrote: [snip] I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I do not feel you are bashing pfSense. It's funny because this is going to be difficult to track down without nobody else having the same issue. [snip] Are you running dhcp on the wan? What else can you tell us about the install because I didn't see too much of this type of information when I went back through my archives. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL
Re: [pfSense Support] Argg! My PfSense just died!
I have not received anything. On 9/26/05, Fleming, John (ZeroChaos) [EMAIL PROTECTED] wrote: Did you send in your config.xml? BTW add this to the list of commands to run (at the top). ( ifconfig -a ; echo ) /usr/crash.info; -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd - Original Message - From: Mojo Jojo [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK fellas, once again you are all very helpful.. Sorry for my rant earlier, I just got the wrong idea I guess... I will take all the questions and suggestions as well as any more you can provide today and take care of all of them later today. Just send me any questions you have about my install and I will dig, dig, dig and get you all I can. I would love to fix this.. Some quick info: WAN = T1 Router (Ascend) static IP LAN = Nothing hooked up here OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk etc.) BRIDGED TO WAN OPT 2 = Unused at the moment Hardware brands and specifics I am not sure of at the moment, I will have to dig a little more. Off the top of my head it looks something like this: AMD 2200+ CPU (Could be way off here, I have to check 512 Mb RAM (Corsair I think) Motherboard (via chipset, I think) WAN NIC (Onboard Yuck, I know) 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember which are assigned to which at the moment. I will get more specifics later. The big thing to remember here is this.. When this happens, the GUI still works, I just can't get to any of the servers behind PfSense.. Restarting PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. What logs should I look at for a clue? I wonder if I should stick a PC on the LAN interface just to see if I can get to it when this happens again. Maybe it's just the bridging from mt WAN to OPT 1 that takes a dump? - Original Message - From: Fleming, John (ZeroChaos) [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 12:55 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) /usr/crash.info ( netstat -in ; echo ) /usr/crash.info ( netstat -m ; echo ) /usr/crash.info ( top ; echo ) /usr/crash.info ( ps -ax ; echo ) /usr/crash.info ( find / -name *.core -print ; echo ) /usr/crash.info ( df -h ; echo ) /usr/crash.info ( ls -l /var/crash/* ; echo ) /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: On 9/25/05, Mojo Jojo [EMAIL PROTECTED] wrote: [snip] I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I do not feel you are bashing pfSense. It's funny because this is going to be difficult to track down without nobody else having the same issue. [snip] Are you running dhcp on the wan? What else can you tell us about the install because I didn't see too much of this type of information when I went back through my archives. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Output (mwatt) of a minipci wireless card
I agree with you 100%. If you have sensitive data then yet it should either be going over a wired connection or a secure tunnel/vpn when going over a wireless connection. My point was that adjusting the TX power does serve a purpose though. In many situtation were you want to try to prevent your signal from being broadcast farther than the needed. Not even for any security reasons but to try to prevent APs from causing noise onto each others channel. John -Original Message- From: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 3:50 AM To: support@pfsense.com Subject: RE: [pfSense Support] Output (mwatt) of a minipci wireless card My view is that wireless can be considered in the same way The Net it. Unsafe. Howver generally people on it are uninterested in the data passing across it just because of sheer volume. If you have data that is sensitive or you just don't want people to view it use tunneling, that's what Ipsec and PPTP were invented for. i.e. leave your APs open and tunnel into your own network. My view is that lowering tx and using directional antennas is a courtesy thing. If you spend time thinking about your design you get better performance because you have less noise. Ivan. -Original Message- From: John Cianfarani [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 2:56 AM To: support@pfsense.com Subject: RE: [pfSense Support] Output (mwatt) of a minipci wireless card You'll never be safe from someone who wants to get your signal/data. But for typical laptop w/ integrated wireless reducing the power would help reduce the range. You deal with the 99% and try your best to protect yourself from the 1%. John -Original Message- From: Espen Johansen [mailto:[EMAIL PROTECTED] Sent: Saturday, September 24, 2005 5:57 PM To: support@pfsense.com Subject: Re: [pfSense Support] Output (mwatt) of a minipci wireless card Hi, I'm sorry but you guys need to read up on wireless. 1: Wireless output power has nothing to do with the range. If the receiving end uses a high performance antenna they can both talk and listen to your AP many miles away. 2. High power cards only gives you more noise. Stick to a cm-9 type card with high RX sensitivity. That will give you much better results. You can not restrict the range of wireless buy lowering the output RX power. Radio lan can not be restricted this way. It's a 2way communication, so anyone with a high gain antenna can both talk and listen to a low powered AP. Range for a 100mw card with a 32dbi directional antenna at NLOS is about 120KM so if you guys think that restricting the TX power is going to keep you safe from the next door internet café, then you are very much mistaken. Cheers and good night. -lsf - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
