[pfSense Support] Inaccuracy of memory reporting in WebGUI
Just logged into my pfsense and was surprised to see memory usage of 82% (given that I'm not doing much right now.) Ran top and saw this: Mem: 56M Active, 102M Inact, 42M Wired, 20K Cache, 34M Buf, 42M Free Swap: 512M Total, 512M Free Not sure how the memory usage is derived, but on a BSD machine, it really isn't accurate to use buffer or inactive memory... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] suggestion for LAN rule menu
allowable protocol can be tcp/udp, and it add separate rules for tcp and udp. cool. unfortunately, you then have to add one manually for icmp assuming one wants to be able to ping outside hosts. how about tcp/udp/icmp also/instead? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 256MB Wrap Image?
Hmmm, maybe I'm missing something here. What's wrong with the 128M image? It fits on my 256M flashes w/out problems. And seeing as the WRAPs no longer support packages it's kind of pointless to add more space to them (I think - but then I'm obviously missing something :)) --Bill On 10/7/05, Michiel de Jager [EMAIL PROTECTED] wrote: Maybe someone cal mail it also to me :-) Same situation here. Michiel On Thu, 2005-10-06 at 23:02 -0400, Eric M. Faden wrote: Does anyone have a 256MB wrap image they can email me? or that I can download from somewhere? I don't actually have a FreeBSD box handy to resize the image. -Eric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] suggestion for LAN rule menu
On 10/7/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: allowable protocol can be tcp/udp, and it add separate rules for tcp and udp.cool.unfortunately, you then have to add one manually for icmpassuming one wants to be able to ping outside hosts.how about tcp/udp/icmp also/instead? tcp and udp require ports (or any) and icmp requires no ports, so any would have to be the setting.I can see more problems than benefits from that.--Bill PS. we actually only add one rule if you choose tcp/udp - pf does the heavy lifting of making that two rules (which is why 'keep state' is the only state option you can choose for tcp/udp).
Re: [pfSense Support] suggestion for LAN rule menu
At 10:49 AM 10/7/2005, you wrote: On 10/7/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: allowable protocol can be tcp/udp, and it add separate rules for tcp and udp. cool. unfortunately, you then have to add one manually for icmp assuming one wants to be able to ping outside hosts. how about tcp/udp/icmp also/instead? tcp and udp require ports (or any) and icmp requires no ports, so any would have to be the setting. I can see more problems than benefits from that. good point. --Bill PS. we actually only add one rule if you choose tcp/udp - pf does the heavy lifting of making that two rules (which is why 'keep state' is the only state option you can choose for tcp/udp). ah, okay. didn't know that. p.s. the reason i bumped into this was looking at my ntop data, i noticed a small amount of non-IP data going out the WAN port. no idea what - i have a windows box (XP) but it should be doing NETBIOS over TCP (or whatever the option is), so I thought i'd get rid of that.
Re: [pfSense Support] 256MB Wrap Image?
Just extra log space. -Eric On Fri, 7 Oct 2005 09:46:03 -0500 Bill Marquette [EMAIL PROTECTED] wrote: Hmmm, maybe I'm missing something here. What's wrong with the 128M image? It fits on my 256M flashes w/out problems. And seeing as the WRAPs no longer support packages it's kind of pointless to add more space to them (I think - but then I'm obviously missing something :)) --Bill On 10/7/05, Michiel de Jager [EMAIL PROTECTED] wrote: Maybe someone cal mail it also to me :-) Same situation here. Michiel On Thu, 2005-10-06 at 23:02 -0400, Eric M. Faden wrote: Does anyone have a 256MB wrap image they can email me? or that I can download from somewhere? I don't actually have a FreeBSD box handy to resize the image. -Eric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 256MB Wrap Image?
