Hi,
As I mentioned I'm trying to deploy pfsense for colocation
envinronment.
Today I did some performance tests, using main type of the traffic -
HTTP requests - apache benchmark from my laptop to Linux server with
only pfsense firewall in between
firewall is with 2 Gbit nicks and
On Thu, 2005-10-27 at 23:32 -0700, Peter Zaitsev wrote:
Hi,
As I mentioned I'm trying to deploy pfsense for colocation
envinronment.
Small followup,
Even agressive mode does not seems to keep up with traffic well.
In apache benchmark it works with concurrency=1 but fails with 30 for
Hello,
This is a great day!!!
My pfsense has been up for 1 day and 2 minutes with
the dyndns client turned on and... Ewerything is
working!!!
I hope this time the bug is finally killed 4 good!!!
:-) I'm a happy man! THANKS
Damien
--- Damien Dupertuis [EMAIL PROTECTED] a écrit :
Okay,
No progress yet. Guess having a six-week old kid and a big birthday party
didn't help :-)
Anyway, here's a what I want to get ready for 1.1:
- Capability to create virtual interfaces bridged to physical or logical
(e.g. vlan) adapters
Why we'd want to have that:
- Ability to obtain multiple
Hello!
I just got a WRAP 1E-2 Board and trying to get PFSense to run.
Unfortunately the system does not come up: it just panics during startup.
My first thought was that the problem is related to the used CF-Card.
I tried anotherone from a different manufacturer, but it didn't help.
Switching
In reading this thread, it appears that shaping currently DOES_NOT_WORK
when your WAN connection is PPPoE (like mine is with Verizon).
Is that correct?
I am just curious because I swear I've seen traffic routed to different
queues based on the shaper. I'd also swear my VoIP traffic has been
Well... I might talked too fast...
The box is now up for 1 day and 4 hours...
Everything is working fine... exept the fact that my
public ip changed like 3 hours ago...and the dyndns
client has not performed an update...yet?
--- Damien Dupertuis [EMAIL PROTECTED] a écrit :
Hello,
This
You really should wait and perform these tests on the released version
of freebsd which will be in the next day or so. There where a great
number of fixes that when in and we have not released a new image in
about a week which makes for a quite old version of FreeBSD.
On 10/28/05, Peter Zaitsev
All these issues have been fixed. Please wait until the next version.
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
Hi,
I've recently tried number of variants of setting pfsense in Bridging
mode of my small subnet and I guess here is the state of things as it is
now.
Scott was going
Netgraph was not supported until a recent commit in FreeBSD. You may
have seen the queueing in action from the LAN interface.
Scott
On 10/28/05, Brian [EMAIL PROTECTED] wrote:
In reading this thread, it appears that shaping currently DOES_NOT_WORK
when your WAN connection is PPPoE (like mine
Show us the system logs that mention DynDns.
Scott
On 10/28/05, Damien Dupertuis [EMAIL PROTECTED] wrote:
Well... I might talked too fast...
The box is now up for 1 day and 4 hours...
Everything is working fine... exept the fact that my
public ip changed like 3 hours ago...and the dyndns
I'll have new images posted real soon on the FreeBSD-6 release
version. I'm hoping to see the released version sometime today or
tomorrow.
Scott
On 10/28/05, Sönke Schau [EMAIL PROTECTED] wrote:
Hello!
I just got a WRAP 1E-2 Board and trying to get PFSense to run.
Unfortunately the system
On 10/28/05, Scott Ullrich [EMAIL PROTECTED] wrote:
Thanks for your help and any other tips on what I should be looking out for
in order not to make my life miserable :-)
No, thank you for doing all the leg work on this. This is quite
interesting and if we can make it work then it
On 10/28/05, Bill Marquette [EMAIL PROTECTED] wrote:
We can relatively easily tie this into the Virtual IP screen. A new
type 'logical' and allow the IP to be either static or DHCP. I think
we need to do some reworking on how NAT happens to make this fully
doable (as you've already noticed),
Hi,
The same at me. The system now works fine now , except the the dns update. It
doesn't make it, only when rebooting.
