Re: [pfSense Support] beep on ready suggestion

[Oscar Forsström]

I agree! That would be a great feature!

Jonathan Woodard wrote:
I don't exactly remember which version i started out with but many 
burned .iso's later we arrive at 0.85 and finally pfsense installed the 
first time without much of a problem. I wish to say congrats to the 
development people and the people in this mailing list as i have poured 
over the lists trying to get things to work. i'm very impressed with how 
things are progressing and the level of support someone can get here.


I wonder if i could make another small suggestion now, i remember using 
various firewall/router distros in the past and most all of them had a 
simple feature of beeping in some fashion to tell the user that the 
machine is up and ready for traffic. i never realized how much i liked 
that until i didn't have it with monowall. i was wondering if something 
like this could be added to pfsense. I think users with a completely 
headless machine would agree that this would be helpful. and I know I 
would appreicate it very much, thank you :-)


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] beep on ready suggestion

[Jonathan Woodard]

I don't exactly remember which version i started out with but many 
burned .iso's later we arrive at 0.85 and finally pfsense installed the 
first time without much of a problem. I wish to say congrats to the 
development people and the people in this mailing list as i have poured 
over the lists trying to get things to work. i'm very impressed with how 
things are progressing and the level of support someone can get here.


I wonder if i could make another small suggestion now, i remember using 
various firewall/router distros in the past and most all of them had a 
simple feature of beeping in some fashion to tell the user that the 
machine is up and ready for traffic. i never realized how much i liked 
that until i didn't have it with monowall. i was wondering if something 
like this could be added to pfsense. I think users with a completely 
headless machine would agree that this would be helpful. and I know I 
would appreicate it very much, thank you :-)


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Questions about Load Balancing

[Bill Marquette]

On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> Hey Moacry, do you notice if it appropriately distributes the load?
>
> I just had a thoughti, if I set the bandwith on the interface to the actual 
> broadband service rate as oppposed to NIC connection speed, would that affect 
> the load balancing?

Nope. Connection based load balancing, not bandwidth based.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Questions about Load Balancing

[Ciro Rasmussen]

Hello, I am going to try Pfsense next week, it sure will be a great product. 
Very nice work! I have been looking for something like this for a LONG time!
You might see what Cyberoam is using, to get some ideas maybe. 
www.cyberoam.com. 
The software, not the CR series. It is based on Linux or a UNIX, but very 
expensive!
It looks great, but have not tried it yet, waiting for pfsense to leave alfa! 
But will try it on 190 machines in my network.Yes, I know it is ALPHA!

Thanks

Ciro

- Original Message - 
From: "Bill Marquette" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, September 29, 2005 10:35 PM
Subject: Re: [pfSense Support] Questions about Load Balancing


Or another suggestion, something that I would do here if my second
connection wasn't 10x faster than the primary is to say send gaming
out one link and send browsing out the other. :)

--Bill

On 9/29/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> Not unique, we just don't have an easy way to implement ratio based
> load balancing at this time.  BTW, it'd be connection based anyway,
> not true bandwidth balancing.  I'd recommend putting some clients on
> one connection, some on the other and manually balance the links using
> rules.
>
> --Bill
>
> On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> > Hi Scott, is there a solution to this?  Am I unique in that I have multiple 
> > WAN connections of different capacities?
> >
> > Anyone have another solution?
> >
> > Thanks
> >
> > 
> >
> > From: Scott Ullrich [mailto:[EMAIL PROTECTED]
> > Sent: Thu 9/29/2005 7:20 PM
> > To: support@pfsense.com
> > Subject: Re: [pfSense Support] Questions about Load Balancing
> >
> >
> >
> > Load balancing uses round robin.
> >
> > Scott
> >
> >
> > On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> > > Greetings, I have a Squid PROXY server that I want to use two DSL
> > > connections that I have with.  However, one of them is a 1 megabit
> > > connection and the other is a 512kbps connections.  Based on what I have
> > > read on the list, I am concerned that the load balancing algorithm will
> > > NOT distribute 2/3 and 1/3 of the combined 1.5mbps for the outgoing
> > > traffic over the two connections respectively.  Am I incorrect in this?
> > > Will it maximize each connection if they are of difference capacities?
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Questions about Load Balancing

[Wesley K. Joyce]

Hey Moacry, do you notice if it appropriately distributes the load?
 
I just had a thoughti, if I set the bandwith on the interface to the actual 
broadband service rate as oppposed to NIC connection speed, would that affect 
the load balancing?



From: Moacyr Leite da Silva [mailto:[EMAIL PROTECTED]
Sent: Thu 9/29/2005 8:55 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Questions about Load Balancing


Hi Wesley,
 
I have one box with 3 WAN using load balancing.
 
WAN ADSL 2MB
WAN1 FR 1MB
WAN2 FR 512K
 
We even dont have this issue now. But we had hard time with ftp-helper, I cant 
connect with any site. 
I have issues with HTTPS and policy routing for outgoing connection forced via 
the WAN (default) interface solved it.
Also I could not have policy routing working for incoming connections using 
WAN1 or WAN2.
 
my current version is 0.85.6
 
Any tip?
 
Thanks,
Moacyr Leite da Silva
 
AKADNYX | Segurança | Infraestrutura | Storage | VoIP
+55 19 3241-5688
+55 19 9730-1712
[EMAIL PROTECTED]
www.akadnyx.com.br

 
 

- Original Message - 
From: Wesley K. Joyce   
To: support@pfsense.com 
Sent: Thursday, September 29, 2005 8:41 PM
Subject: RE: [pfSense Support] Questions about Load Balancing

Hi Scott, is there a solution to this?  Am I unique in that I have 
multiple WAN connections of different capacities?
 
Anyone have another solution?
 
Thanks
 


From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Thu 9/29/2005 7:20 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Questions about Load Balancing



Load balancing uses round robin.

Scott


On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> Greetings, I have a Squid PROXY server that I want to use two DSL
> connections that I have with.  However, one of them is a 1 megabit
> connection and the other is a 512kbps connections.  Based on what I 
have
> read on the list, I am concerned that the load balancing algorithm 
will
> NOT distribute 2/3 and 1/3 of the combined 1.5mbps for the outgoing
> traffic over the two connections respectively.  Am I incorrect in 
this?
> Will it maximize each connection if they are of difference capacities?
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Questions about Load Balancing

[Bill Marquette]

Or another suggestion, something that I would do here if my second
connection wasn't 10x faster than the primary is to say send gaming
out one link and send browsing out the other. :)

--Bill

On 9/29/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> Not unique, we just don't have an easy way to implement ratio based
> load balancing at this time.  BTW, it'd be connection based anyway,
> not true bandwidth balancing.  I'd recommend putting some clients on
> one connection, some on the other and manually balance the links using
> rules.
>
> --Bill
>
> On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> > Hi Scott, is there a solution to this?  Am I unique in that I have multiple 
> > WAN connections of different capacities?
> >
> > Anyone have another solution?
> >
> > Thanks
> >
> > 
> >
> > From: Scott Ullrich [mailto:[EMAIL PROTECTED]
> > Sent: Thu 9/29/2005 7:20 PM
> > To: support@pfsense.com
> > Subject: Re: [pfSense Support] Questions about Load Balancing
> >
> >
> >
> > Load balancing uses round robin.
> >
> > Scott
> >
> >
> > On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> > > Greetings, I have a Squid PROXY server that I want to use two DSL
> > > connections that I have with.  However, one of them is a 1 megabit
> > > connection and the other is a 512kbps connections.  Based on what I have
> > > read on the list, I am concerned that the load balancing algorithm will
> > > NOT distribute 2/3 and 1/3 of the combined 1.5mbps for the outgoing
> > > traffic over the two connections respectively.  Am I incorrect in this?
> > > Will it maximize each connection if they are of difference capacities?
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Questions about Load Balancing

[Bill Marquette]

Not unique, we just don't have an easy way to implement ratio based
load balancing at this time.  BTW, it'd be connection based anyway,
not true bandwidth balancing.  I'd recommend putting some clients on
one connection, some on the other and manually balance the links using
rules.

