Re: [pfSense] Interface yoyo
On 4/20/2014 4:13 PM, Volker Kuhlmann wrote: On Sun 20 Apr 2014 19:46:41 NZST +1200, Bryan D. wrote: I reported this issue with the HME's a while ago (it's nasty!): bug #3481 -- https://redmine.pfsense.org/issues/3481 Executive summary: replace the NIC with a different model. Too bad, they used to work very well and virtually never die. Confirm on (almost) all counts. I moved the printer to an rl driver port and the problem disappeared. top reports 350MB free memory. The same problem exists with the wifi AP connected to an hme driver port. Turning the AP off then on kills pfsense. I'll update the report. The number of spawned php processes that kill the system however look like a pfsense problem to me and the php code should prevent itself from meltdown. Or does freebsd really require php for handling interface hotplug events? As in, a basic minimal freebsd system does not work without php installed? Thanks for the hint Bryan. Volker When moving to 2.1.2 on a system with realtek (re* drivers), I ran into problems with 10/100/1000 auto-negotiation. My setup is unusual , in that I have a gigabit fiber media converter, in the path. The symptom was you could watch the ethernet PHY switch from various modes (master/slave/full-duplex/half/etc). (Repeatedly calling ifconfig.) When I put an ethernet switch at each end, the problem goes away. As far as I know, there isn't really a case defined in 802.3u (Clause 28) to handle auto-negotiation through a media converter. (Media Converters "lie" to the other end, in order to pass link status notification through). I'd put a cheap un-managed switch in and see if it goes away. The Intel quad port GB nics work quite well with pfSense. They are more expensive than other random hardware, but... The changes from 2.0.x to 2.1 were a lot more than the changes from 2.1 to 2.1.1(2.1.2) Putting the unmanaged (gigabit) switch in would give a good clue as to the negotiation issues. If it fixes it, is probably related to the PHY handling. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
The GS108T-200 is the one with a web-based config tool Worth adding that you can pick up the HP 1700-8 for less than £60 these days, now that it's been superceded by the 1810-x series switches. Fairly intuitive web interface and talks SNMP too. Admittedly not gigabit, but as a multi-WAN VLAN switch, it's ideal. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
On Mon 21 Apr 2014 10:51:13 NZST +1200, Stefan Baur wrote: Thanks muchly for the tip, Stefan! There is no 'doze in the house and on no account will I add a Billy-dependency to my infrastructure. Any manufacturer too stupid to make their stuff controllable by open source software can sell elsewhere. Period. > The GS108T-200 is the one with a web-based config tool http://www.netgear.com/business/products/switches/smart/GS108Tv2.aspx#tab-techspecs ? (Not easy to find on their website - searching only finds their useless software.) Max 12W power consumption looks good. Not ideal though, because VLANs are more complex and error prone, American propriatory network equipment doesn't seem like a good choice any more, and that model appears to be no longer for sale where I live. I'll keep it in mind though - thanks. Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface yoyo
On Mon 21 Apr 2014 09:54:49 NZST +1200, Jim Pingle wrote: > http://files.pfsense.org/jimp/patches/openvpn-tapbridgefix-2.1.x.diff This has no effect on the hme problem unfortunately. I rebooted and re-tested, but unplugging the cable to the wifi AP from the pfsense box and re-plugging it still gives a run-away system. Some logs below. The system-patches package is nifty btw. Thanks for the hint. The system was a fresh install for 2.0, but versions since, and 2.1, 2.1.2, have been upgrades. Volker Unplug: 2014-04-21T10:47:55.877376+12:00 pfsense check_reload_status: Linkup starting hme2 2014-04-21T10:47:55.877376+12:00 pfsense kernel: hme2: link state changed to DOWN 2014-04-21T10:47:59.011953+12:00 pfsense php: rc.linkup: Hotplug event detected for WIFI(opt2) but ignoring since interface is configured with static IP (10.x.x.y ) Plug in: 2014-04-21T10:48:37.120596+12:00 pfsense check_reload_status: Linkup starting hme2 2014-04-21T10:48:37.120596+12:00 pfsense kernel: hme2: link state changed to UP 