Re: [pfSense Support] CARP Bug in 1.2.3
On Thu, Apr 9, 2009 at 7:00 PM, Dimitri Rodis wrote: > Good deal. I'll go to a later snapshot then. > > Are upgrades between snapshots on embedded working at the moment, or should > I just reflash? > Yeah you got hit with the xmlparse.inc issue that was in snapshots for a couple days. I know CARP is fine in 1.2.3 outside of those couple days, I've setup 3 CARP pairs on 1.2.3 in the past 2 weeks. Reflash, and either redo your config from scratch or manually remove anything that's out of whack. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Outbound traffic + 1.2.2 + My last clump of hair
I have many 1.2.2 PFSense gateways running. Somehow I have managed to mangle all but one of them today for certain types of outbound traffic. HTTP/DNS/POP/SMTP are all fine and lightning fast. SSH, Secure POP, Secure SMTP, some gaming, are all dead from the LAN out. I have advanced outbound nat enabled with the default outbound nat rule. I read this: http://doc.pfsense.org/index.php/Static_Port and it seems to fit the bill, but checking static port didnt help. Up until I rebooted these boxes, it was random, now these types of services are dead all the time. If it helps narrow it down, a few of these boxes have an OPT interface for a segmented network and coming through the OPT interfaces, everything is flawless outbound. I plopped up a brand new box with LAN/WAN/OPT and 1.2.2. Same thing. What am I missing? We ran 1.2.1 forever it seems with no issues and when I added a few new boxes, I decided to upgrade all of them to 1.2.2 to keep things standardized. Another complaint I had from a static hosted customer was that all of the traffic he is getting at his router from one of these PFSense boxes, shows the PFSense box LAN ip as the source ip of all traffic instead of the true public source ip. Thats even weirder but happens on only one of these gateways. I have 1 LAN rule to allow * LAN traffic out. No WAN rules. No port forwards. No 1:1 Nats. Ive tried switching back to automic outbound NAT. Nadda.I have 1 virtual LAN ip that is CARP for users gateway although I have not enabled the CARP service nor configured it yet. I have one small clump of hair left. Any help would be much appreciated. Tim
RE: [pfSense Support] CARP Bug in 1.2.3
Good deal. I'll go to a later snapshot then. Are upgrades between snapshots on embedded working at the moment, or should I just reflash? Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: Scott Ullrich [mailto:sullr...@gmail.com] Sent: Thursday, April 09, 2009 11:37 AM To: support@pfsense.com Subject: Re: [pfSense Support] CARP Bug in 1.2.3 On Thu, Apr 9, 2009 at 1:57 PM, Dimitri Rodis wrote: > The snapshot I'm using is dated April 1.. that's a couple of days after the > hackathon, I believe. Any idea when the xmlparse.inc from HEAD was removed? You where affected then. It was removed for causing various problems such as these. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] CARP Bug in 1.2.3
On Thu, Apr 9, 2009 at 1:57 PM, Dimitri Rodis wrote: > The snapshot I'm using is dated April 1.. that's a couple of days after the > hackathon, I believe. Any idea when the xmlparse.inc from HEAD was removed? You where affected then. It was removed for causing various problems such as these. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] CARP Bug in 1.2.3
The snapshot I'm using is dated April 1.. that's a couple of days after the hackathon, I believe. Any idea when the xmlparse.inc from HEAD was removed? Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: Scott Ullrich [mailto:sullr...@gmail.com] Sent: Thursday, April 09, 2009 10:17 AM To: support@pfsense.com Subject: Re: [pfSense Support] CARP Bug in 1.2.3 On Thu, Apr 9, 2009 at 12:37 PM, Dimitri Rodis wrote: > I think this is more obscure than you think-- this is on a snapshot build, > so how many people have 1) run a 1.2.3 snapshot, 2) _had_ a redundant CARP > config, and then 3) removed the redundant member and 4) added some Outbound > NAT rules and interface rules (which is what finally triggered the XMLRPC > sync, and thus the error)? > > My guess is that people with redundant configs are probably not testing > snapshot builds (or even production builds) in this manner. I don't know if > this happens on previous builds, and you are probably going to say that the > code hasn't changed, and that's very likely to be true if you say so--I'm > just saying I think the bug is present, but obscure. > > Obviously if it happens it's easy enough to fix by downloading the config, > deleting the duped sections and uploading the config again, but I would tend > to think there's a bug in there somewhere, because like I said, I didn't > dupe the section myself. My guess would be that you installed a snapshot that contained xmlparse.inc from HEAD. Right around the hackathon time this was included but has since been removed. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] CARP Bug in 1.2.3