--Bill

On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> Hi Scott, is there a solution to this?  Am I unique in that I have multiple 
> WAN connections of different capacities?
>
> Anyone have another solution?
>
> Thanks
>
> 
>
> From: Scott Ullrich [mailto:[EMAIL PROTECTED]
> Sent: Thu 9/29/2005 7:20 PM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] Questions about Load Balancing
>
>
>
> Load balancing uses round robin.
>
> Scott
>
>
> On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> > Greetings, I have a Squid PROXY server that I want to use two DSL
> > connections that I have with.  However, one of them is a 1 megabit
> > connection and the other is a 512kbps connections.  Based on what I have
> > read on the list, I am concerned that the load balancing algorithm will
> > NOT distribute 2/3 and 1/3 of the combined 1.5mbps for the outgoing
> > traffic over the two connections respectively.  Am I incorrect in this?
> > Will it maximize each connection if they are of difference capacities?
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Traffic shaping. Parent Queue

[Bill Marquette]

Wrong.  A parent queue denotes a child queue.  Create 4 queues and
assign your rules to the two child queues.  Better yet, use the
ezshaper wizard, it's there so you don't have to try and figure out
how it all works.

--Bill

On 9/29/05, Audun Brekke <[EMAIL PROTECTED]> wrote:
>
>
>
> There seems to be an error in the traffic shaping.
>
> When I set the queues manually it is not possible to set the parent queue.
>
> I can set the queue to be parent in the webui, but the queue don't seem to
> be updated.
>
> I get an error like:
>
>
>
> php: : There were error(s) loading the rules: /tmp/rules.debug:16: queue
> MaxDownload has no parent /tmp/rules.debug:16: errors in queue definition
> /tmp/rules.debug:17: queue MaxUpload has no parent /tmp/rules.debug:17:
> errors in queue definition pfctl: Syntax error in config file: pf rules not
> loaded - The line in question reads [16]: queue MaxDownload bandwidth 4100Kb
> cbq
>
>
>
>
>
> There is no change in the config file if I set or unset the "this is the
> parent queue" in the webui.
>
>
>
> I line like this shoud be added in the config files when the "this is the
> parent queue" is selected
>
>
>
>
>
>
>
> altq on xl0 cbq queue {  MaxDownload }
>
>
>
> -Audum-
>
>
> --
>  No virus found in this outgoing message.
>  Checked by AVG Anti-Virus.
>  Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29.09.2005
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Questions about Load Balancing

[Moacyr Leite da Silva]

Title: Re: [pfSense Support] Questions about Load Balancing



Hi Wesley,
 
I have one box with 3 WAN using load balancing.
 
WAN ADSL 2MB
WAN1 FR 1MB
WAN2 FR 512K
 
We even dont have this issue now. But we had hard time with 
ftp-helper, I cant connect with any site. 
I have issues with HTTPS and policy routing for outgoing 
connection forced via the WAN (default) interface solved it.
Also I could not have policy routing working for incoming 
connections using WAN1 or WAN2.
 
my current version is 0.85.6
 
Any tip?
 
Thanks,
Moacyr Leite da Silva
 
AKADNYX | Segurança | Infraestrutura | Storage | VoIP+55 
19 3241-5688+55 19 9730-1712[EMAIL PROTECTED]www.akadnyx.com.br
 
 

  - Original Message - 
  From: 
  Wesley K. Joyce 

  To: support@pfsense.com 
  Sent: Thursday, September 29, 2005 8:41 
  PM
  Subject: RE: [pfSense Support] Questions 
  about Load Balancing
  
  
  Hi Scott, is there a 
  solution to this?  Am I unique in that I have multiple WAN connections of 
  different capacities?
   
  Anyone have another solution?
   
  Thanks
   
  
  
  
  From: Scott Ullrich 
  [mailto:[EMAIL PROTECTED]Sent: Thu 9/29/2005 7:20 
  PMTo: support@pfsense.comSubject: 
  Re: [pfSense Support] Questions about Load Balancing
  
  Load balancing uses round robin.ScottOn 
  9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:> Greetings, I 
  have a Squid PROXY server that I want to use two DSL> connections that 
  I have with.  However, one of them is a 1 megabit> connection and 
  the other is a 512kbps connections.  Based on what I have> read on 
  the list, I am concerned that the load balancing algorithm will> NOT 
  distribute 2/3 and 1/3 of the combined 1.5mbps for the outgoing> 
  traffic over the two connections respectively.  Am I incorrect in 
  this?> Will it maximize each connection if they are of difference 
  capacities?>> 
  -> 
  To unsubscribe, e-mail: [EMAIL PROTECTED]> For additional 
  commands, e-mail: 
  [EMAIL PROTECTED]>>-To 
  unsubscribe, e-mail: [EMAIL PROTECTED]For additional 
  commands, e-mail: 
[EMAIL PROTECTED]

Re: [pfSense Support] dhcpclient Invalid lease option - ignoring offer

[Jeff Quinonez]

OK, more info... Did a fresh install of 85.6 and I get the same DHCP error. Basically it barfs on a DHCP offer option 15:

Option 15: Domain Name = "domain_not_set.invalid" (from Ethereal sniff)

And in the pfsense system log:

dhclient[3538]: Bogus domain search list 15: domain_not_set.invalid (domain_not_set.invalid)
dhclient[3538]: Invalid lease option - ignoring offer
dhclient[3538]: Invalid lease option - ignoring offer
dhclient[3538]: packet_to_lease failed.
dhclient[3538]: No DHCPOFFERS received.

And if I try to add domain_not_set.invalid to the domain name in pfsense I get:

The following input errors were detected:

    * The domain may only contain the characters a-z, 0-9, '-' and '.'.

This is SBC/Yahoo DSL and XP handles the DHCP offer fine. Earlier versions of pfsense also handled it fine. 
Did the BSD crew rewrite dhcpclient? I did see some grumblings around the Internets. 

On 9/27/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
On 9/27/05, Jeff Quinonez <[EMAIL PROTECTED]> wrote:> Anyway, I downgraded to 70.4 and all is well. Manual upgrade to 85.4 and I> have the same issue of not getting a DHCP address and the same errors. Also,
> after the 85.4 update if I go to Manual Update I get Unable to Receive> Version Info. I'll look into this DHCP error a little later, as I have seen> this in some BSD forums. I have an extra box so I'll try to recreate the
> issue. Keep up the good work. :-)Thanks, that would be a _HUGE_ help!Scott-To unsubscribe, e-mail: 
[EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]-- "got root?"

RE: [pfSense Support] Questions about Load Balancing

[Wesley K. Joyce]

Hi Scott, is there a solution to this?  Am I unique in that I have multiple WAN 
connections of different capacities?
 
Anyone have another solution?
 
Thanks
 


From: Scott Ullrich [mailto:[EMAIL PROTECTED]
Sent: Thu 9/29/2005 7:20 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] Questions about Load Balancing



Load balancing uses round robin.

Scott


On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> Greetings, I have a Squid PROXY server that I want to use two DSL
> connections that I have with.  However, one of them is a 1 megabit
> connection and the other is a 512kbps connections.  Based on what I have
> read on the list, I am concerned that the load balancing algorithm will
> NOT distribute 2/3 and 1/3 of the combined 1.5mbps for the outgoing
> traffic over the two connections respectively.  Am I incorrect in this?
> Will it maximize each connection if they are of difference capacities?
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



<>-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Questions about Load Balancing

[Scott Ullrich]

Load balancing uses round robin.

Scott


On 9/29/05, Wesley K. Joyce <[EMAIL PROTECTED]> wrote:
> Greetings, I have a Squid PROXY server that I want to use two DSL
> connections that I have with.  However, one of them is a 1 megabit
> connection and the other is a 512kbps connections.  Based on what I have
> read on the list, I am concerned that the load balancing algorithm will
> NOT distribute 2/3 and 1/3 of the combined 1.5mbps for the outgoing
> traffic over the two connections respectively.  Am I incorrect in this?
> Will it maximize each connection if they are of difference capacities?
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] NIC issues

[Fleming, John \(ZeroChaos\)]

Btw the microcode is loaded via the option link0 which is passed to
ifconfig. I'm not sure where that is set but a few grep for link0 in
/etc/ should show you. 

