Re: [pfSense] Possible bug in gateway monitoring in 2.1 snapshot (Sat Jun 16 08:16:08 EDT 2012)
Good evening, Seth Mos seth@dds.nl wrote: Op 22 jun 2012, om 04:30 heeft Moshe Katz het volgende geschreven: On Wed, Jun 20, 2012 at 4:50 PM, Jerome Alet jerome.a...@univ-nc.nc wrote: When you add an alternative IP address to monitor, a static route is added between the gateway address and the address to monitor. But when you delete this alternative IP address, click on save and then on apply changes, the static route is not removed as can be seen with netstat -nr. This is a clear bug, it's supposed to delete the route to that host. Is this a v4 or v6 monitor ip, I could see the delete command failing for ipv6 here. It was IPv4. BTW the route get command fails with an error about the routing socket IIRC, that's why I used netstat -nr, not sure if this is related or not. bye Jerome Alet___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] pfSense Setup - Slow GUI DNS?
Hello all. New to pfSense, loving the concept straight-off-the-bat! I'm in the process of setting up the installation per our environment, and seem to be hitting this seemingly consistent issue - a slow web GUI due to lack of DNS queries being answered. The machine is still in setup mode, so it's not connected to the Internet. However, it seems that a quick web GUI loves DNS (confirmed via pfSense state table), which, obviously, isn't up yet. This seems to be a recurring theme when I Google this issue. SSH'ing into the box has the same effect, even though UseDNS no is configured for the daemon, i.e., it takes so long for the password prompt to present, and on the off- chance that it does, using the system is no good either as every commands seems like the box has hang. The fix is to reboot the box, but I'll only have a 3 - 5 minute window within which to do anything useful, and then it's back to being slow due to lack of DNS. Anybody know what's really going on here? System is pfSense-2.0.1-RELEASE for amd/64, running on HP Proliant DL380 G6 servers, with 2x quad-core 2.4GHz Intel Xeon processors, packed with 48GB of DRAM. So it's certainly not a resource issue. Appreciate any feedback. Thanks. Mark. signature.asc Description: This is a digitally signed message part. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Setup - Slow GUI DNS?
On Fri, Jun 22, 2012 at 2:02 PM, Mark Tinka mark.ti...@seacom.mu wrote: Hello all. New to pfSense, loving the concept straight-off-the-bat! I'm in the process of setting up the installation per our environment, and seem to be hitting this seemingly consistent issue - a slow web GUI due to lack of DNS queries being answered. The machine is still in setup mode, so it's not connected to the Internet. However, it seems that a quick web GUI loves DNS (confirmed via pfSense state table), which, obviously, isn't up yet. This seems to be a recurring theme when I Google this issue. SSH'ing into the box has the same effect, even though UseDNS no is configured for the daemon, i.e., it takes so long for the password prompt to present, and on the off- chance that it does, using the system is no good either as every commands seems like the box has hang. The fix is to reboot the box, but I'll only have a 3 - 5 minute window within which to do anything useful, and then it's back to being slow due to lack of DNS. Anybody know what's really going on here? System is pfSense-2.0.1-RELEASE for amd/64, running on HP Proliant DL380 G6 servers, with 2x quad-core 2.4GHz Intel Xeon processors, packed with 48GB of DRAM. So it's certainly not a resource issue. Appreciate any feedback. Thanks. Hi Mark, A shot in the wild, but how about if you added the connecting host to /etc/hosts (manually)? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Setup - Slow GUI DNS?
On Friday, June 22, 2012 01:20:21 PM Odhiambo Washington wrote: Hi Mark, Hello Wash, long time no see :-). A shot in the wild, but how about if you added the connecting host to /etc/hosts (manually)? First thing I tried, no dice :-(. Mark. signature.asc Description: This is a digitally signed message part. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Setup - Slow GUI DNS?
On Fri, Jun 22, 2012 at 7:02 AM, Mark Tinka mark.ti...@seacom.mu wrote: Hello all. New to pfSense, loving the concept straight-off-the-bat! I'm in the process of setting up the installation per our environment, and seem to be hitting this seemingly consistent issue - a slow web GUI due to lack of DNS queries being answered. Known issue that's fixed in the next release. For now - fix your DNS. :) Or it *may* be safe to gitsync to RELENG_2_0, not 100% sure offhand whether that requires binary changes you won't get and hence will break things, so don't do it on anything you're not ready to blow up. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Setup - Slow GUI DNS?
On Fri, Jun 22, 2012 at 2:31 PM, Mark Tinka mark.ti...@seacom.mu wrote: On Friday, June 22, 2012 01:20:21 PM Odhiambo Washington wrote: Hi Mark, Hello Wash, long time no see :-). Hi Mark, It was nice seeing you online again :-) You moved to MU?? A shot in the wild, but how about if you added the connecting host to /etc/hosts (manually)? First thing I tried, no dice :-(. If that did not help, then I am stuck too. I've always did my setups with Internet connectivity. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Setup - Slow GUI DNS?