Not yet guys, tryin' to keep up, had a real busy day and night :) I will try to get all this together soon and send it. Just wanted to get you the hardware info while I was in front of it this morning. Todd - Original Message - From: Scott Ullrich [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 11:48 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! I have not received anything. On 9/26/05, Fleming, John (ZeroChaos) [EMAIL PROTECTED] wrote: Did you send in your config.xml? BTW add this to the list of commands to run (at the top). ( ifconfig -a ; echo ) /usr/crash.info; -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd - Original Message - From: Mojo Jojo [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK fellas, once again you are all very helpful.. Sorry for my rant earlier, I just got the wrong idea I guess... I will take all the questions and suggestions as well as any more you can provide today and take care of all of them later today. Just send me any questions you have about my install and I will dig, dig, dig and get you all I can. I would love to fix this.. Some quick info: WAN = T1 Router (Ascend) static IP LAN = Nothing hooked up here OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk etc.) BRIDGED TO WAN OPT 2 = Unused at the moment Hardware brands and specifics I am not sure of at the moment, I will have to dig a little more. Off the top of my head it looks something like this: AMD 2200+ CPU (Could be way off here, I have to check 512 Mb RAM (Corsair I think) Motherboard (via chipset, I think) WAN NIC (Onboard Yuck, I know) 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember which are assigned to which at the moment. I will get more specifics later. The big thing to remember here is this.. When this happens, the GUI still works, I just can't get to any of the servers behind PfSense.. Restarting PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. What logs should I look at for a clue? I wonder if I should stick a PC on the LAN interface just to see if I can get to it when this happens again. Maybe it's just the bridging from mt WAN to OPT 1 that takes a dump? - Original Message - From: Fleming, John (ZeroChaos) [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 26, 2005 12:55 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) /usr/crash.info ( netstat -in ; echo ) /usr/crash.info ( netstat -m ; echo ) /usr/crash.info ( top ; echo ) /usr/crash.info ( ps -ax ; echo ) /usr/crash.info ( find / -name *.core -print ; echo ) /usr/crash.info ( df -h ; echo ) /usr/crash.info ( ls -l /var/crash/* ; echo ) /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: On 9/25/05, Mojo Jojo [EMAIL PROTECTED] wrote: [snip] I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I do not feel you are bashing pfSense. It's funny because this is going to be difficult to track down without nobody else having the same issue. [snip] Are you running dhcp on the wan? What else can you tell us about the install because I didn't see too much of this type of information
[pfSense Support] Pfsense Problems/Issues with WAN
Dear Team, I currently am having miscellaneous issues with your software which did not occur until just recently. I believe my NIC died, and so I lost connection with my ISP via my WAN. I replaced my cable modem since I thought itwas this, which is fine, but I also replaced the NIC, and now it keeps losing the IP address, it'll hold it for a while, but then it loses it. I know its not my cable modem as I have gone back to my old router :( I miss your stellar product more than you'll ever know. I tried this with both 0.70 and 0.84 and the same problems persists, do you have any other suggestions? I'm also gonna try putting the NIC in a different PCI slot. Maybe 0.85.2 will fix this I saw it was on the mirrors. Thanks, Jaimie O'Neill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Interesting failure
This file was introduced after 0.85.2. Are you sure you didn't update filter.inc ? Scott On 9/26/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: I was unable to connect to my pfsense a few minutes ago. Running 0.85.2. The webGUI got a strange error about being unable to create a pipe. I went to the console and it was streaming messages about running out of descriptors (sorry, I can't remember the exact message, but someone else had posted one sometime back - it refers to looking at the tuning(7) page.) Anyway, I rebooted the unit, and could not connect at all. Got messages bitching about shaper.inc and filter.inc. I reinstalled 0.85, rebooted and restored my config and all is well. Anyone seen that? I've attached a screenshot... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Pfsense Problems/Issues with WAN
This was fixed after 0.84. Please upgrade to the latest version. Scott On 9/26/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Dear Team, I currently am having miscellaneous issues with your software which did not occur until just recently. I believe my NIC died, and so I lost connection with my ISP via my WAN. I replaced my cable modem since I thought itwas this, which is fine, but I also replaced the NIC, and now it keeps losing the IP address, it'll hold it for a while, but then it loses it. I know its not my cable modem as I have gone back to my old router :( I miss your stellar product more than you'll ever know. I tried this with both 0.70 and 0.84 and the same problems persists, do you have any other suggestions? I'm also gonna try putting the NIC in a different PCI slot. Maybe 0.85.2 will fix this I saw it was on the mirrors. Thanks, Jaimie O'Neill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Pfsense Problems/Issues with WAN
Awesome man thanks for the update, what is the most recent 0.85.4? -Jaimie Quoting Scott Ullrich [EMAIL PROTECTED]: This was fixed after 0.84. Please upgrade to the latest version. Scott On 9/26/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Dear Team, I currently am having miscellaneous issues with your software which did not occur until just recently. I believe my NIC died, and so I lost connection with my ISP via my WAN. I replaced my cable modem since I thought itwas this, which is fine, but I also replaced the NIC, and now it keeps losing the IP address, it'll hold it for a while, but then it loses it. I know its not my cable modem as I have gone back to my old router :( I miss your stellar product more than you'll ever know. I tried this with both 0.70 and 0.84 and the same problems persists, do you have any other suggestions? I'm also gonna try putting the NIC in a different PCI slot. Maybe 0.85.2 will fix this I saw it was on the mirrors. Thanks, Jaimie O'Neill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Pfsense Problems/Issues with WAN
Yes, thats the current Full Update version. Scott On 9/27/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Awesome man thanks for the update, what is the most recent 0.85.4? -Jaimie Quoting Scott Ullrich [EMAIL PROTECTED]: This was fixed after 0.84. Please upgrade to the latest version. Scott On 9/26/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Dear Team, I currently am having miscellaneous issues with your software which did not occur until just recently. I believe my NIC died, and so I lost connection with my ISP via my WAN. I replaced my cable modem since I thought itwas this, which is fine, but I also replaced the NIC, and now it keeps losing the IP address, it'll hold it for a while, but then it loses it. I know its not my cable modem as I have gone back to my old router :( I miss your stellar product more than you'll ever know. I tried this with both 0.70 and 0.84 and the same problems persists, do you have any other suggestions? I'm also gonna try putting the NIC in a different PCI slot. Maybe 0.85.2 will fix this I saw it was on the mirrors. Thanks, Jaimie O'Neill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]