-Original Message-
From: J B [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 29, 2005 12:22 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] NIC issues

Is there anyway to turn off the microcode on a per/NIC basis? I only
have
older Pro100 cards - (trying to recycle some old equipment and make it
usefull again)

JB

On Thu, September 29, 2005 1:14 pm, Scott Ullrich wrote:
> I suspect the microcode is borking the NIC.Do you have a newer
> NIC that you could try?   I would rather not remove the microcode
> support as it works wonders for newer cards.
>
> Scott
>
>
>
> On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
>
>> Well - it keeps timing out, I wish I had the machine in front of me
so
>> I
>> could send the actual error - but it keeps saying that the microcoad
>> load is timing out
>>
>> JB
>>
>>
>> On Thu, September 29, 2005 1:08 pm, Dan Swartzendruber wrote:
>>
>>> At 12:48 PM 9/29/2005, you wrote:
>>>
>>>
 yes - it shows up as fxp0 - but then I get errors loading microcode
 -
 and it just don't work on the network
>>>
>>> "gets errors".  can you be more specific?
>>>
>>>
>>>
>>>
>>>
>>>
-
>>>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] Traffic shaping. Parent Queue

[Espen Johansen]

A little more info please.

 

Version: ?

Did you set up defaults with the wizard ?

 

-lsf

 

 









From: Audun Brekke
[mailto:[EMAIL PROTECTED] 
Sent: 29. september 2005 23:57
To: support@pfsense.com
Subject: [pfSense Support] Traffic
shaping. Parent Queue



 

There seems to be an error in the traffic shaping.

When I set the queues manually it is not possible to
set the parent queue.

I can set the queue to be parent in the webui, but
the queue don’t seem to be updated.

I get an error like: 

 

php: : There were error(s) loading the rules:
/tmp/rules.debug:16: queue MaxDownload has no parent /tmp/rules.debug:16:
errors in queue definition /tmp/rules.debug:17: queue MaxUpload has no parent
/tmp/rules.debug:17: errors in queue definition pfctl: Syntax error in config
file: pf rules not loaded - The line in question reads [16]: queue MaxDownload
bandwidth 4100Kb cbq

 

 

There is no change in the config file if I set or
unset the “this is the parent queue” in the webui.

 

I line like this shoud be added in the config files
when the “this is the parent queue” is selected

 

 

 

altq on xl0 cbq queue {  MaxDownload }

 

-Audum-








--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29.09.2005
 

[pfSense Support] Traffic shaping. Parent Queue

[Audun Brekke]

There seems to be an error in the traffic shaping.

When I set the queues manually it is not possible to
set the parent queue.

I can set the queue to be parent in the webui, but
the queue don’t seem to be updated.

I get an error like: 

 

php: : There were error(s) loading the rules:
/tmp/rules.debug:16: queue MaxDownload has no parent /tmp/rules.debug:16:
errors in queue definition /tmp/rules.debug:17: queue MaxUpload has no parent
/tmp/rules.debug:17: errors in queue definition pfctl: Syntax error in config
file: pf rules not loaded - The line in question reads [16]: queue MaxDownload
bandwidth 4100Kb cbq

 

 

There is no change in the config file if I set or
unset the “this is the parent queue” in the webui.

 

I line like this shoud be added in the config files when
the “this is the parent queue” is selected

 

 

 

altq on xl0 cbq queue {  MaxDownload }

 

-Audum-








--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.11.9/115 - Release Date: 29.09.2005
 

[pfSense Support] Questions about Load Balancing

[Wesley K. Joyce]

Greetings, I have a Squid PROXY server that I want to use two DSL
connections that I have with.  However, one of them is a 1 megabit
connection and the other is a 512kbps connections.  Based on what I have
read on the list, I am concerned that the load balancing algorithm will
NOT distribute 2/3 and 1/3 of the combined 1.5mbps for the outgoing
traffic over the two connections respectively.  Am I incorrect in this?
Will it maximize each connection if they are of difference capacities? 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] NIC issues

[Fleming, John \(ZeroChaos\)]

So what irqs are the 3com and Intel on?

-Original Message-
From: J B [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 29, 2005 2:53 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] NIC issues

The issue is the Intel Pro - not the 3C509 (I have to use this until the
QFE card is supported - because I only have 3 pci slots, and need 4
interfaces) The 3C509 is an ISA card - and works just fine

JB


On Thu, September 29, 2005 3:49 pm, Chris Buechler wrote:
> Fleming, John (ZeroChaos) wrote:
>
>
>> 3c509 or 3c905?
>>
>>
>> The 509 is an ISA card which means you need to run the 3com util
>> 3c5x9cfg (I think that's what its called) to make sure you don't have
>> any irq/io conflicts.
>>
>>
>>
>
> might have jumpers on the card in lieu of that, a few of them did.
Might
> also have to muck with some of your resource settings in your BIOS.
>
> Honestly, unless you have a lot of hair you wouldn't mind losing, I
> would suggest trashing ISA cards and getting some PCI NIC's.  :)  They
can
> be had for ~$5 USD a pop on ebay.  I think the start of the gray hair
I'm
> getting at 25 was caused by using multiple ISA NIC's on Linux and BSD
> firewalls several years ago.  ;)
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Big Wave Dave]

On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
The issue is the Intel Pro - not the 3C509 (I have to use this until theQFE card is supported - because I only have 3 pci slots, and need 4interfaces) The 3C509 is an ISA card - and works just fineJB
Which QFE card is not supported?



Dave-- --Are Your Friends Lemmings? -- http://www.lemmingshirts.com

Re: [pfSense Support] NIC issues

[J B]

The issue is the Intel Pro - not the 3C509 (I have to use this until the
QFE card is supported - because I only have 3 pci slots, and need 4
interfaces) The 3C509 is an ISA card - and works just fine

JB


On Thu, September 29, 2005 3:49 pm, Chris Buechler wrote:
> Fleming, John (ZeroChaos) wrote:
>
>
>> 3c509 or 3c905?
>>
>>
>> The 509 is an ISA card which means you need to run the 3com util
>> 3c5x9cfg (I think that's what its called) to make sure you don't have
>> any irq/io conflicts.
>>
>>
>>
>
> might have jumpers on the card in lieu of that, a few of them did. Might
> also have to muck with some of your resource settings in your BIOS.
>
> Honestly, unless you have a lot of hair you wouldn't mind losing, I
> would suggest trashing ISA cards and getting some PCI NIC's.  :)  They can
> be had for ~$5 USD a pop on ebay.  I think the start of the gray hair I'm
> getting at 25 was caused by using multiple ISA NIC's on Linux and BSD
> firewalls several years ago.  ;)
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Chris Buechler]

Fleming, John (ZeroChaos) wrote:

3c509 or 3c905? 


The 509 is an ISA card which means you need to run the 3com util
3c5x9cfg (I think that's what its called) to make sure you don't have
any irq/io conflicts.

 



might have jumpers on the card in lieu of that, a few of them did.  
Might also have to muck with some of your resource settings in your BIOS. 

Honestly, unless you have a lot of hair you wouldn't mind losing, I 
would suggest trashing ISA cards and getting some PCI NIC's.  :)  They 
can be had for ~$5 USD a pop on ebay.  I think the start of the gray 
hair I'm getting at 25 was caused by using multiple ISA NIC's on Linux 
and BSD firewalls several years ago.  ;) 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] import monowall xml files

[Scott Ullrich]

And there was a few minor rule settings that you could set on m0n0
that doesn't work on pfS but everything else should be ok.

So back to the convo before the reported broken-ness...

I'd say we simply unset the traffic shaper configuration on import and
convert proxy arp -> virtual ip's?