Logs are handled in a memory disk. As Bill stated, there is no real reason to expand the image other than wanting to feel warm and fuzzy. Scott On 10/7/05, Eric M. Faden [EMAIL PROTECTED] wrote: Just extra log space. -Eric On Fri, 7 Oct 2005 09:46:03 -0500 Bill Marquette [EMAIL PROTECTED] wrote: Hmmm, maybe I'm missing something here. What's wrong with the 128M image? It fits on my 256M flashes w/out problems. And seeing as the WRAPs no longer support packages it's kind of pointless to add more space to them (I think - but then I'm obviously missing something :)) --Bill On 10/7/05, Michiel de Jager [EMAIL PROTECTED] wrote: Maybe someone cal mail it also to me :-) Same situation here. Michiel On Thu, 2005-10-06 at 23:02 -0400, Eric M. Faden wrote: Does anyone have a 256MB wrap image they can email me? or that I can download from somewhere? I don't actually have a FreeBSD box handy to resize the image. -Eric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] suggestion for LAN rule menu
On 10/7/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: p.s. the reason i bumped into this was looking at my ntop data, i noticed a small amount of non-IP data going out the WAN port. no idea what - i have a windows box (XP) but it should be doing NETBIOS over TCP (or whatever the option is), so I thought i'd get rid of that. Hmmm, interesting. For the default rule, we allow any protocol out. I'm a little surprised to hear non-IP data though as all that should be going out is IP data. Does ntop give you any indication of what the non-IP data is? I'll try a tcpdump on my home boxen and see if we're sending something we shouldn't be. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] suggestion for LAN rule menu
Are you bridging any interfaces with the wan interface? -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:29 AM To: support@pfsense.com Subject: Re: [pfSense Support] suggestion for LAN rule menu On 10/7/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: p.s. the reason i bumped into this was looking at my ntop data, i noticed a small amount of non-IP data going out the WAN port. no idea what - i have a windows box (XP) but it should be doing NETBIOS over TCP (or whatever the option is), so I thought i'd get rid of that. Hmmm, interesting. For the default rule, we allow any protocol out. I'm a little surprised to hear non-IP data though as all that should be going out is IP data. Does ntop give you any indication of what the non-IP data is? I'll try a tcpdump on my home boxen and see if we're sending something we shouldn't be. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] suggestion for LAN rule menu
At 12:41 PM 10/7/2005, you wrote: Are you bridging any interfaces with the wan interface? nope. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:29 AM To: support@pfsense.com Subject: Re: [pfSense Support] suggestion for LAN rule menu On 10/7/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: p.s. the reason i bumped into this was looking at my ntop data, i noticed a small amount of non-IP data going out the WAN port. no idea what - i have a windows box (XP) but it should be doing NETBIOS over TCP (or whatever the option is), so I thought i'd get rid of that. Hmmm, interesting. For the default rule, we allow any protocol out. I'm a little surprised to hear non-IP data though as all that should be going out is IP data. Does ntop give you any indication of what the non-IP data is? I'll try a tcpdump on my home boxen and see if we're sending something we shouldn't be. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Inaccuracy of memory reporting in WebGUI
This code is leftover from m0n0wall. Not sure if its accurate since we now factor swap into the equation. At any rate, here is the code in question: exec(/sbin/sysctl -n vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count . vm.stats.vm.v_wire_count vm.stats.vm.v_cache_count vm.stats.vm.v_free_count, $memory); $totalMem = $memory[0] + $memory[1] + $memory[2] + $memory[3] + $memory[4]; $freeMem = $memory[4]; $usedMem = $totalMem - $freeMem; $memUsage = round(($usedMem * 100) / $totalMem, 0); return $memUsage; If someone wants to perfect it, please do and I'll commit. Scott On 10/7/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: Just logged into my pfsense and was surprised to see memory usage of 82% (given that I'm not doing much right now.) Ran top and saw this: Mem: 56M Active, 102M Inact, 42M Wired, 20K Cache, 34M Buf, 42M Free Swap: 512M Total, 512M Free Not sure how the memory usage is derived, but on a BSD machine, it really isn't accurate to use buffer or inactive memory... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Inaccuracy of memory reporting in WebGUI
At 12:57 PM 10/7/2005, you wrote: This code is leftover from m0n0wall. Not sure if its accurate since we now factor swap into the equation. At any rate, here is the code in question: exec(/sbin/sysctl -n vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count . vm.stats.vm.v_wire_count vm.stats.vm.v_cache_count vm.stats.vm.v_free_count, $memory); $totalMem = $memory[0] + $memory[1] + $memory[2] + $memory[3] + $memory[4]; $freeMem = $memory[4]; $usedMem = $totalMem - $freeMem; $memUsage = round(($usedMem * 100) / $totalMem, 0); return $memUsage; If someone wants to perfect it, please do and I'll commit. thanks. i'll take a look... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Inaccuracy of memory reporting in WebGUI
/usr/local/www/includes/functions.inc.php On 10/7/05, Dan Swartzendruber [EMAIL PROTECTED] wrote: At 12:57 PM 10/7/2005, you wrote: This code is leftover from m0n0wall. Not sure if its accurate since we now factor swap into the equation. At any rate, here is the code in question: exec(/sbin/sysctl -n vm.stats.vm.v_active_count vm.stats.vm.v_inactive_count . vm.stats.vm.v_wire_count vm.stats.vm.v_cache_count vm.stats.vm.v_free_count, $memory); $totalMem = $memory[0] + $memory[1] + $memory[2] + $memory[3] + $memory[4]; $freeMem = $memory[4]; $usedMem = $totalMem - $freeMem; $memUsage = round(($usedMem * 100) / $totalMem, 0); return $memUsage; If someone wants to perfect it, please do and I'll commit. what file is this in? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] suggestion for LAN rule menu
Dan Swartzendruber wrote: I'm not sure what the data is. I was monitoring WAN with ntop, and I assumed it was my windows XP box. Maybe not? I don't see where ntop calls out what the data was. Here's the screenshot: much/most of it appears to be ARP traffic. i guess it's harmless to block it? dunno what the rest of it is... It's all ARP, which isn't touched by any firewall rules (though won't leave the local network, this is layer 2, only way it'll get passed is if you bridge interfaces). If it's legit, it gets answered. If not, it's ignored. Nothing to worry about. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] bochs + pfsense.
