[pfSense] interrupt storm on unused nic
Hi, I have a problem with a Soekris Net5501 with pfsense 2.0. This message is spammed every 2-3 seconds in the syslog: kernel: interrupt storm detected on irq12:; throttling interrupt source If I do a vmstat -i in the command promt I find this: irq12: vr3 The vr3 nic is not in use, I only use vr0 and vr1. This problem seems to put heavy load on the Soekris box which is causing unstable wan/lan connection. I tried to enable/disable vr3 nic in the pfsense interfaces tab but that does not help. Is it possible to disable this nic at a deeper level or any other suggestions to fix this? Thanks in advance. Stale J. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense on sun v100 server
Op 11-05-12 19:37, Michael Schuh schreef: 2012/5/11 Scott Ullrich sullr...@gmail.com mailto:sullr...@gmail.com On Thu, May 10, 2012 at 9:16 PM, Michael Schuh michael.sc...@gmail.com mailto:michael.sc...@gmail.com wrote: Hi@list i am not sure if somebody else mentioned that before: ...may be a different approach to get pfsense running on UltraSparc: get the developer version/sources, put it on a FreeBSD 8.x ( iirc 8.2) and try to cross-compile the entire architectire to UltraSparc. At the best point you have a Ulstrasparc running with FreeBSD, where you can put the sources on it, so no need to cross-compile. The SunFire V100 Hardware is fully supported according to the HW-Notes of FreeBSD8.2. I am just not really sure what packages/functionality isn't supported on Ultrasparc in compare to i386/amd64. So that would be my first try, i think thats the easiest way While I applaud everyone for trying to go this route I have some experiences I would like to share. Building pfSense and all of it's dependencies on a slower speed box will take a long time. For example when I was working on the MIPS port that we never where able to complete came down to time. Building ports and the base system on a 150 mhz box is SOW! You will kick off a build and come back 10 hours later to see silly platform specific C bugs that you will have to tackle in many cases. It's not necessarily FreeBSD's fault but our 'additional patches' that we maintain to keep pfSense as awesome as it is now. I really don't want to discourage anyone from helping us port to different platforms but I wanted to try and convey how much time is involved in such a endeavor. Just make sure you know what you are getting into. Will be happy to answer any questions if you are serious about this platform but if I where in your shoes I would install OpenBSD 5.1 on the 100 and use it and consider getting an alix or soekris down the road to run pfSense. It will ultimately save you a lot of time and money from a power usage perspective. Scott ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi Scott, Hi@ List, LAMO - SCNR :8~) The Question was: ...is it possible not: ... makes that sense ... ... is that a good idea ... Yes i agree with that, totally. I think it makes not much sense to dig out the old Ultra10 HW and try to build and put pfSense on it. Just if he likes to get pfSense running on his V100, i think we should at least pointout that way. ( even if that way looks masochistic :8~) ) Of course (cross) building an entire operating system and some specially designed software needs to have an experienced person in font of the console. Just saying. :8~) @Hugo: is your time that worth? what do you gain by thus? how many money can you make in the same amount of time? how many money (time) do you loose if you go the scetched way? right question. yep. i think too. so only for completeness or the real hard bones :8~). i can spend a complete Ultra10, i think 400MHZ and 256/512MB Memory and still the original sawgate harddisk running on FreeBSD, i guess 7 or so no Keyboard/monitor/mice.the receiver has to pay the transport/shipping. :-) ( is it worth so much? lol ) i can put another 10 Gig IBM DNAS SCSI-Drive into it/on top NO WARRANTIES - LMAO greetings m. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list @Michael: Your logical thinking makes sense, when one thinks in terms of money, it for sure will not pay off. On the otherhand, i would like to acquire some experience with this stuff. Making expenses right now does not fit in my budget. If i read how most of you on this site are acquinted with IT-items like this, then i feel VERY small compared to you. Why i wanna do this... I attend -through evening school- IT-course, my fourth year (i am 51yrs), and next year hopefully will complete the whole course. Next year -the last module- i have to make a project, for which i choose to make a 'complete' homenetwork, with our own domain internal and external, home automation(which i would like to program on my own included the hardware), but most of all importance is a good safetiness and security. That is the main reason for why i wanna try it in this way. Thx to all who already and still will (hopefully) respond