2014-04-21T10:48:37.798270+12:00 pfsense dhcpd: DHCPDISCOVER from 00:15:77:xx:xx:xx via hme2 2014-04-21T10:48:37.798270+12:00 pfsense dhcpd: DHCPOFFER on 10.x.x.x to 00:15:77:xx:xx:xx via hme2 2014-04-21T10:48:37.820197+12:00 pfsense dhcpd: DHCPDISCOVER from 00:15:77:xx:xx:xx via hme2 2014-04-21T10:48:37.821244+12:00 pfsense dhcpd: DHCPOFFER on 10.x.x.x to 00:15:77:xx:xx:xx via hme2 2014-04-21T10:48:37.853883+12:00 pfsense dhcpd: DHCPREQUEST for 10.x.x.x (10.x.x.y) from 00:15:77:xx:xx:xx via hme2 2014-04-21T10:48:37.853883+12:00 pfsense dhcpd: DHCPACK on 10.x.x.x to 00:15:77:xx:xx:xx via hme2 2014-04-21T10:48:40.182810+12:00 pfsense pf: 00:00:03.957137 rule 250/0(match): pass in on hme2: (tos 0x0, ttl 64, id 5375, offset 0, flags [DF], proto UDP (17), length 76) 2014-04-21T10:48:40.182810+12:00 pfsense pf: 10.x.x.x.32768 > 10.3.5.38.123: NTPv3, length 48 2014-04-21T10:48:40.184932+12:00 pfsense pf:Client, Leap indicator: (0), Stratum 0, poll 4s, precision -6 2014-04-21T10:48:40.184932+12:00 pfsense pf:Root Delay: 1.00, Root dispersion: 1.00, Reference-ID: (unspec) 2014-04-21T10:48:40.184932+12:00 pfsense pf: Reference Timestamp: 0.0 2014-04-21T10:48:40.184932+12:00 pfsense pf: Originator Timestamp: 0.0 2014-04-21T10:48:40.184932+12:00 pfsense pf: Receive Timestamp: 0.0 2014-04-21T10:48:40.184932+12:00 pfsense pf: Transmit Timestamp: 3439808167.364533999 (2009/01/02 03:16:07) 2014-04-21T10:48:40.184932+12:00 pfsense pf:Originator - Receive Timestamp: 0.0 2014-04-21T10:48:40.184932+12:00 pfsense pf:Originator - Transmit Timestamp: 3439808167.364533999 (2009/01/02 03:16:07) 2014-04-21T10:48:40.251151+12:00 pfsense php: rc.linkup: Hotplug event detected for WIFI(opt2) but ignoring since interface is configured with static IP (10.x.x.y ) 2014-04-21T10:48:40.308064+12:00 pfsense check_reload_status: Linkup starting hme2 2014-04-21T10:48:40.308064+12:00 pfsense kernel: hme2: link state changed to DOWN 2014-04-21T10:48:40.357524+12:00 pfsense check_reload_status: rc.newwanip starting hme2 2014-04-21T10:48:42.381450+12:00 pfsense kernel: hme2: link state changed to UP 2014-04-21T10:48:42.383939+12:00 pfsense check_reload_status: Linkup starting hme2 2014-04-21T10:48:43.954945+12:00 pfsense php: rc.linkup: Hotplug event detected for WIFI(opt2) but ignoring since interface is configured with static IP (10.x.x.y ) 2014-04-21T10:48:44.022668+12:00 pfsense check_reload_status: Linkup starting hme2 2014-04-21T10:48:44.022668+12:00 pfsense kernel: hme2: link state changed to DOWN 2014-04-21T10:48:44.306756+12:00 pfsense php: rc.newwanip: rc.newwanip: Informational is starting hme2. 2014-04-21T10:48:44.315828+12:00 pfsense php: rc.newwanip: rc.newwanip: on (IP address: 10.x.x.y) (interface: WIFI[opt2]) (real interface: hme2). 2014-04-21T10:48:44.357390+12:00 pfsense check_reload_status: Reloading filter 2014-04-21T10:48:45.612953+12:00 pfsense php: rc.linkup: Hotplug event detected for WIFI(opt2) but ignoring since interface is configured with static IP (10.x.x.y ) 2014-04-21T10:48:45.711518+12:00 pfsense check_reload_status: rc.newwanip starting hme2 2014-04-21T10:48:47.585526+12:00 pfsense php: rc.linkup: Hotplug event detected for WIFI(opt2) but ignoring since interface is configured with static IP (10.x.x.y ) 2014-04-21T10:48:49.731462+12:00 pfsense php: rc.newwanip: rc.newwanip: Informational is starting hme2. 2014-04-21T10:48:49.757346+12:00 pfsense check_reload_status: Linkup starting hme2 2014-04-21T10:48:49.758399+12:00 pfsense kernel: hme2: link state changed to UP 2014-04-21T10:48:49.782468+12:00 pfsense php: rc.newwanip: rc.newwanip: on (IP address: 10.x.x.y) (interface: WIFI[opt2]) (real interface: hme2). 2014-04-21T10:48:49.821343+12:00 pfsense check_reload_status: Reloading filter 2014-04-21T10:48:51.420720+12:00 pfsense dhcpd: DHCPDISCOVER from 00:15:77:xx:xx:xx via hm
Re: [pfSense] Interface options for pfsense
Am 21.04.2014 00:40, schrieb Stefan Baur: > I heard the 8-port model GS108E is actually easier to configure (Web GUI > instead of Adobe-Air-based proprietary tool), but I can't claim personal > experience with that, so don't take my word for it, but ask someone who > actually configured it. Errata: The GS108T-200 is the one with a web-based config tool, while the GS108E shares the Adobe-Air-based proprietary tool with its little brother, the GS105E. The GS108T-200 sells below 70 EUR, the GS108E for about 33 EUR, the GS105E, as previously mentioned, for below 30 EUR, all prices including VAT. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface options for pfsense