On Thu, Apr 9, 2009 at 12:37 PM, Dimitri Rodis wrote: > I think this is more obscure than you think-- this is on a snapshot build, > so how many people have 1) run a 1.2.3 snapshot, 2) _had_ a redundant CARP > config, and then 3) removed the redundant member and 4) added some Outbound > NAT rules and interface rules (which is what finally triggered the XMLRPC > sync, and thus the error)? > > My guess is that people with redundant configs are probably not testing > snapshot builds (or even production builds) in this manner. I don't know if > this happens on previous builds, and you are probably going to say that the > code hasn't changed, and that's very likely to be true if you say so--I'm > just saying I think the bug is present, but obscure. > > Obviously if it happens it's easy enough to fix by downloading the config, > deleting the duped sections and uploading the config again, but I would tend > to think there's a bug in there somewhere, because like I said, I didn't > dupe the section myself. My guess would be that you installed a snapshot that contained xmlparse.inc from HEAD. Right around the hackathon time this was included but has since been removed. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] mptutil
Has anyone used this utility on their pfsense install? http://perforce.freebsd.org/depotTreeBrowser.cgi?FSPC=//depot/user/jhb/raid/usr.sbin/mptutil I installed compiled it under FreeBSD 7.1 and when I run it in my pfsense 1.2.2 install it is not working. # ./mptutil show drives mptutil: mpt_open: No such file or directory - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] CARP Bug in 1.2.3
I think this is more obscure than you think-- this is on a snapshot build, so how many people have 1) run a 1.2.3 snapshot, 2) _had_ a redundant CARP config, and then 3) removed the redundant member and 4) added some Outbound NAT rules and interface rules (which is what finally triggered the XMLRPC sync, and thus the error)? My guess is that people with redundant configs are probably not testing snapshot builds (or even production builds) in this manner. I don't know if this happens on previous builds, and you are probably going to say that the code hasn't changed, and that's very likely to be true if you say so--I'm just saying I think the bug is present, but obscure. Obviously if it happens it's easy enough to fix by downloading the config, deleting the duped sections and uploading the config again, but I would tend to think there's a bug in there somewhere, because like I said, I didn't dupe the section myself. Dimitri Rodis Integrita Systems LLC -Original Message- From: Scott Ullrich [mailto:sullr...@gmail.com] Sent: Thursday, April 09, 2009 8:15 AM To: support@pfsense.com Subject: Re: [pfSense Support] CARP Bug in 1.2.3 On Wed, Apr 8, 2009 at 11:31 PM, Dimitri Rodis wrote: > Currently running: > > 1.2.3-RC1 > built on Wed Apr 1 16:59:10 EDT 2009 > > > > Changed the CARP config-- had a redundant member that I removed, so I shut > pfsync off. However, I kept getting messages along the top that XMLRPC sync > was failing. I checked, and it was disabled--so, I unchecked absolutely > everything and saved and rebooted, but the errors persisted. > > > > I think I found the problem. I downloaded my config file and had a look. > Check out the following section: > > > > > > > > > > > > opt3 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > on > > opt3 > > > > on > > on > > on > > on > > on > > on > > > on > > on > > on > > > on > > > > 172.19.0.2 > > xx > > > > > > on > > opt3 > > > > on > > on > > on > > on > > on > > on > > > on > > on > > on > > > on > > > on > > 172.19.0.3 > > x > > > > > > > > > > > > Shouldn't only be in there once? Looks like it added > another section it each time I tried to change/save it, > and it's only using the last one. > > > > Bug or user error? > > > > Dimitri Rodis > > Integrita Systems LLC > > http://www.integritasystems.com > > Doubt its a bug or we would be seeing a lot more of this. Scott smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] CARP Bug in 1.2.3