Best regards
Imre
On Fri, 28 Oct 2005 16:56:03 +0200 (CEST)
Damien Dupertuis [EMAIL PROTECTED] wrote:
Well... I might talked too fast...
The box is now up for 1 day and
On Fri, 2005-10-28 at 12:11 -0400, Scott Ullrich wrote:
All these issues have been fixed. Please wait until the next version.
Sure. I'm checking mirrors and your home directory every day for new
stuff to try :)
So what is going to be official way for bridging mode ? Is it no IP for
LAN or
I need to see portions of your system logs that include DynDns right
after dhclient.
Scott
On 10/28/05, Ispánovits Imre [EMAIL PROTECTED] wrote:
Hi,
The same at me. The system now works fine now , except the the dns update. It
doesn't make it, only when rebooting.
Best regards
Imre
I think it will work better with a dummy ip. But it will work
without a ip as well now.
Scott
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Fri, 2005-10-28 at 12:11 -0400, Scott Ullrich wrote:
All these issues have been fixed. Please wait until the next version.
Sure. I'm
On Fri, 2005-10-28 at 13:05 -0400, Scott Ullrich wrote:
I think it will work better with a dummy ip. But it will work
without a ip as well now.
Hm. Dummy IP looks like ugliest and the most unintuitive solution.
Also as I noted it results in few options breaking - anti lockout and
stuff.
If
On Fri, 28 Oct 2005 13:04:16 -0400
Scott Ullrich [EMAIL PROTECTED] wrote:
I need to see portions of your system logs that include DynDns right
after dhclient.
Scott
I downloaded the whole /var/log/system.log. Please find attached.
The only case it appears, when the job run from cron at
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Fri, 2005-10-28 at 13:05 -0400, Scott Ullrich wrote:
I think it will work better with a dummy ip. But it will work
without a ip as well now.
Hm. Dummy IP looks like ugliest and the most unintuitive solution.
Also as I noted it
On Fri, 2005-10-28 at 13:42 -0400, Scott Ullrich wrote:
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
On Fri, 2005-10-28 at 13:05 -0400, Scott Ullrich wrote:
I think it will work better with a dummy ip. But it will work
without a ip as well now.
Hm. Dummy IP looks like ugliest
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
But the rule will will not be functional with fake IP address - it
typically does not make sense as there are no from/to ips in the
network - fake is not really used anywhere. So why to keep them with
fake IP wasting resources instead of
At 03:17 PM 10/28/2005, you wrote:
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
But the rule will will not be functional with fake IP address - it
typically does not make sense as there are no from/to ips in the
network - fake is not really used anywhere. So why to keep them with
That is correct as of the recent version that doesn't install
anti-spoof, anti-lockout rules, etc for the lan subnet.
Scott
On 10/28/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
At 03:17 PM 10/28/2005, you wrote:
On 10/28/05, Peter Zaitsev [EMAIL PROTECTED] wrote:
But the rule will will
At 03:22 PM 10/28/2005, you wrote:
That is correct as of the recent version that doesn't install
anti-spoof, anti-lockout rules, etc for the lan subnet.
Hmmm, actually, I don't know if it makes a difference, but my
experience was with an OPT interface being bridged to the WAN, not
the LAN.
On 10/28/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
At 03:22 PM 10/28/2005, you wrote:
Hmmm, actually, I don't know if it makes a difference, but my
experience was with an OPT interface being bridged to the WAN, not
the LAN. Does that matter? It works, but...
In m0n0wall you cannot
At 03:27 PM 10/28/2005, you wrote:
On 10/28/05, Dan Swartzendruber [EMAIL PROTECTED] wrote:
At 03:22 PM 10/28/2005, you wrote:
Hmmm, actually, I don't know if it makes a difference, but my
experience was with an OPT interface being bridged to the WAN, not
the LAN. Does that matter? It
On 10/28/05, Scott Ullrich [EMAIL PROTECTED] wrote:
In m0n0wall you cannot bridge to LAN at all. The reason that these
problems surfaced was due to this fact.