Scott



On 9/29/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> OK, I'm wrong, this works as advertised.
>
> --Bill
>
> On 9/29/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> > This used to work, but our config has significantly diverged from
> > m0n0.  I suspect if you used a config from where we forked it'd
> > probably work, but assuming m0n0 changed _anything_ in their config
> > file since then, it's unlikely to convert over.  I think we're at the
> > point where either someone needs to make it work, or the restore
> > function rejects a m0n0 config.
> >
> > --Bill
> >
> > On 9/29/05, Jonathan Woodard <[EMAIL PROTECTED]> wrote:
> > > i know this has probably been answered in previous posts but i didn't
> > > see them. i'm wondering if / how i can move my monowall xml file over to
> > > pfsense. i tried to just restore, thinking that i had seen a previous
> > > post saying it was ok,  it but killed everything and i had to
> > > re-install. i would love to try pfsense and most likely will when i have
> > > more time. i just really hoped that all my configurations are not lost
> > > when moving over. thanks and i apologize if i wasn't detailed enough.
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] import monowall xml files

[Bill Marquette]

OK, I'm wrong, this works as advertised.

--Bill

On 9/29/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> This used to work, but our config has significantly diverged from
> m0n0.  I suspect if you used a config from where we forked it'd
> probably work, but assuming m0n0 changed _anything_ in their config
> file since then, it's unlikely to convert over.  I think we're at the
> point where either someone needs to make it work, or the restore
> function rejects a m0n0 config.
>
> --Bill
>
> On 9/29/05, Jonathan Woodard <[EMAIL PROTECTED]> wrote:
> > i know this has probably been answered in previous posts but i didn't
> > see them. i'm wondering if / how i can move my monowall xml file over to
> > pfsense. i tried to just restore, thinking that i had seen a previous
> > post saying it was ok,  it but killed everything and i had to
> > re-install. i would love to try pfsense and most likely will when i have
> > more time. i just really hoped that all my configurations are not lost
> > when moving over. thanks and i apologize if i wasn't detailed enough.
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] NIC issues

[Fleming, John \(ZeroChaos\)]

3c509 or 3c905? 

The 509 is an ISA card which means you need to run the 3com util
3c5x9cfg (I think that's what its called) to make sure you don't have
any irq/io conflicts.

3c905 being PCI wouldn't have that issue.

-Original Message-
From: J B [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 29, 2005 11:40 AM
To: support@pfsense.com
Subject: Re: [pfSense Support] NIC issues

the freebsd device name is hme:

The hme(4) driver supports the on-board Ethernet interfaces of many Sun
UltraSPARC workstation and server models. Cards supported by the
hme(4) driver include:

*  Sun PCI SunSwift Adapter
*  Sun SBus SunSwift Adapter .( hme. and .SUNW,hme.)
*  Sun PCI Sun100BaseT Adapter 2.0
*  Sun SBus Sun100BaseT 2.0
*  Sun PCI Quad FastEthernet Controller
*  Sun SBus Quad FastEthernet Controller


As for the Intel Pro - different system - that system I was using 1
Intel
Pro 100 (stand alone), 1 Linksys Fast eth (shows up as dc0) and a 3com
3c509

JB




On Thu, September 29, 2005 12:20 pm, Scott Ullrich wrote:
> That NIC is not supported as far as I can tell.  If you know the
> device name in freebsd please let me know.Try removing the quad
port
> nic and I bet the single nic will work.
>
> Scott
>
>
>
> On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
>
>> I'm having issues with the following NIC cards:
>>
>>
>> Sun Quad Fast Ethernet - not recognized
>> Intel Pro 100 - recognized, but doesn't seem to work - used it as my
LAN
>>  interface - connected it back to back with another maching using a
>> X-over
>> cable and configured both on the same net - couldn't access the
config
>> page
>>
>>
>> any help would be appreciated
>>
>> JB
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Scott Ullrich]

No, it was missing a ]

Thanks for the heads up!


On 9/29/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> At 01:31 PM 9/29/2005, you wrote:
> >Okay, try the newest /etc/inc/pfsense-utils.inc and add this tag to 
> >
>
> syntax error in your change.  the ')' should be a ']' ?
>
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Dan Swartzendruber]

At 01:31 PM 9/29/2005, you wrote:

Okay, try the newest /etc/inc/pfsense-utils.inc and add this tag to 



syntax error in your change.  the ')' should be a ']' ?





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Scott Ullrich]

Okay, try the newest /etc/inc/pfsense-utils.inc and add this tag to 


Scott


On 9/29/05, Scott Ullrich <[EMAIL PROTECTED]> wrote:
> Not easily.   The code detects that you have a fxp driver and then
> tries to init the code.  I suppose we could add a tag to
>  or something...
>
> On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
> > Is there anyway to turn off the microcode on a per/NIC basis? I only have
> > older Pro100 cards - (trying to recycle some old equipment and make it
> > usefull again)
> >
> > JB
> >
> > On Thu, September 29, 2005 1:14 pm, Scott Ullrich wrote:
> > > I suspect the microcode is borking the NIC.Do you have a newer
> > > NIC that you could try?   I would rather not remove the microcode
> > > support as it works wonders for newer cards.
> > >
> > > Scott
> > >
> > >
> > >
> > > On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
> > >
> > >> Well - it keeps timing out, I wish I had the machine in front of me so
> > >> I
> > >> could send the actual error - but it keeps saying that the microcoad
> > >> load is timing out
> > >>
> > >> JB
> > >>
> > >>
> > >> On Thu, September 29, 2005 1:08 pm, Dan Swartzendruber wrote:
> > >>
> > >>> At 12:48 PM 9/29/2005, you wrote:
> > >>>
> > >>>
> >  yes - it shows up as fxp0 - but then I get errors loading microcode
> >  -
> >  and it just don't work on the network
> > >>>
> > >>> "gets errors".  can you be more specific?
> > >>>
> > >>>
> > >>>
> > >>>
> > >>>
> > >>> -
> > >>>  To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >>> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>>
> > >>>
> > >>>
> > >>>
> > >>
> > >>
> > >>
> > >> -
> > >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> > >> For additional commands, e-mail: [EMAIL PROTECTED]
> > >>
> > >>
> > >>
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> > >
> > >
> > >
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Scott Ullrich]

Not easily.   The code detects that you have a fxp driver and then
tries to init the code.  I suppose we could add a tag to
 or something...

On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
> Is there anyway to turn off the microcode on a per/NIC basis? I only have
> older Pro100 cards - (trying to recycle some old equipment and make it
> usefull again)
>
> JB
>
> On Thu, September 29, 2005 1:14 pm, Scott Ullrich wrote:
> > I suspect the microcode is borking the NIC.Do you have a newer
> > NIC that you could try?   I would rather not remove the microcode
> > support as it works wonders for newer cards.
> >
> > Scott
> >
> >
> >
> > On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
> >
> >> Well - it keeps timing out, I wish I had the machine in front of me so
> >> I
> >> could send the actual error - but it keeps saying that the microcoad
> >> load is timing out
> >>
> >> JB
> >>
> >>
> >> On Thu, September 29, 2005 1:08 pm, Dan Swartzendruber wrote:
> >>
> >>> At 12:48 PM 9/29/2005, you wrote:
> >>>
> >>>
>  yes - it shows up as fxp0 - but then I get errors loading microcode
>  -
>  and it just don't work on the network
> >>>
> >>> "gets errors".  can you be more specific?
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> -
> >>>  To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>> For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>>
> >>>
> >>
> >>
> >>
> >> -
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[J B]

Is there anyway to turn off the microcode on a per/NIC basis? I only have
older Pro100 cards - (trying to recycle some old equipment and make it
usefull again)

JB

On Thu, September 29, 2005 1:14 pm, Scott Ullrich wrote:
> I suspect the microcode is borking the NIC.Do you have a newer
> NIC that you could try?   I would rather not remove the microcode
> support as it works wonders for newer cards.
>
> Scott
>
>
>
> On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
>
>> Well - it keeps timing out, I wish I had the machine in front of me so
>> I
>> could send the actual error - but it keeps saying that the microcoad
>> load is timing out
>>
>> JB
>>
>>
>> On Thu, September 29, 2005 1:08 pm, Dan Swartzendruber wrote:
>>
>>> At 12:48 PM 9/29/2005, you wrote:
>>>
>>>
 yes - it shows up as fxp0 - but then I get errors loading microcode
 -
 and it just don't work on the network
>>>
>>> "gets errors".  can you be more specific?
>>>
>>>
>>>
>>>
>>>
>>> -
>>>  To unsubscribe, e-mail: [EMAIL PROTECTED]
>>> For additional commands, e-mail: [EMAIL PROTECTED]
>>>
>>>
>>>
>>>
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Scott Ullrich]

 I suspect the microcode is borking the NIC.Do you have a newer
NIC that you could try?   I would rather not remove the microcode
support as it works wonders for newer cards.