Re: [pfSense] Error powerd: lookup freq: No such file or directory
2012/5/12 bsd b...@todoo.biz Le 11 mai 2012 à 19:49, Michael Schuh a écrit : 2012/5/11 bsd b...@todoo.biz Hi, I am trying to have PowerD tuned correctly with a Lanner device that I am resaling. By default sysctl dev.cpu gives the following : # sysctl dev.cpu dev.cpu.0.%desc: ACPI CPU dev.cpu.0.%driver: cpu dev.cpu.0.%location: handle=\_PR_.P001 dev.cpu.0.%pnpinfo: _HID=none _UID=0 dev.cpu.0.%parent: acpi0 dev.cpu.0.cx_supported: C1/0 dev.cpu.0.cx_lowest: C1 dev.cpu.0.cx_usage: 100.00% last 5000us dev.cpu.1.%desc: ACPI CPU dev.cpu.1.%driver: cpu dev.cpu.1.%location: handle=\_PR_.P002 dev.cpu.1.%pnpinfo: _HID=none _UID=0 dev.cpu.1.%parent: acpi0 dev.cpu.1.cx_supported: C1/0 dev.cpu.1.cx_lowest: C1 dev.cpu.1.cx_usage: 100.00% last 5000us I need to load the cpufreq using kldload to have It taken into account in the kernel : # kldload cpufreq # sysctl dev.cpu dev.cpu.0.%desc: ACPI CPU dev.cpu.0.%driver: cpu dev.cpu.0.%location: handle=\_PR_.P001 dev.cpu.0.%pnpinfo: _HID=none _UID=0 dev.cpu.0.%parent: acpi0 dev.cpu.0.cx_supported: C1/0 dev.cpu.0.cx_lowest: C1 dev.cpu.0.cx_usage: 100.00% last 5000us dev.cpu.0.freq: 1658 dev.cpu.0.freq_levels: 1658/-1 1450/-1 1243/-1 1036/-1 829/-1 621/-1 414/-1 207/ -1 dev.cpu.1.%desc: ACPI CPU dev.cpu.1.%driver: cpu dev.cpu.1.%location: handle=\_PR_.P002 dev.cpu.1.%pnpinfo: _HID=none _UID=0 dev.cpu.1.%parent: acpi0 dev.cpu.1.cx_supported: C1/0 dev.cpu.1.cx_lowest: C1 dev.cpu.1.cx_usage: 100.00% last 5000us How can I had this so that the loadable module cpufreq will be taken into account at boot time ? And PowerD will be optimized for my platform. Thanks. –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi, the clean way http://doc.pfsense.org/index.php/Executing_commands_at_boot_time hth greetings m. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list After more investigation, I would rather suggest using /boot/loader.conf.local and add the following : cpufreq_load=YES You also need to add : kern.timecounter.hardwarei8254 in System: Advanced: System Tunables and then start/activate PowerD + reboot Then your device should be ready to limit it's power consumption and save the planet ;D –– - Grégory Bernard Director - --- www.osnet.eu --- -- Your provider of OpenSource appliances -- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list then make a note that this may gets overwritten by updates of the pfSense Firmware. ;-) -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] NFS through pfSense
2012/5/12 Ugo Bellavance u...@lubik.ca On 2012-05-11 16:14, Michael Schuh wrote: 2012/5/11 Ian Levesque i...@crystal.harvard.edu mailto:ian@crystal.harvard.**edu i...@crystal.harvard.edu On May 11, 2012, at 2:52 PM, Ugo Bellavance wrote: I'd need to have an NFS client access an NFS server. Both are on a different network segment, so I need to have the traffic go through the pfSense firewall. Does anyone has the list of ports that must be allowed for NFSv3? If your client is on the LAN and the server the WAN, you should be fine with the built-in state management. If the NFSv3 server is behind a firewall, good luck... :) (basically, you'd need to configure your server to use static ports, which may not be possible with your NAS). My client is in LAN and the server is on OPT1 (another internal network). I could do that with my current CheckPoint FW-1, but I needed to allow all ports. Ian pointed it already outmuch fun... if: all the clients need the NFS access, they should be in that subnet or the server should be in the subnet of the clients. then: find a solution to get the data shared between the clients and the secured service ( what was the reason why that NFS-Server stands in an DMZ ? ) without to open the doors for the entire network. Think about your conceptual design. :-) endif: if: only specific Clients need access then: Allow the traffic from specific ( if not all clients need access) lan-clients to the NFS-Server. Secure up your server, make usage of the local files /etc/hosts.allow, /etc/hosts.deny, cut of (deinstall them completely) all other services, accept only DSA/RSA-Key authentication on SSHv2 and only v2. a word in the documentation : WHY you made that this way. - would be a good idea. Try to keep other Services far from that box. endif: greetings m. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 2 LANs and time based limits