Actually i'm using that for my Wireless lan. It does work. Also in PFSense.
--
Jeroen
I have an old Compaq AP200 (500mhz, maybe 512mb RAM). I think this
would be sufficient for the firewall.
I admit to some ignorance here.
In the past, I had this old Dell that was 400mhz. Network throughput
was slower (FreeBSD-4.x). When I put it onto a 2.8ghz box, I noticed a
huge
I have some long blacklists that I maintain. Some of them are populated
with botnet /24's.
I presume PFSense has the ability to maintain custom tables/rules. It
would be nice to visualize them as well (via the web), perhaps allowing
editing that way as an option.
From the shell, I'd like
We have aliases which you can populate from the web interface but
there is no automated method.
Scott
On 10/28/05, Forrest Aldrich [EMAIL PROTECTED] wrote:
I have some long blacklists that I maintain. Some of them are populated
with botnet /24's.
I presume PFSense has the ability to
Might there be a creative way to do this... perhaps via a php/xml
process. As an "idea" for future consideration. To
interface/interact with PF Tables... I'm sure someone must have a PHP
class that knows PF out there. I can do some hunting.
Thank you.
Scott Ullrich wrote:
We have
Sure there is a way via php. You could do something like:
require_once(config.inc);
$alias = array();
$alias['name'] = My new alias;
$alias['descr'] = My known spammer blocks;
$alias['address'] = 10.0.0.0/24 10.0.0.1/24 10.0.0.2/24 10.0.0.3/24;
write_config();
This may be a good idea down the
One thing I missed, sorry about that!:
require_once(config.inc);
$alias = array();
$alias['name'] = My new alias;
$alias['descr'] = My known spammer blocks;
$alias['address'] = 10.0.0.0/24 10.0.0.1/24 10.0.0.2/24 10.0.0.3/24;
$a_aliases[] =$alias;
write_config();
On 10/28/05, Scott Ullrich
Can this also read the list from a file?
Scott Ullrich wrote:
One thing I missed, sorry about that!:
require_once("config.inc");
$alias = array();
$alias['name'] = "My new alias";
$alias['descr'] = "My known spammer blocks";
$alias['address'] = "10.0.0.0/24 10.0.0.1/24 10.0.0.2/24
On 10/28/05, Forrest Aldrich [EMAIL PROTECTED] wrote:
My big-spammer-abuser-list is a couple thousand entries I dunno if
this would work very well.
I think it might be better to interface directly, somehow, with the PF
Tables options?
Not very easy. You need to interface with pfSense
My apologies, this appears to be related to the topic Traffic Shaping,
killing my DSL link speed to less than 100k
My 3000/500 line is running 200/20 with my traffic shaping rules enabled (!)
I will turn it off, go back and read that thread in detail.
At 04:33 PM 10/28/2005, Bill Plein
On 10/28/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
My apologies, this appears to be related to the topic Traffic Shaping,
killing my DSL link speed to less than 100k
My 3000/500 line is running 200/20 with my traffic shaping rules enabled (!)
I will turn it off, go back and read that
Oops sorry about that. ;-)
I was using Intel 10/100 cards (dual port). I also had Kensingtons.
It could also be due to other factors, such as my running FreeBSD's
natd. But, I did notice that SMB file browsing was much more fast
when I updated to the new machine.
My net connection is cable
On 10/28/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
At 05:39 PM 10/28/2005, Bill Marquette wrote:
On 10/28/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
My apologies, this appears to be related to the topic Traffic Shaping,
killing my DSL link speed to less than 100k
My 3000/500
In fact, I wonder if this old AP200 (Compaq) will boot of a CD!I'll
find out tomorrow! ;-)
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
42 matches
Mail list logo