Title: bochs + pfsense. So how is everyone doing testing with bochs? If anyone is using virtual network interfaces could they please send me the bochs network config? Thanks!
RE: [pfSense Support] Dyndns and PPPoE version2
Hi again, trying to isolate the problem I reproduced again the problem. And the problem is with the DynDNS client. I did this, configured the pppoe and works, and then rebooted twice and continue working. And the problem arise when I configure the DynDNS, with any of the providers (DynDNS / no-ip). If you reboot the pf, it wont work. I disable the DynDNS client and returns to work everyting. Hope it helps to find the problem. Gabriel -Original Message- From: Gabriel O. Zabal [mailto:[EMAIL PROTECTED] Sent: Jueves, 06 de Octubre de 2005 01:03 p.m. To: support@pfsense.com Subject: RE: [pfSense Support] Dyndns and PPPoE version2 Hi to all, I'm also experienced this problem with a fresh install of 0.86. WAN is pope client, and also using DynDNS (no-IP). But I think that the problem is not on the DynDns but on the pppoe client. I Have some additional information: This works fine the first time, then you reboot and it connects the pppoe but you can't pass trough the pfsense. I reproduced the problem reconfiguring from scrath, and indeed it happens. I hope to contribute to solve with this info Thanks for pf Gabriel -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Miércoles, 05 de Octubre de 2005 07:31 p.m. To: support@pfsense.com Subject: Re: [pfSense Support] Dyndns and PPPoE version2 Indeed, this does not sound like a DynDNS bug at this point. What happens if you click renew in the interfaces status screen? Scott On 10/5/05, Erik Kristensen [EMAIL PROTECTED] wrote: Ok, then based on you now using ez-ipupdate, it is not DynDNS that is causing the problem. There is something else wrong and we are going to have to figure it out. -Erik -- Original Message --- From: Damien Dupertuis [EMAIL PROTECTED] To: support@pfsense.com Sent: Thu, 6 Oct 2005 00:09:31 +0200 (CEST) Subject: Re: [pfSense Support] Dyndns and PPPoE version2 Yes, I've done a fresh 0.86 install and followed all scotts instructions... --- Erik Kristensen [EMAIL PROTECTED] a écrit : If I recall you switched to ez-ipupdate correct? Per Scotts instructions? -Erik -- Original Message --- From: Damien Dupertuis [EMAIL PROTECTED] To: Support PfSense support@pfsense.com Sent: Thu, 6 Oct 2005 00:05:29 +0200 (CEST) Subject: [pfSense Support] Dyndns and PPPoE version2 Hello, One day passed and the bug is here again... here are my screenshots: http://rapidshare.de/files/5923217/Wan_Bug_from_fresh_86.rar.html both before and after the bug... If you want something else... just ask!!! regards. Damien ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- End of Original Message --- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- End of Original Message --- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Este correo electrónico puede contener información estrictamente confidencial y es de uso exclusivo del destinatario, quedando prohibida a cualquier otra persona su revelación, copia, distribución, o el ejercicio de cualquier acción relativa a su contenido. Si ha recibido este correo electrónico por error, por favor conteste al remitente, y posteriormente proceda a borrarlo de su sistema. Gracias por su colaboración. This email is intended for the addressee only. Internet communications are not
RE: [pfSense Support] 256MB Wrap Image?
Does that mean we won't be able to add anything at all other than the base pfsense? Is it possible to try to build stuff ourself for this? I was hoping to try to build some nagios agent stuff when my wrap comes in a couple days. John -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 10:46 AM To: support@pfsense.com Subject: Re: [pfSense Support] 256MB Wrap Image? Hmmm, maybe I'm missing something here. What's wrong with the 128M image? It fits on my 256M flashes w/out problems. And seeing as the WRAPs no longer support packages it's kind of pointless to add more space to them (I think - but then I'm obviously missing something :)) --Bill On 10/7/05, Michiel de Jager [EMAIL PROTECTED] wrote: Maybe someone cal mail it also to me :-) Same situation here. Michiel On Thu, 2005-10-06 at 23:02 -0400, Eric M. Faden wrote: Does anyone have a 256MB wrap image they can email me? or that I can download from somewhere? I don't actually have a FreeBSD box handy to resize the image. -Eric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 256MB Wrap Image?
John Cianfarani wrote: Does that mean we won't be able to add anything at all other than the base pfsense? Is it possible to try to build stuff ourself for this? the system runs with a read-only file system, but there is a script in /etc/ to mount rw. `ls /etc/|grep rw` to find it, I forget the name offhand. You should be able to mount rw, make your changes, and mount ro again (another script in /etc/ to do that). assuming your additions don't need to write to the filesystem, of course. You don't want anything on a CF that needs a writable file system, since you'll kill a CF after ~300,000-500,000 writes. If it needs to write to some filesystem, you'll want to mount a ramdisk of some sort, or use what's there already. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]