Hi, From: Adam Thompson athom...@athompso.net Sent: Sat May 12 07:36:48 NCT 2012 To: 'jerome alet' jerome.a...@univ-nc.nc Subject: RE: [pfSense] 2 LANs and time based limits I understand (thanks to your explanations) but what I was thinking was not playing with the WAN side of the pipe which is shared, but with the interfaces between pfSense and the two sets of clients, which are not ADSL but traditional Ethernet links. That had not occurred to me. I believe, although I hope someone more expert will confirm or deny this, that inbound and outbound QoS should be applied on the same interface, and since you *will* want to apply outbound limits... However, that's an interesting idea and I don't know right now if your idea is a better way to do it. I've done some testing and it seems to work as expected. I've created two limiters, DownloadOPT1 set to 10 Mbits/s and UploadOPT1 set to 2 Mbits/s, then I've defined a PASS firewall rule on the OPT1 interface, with a 7 a.m. to 6 p.m. from Monday to Friday schedule, and the UploadOPT1 limiter assigned to the IN direction, and DownloadOPT1 limiter assigned to the OUT direction (my naming is backwards I think but the OUT direction is what comes from my WAN interface to my OPT1 interface, i.e. datas downloaded by our students). I've not yet modified anything for the other interface, but I don't think anything is necessary since only OPT1 will have limiters, the other one should be able to consume all the remaining bandwidth, and more if needed (classrooms have priority... of course) I think this will be perfect for our needs. bye, and thanks all for your help Jerome Alet ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense on sun v100 server
Op 12-05-12 20:19, Michael Schuh schreef: 2012/5/12 Hugo Heykers hugo.heyk...@telenet.be mailto:hugo.heyk...@telenet.be Op 11-05-12 19:37, Michael Schuh schreef: 2012/5/11 Scott Ullrich sullr...@gmail.com mailto:sullr...@gmail.com On Thu, May 10, 2012 at 9:16 PM, Michael Schuh michael.sc...@gmail.com mailto:michael.sc...@gmail.com wrote: Hi@list i am not sure if somebody else mentioned that before: ...may be a different approach to get pfsense running on UltraSparc: get the developer version/sources, put it on a FreeBSD 8.x ( iirc 8.2) and try to cross-compile the entire architectire to UltraSparc. At the best point you have a Ulstrasparc running with FreeBSD, where you can put the sources on it, so no need to cross-compile. The SunFire V100 Hardware is fully supported according to the HW-Notes of FreeBSD8.2. I am just not really sure what packages/functionality isn't supported on Ultrasparc in compare to i386/amd64. So that would be my first try, i think thats the easiest way While I applaud everyone for trying to go this route I have some experiences I would like to share. Building pfSense and all of it's dependencies on a slower speed box will take a long time. For example when I was working on the MIPS port that we never where able to complete came down to time. Building ports and the base system on a 150 mhz box is SOW! You will kick off a build and come back 10 hours later to see silly platform specific C bugs that you will have to tackle in many cases. It's not necessarily FreeBSD's fault but our 'additional patches' that we maintain to keep pfSense as awesome as it is now. I really don't want to discourage anyone from helping us port to different platforms but I wanted to try and convey how much time is involved in such a endeavor. Just make sure you know what you are getting into. Will be happy to answer any questions if you are serious about this platform but if I where in your shoes I would install OpenBSD 5.1 on the 100 and use it and consider getting an alix or soekris down the road to run pfSense. It will ultimately save you a lot of time and money from a power usage perspective. Scott ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi Scott, Hi@ List, LAMO - SCNR :8~) The Question was: ...is it possible not: ... makes that sense ... ... is that a good idea ... Yes i agree with that, totally. I think it makes not much sense to dig out the old Ultra10 HW and try to build and put pfSense on it. Just if he likes to get pfSense running on his V100, i think we should at least pointout that way. ( even if that way looks masochistic :8~) ) Of course (cross) building an entire operating system and some specially designed software needs to have an experienced person in font of the console. Just saying. :8~) @Hugo: is your time that worth? what do you gain by thus? how many money can you make in the same amount of time? how many money (time) do you loose if you go the scetched way? right question. yep. i think too. so only for completeness or the real hard bones :8~). i can spend a complete Ultra10, i think 400MHZ and 256/512MB Memory and still the original sawgate harddisk running on FreeBSD, i guess 7 or so no Keyboard/monitor/mice.the receiver has to pay the transport/shipping. :-) ( is it worth so much? lol ) i can put another 10 Gig IBM DNAS SCSI-Drive into it/on top NO WARRANTIES - LMAO greetings m. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list @Michael: Your logical thinking makes sense, when one thinks in terms of money, it for sure will not pay off. On the otherhand, i would like to acquire some experience with this stuff. Making expenses right now does not fit in my budget. If i
