AW: [pfSense Support] Attention Firebox X Series Users - Testing Needed
As far as i know the fireboxes support single-sided dimms with 512 mb... 1gb is recognized as 512mb only :-( Regards, martin -Ursprüngliche Nachricht- Von: Tim Nelson [mailto:tnel...@fudnet.net] Gesendet: Freitag, 24. April 2009 04:43 An: support@pfsense.com Betreff: Re: [pfSense Support] Attention Firebox X Series Users - Testing Needed Well, I threw the latest 1.2.3-RC1 on a CF card and booted up my X500. I've been passing all sorts of traffic through it (WAN and OPT1 bridge) with no pauses in traffic or watchdog timeouts. My traffic has been anything from netperf tests TCP and UDP, raw FTP traffic, random web browsing, and some very heavy bittorrent traffic (Latest Ubuntu released today :-) ). In fact, I've run some of those tests concurrently. Thus far, after saturating the 100mbit link through the bridge for nearly 4 hours, I've yet to see a problem. I can post any additional information you need, just let me know. This X500 is 100% stock with the exception of the CF card. The 64MB CF was a bit small so it was replaced with a Sandisk 256MB I had lying around. Out of curiosity, what is the largest DIMM these units will accept? They come with 256MB which seems a bit light. I'd like to throw a 1GB stick in if possible. --Tim Dimitri Rodis wrote: > Attention Firebox X500/700/1000 Users using pfSense: > > > > Watchdog timeouts getting' you down? Thinkin' about throwin' that old > Firebox in to the fireplace? Don't do that just yet! J > > > > Thanks to the pfSense devs, along with Pyun YongHyeon, the maintainer > for the FreeBSD Realtek network driver, it appears that we may have > solved the issue with the watchdog timeouts on the Realtek 8139C+ chips > that are used in these units. For the past couple of days, I have worked > with Pyun, and yesterday Pyun sent me a patch, and that patch was > committed to the 1.2.3 snapshot builds, as well as to the 2.0 alpha > snapshot builds by the pfSense devs, and is part of any snapshot build > as of yesterday (4/17) at 2pm Eastern time, or later. > > > > Snapshot builds can be downloaded from > > http://snapshots.pfsense.org/FreeBSD7/RELENG_1_2/ > > or > > http://snapshots.pfsense.org/FreeBSD7/HEAD/ > > > > I have been testing a build with this patch since yesterday, and have > yet to see a single watchdog timeout on my interfaces-and no > modifications to loader.conf have been made. This is a default > install-no special options have been set anywhere. > > > > If at all possible, please try to install a recent snapshot build on > your firebox units (those of you that have them) and test this patch. > If you do still receive watchdog timeouts, please let me know either on > this list, or off-list. Either way, please try to detail what you were > doing when the watchdog timeout occurred so that we can try to reproduce > it, and Pyun can fix it. > > > > Thanks to all that have helped, and thanks to those that are willing to > test! > > > > Dimitri Rodis > > Integrita Systems LLC > > http://www.integritasystems.com > > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Attention Firebox X Series Users - Testing Needed
Unfortunately, they aren't completely gone. I've been able to consistently get watchdog timeouts on 1.2.3 since Monday (including the official RC1 released yesterday) by simply browsing the web interface on the LAN side (I usually use re2) using Internet Explorer 7 (All I ever do is just click between options in the GUI, and I get them after 10-15 clicks). The patch that was put in definitely helped, though (a lot). I'm still working with Pyun (the maintainer of the FreeBSD Realtek driver) on a solution. I do have yet to reproduce watchdog timeouts on 2.0, however, although one person has reported that 2.0 gives him timeouts (see http://forum.pfsense.org/index.php?topic=15669). I don't yet have an explanation as to why I get timeouts in 1.2.3 and not in 2.0, but I'm working on figuring out why. Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: Tim Nelson [mailto:tnel...