Scott


On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
> Well - it keeps timing out, I wish I had the machine in front of me so I
> could send the actual error - but it keeps saying that the microcoad load
> is timing out
>
> JB
>
> On Thu, September 29, 2005 1:08 pm, Dan Swartzendruber wrote:
> > At 12:48 PM 9/29/2005, you wrote:
> >
> >> yes - it shows up as fxp0 - but then I get errors loading microcode -
> >> and it just don't work on the network
> >
> > "gets errors".  can you be more specific?
> >
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Dan Swartzendruber]

At 01:12 PM 9/29/2005, you wrote:

Well - it keeps timing out, I wish I had the machine in front of me so I
could send the actual error - but it keeps saying that the microcoad load
is timing out


sounds like the nic is flaky.  i'm running the same NIC on my pfsense 
(as the LAN) and it works fine...




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[J B]

Well - it keeps timing out, I wish I had the machine in front of me so I
could send the actual error - but it keeps saying that the microcoad load
is timing out

JB

On Thu, September 29, 2005 1:08 pm, Dan Swartzendruber wrote:
> At 12:48 PM 9/29/2005, you wrote:
>
>> yes - it shows up as fxp0 - but then I get errors loading microcode -
>> and it just don't work on the network
>
> "gets errors".  can you be more specific?
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Dan Swartzendruber]

At 12:48 PM 9/29/2005, you wrote:

yes - it shows up as fxp0 - but then I get errors loading microcode - and
it just don't work on the network


"gets errors".  can you be more specific?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[J B]

yes - it shows up as fxp0 - but then I get errors loading microcode - and
it just don't work on the network

JB


On Thu, September 29, 2005 12:38 pm, Marc A. Volovic wrote:
> Quoth J B:
>
>
>> As for the Intel Pro - different system - that system I was using 1
>> Intel
>> Pro 100 (stand alone), 1 Linksys Fast eth (shows up as dc0) and a 3com
>> 3c509
>>
>
> In my case, the device name is fxp
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Scott Ullrich]

On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
> the freebsd device name is hme:

I have added device hme and the kernel is currently compiling.  Unless
it errors out expect to see this in the next version.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Marc A. Volovic]

Quoth J B:

> As for the Intel Pro - different system - that system I was using 1 Intel
> Pro 100 (stand alone), 1 Linksys Fast eth (shows up as dc0) and a 3com 3c509

In my case, the device name is fxp

-- 
---MAV
Marc A. Volovic [EMAIL PROTECTED]
Swiftouch, LTD +972-544-676764

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[J B]

the freebsd device name is hme:

The hme(4) driver supports the on-board Ethernet interfaces of many Sun
UltraSPARC workstation and server models. Cards supported by the
hme(4) driver include:

*  Sun PCI SunSwift Adapter
*  Sun SBus SunSwift Adapter .( hme. and .SUNW,hme.)
*  Sun PCI Sun100BaseT Adapter 2.0
*  Sun SBus Sun100BaseT 2.0
*  Sun PCI Quad FastEthernet Controller
*  Sun SBus Quad FastEthernet Controller


As for the Intel Pro - different system - that system I was using 1 Intel
Pro 100 (stand alone), 1 Linksys Fast eth (shows up as dc0) and a 3com 3c509

JB




On Thu, September 29, 2005 12:20 pm, Scott Ullrich wrote:
> That NIC is not supported as far as I can tell.  If you know the
> device name in freebsd please let me know.Try removing the quad port
> nic and I bet the single nic will work.
>
> Scott
>
>
>
> On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
>
>> I'm having issues with the following NIC cards:
>>
>>
>> Sun Quad Fast Ethernet - not recognized
>> Intel Pro 100 - recognized, but doesn't seem to work - used it as my LAN
>>  interface - connected it back to back with another maching using a
>> X-over
>> cable and configured both on the same net - couldn't access the config
>> page
>>
>>
>> any help would be appreciated
>>
>> JB
>>
>>
>>
>> -
>> To unsubscribe, e-mail: [EMAIL PROTECTED]
>> For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>
>>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Marc A. Volovic]

Quoth J B:

> I'm having issues with the following NIC cards:
> 
> Intel Pro 100 - recognized, but doesn't seem to work - used it as my LAN

Am currently using a PRO 100 on a Routerboard 230.

pfSense 81.4, currently.


> interface - connected it back to back with another maching using a X-over
> cable and configured both on the same net - couldn't access the config
> page
> 
> 
> any help would be appreciated
> 
> JB
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-- 
---MAV
Marc A. Volovic [EMAIL PROTECTED]
Swiftouch, LTD +972-544-676764

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] LB and pre-emption on CARP?

[Scott Ullrich]

On 9/29/05, Frimmel, Ivan (ISS South Africa) <[EMAIL PROTECTED]> wrote:
[snip]
> 1) What does the load balancing option in CARP page do?

It's a poor way of load balancing based on the HASH AFAIK.
>From the manpage:

net.inet.carp.arpbalance  Balance local traffic using ARP.

> 2) If load balancing is enable on the CARP page do we still have to setup
> the LB service?

I'm pretty sure you will want to go with our load balancing system
that uses  slbd.

> 3) In the LB service .. do I setup the virtual IP(124) into the LB pool (
> LAN GW to WAN ? ) Or do I use the 2 physical GW IPS of the routers (125 and
> 126)?

See http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing and
http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing for examples.

> 4) If I use pre-emption, one is master another is slave, does it still LB?
> It seems from the reading room .. only masters LB?  i.e. to LB using CARP
> pre-emption needs to be off so you can have 2 masters?

Not really sure.   I've never really used the arp balancing feature as
I hear that it doesn't do a good job.. But this may have changed
recently.

Scott

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] NIC issues

[Scott Ullrich]

That NIC is not supported as far as I can tell.  If you know the
device name in freebsd please let me know.Try removing the quad
port nic and I bet the single nic will work.

Scott


On 9/29/05, J B <[EMAIL PROTECTED]> wrote:
> I'm having issues with the following NIC cards:
>
> Sun Quad Fast Ethernet - not recognized
> Intel Pro 100 - recognized, but doesn't seem to work - used it as my LAN
> interface - connected it back to back with another maching using a X-over
> cable and configured both on the same net - couldn't access the config
> page
>
>
> any help would be appreciated
>
> JB
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] NIC issues

[J B]

I'm having issues with the following NIC cards:

Sun Quad Fast Ethernet - not recognized
Intel Pro 100 - recognized, but doesn't seem to work - used it as my LAN
interface - connected it back to back with another maching using a X-over
cable and configured both on the same net - couldn't access the config
page


any help would be appreciated

JB


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] import monowall xml files

[Scott Ullrich]

Yeah, I've been thinking about this for a bit and I'm starting to
think we should just reject m0n0wall files.   We've divulged from
their codebase enough to warrant it, I think.