On Wed, Apr 8, 2009 at 11:31 PM, Dimitri Rodis wrote: > Currently running: > > 1.2.3-RC1 > built on Wed Apr 1 16:59:10 EDT 2009 > > > > Changed the CARP config-- had a redundant member that I removed, so I shut > pfsync off. However, I kept getting messages along the top that XMLRPC sync > was failing. I checked, and it was disabled--so, I unchecked absolutely > everything and saved and rebooted, but the errors persisted. > > > > I think I found the problem. I downloaded my config file and had a look. > Check out the following section: > > > > > > > > > > > > opt3 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > on > > opt3 > > > > on > > on > > on > > on > > on > > on > > > on > > on > > on > > > on > > > > 172.19.0.2 > > xx > > > > > > on > > opt3 > > > > on > > on > > on > > on > > on > > on > > > on > > on > > on > > > on > > > on > > 172.19.0.3 > > x > > > > > > > > > > > > Shouldn't only be in there once? Looks like it added > another section it each time I tried to change/save it, > and it's only using the last one. > > > > Bug or user error? > > > > Dimitri Rodis > > Integrita Systems LLC > > http://www.integritasystems.com > > Doubt its a bug or we would be seeing a lot more of this. Scott
Re: [pfSense Support] Moving Target - How do people track down bandwidth usage...?
Jaime Díaz wrote: On Thu, Apr 9, 2009 at 9:56 AM, Chuck Mariotti wrote: Are either of these safe to run on embedded (Alix)? I did a custom install so that I can install Packages, so that I could run snort, but I can't seem to keep snort running, keeps shutting down by itself. So wonder if I'll run into any issues with these... -Original Message- From: Jaime Díaz [mailto:jnd...@gmail.com] Sent: Thursday, April 09, 2009 8:50 AM To: support@pfsense.com Subject: Re: [pfSense Support] Moving Target - How do people track down bandwidth usage...? On Thu, Apr 9, 2009 at 9:39 AM, Chuck Mariotti wrote: Yesterday we had a huge hit on our bandwidth for a period of time... How are people tracking down bandwidth usage to specific machines, etc...? By the time I captured some packets and pulled up wireshark, the hit was gone. It showed up later in the day, but again, too fast to track down. Is there an easy way to track down specifically what machines are using up bandwidth? Regards, Chuck - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org You could use bandwidthd or ntop to track down those users. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, I didn't knew you were running on an embedded platform. I wouldn't run it on such hardware. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Judicious use of pftop should show you exactly which IP address(es) are consuming your bandwidth at the time so you can take appropriate action. Spend some time learning the different screens of pftop and no further packages will be required. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Moving Target - How do people track down bandwidth usage...?
I monitor ports on a managed switch with SNMP using Cacti or similar. Obviously not for everyone but at least I can determine who the problem child is. I have used NTOP in the past but my NTOP skills are lacking. Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Thu, Apr 9, 2009 at 9:05 AM, Jaime Díaz wrote: > On Thu, Apr 9, 2009 at 9:56 AM, Chuck Mariotti wrote: >> Are either of these safe to run on embedded (Alix)? I did a custom install >> so that I can install Packages, so that I could run snort, but I can't seem >> to keep snort running, keeps shutting down by itself. So wonder if I'll run >> into any issues with these... >> >> -Original Message- >> From: Jaime Díaz [mailto:jnd...@gmail.com] >> Sent: Thursday, April 09, 2009 8:50 AM >> To: support@pfsense.com >> Subject: Re: [pfSense Support] Moving Target - How do people track down >> bandwidth usage...? >> >> On Thu, Apr 9, 2009 at 9:39 AM, Chuck Mariotti wrote: >>> Yesterday we had a huge hit on our bandwidth for a period of time... How >>> are people tracking down bandwidth usage to specific machines, etc...? >>> >>> By the time I captured some packets and pulled up wireshark, the hit was >>> gone. It showed up later in the day, but again, too fast to track down. >>> >>> Is there an easy way to track down specifically what machines are using up >>> bandwidth? >>> >>> Regards, >>> >>> Chuck >>> >>> - >>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>> For additional commands, e-mail: support-h...@pfsense.com >>> >>> Commercial support available - https://portal.pfsense.org >>> >>> >> >> You could use bandwidthd or ntop to track down those users. >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> > > Sorry, I didn't knew you were running on an embedded platform. > > I wouldn't run it on such hardware. > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Moving Target - How do people track down bandwidth usage...?