Re: [pfSense] pfsense on sun v100 server [-closed-]
2012/5/13 Hugo Heykers hugo.heyk...@telenet.be Op 12-05-12 20:19, Michael Schuh schreef: 2012/5/12 Hugo Heykers hugo.heyk...@telenet.be Op 11-05-12 19:37, Michael Schuh schreef: 2012/5/11 Scott Ullrich sullr...@gmail.com On Thu, May 10, 2012 at 9:16 PM, Michael Schuh michael.sc...@gmail.com wrote: Hi@list i am not sure if somebody else mentioned that before: ...may be a different approach to get pfsense running on UltraSparc: get the developer version/sources, put it on a FreeBSD 8.x ( iirc 8.2) and try to cross-compile the entire architectire to UltraSparc. At the best point you have a Ulstrasparc running with FreeBSD, where you can put the sources on it, so no need to cross-compile. The SunFire V100 Hardware is fully supported according to the HW-Notes of FreeBSD8.2. I am just not really sure what packages/functionality isn't supported on Ultrasparc in compare to i386/amd64. So that would be my first try, i think thats the easiest way While I applaud everyone for trying to go this route I have some experiences I would like to share. Building pfSense and all of it's dependencies on a slower speed box will take a long time. For example when I was working on the MIPS port that we never where able to complete came down to time. Building ports and the base system on a 150 mhz box is SOW! You will kick off a build and come back 10 hours later to see silly platform specific C bugs that you will have to tackle in many cases. It's not necessarily FreeBSD's fault but our 'additional patches' that we maintain to keep pfSense as awesome as it is now. I really don't want to discourage anyone from helping us port to different platforms but I wanted to try and convey how much time is involved in such a endeavor. Just make sure you know what you are getting into. Will be happy to answer any questions if you are serious about this platform but if I where in your shoes I would install OpenBSD 5.1 on the 100 and use it and consider getting an alix or soekris down the road to run pfSense. It will ultimately save you a lot of time and money from a power usage perspective. Scott ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list Hi Scott, Hi@ List, LAMO - SCNR :8~) The Question was: ...is it possible not: ... makes that sense ... ... is that a good idea ... Yes i agree with that, totally. I think it makes not much sense to dig out the old Ultra10 HW and try to build and put pfSense on it. Just if he likes to get pfSense running on his V100, i think we should at least pointout that way. ( even if that way looks masochistic :8~) ) Of course (cross) building an entire operating system and some specially designed software needs to have an experienced person in font of the console. Just saying. :8~) @Hugo: is your time that worth? what do you gain by thus? how many money can you make in the same amount of time? how many money (time) do you loose if you go the scetched way? right question. yep. i think too. so only for completeness or the real hard bones :8~). i can spend a complete Ultra10, i think 400MHZ and 256/512MB Memory and still the original sawgate harddisk running on FreeBSD, i guess 7 or so no Keyboard/monitor/mice.the receiver has to pay the transport/shipping. :-) ( is it worth so much? lol ) i can put another 10 Gig IBM DNAS SCSI-Drive into it/on top NO WARRANTIES - LMAO greetings m. -- = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Michael Schuh Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 mobil: 0175/5616453 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = = ___ List mailing listList@lists.pfsense.orghttp://lists.pfsense.org/mailman/listinfo/list @Michael: Your logical thinking makes sense, when one thinks in terms of money, it for sure will not pay off. On the otherhand, i would like to acquire some experience with this stuff. Making expenses right now does not fit in my budget. If i read how most of you on this site are acquinted with IT-items like this, then i feel VERY small compared to you. Why i wanna do this... I attend -through evening school- IT-course, my fourth year (i am 51yrs), and next year hopefully will complete the whole course. Next year -the last module- i have to make a project, for which i choose to make a 'complete' homenetwork, with our own domain internal and external, home automation(which i would like to program on my own included the hardware), but most of all importance is a good safetiness and security. That is the main reason for why i wanna try it in this way. Thx to all who already and still will (hopefully) respond to my question =that is were i get my