Scott


On 9/29/05, Jonathan Woodard <[EMAIL PROTECTED]> wrote:
> Scott Ullrich wrote:
>
> >We convert m0n0wall configurations on import.   We convert the tag
> >names and remove the traffic shaper.But don't expect proxyarp and
> >things of this nature to work.
> >
> >Scott
> >
> >
> >On 9/29/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> >
> >
> >>This used to work, but our config has significantly diverged from
> >>m0n0.  I suspect if you used a config from where we forked it'd
> >>probably work, but assuming m0n0 changed _anything_ in their config
> >>file since then, it's unlikely to convert over.  I think we're at the
> >>point where either someone needs to make it work, or the restore
> >>function rejects a m0n0 config.
> >>
> >>--Bill
> >>
> >>On 9/29/05, Jonathan Woodard <[EMAIL PROTECTED]> wrote:
> >>
> >>
> >>>i know this has probably been answered in previous posts but i didn't
> >>>see them. i'm wondering if / how i can move my monowall xml file over to
> >>>pfsense. i tried to just restore, thinking that i had seen a previous
> >>>post saying it was ok,  it but killed everything and i had to
> >>>re-install. i would love to try pfsense and most likely will when i have
> >>>more time. i just really hoped that all my configurations are not lost
> >>>when moving over. thanks and i apologize if i wasn't detailed enough.
> >>>
> >>>-
> >>>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>>For additional commands, e-mail: [EMAIL PROTECTED]
> >>>
> >>>
> >>>
> >>>
> >>-
> >>To unsubscribe, e-mail: [EMAIL PROTECTED]
> >>For additional commands, e-mail: [EMAIL PROTECTED]
> >>
> >>
> >>
> >>
> >
> >-
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> I agree with Bill here, I suggest at the very least right now having it
> reject the monowall file. Since this used to work there maybe more
> people out there who are trying this and having to just re-install.
> thanks to all of you for your help, i'll probably install pfsense on a
> weekend when i have time to redo it all.
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] import monowall xml files

[Jonathan Woodard]

Scott Ullrich wrote:


We convert m0n0wall configurations on import.   We convert the tag
names and remove the traffic shaper.But don't expect proxyarp and
things of this nature to work.

Scott


On 9/29/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
 


This used to work, but our config has significantly diverged from
m0n0.  I suspect if you used a config from where we forked it'd
probably work, but assuming m0n0 changed _anything_ in their config
file since then, it's unlikely to convert over.  I think we're at the
point where either someone needs to make it work, or the restore
function rejects a m0n0 config.

--Bill

On 9/29/05, Jonathan Woodard <[EMAIL PROTECTED]> wrote:
   


i know this has probably been answered in previous posts but i didn't
see them. i'm wondering if / how i can move my monowall xml file over to
pfsense. i tried to just restore, thinking that i had seen a previous
post saying it was ok,  it but killed everything and i had to
re-install. i would love to try pfsense and most likely will when i have
more time. i just really hoped that all my configurations are not lost
when moving over. thanks and i apologize if i wasn't detailed enough.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


   



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
 

I agree with Bill here, I suggest at the very least right now having it 
reject the monowall file. Since this used to work there maybe more 
people out there who are trying this and having to just re-install. 
thanks to all of you for your help, i'll probably install pfsense on a 
weekend when i have time to redo it all.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] CARP Master/Backup goes to INIT update

[Scott Ullrich]

Ahh yes.  The DISABLE/ENABLE button needs to be updated.   Good catch.
 I'll fix in a bit.

Scott


On 9/29/05, Frimmel, Ivan (ISS South Africa) <[EMAIL PROTECTED]> wrote:
>
>
>
> HI
>
>
>
> I just did another update_file.sh .. and re-setup CARP. Doing a Reboot
> brings CARP up into Master as expected ;)  ( I can't turn on the slave to
> test if it is 100%.. but the behavior seems better) So this part seems
> fixed.
>
>
>
> HOWEVER - It still insists on going back to INIT .. when pressing
> DISABLE/ENABLE button. Ifconfig carp0 up brings it back up. Something is not
> right in the DISIABLE / ENABLE button script on the CARP page.
>
>
>
> BTW : DynDns with PPPoE seems to be fixed over the last few releases.
>
>
>
> Tx
>
>
>
> Ivan.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] import monowall xml files

[Scott Ullrich]

We convert m0n0wall configurations on import.   We convert the tag
names and remove the traffic shaper.But don't expect proxyarp and
things of this nature to work.

Scott


On 9/29/05, Bill Marquette <[EMAIL PROTECTED]> wrote:
> This used to work, but our config has significantly diverged from
> m0n0.  I suspect if you used a config from where we forked it'd
> probably work, but assuming m0n0 changed _anything_ in their config
> file since then, it's unlikely to convert over.  I think we're at the
> point where either someone needs to make it work, or the restore
> function rejects a m0n0 config.
>
> --Bill
>
> On 9/29/05, Jonathan Woodard <[EMAIL PROTECTED]> wrote:
> > i know this has probably been answered in previous posts but i didn't
> > see them. i'm wondering if / how i can move my monowall xml file over to
> > pfsense. i tried to just restore, thinking that i had seen a previous
> > post saying it was ok,  it but killed everything and i had to
> > re-install. i would love to try pfsense and most likely will when i have
> > more time. i just really hoped that all my configurations are not lost
> > when moving over. thanks and i apologize if i wasn't detailed enough.
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] 802.11q vlans

[Dan Swartzendruber]

At 10:48 AM 9/29/2005, you wrote:

On 9/29/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> i assumed he had all that correct, since he said
> he could see the traffic going into the pfsense
> port.  i was going to ask the same question,
> myself.  this has to be a config problem, as i'm using this exact 
same setup.


I agree, which is why I asked the obvious question :)  Not everyone
realizes that marking a port with multiple vlans doesn't mean that
it's a tagged port, just that the machine on that port can see and
talk to each of the vlans (untagged).  That of course would require
pfSesne to support real interface aliases - which we don't (and I'm
not yet convinced is required)


I just went back and reviewed my switch config (it's an smc 
tigerswitch).  Maybe he didn't actually see the traffic entering the 
pfsense unit.  If so, I'm betting you're right and he forgot to mark 
its switch port as tagged.  I remember when I first tried this, I 
forgot that and it drove me nuts - no connectivity, and I couldn't see why not.






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] 802.11q vlans

[Bill Marquette]

On 9/29/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:
> i assumed he had all that correct, since he said
> he could see the traffic going into the pfsense
> port.  i was going to ask the same question,
> myself.  this has to be a config problem, as i'm using this exact same setup.

I agree, which is why I asked the obvious question :)  Not everyone
realizes that marking a port with multiple vlans doesn't mean that
it's a tagged port, just that the machine on that port can see and
talk to each of the vlans (untagged).  That of course would require
pfSesne to support real interface aliases - which we don't (and I'm
not yet convinced is required)

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] 050.2 CARP won't go Master or Backup

[Frimmel, Ivan \(ISS South Africa\)]

No, CARP is on LAN.

-Original Message-
From: Bill Marquette [mailto:[EMAIL PROTECTED] 
Sent: Thursday, September 29, 2005 4:22 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] 050.2 CARP won't go Master or Backup

On 9/29/05, Frimmel, Ivan (ISS South Africa) <[EMAIL PROTECTED]>
wrote:
> HI
>
> Firstly I didn't have time yet to do another update_file.sh so the
problem may already be fixed.. but in the interim:
>
> After the update_file.sh I did yesterday morning .. I have an
intermittent issue which I think is also related.. ng0 goes down, AND
stays down, even after reboots. Doing another "upgrade"(downgrade) via
the web interface to 085.6(.tar.gz) fixed the ng0 down problem. Although
I could manually ifconfig ng0 up to bring the route up again but after
reboot it would go down again. I suspect carp is not coming up because
ng0 doesn't come up?

Are you running carp on an ng interface?  I'm surprised this ever works.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] CARP Master/Backup goes to INIT update

[Frimmel, Ivan \(ISS South Africa\)]

HI 

 

I just did another update_file.sh .. and re-setup CARP. Doing
a Reboot brings CARP up into Master as expected ;)  ( I can’t turn
on the slave to test if it is 100%.. but the behavior seems better) So this
part seems fixed. 