Am 21.04.2014 00:32, schrieb Volker Kuhlmann: > The frequently recommended option of using VLANs may look good for > larger commercial networks, but just buying a VLAN capable switch costs > more than a suitable pfsense box and brings the power budget of the > combination to the same level as a scrapped PC - with the latter winning > hands down on cost. Um, no. While they're a PITA to configure (you need a Windows PC with Adobe Air), Netgear's GS105E are dirt cheap, fanless, 5-Port-1-Gig-VLAN-capable switches. Sales price here in Germany is below 30 EUR including VAT. I heard the 8-port model GS108E is actually easier to configure (Web GUI instead of Adobe-Air-based proprietary tool), but I can't claim personal experience with that, so don't take my word for it, but ask someone who actually configured it. -Stefan ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface yoyo
On Mon 21 Apr 2014 09:54:49 NZST +1200, Jim Pingle wrote: > Apply this patch with the system patches package, see if it's maybe > hitting a bug similar to what was happening with OpenVPN (rc.newwanip > was being fired from rc.linkup repeatedly... something made it fall into > a loop) Thanks Jim! Doing now. rc.newwanip is featuring heavily in syslog with the problematic interfaces. Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Interface options for pfsense
I've been running pfsense for many years (and been very happy with it) on scrapped PCs with a Sun 4-port Ethernet PCI card because I need 5 Ethernet ports. Now freebsd dieing on the hme driver effectively turns those cards into scrap and I'm stuck. What are alternatives now? Are there any other 4-port cards that are supported by pfsense in practice (not just in theory), that are also affordable? The power consumption (and box volume) of scrapped PCs is not optimal, and I've been looking at moving to a small single-board. Soekris was always underpowered and overpriced IMHO, and PCEngines underpowered, until they released the exciting APU series recently. They all only have 3 Ethernet ports though, which is the stopper here. What mPCIe Ethernet cards are supported by pfsense that people can recommend? Are there any USB Ethernet adapters that actually work with pfsense? Reliably? I am looking for reports from those who have tried, not the freebsd supported HW list - that list is too long and not really trustworthy (I have a USB wifi adapter which runs for 10min then makes pfsense kernel panic). The frequently recommended option of using VLANs may look good for larger commercial networks, but just buying a VLAN capable switch costs more than a suitable pfsense box and brings the power budget of the combination to the same level as a scrapped PC - with the latter winning hands down on cost. TIA for any suggestions, Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface yoyo
On 4/20/2014 5:13 PM, Volker Kuhlmann wrote: > On Sun 20 Apr 2014 19:46:41 NZST +1200, Bryan D. wrote: >> I reported this issue with the HME's a while ago (it's nasty!): >> bug #3481 -- https://redmine.pfsense.org/issues/3481 >> >> Executive summary: replace the NIC with a different model. Too bad, >> they used to work very well and virtually never die. > > Confirm on (almost) all counts. > I moved the printer to an rl driver port and the problem disappeared. > top reports 350MB free memory. > The same problem exists with the wifi AP connected to an hme driver > port. Turning the AP off then on kills pfsense. > I'll update the report. > > The number of spawned php processes that kill the system however look > like a pfsense problem to me and the php code should prevent itself from > meltdown. Or does freebsd really require php for handling interface > hotplug events? As in, a basic minimal freebsd system does not work > without php installed? Apply this patch with the system patches package, see if it's maybe hitting a bug similar to what was happening with OpenVPN (rc.newwanip was being fired from rc.linkup repeatedly... something made it fall into a loop) http://files.pfsense.org/jimp/patches/openvpn-tapbridgefix-2.1.x.diff That code is already in the tree but it happened after 2.1.2. Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface yoyo
