Re: [pfSense] Network freezes on IBM x3550, Broadcom NICs
You're largely correct, pfSense has - sometimes - issues with Broadcom NICs. If you search the mailing list archives and the bug tracker you'll see a number of reports/complaints. Many of these issues have been fixed since the 1.x era, but there are still occasional compatibility issues. The NIC troubleshooting steps often resolve the issue (at least well enough for daily use), but not always. IIRC, there are a couple modern Dell PowerEdge servers (R700, maybe?) that essentially can't be used with pfSense's NIC drivers at all. It's possible your IBM is going to be another problematic platform until the project releases a FreeBSD-9-based version. I've only ever heard of these problems affecting LOMs (onboard ports) but that could be coincidence... I know I've done two similar Dell servers where one works great and the other now has a dual-port Intel NIC card in it, as that works much more reliably. Good luck, -Adam ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Network freezes on IBM x3550, Broadcom NICs
Hi, From: Adam Thompson athom...@athompso.net You're largely correct, pfSense has - sometimes - issues with Broadcom NICs. If you search the mailing list archives and the bug tracker you'll see a number of reports/complaints. Many of these issues have been fixed since the 1.x era, but there are still occasional compatibility issues. The NIC troubleshooting steps often resolve the issue (at least well enough for daily use), but not always. IIRC, there are a couple modern Dell PowerEdge servers (R700, maybe?) that essentially can't be used with pfSense's NIC drivers at all. It's possible your IBM is going to be another problematic platform until the project releases a FreeBSD-9-based version. I can confirm that brand new Dell R610 won't work with stable release because of missing driver for the RAID controller. Devel snapshots of 2.1 work wrt disk controller, but requires some tweaks to /boot/loader.conf.local to fix network issues with Broadcom NIC's, as well as 4 ports Intel NICs... Once you've put the fixes in, network seems to work fine and the machine doesn't behave erratically. Although we're still doing tests and we complexify our setup each day : 15 vlans and 2 unrelated wan links (two sets of clients) all with carp failover, squid and so on, we're confident it now works as expected with this hardware. hth -- Jerome Alet ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Block Tor Exit Nodes
Hi, Is there a package that would allow me to block Tor exit nodes? Thanks -- Regards, Giles Coochey, CCNA, CCNAS NetSecSpec Ltd +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net smime.p7s Description: S/MIME Cryptographic Signature ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Odd CARP Question
- Original Message - I guess you could tcp dump on the sync interface. Or set the advertise frequency to something really high. If it switches to slave there is somewhere a higher priorised slave which became master. However a lot people are running CARP VIP's simply to get a virtual IP. As the note at the bottom of the page says: Proxy ARP and Other type Virtual IPs cannot be bound to by anything running on the firewall, such as IPsec, OpenVPN, etc. Use a CARP or IP Alias type address for these cases. Before IP Aliases where available only CARP allowed services on the pfSense itself to bind to the virtual IP. If these installs are upgraded from 1.x.x it's quite possible this is why. Ah yes, that makes sense. Thank you for the insight! --Tim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] supermicro SOL console
On Fri, Jun 22, 2012 at 12:17 PM, Jim Pingle li...@pingle.org wrote: Use /boot/loader.conf.local - that won't get overwritten. The other two will. Based on this, my revised configuration is to create /boot/loader.conf.local: hint.uart.2.at=isa hint.uart.2.port=0x3E8 hint.uart.2.flags=0x10 hint.uart.0.flags=0x00 boot_multicons=YES boot_serial=YES comconsole_speed=115200 console=comconsole,vidconsole and not have a boot.config file at all. The /etc/ttys file still needs modification. I will see about figuring out how to make the GUI do this... the /etc/ttys file on embedded is different than that on full install. How should one go about altering that file? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Network freezes on IBM x3550, Broadcom NICs
On Thu, Jun 28, 2012 at 9:07 PM, Paul Gear p...@gear.dyndns.org wrote: Server hardware: IBM x3550, Xeon E5405 2 GHz, 2 GB RAM, 2 x 300 GB 10K RPM SAS HD in hardware RAID 1, 2 x Broadcom NetXtreme II BCM5708 1000Base-T (B2) About two weeks ago I had to put into production a temporary hacked together server as my primary firewall. I used a spare Dell PE1750 (32-bit Xeon processor) which had two broadcom gig-e on-board, and added in a cheap-o 100baseTX card to use as the WAN port. This solution worked really well until such time that the WAN was saturated at about 98Mbps. At that time, one of the broadcom NICs would lock up and get reset on a watchdog timeout. This conveniently caused failover to the other pfSense box sync'd with it (which unfortunately could not handle the load). pfSense never auto-switched back -- I had to manually re-run one of the rc scripts to reset everything. After that, I splurged on an Intel gig-e NIC for the WAN, and everything was stable again. No more watchdogs on the bge NIC. Both of these have since been replaced with a pair of Silicon Mechanics R101 boxes with low-power-consumption Xeon CPUs. These have been working very nicely to push upwards of 170Mbps for sustained periods of a few hours at a time. CPU load 8%, and sucking down very little power at the same time. They have 4x Intel NICs in them. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] supermicro SOL console
One thing... SuperMicro IPMI BMCs should redirect COM1 if the internal connections are cabled properly... in which case the standard Embedded distro would work properly. Otherwise, what you're doing is identical to running an embedded system with 3 ordinary COM ports, and having the console on COM3. Sorry, I don't have any useful advice about /etc/ttys. -Adam Vick Khera vi...@khera.org wrote: On Fri, Jun 22, 2012 at 12:17 PM, Jim Pingle li...@pingle.org wrote: Use /boot/loader.conf.local - that won't get overwritten. The other two will. Based on this, my revised configuration is to create /boot/loader.conf.local: hint.uart.2.at=isa hint.uart.2.port=0x3E8 hint.uart.2.flags=0x10 hint.uart.0.flags=0x00 boot_multicons=YES boot_serial=YES comconsole_speed=115200 console=comconsole,vidconsole and not have a boot.config file at all. The /etc/ttys file still needs modification. I will see about figuring out how to make the GUI do this... the /etc/ttys file on embedded is different than that on full install. How should one go about altering that file? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