 

HOWEVER - It still insists on going back to INIT .. when
pressing DISABLE/ENABLE button. Ifconfig carp0 up brings it back up. Something
is not right in the DISIABLE / ENABLE button script on the CARP page. 

 

BTW : DynDns with PPPoE seems to be fixed over the last few
releases.

 

Tx

 

Ivan.

Re: [pfSense Support] 802.11q vlans

[Dan Swartzendruber]

At 10:27 AM 9/29/2005, you wrote:
Is the switch port configured for tagging, or 
did you configure it to allow vlans 1-4 to talk 
to port 2?  The VLAN setup in pfSense utilises 
802.1q tagging, enabling vlans on a port doesn't 
necessarily configure that port for tagged 
frames. --Bill On 9/29/05, alan walters 
<[EMAIL PROTECTED]> wrote: > > > > This might 
be off topic but I am flummoxed by the problem 
so I thought I > would ask. > > > > > > 
Configuration > > > > Pfsense > > > > Lan ­with 
3 vlans and lan as parent. > > > > Switch with 
vlan 1 through to 4 enabled > > > > Port 2 is 
setup on switch with all vlans and is plugged 
into lan on pfsense. > > > > Then the other 
ports are allocated to individual vlans. > > > > 
The communications across vlans looks fine on 
the switch itself(traffic > seems to only flow 
within members of the vlans) > > The switch is a 
3com 
3300xm > > > > 
  Lan > > 
| > > | > > 
   Port2 on > 
switch-port 4 on 
switch > vlan 3--win 
XP > > 
| > > > 
| > > port 3 on switch vlan 
2 > > | > > 
   | > > 
 WinXP


i assumed he had all that correct, since he said 
he could see the traffic going into the pfsense 
port.  i was going to ask the same question, 
myself.  this has to be a config problem, as i'm using this exact same setup.





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] import monowall xml files

[Bill Marquette]

This used to work, but our config has significantly diverged from
m0n0.  I suspect if you used a config from where we forked it'd
probably work, but assuming m0n0 changed _anything_ in their config
file since then, it's unlikely to convert over.  I think we're at the
point where either someone needs to make it work, or the restore
function rejects a m0n0 config.

--Bill

On 9/29/05, Jonathan Woodard <[EMAIL PROTECTED]> wrote:
> i know this has probably been answered in previous posts but i didn't
> see them. i'm wondering if / how i can move my monowall xml file over to
> pfsense. i tried to just restore, thinking that i had seen a previous
> post saying it was ok,  it but killed everything and i had to
> re-install. i would love to try pfsense and most likely will when i have
> more time. i just really hoped that all my configurations are not lost
> when moving over. thanks and i apologize if i wasn't detailed enough.
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] 802.11q vlans

[Bill Marquette]

Is the switch port configured for tagging, or did you configure it to
allow vlans 1-4 to talk to port 2?  The VLAN setup in pfSense utilises
802.1q tagging, enabling vlans on a port doesn't necessarily configure
that port for tagged frames.

--Bill

On 9/29/05, alan walters <[EMAIL PROTECTED]> wrote:
>
>
>
> This might be off topic but I am flummoxed by the problem so I thought I
> would ask.
>
>
>
>
>
> Configuration
>
>
>
> Pfsense
>
>
>
> Lan –with 3 vlans and lan as parent.
>
>
>
> Switch with vlan 1 through to 4 enabled
>
>
>
> Port 2 is setup on switch with all vlans and is plugged into lan on pfsense.
>
>
>
> Then the other ports are allocated to individual vlans.
>
>
>
> The communications across vlans looks fine on the switch itself(traffic
> seems to only flow within members of the vlans)
>
> The switch is a 3com 3300xm
>
>
>
> Lan
>
> |
>
> |
>
> Port2 on
> switch-port 4 on switch
> vlan 3--win XP
>
> |
>
>
> |
>
> port 3 on switch vlan 2
>
> |
>
> |
>
> WinXP

Re: [pfSense Support] 050.2 CARP won't go Master or Backup

[Bill Marquette]

On 9/29/05, Frimmel, Ivan (ISS South Africa) <[EMAIL PROTECTED]> wrote:
> HI
>
> Firstly I didn't have time yet to do another update_file.sh so the problem 
> may already be fixed.. but in the interim:
>
> After the update_file.sh I did yesterday morning .. I have an intermittent 
> issue which I think is also related.. ng0 goes down, AND stays down, even 
> after reboots. Doing another "upgrade"(downgrade) via the web interface to 
> 085.6(.tar.gz) fixed the ng0 down problem. Although I could manually ifconfig 
> ng0 up to bring the route up again but after reboot it would go down again. I 
> suspect carp is not coming up because ng0 doesn't come up?

Are you running carp on an ng interface?  I'm surprised this ever works.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] 1:1 NAT loopback

[Bill Marquette]

Well, it's not "supposed" to work.  I'm still not sure how it was made
to work in this fashion.  But, I can offer one suggestion on a way
that it might work.  On the outbound NAT screen, you'll need to create
a NAT bound to the LAN interface NATing everything from LAN destined
for LAN to the LAN IP on your firewall.  The problem you're seeing is
that the firewall is redirecting you to the server, but the reply
traffic from the server is getting sent to your workstations real IP.

--Bill

On 9/28/05, Simon SZE-To <[EMAIL PROTECTED]> wrote:
> Hello,
>
>  I had read the thread at Aug 26 and found that some pfSense's user able to
> access 1:1 NATTed service in LAN segment, but when I try it today, it's
> failed.
>
>  My testing environment:
>  - the public IP xx.xx.xx.46 1:1 NAT to 10.0.138.9
>  - proxy ARP the xx.xx.xx.46
>  - allow any to any access to xx.xx.xx.46 in firewall rule
>  - my workstation IP is 10.0.138.130
>  - pfSense's IP is xx.xx.xx.42
>
>  I did the following steps:
>  - telnet xx.xx.xx.46 110 (of cos. I have POP3 service listening)
>  - I've got connection failed after around 20sec
>  - the states got the following 2 lines:
>  self tcp 10.0.138.130:1941 -> xx.xx.xx.42:51404 -> xx.xx.xx.46:110
> SYN_SENT:CLOSED
>  self tcp xx.xx.xx.46:110 <- 10.0.138.130:1941CLOSED:SYN_SENT
>
>
>  Thanks!
>
>  Simon SZE-To
>
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] 802.11q vlans

[Dan Swartzendruber]

At 09:24 AM 9/29/2005, you wrote:


>
>   Lan
>   |
>   |
>   Port2 on
switch-
> port 4 on switch vlan 3--win XP
>   |
>   |
>   port 3 on switch vlan 2
>   |
>   |
>   WinXP
>
>


> i'm using a similar config.  you don't say what your config on pfsense
is,
> but are you setting up TWO vlan interfaces on the pfsense?  e.g.
>
> LAN => fxp0 (or whatever)
> vlan0 => fxp0 vlan 2
> vlan1 => fxp0 vlan 3
>
[alan walters]
Yes the vlans are configured on pfsense as you have outlined above.
Traffic seems to flow into the correct interface on pfsense but does not
get back to the client.


are you sure you have outbound NAT rules for both vlan 
interfaces?  you might want to post a (sanitized) config...




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] 802.11q vlans

[alan walters]

> 
>   Lan
>   |
>   |
>   Port2 on
switch-
> port 4 on switch vlan 3--win XP
>   |
>   |
>   port 3 on switch vlan 2
>   |
>   |
>   WinXP
> 
>

 
> i'm using a similar config.  you don't say what your config on pfsense
is,
> but are you setting up TWO vlan interfaces on the pfsense?  e.g.
> 
> LAN => fxp0 (or whatever)
> vlan0 => fxp0 vlan 2
> vlan1 => fxp0 vlan 3
> 
[alan walters] 
Yes the vlans are configured on pfsense as you have outlined above.
Traffic seems to flow into the correct interface on pfsense but does not
get back to the client.
> 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: [pfSense Support] import monowall xml files

[Gary Buckmaster]

No, m0n0wall config files are not compatible with pfSense anymore.
Fortunately, unless you have a massively complex configuration, it should be
reasonably straightforward to set up your pfSense box to work as your
m0n0wall did without too much drama.