On Friday, June 22, 2012 01:36:14 PM Chris Buechler wrote: Known issue that's fixed in the next release. Many thanks for the confirmation, Chris. Much appreciated. For now - fix your DNS. DNS isn't the issue - the link isn't in yet, so I'm just covering ground as it's expected. I'm guessing many shops would be in this kind of situation, but as the fix is in the next release, that's great! :) Or it *may* be safe to gitsync to RELENG_2_0, not 100% :sure offhand whether that requires binary changes you won't get and hence will break things, so don't do it on anything you're not ready to blow up. I'll keep excitement low for now, but many thanks for the suggestion :-). Cheers, Mark. signature.asc Description: This is a digitally signed message part. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Setup - Slow GUI DNS?
On Friday, June 22, 2012 05:22:33 PM Vick Khera wrote: I just set up two boxes two days ago to replace an under-powered cluster. I did not notice this at all. The only delay I had was on boot when trying to start openntpd after restoring the configs from the production boxes. The only ethernet connected was a cross-over cable to a laptop for the LAN. The web GUI was fast the whole time I played with it. I did not attempt to SSH. The first time I installed mine, it gave me no issues after the initial reboot. Ever since then, it's touch go. It can be fast for 30 minutes, and then slow the next. After a reboot, it will be fast for 5 minutes, and then slow the next. At any rate, as Chris has confirmed it's a known issue, we'll certainly be looking forward to the fix in a coming release. Mark. signature.asc Description: This is a digitally signed message part. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Setup - Slow GUI DNS?
On Fri, Jun 22, 2012 at 11:22 AM, Vick Khera vi...@khera.org wrote: On Fri, Jun 22, 2012 at 7:02 AM, Mark Tinka mark.ti...@seacom.mu wrote: The machine is still in setup mode, so it's not connected to the Internet. However, it seems that a quick web GUI loves DNS (confirmed via pfSense state table), which, obviously, isn't up yet. This seems to be a recurring theme when I Google this issue. I just set up two boxes two days ago to replace an under-powered cluster. I did not notice this at all. The only delay I had was on boot when trying to start openntpd after restoring the configs from the production boxes. The only ethernet connected was a cross-over cable to a laptop for the LAN. The web GUI was fast the whole time I played with it. Depends on what pages you hit. We found some of them kick off NTP in the background which sits there a while trying to find DNS and locks other things in the process. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] failover sync question
On Wed, Jun 13, 2012 at 6:19 PM, Chris Buechler c...@pfsense.org wrote: You have to enable synchronize states on the secondary too or it won't accept them. FirewallVIPs, CARP settings tab. Thanks for this tip. I thought perhaps my problem was that I was sharing an interface for this, and the boxes in question were woefully underpowered for my load.. So now I have installed some brand new dual-core Xeon boxes to work as the firewall with failover. I set up a dedicated interface (em3) for the sync and assigned the IP 10.11.12.2 and 10.11.12.3 to these on the two boxes. The config sync works great over this interface. The states are still seemingly not synced. Both systems do have Synchronize state checked, and both have the same interface selected, and all traffic is permitted on those interfaces at the firewall tab. Yet the backup system is showing state table size of 11 entries while the primary has at this moment over 27k states. Any more ideas on where to look? ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] supermicro SOL console
So I just figured this nifty trick out. I provisioned a pair of servers based on supermicro X9SC motherboard, which has a built-in ILOM processor, and that provides a serial-over-lan serial port in addition to other administrative features. It was exceptionally easy to convince pfsense to use that port as its console and to provide the menu on it. There are exactly three changes necessary after installing full pfsense. 1) edit /boot/loader.conf to add these lines: hint.uart.2.at=isa hint.uart.2.port=0x3E8 hint.uart.2.flags=0x10 hint.uart.0.flags=0x00 This will enable serial port 2 as console, and disable serial port 0 as console. The FreeBSD handbook says that changing the serial port requires rebuild from source, but it doesn't seem to be true. 2) edit /etc/ttys: Change the line for ttyu2 to be: ttyu2 /usr/libexec/getty bootupcli cons25 on secure Basically, set the console type cons25, turn it on and change the parameter to getty to be bootupcli. 3) create /boot.config with these contents: -Dh -S115200 Reboot. Ensure that the BIOS has the console redirect to the SOL enabled. You should now see the full bios, boot block, and kernel boot to the SOL, and finally the pfsense menu too. Question: which of these files will be smashed on pfsense upgrade? I already discovered that /boot.config gets overwritten when I upload a saved config from an embedded pfsense installation. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] supermicro SOL console
On 6/22/2012 12:05 PM, Vick Khera wrote: 1) edit /boot/loader.conf to add these lines: 2) edit /etc/ttys: 3) create /boot.config with these contents: -Dh -S115200 Question: which of these files will be smashed on pfsense upgrade? I already discovered that /boot.config gets overwritten when I upload a saved config from an embedded pfsense installation. Use /boot/loader.conf.local - that won't get overwritten. The other two will. However you could hack up (or enhance, and provide patches ;-) the serial console setup functions we already have that alter those files. Look in the GUI at System Advanced (/usr/local/www/system_advanced_admin.php) and the backend code in setup_serial_port() inside /etc/inc/pfsense-utils.inc Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