On Sun 20 Apr 2014 19:46:41 NZST +1200, Bryan D. wrote: > I reported this issue with the HME's a while ago (it's nasty!): > bug #3481 -- https://redmine.pfsense.org/issues/3481 > > Executive summary: replace the NIC with a different model. Too bad, > they used to work very well and virtually never die. Confirm on (almost) all counts. I moved the printer to an rl driver port and the problem disappeared. top reports 350MB free memory. The same problem exists with the wifi AP connected to an hme driver port. Turning the AP off then on kills pfsense. I'll update the report. The number of spawned php processes that kill the system however look like a pfsense problem to me and the php code should prevent itself from meltdown. Or does freebsd really require php for handling interface hotplug events? As in, a basic minimal freebsd system does not work without php installed? Thanks for the hint Bryan. Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Interface yoyo
On 2014-Apr-20, at 12:33 AM, Volker Kuhlmann wrote: > Ever since upgrading to pfsense 2.1 I have been let down by it. It looks > like there are multiple issues and I am trying to separate them. One is > system suicide by memory gobbling - but it's been a little tricky to > find out why exactly. > > > > Sun 4-port Ethernet NIC > hme0: mem 0x4600-0x46007fff irq 21 at device > 0.1 on pci3 > miibus2: on hme0 > ukphy0: PHY 1 on miibus2 > ukphy0: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto > hme0: [ITHREAD] > [and 3 more of these] > > > > How can I get this pfsense box back into the same reliable and > dependable system it used to be before 2.1? > > Any suggestions appreciated. Happy to provide more info too - but where > do I start looking? > > Thanks muchly, > > Volker > > -- > Volker Kuhlmann > http://volker.top.geek.nz/Please do not CC list postings to me. > ___ I reported this issue with the HME's a while ago (it's nasty!): bug #3481 -- https://redmine.pfsense.org/issues/3481 Executive summary: replace the NIC with a different model. Too bad, they used to work very well and virtually never die. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Interface yoyo
Ever since upgrading to pfsense 2.1 I have been let down by it. It looks like there are multiple issues and I am trying to separate them. One is system suicide by memory gobbling - but it's been a little tricky to find out why exactly. It's a system with 512MB RAM, 768M swap. Mobo Ethernet, Intel system, some old P-III job. inphy0: PHY 1 on miibus1 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow Realtek NIC (unused) rlphy0: PHY 0 on miibus0 rlphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto Sun 4-port Ethernet NIC hme0: mem 0x4600-0x46007fff irq 21 at device 0.1 on pci3 miibus2: on hme0 ukphy0: PHY 1 on miibus2 ukphy0: none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto hme0: [ITHREAD] [and 3 more of these] Because of physical location a Brother HL5350DN printer is plugged into one of the hmeN ports directly. (Using a crossover cable makes no difference.) What happens next is the printer's hme interface goes up and down every few seconds. There are continuous hotplug events too. A gazillion php processes are spawned. Swap space is used. The system can't respond fast enough any more and other interfaces go down/up as well. Swap space runs out. Php etc get killed. A killall php on the pfsense system gives temporary reprieve. Essentially, if someone turns the printer on pfsense dies. Everything was running fine on the same hardware with 2.0 and I don't think swap space was ever used. I have squid and squidguard running on it too, but turning those off only changes how fast pfsense dies. The ntop package was installed and running as well, but top -osize told me it was using 200M RAM on start so it got uninstalled. Perhaps freebsd changed, and the php code can't handle it and goes into run-away memory consumption. How can I get this pfsense box back into the same reliable and dependable system it used to be before 2.1? Any suggestions appreciated. Happy to provide more info too - but where do I start looking? Thanks muchly, Volker -- Volker Kuhlmann http://volker.top.geek.nz/ Please do not CC list postings to me. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