-Gary

-Original Message-
From: Jonathan Woodard [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 29, 2005 12:40 AM
To: support@pfsense.com
Subject: [pfSense Support] import monowall xml files


i know this has probably been answered in previous posts but i didn't
see them. i'm wondering if / how i can move my monowall xml file over to
pfsense. i tried to just restore, thinking that i had seen a previous
post saying it was ok,  it but killed everything and i had to
re-install. i would love to try pfsense and most likely will when i have
more time. i just really hoped that all my configurations are not lost
when moving over. thanks and i apologize if i wasn't detailed enough.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] 802.11q vlans

[Dan Swartzendruber]

At 05:28 AM 9/29/2005, you wrote:
This might be off
topic but I am flummoxed by the problem so I thought I would ask.
 
 
Configuration
 
Pfsense
 
Lan –with 3 vlans and lan as parent.
 
Switch with vlan 1 through to 4 enabled
 
Port 2 is setup on switch with all vlans and is plugged into lan on
pfsense.
 
Then the other ports are allocated to individual vlans.
 
The communications across vlans looks fine on the switch itself(traffic
seems to only flow within members of the vlans)
The switch is a 3com 3300xm
 
   
Lan
   
|
   
|
   
Port2 on switch-port 4 on switch vlan
3--win XP
   
|  

   
|
port 3 on switch vlan 2
   
|
   
|
   
WinXP
i'm using a similar config.  you don't say what your config on
pfsense is, but are you setting up TWO vlan interfaces on the
pfsense?  e.g.
LAN => fxp0 (or whatever)
vlan0 => fxp0 vlan 2
vlan1 => fxp0 vlan 3

[pfSense Support] 802.11q vlans

[alan walters]

This might be off topic but I am flummoxed by the problem so
I thought I would ask.

 

 

Configuration

 

Pfsense

 

Lan –with 3 vlans and lan as parent.

 

Switch with vlan 1 through to 4 enabled

 

Port 2 is setup on switch with all vlans and is plugged into
lan on pfsense.

 

Then the other ports are allocated to individual vlans.

 

The communications across vlans looks fine on the switch
itself(traffic seems to only flow within members of the vlans)

The switch is a 3com 3300xm

 

        Lan

        |

        |

    Port2 on switch-port
4 on switch vlan 3--win XP

    |   

    |

port 3 on switch
vlan 2

    |

    |

    WinXP

[pfSense Support] LB and pre-emption on CARP?

[Frimmel, Ivan \(ISS South Africa\)]

HI 

 

The setup:

Router2 – Secondary 

PPPoe WAN - 172.16.24.125 - 

              | 

          | -
Virtual 172.16.24.124

Router1 – Primary    |  

PPPoe WAN - 172.16.24.126- 

 

A few quick questions please .. 

1) What does the load balancing option in CARP page do? 

2) If load balancing is enable on the CARP page do we still
have to setup the LB service? 

3) In the LB service .. do I setup the virtual IP(124) into
the LB pool ( LAN GW to WAN ? ) Or do I use the 2 physical GW IPS of the
routers (125 and 126)? 

4) If I use pre-emption, one is master another is slave,
does it still LB? It seems from the reading room .. only masters LB?  i.e. to
LB using CARP pre-emption needs to be off so you can have 2 masters?

 

While the tutorial is helpful, it doesn’t really
clarify how this stuff all ties together… tx

Ivan.

 

RE: [pfSense Support] 050.2 CARP won't go Master or Backup

[Frimmel, Ivan \(ISS South Africa\)]

HI 

Firstly I didn't have time yet to do another update_file.sh so the problem may 
already be fixed.. but in the interim:

After the update_file.sh I did yesterday morning .. I have an intermittent 
issue which I think is also related.. ng0 goes down, AND stays down, even after 
reboots. Doing another "upgrade"(downgrade) via the web interface to 
085.6(.tar.gz) fixed the ng0 down problem. Although I could manually ifconfig 
ng0 up to bring the route up again but after reboot it would go down again. I 
suspect carp is not coming up because ng0 doesn't come up?

Tx all.
Ivan.


-Original Message-
From: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, September 28, 2005 4:19 PM
To: support@pfsense.com
Subject: Re: [pfSense Support] 050.2 CARP won't go Master or Backup

You need to update_file.sh /etc/rc.bootup as well.   The carp
interfacs are brought up at the very end now.

Scott


On 9/28/05, Frimmel, Ivan (ISS South Africa) <[EMAIL PROTECTED]> wrote:
> Ok, so I spent sometime on this, this morning.
>
> One of the problems I had yesterday during update_file.sh (on 085.4).. it 
> somehow broke OPT1(sync) and kept making it disabled. So carp would never 
> come up, once I got this sorted by going to 085.6 I could go forward.
>
> So ..
> 1) I brought router2 back up and did all upgrades and reconfigured CARP;
> 2) CARP still behaves badly
> 3) Did another update_file.sh after 085.6, CARP haves badly.
>
> It may go master/backup first time, but when doing disable/enable it stays 
> init on BOTH routers.
>
> I dropped to a shell .. and simply did a "ifconfig carp0 up" on both. CARP 
> comes up in the appropriate mode(master/backup) and virtual IPs work again as 
> expected. i.e. this fixes the issue. Disable/enable button breaks it again. 
> i.e. a working server as Master will go back to init after hitting 
> enable/disable.
>
> Hope this helps?
> Ivan.
>
>
>
> -Original Message-
> From: Holger Bauer [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 28, 2005 1:49 AM
> To: support@pfsense.com
> Subject: AW: [pfSense Support] 050.2 CARP won't go Master or Backup
>
> ok, I have experienced some strange problems bringing up CARP-Interfaces here 
> as well (quite reproducable but also a bit sporadic). Scott did several 
> changes and he finally came up with something that now is running on my 
> systems without any problems any more (my systems are also syncing via a 
> crossover-cable, no switch in between).
>
> Ivan, if you can please crosslink your systems again and do a "update_file.sh 
> /etc/inc/interfaces.inc" on both system before testing again.
>
> To have a switch between two machines is needed if you have more than 2 
> machines in the cluster but with only two machines it's an additional "point 
> of failure" if the switch dies or only has powerfailure. Syncing should work 
> with crosslink-cables too. So if you can give it a try and report back we 
> would appreciate it.
>
> Thank you in advance,
> Holger
>
> -Ursprüngliche Nachricht-
> Von: Bill Marquette [mailto:[EMAIL PROTECTED]
> Gesendet: Dienstag, 27. September 2005 20:20
> An: support@pfsense.com
> Betreff: Re: [pfSense Support] 050.2 CARP won't go Master or Backup
>
>
> On 9/27/05, Frimmel, Ivan (ISS South Africa) <[EMAIL PROTECTED]> wrote:
> > HI
> >
> > PPPoe is on WAN .. CARP is on LAN with carp sync on OPT1.
> >
> > OK so you guys are going to laugh at me. I do feel stupid. As a fault 
> > finding procedure and just to get connectivity back I halted router2, which 
> > is UTP crossed over connected to router 1 on OPT1. So OPT1 (carp sync) is 
> > down. (no link since you need both nic up to have link). CARP will NOT come 
> > up without link on OPT1. My suggestion in terms of best practice is to have 
> > a switch on OPT(sync) when using CARP. It has wasted a lot of my time and 
> > it IS my fault cause I was cheap just using cross over cable.

> > Tx all ..
>
> Hrm...I'll have to test this out at home :-/  At work everything is
> always plugged into a switch (the machines are miles apart), but at
> home I'm using a crossover cable for the dedicated sync network.  But
> I didn't think that CARP would stay down forever if the sync interface
> was down :-/
>
> --Bill
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> 
> Virus checked by G DATA AntiVirusKit
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]