On Thu, Apr 9, 2009 at 9:56 AM, Chuck Mariotti wrote: > Are either of these safe to run on embedded (Alix)? I did a custom install so > that I can install Packages, so that I could run snort, but I can't seem to > keep snort running, keeps shutting down by itself. So wonder if I'll run into > any issues with these... > > -Original Message- > From: Jaime Díaz [mailto:jnd...@gmail.com] > Sent: Thursday, April 09, 2009 8:50 AM > To: support@pfsense.com > Subject: Re: [pfSense Support] Moving Target - How do people track down > bandwidth usage...? > > On Thu, Apr 9, 2009 at 9:39 AM, Chuck Mariotti wrote: >> Yesterday we had a huge hit on our bandwidth for a period of time... How are >> people tracking down bandwidth usage to specific machines, etc...? >> >> By the time I captured some packets and pulled up wireshark, the hit was >> gone. It showed up later in the day, but again, too fast to track down. >> >> Is there an easy way to track down specifically what machines are using up >> bandwidth? >> >> Regards, >> >> Chuck >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> > > You could use bandwidthd or ntop to track down those users. > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > Sorry, I didn't knew you were running on an embedded platform. I wouldn't run it on such hardware. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Moving Target - How do people track down bandwidth usage...?
Chuck Mariotti wrote: > Are either of these safe to run on embedded (Alix)? I did a custom install so > that I can install Packages, so that I could run snort, but I can't seem to > keep snort running, keeps shutting down by itself. So wonder if I'll run into > any issues with these... darkstat seems to be lighter on resource usage. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Moving Target - How do people track down bandwidth usage...?
Are either of these safe to run on embedded (Alix)? I did a custom install so that I can install Packages, so that I could run snort, but I can't seem to keep snort running, keeps shutting down by itself. So wonder if I'll run into any issues with these... -Original Message- From: Jaime Díaz [mailto:jnd...@gmail.com] Sent: Thursday, April 09, 2009 8:50 AM To: support@pfsense.com Subject: Re: [pfSense Support] Moving Target - How do people track down bandwidth usage...? On Thu, Apr 9, 2009 at 9:39 AM, Chuck Mariotti wrote: > Yesterday we had a huge hit on our bandwidth for a period of time... How are > people tracking down bandwidth usage to specific machines, etc...? > > By the time I captured some packets and pulled up wireshark, the hit was > gone. It showed up later in the day, but again, too fast to track down. > > Is there an easy way to track down specifically what machines are using up > bandwidth? > > Regards, > > Chuck > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > You could use bandwidthd or ntop to track down those users. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Moving Target - How do people track down bandwidth usage...?
On Thu, Apr 9, 2009 at 9:39 AM, Chuck Mariotti wrote: > Yesterday we had a huge hit on our bandwidth for a period of time... How are > people tracking down bandwidth usage to specific machines, etc...? > > By the time I captured some packets and pulled up wireshark, the hit was > gone. It showed up later in the day, but again, too fast to track down. > > Is there an easy way to track down specifically what machines are using up > bandwidth? > > Regards, > > Chuck > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > You could use bandwidthd or ntop to track down those users. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Moving Target - How do people track down bandwidth usage...?
Yesterday we had a huge hit on our bandwidth for a period of time... How are people tracking down bandwidth usage to specific machines, etc...? By the time I captured some packets and pulled up wireshark, the hit was gone. It showed up later in the day, but again, too fast to track down. Is there an easy way to track down specifically what machines are using up bandwidth? Regards, Chuck - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org