@fudnet.net] Sent: Thursday, April 23, 2009 7:43 PM To: support@pfsense.com Subject: Re: [pfSense Support] Attention Firebox X Series Users - Testing Needed Well, I threw the latest 1.2.3-RC1 on a CF card and booted up my X500. I've been passing all sorts of traffic through it (WAN and OPT1 bridge) with no pauses in traffic or watchdog timeouts. My traffic has been anything from netperf tests TCP and UDP, raw FTP traffic, random web browsing, and some very heavy bittorrent traffic (Latest Ubuntu released today :-) ). In fact, I've run some of those tests concurrently. Thus far, after saturating the 100mbit link through the bridge for nearly 4 hours, I've yet to see a problem. I can post any additional information you need, just let me know. This X500 is 100% stock with the exception of the CF card. The 64MB CF was a bit small so it was replaced with a Sandisk 256MB I had lying around. Out of curiosity, what is the largest DIMM these units will accept? They come with 256MB which seems a bit light. I'd like to throw a 1GB stick in if possible. --Tim Dimitri Rodis wrote: > Attention Firebox X500/700/1000 Users using pfSense: > > > > Watchdog timeouts getting' you down? Thinkin' about throwin' that old > Firebox in to the fireplace? Don't do that just yet! J > > > > Thanks to the pfSense devs, along with Pyun YongHyeon, the maintainer > for the FreeBSD Realtek network driver, it appears that we may have > solved the issue with the watchdog timeouts on the Realtek 8139C+ chips > that are used in these units. For the past couple of days, I have worked > with Pyun, and yesterday Pyun sent me a patch, and that patch was > committed to the 1.2.3 snapshot builds, as well as to the 2.0 alpha > snapshot builds by the pfSense devs, and is part of any snapshot build > as of yesterday (4/17) at 2pm Eastern time, or later. > > > > Snapshot builds can be downloaded from > > http://snapshots.pfsense.org/FreeBSD7/RELENG_1_2/ > > or > > http://snapshots.pfsense.org/FreeBSD7/HEAD/ > > > > I have been testing a build with this patch since yesterday, and have > yet to see a single watchdog timeout on my interfaces-and no > modifications to loader.conf have been made. This is a default > install-no special options have been set anywhere. > > > > If at all possible, please try to install a recent snapshot build on > your firebox units (those of you that have them) and test this patch. > If you do still receive watchdog timeouts, please let me know either on > this list, or off-list. Either way, please try to detail what you were > doing when the watchdog timeout occurred so that we can try to reproduce > it, and Pyun can fix it. > > > > Thanks to all that have helped, and thanks to those that are willing to > test! > > > > Dimitri Rodis > > Integrita Systems LLC > > http://www.integritasystems.com > > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] Attention Firebox X Series Users - Testing Needed
Well, I threw the latest 1.2.3-RC1 on a CF card and booted up my X500. I've been passing all sorts of traffic through it (WAN and OPT1 bridge) with no pauses in traffic or watchdog timeouts. My traffic has been anything from netperf tests TCP and UDP, raw FTP traffic, random web browsing, and some very heavy bittorrent traffic (Latest Ubuntu released today :-) ). In fact, I've run some of those tests concurrently. Thus far, after saturating the 100mbit link through the bridge for nearly 4 hours, I've yet to see a problem. I can post any additional information you need, just let me know. This X500 is 100% stock with the exception of the CF card. The 64MB CF was a bit small so it was replaced with a Sandisk 256MB I had lying around. Out of curiosity, what is the largest DIMM these units will accept? They come with 256MB which seems a bit light. I'd like to throw a 1GB stick in if possible. --Tim Dimitri Rodis wrote: Attention Firebox X500/700/1000 Users using pfSense: Watchdog timeouts getting’ you down? Thinkin’ about throwin’ that old Firebox in to the fireplace? Don’t do that just yet! J Thanks to the pfSense devs, along with Pyun YongHyeon, the maintainer for the FreeBSD Realtek network driver, it appears that we may have solved the issue with the watchdog timeouts on the Realtek 8139C+ chips that are used in these units. For the past couple of days, I have worked with Pyun, and yesterday Pyun sent me a patch, and that patch was committed to the 1.2.3 snapshot builds, as well as to the 2.0 alpha snapshot builds by the pfSense devs, and is part of any snapshot build as of yesterday (4/17) at 2pm Eastern time, or later. Snapshot builds can be downloaded from http://snapshots.pfsense.org/FreeBSD7/RELENG_1_2/ or http://snapshots.pfsense.org/FreeBSD7/HEAD/ I have been testing a build with this patch since yesterday, and have yet to see a single watchdog timeout on my interfaces—and no modifications to loader.conf have been made. This is a default install—no special options have been set anywhere. If at all possible, please try to install a recent snapshot build on your firebox units (those of you that have them) and test this patch. If you do still receive watchdog timeouts, please let me know either on this list, or off-list. Either way, please try to detail what you were doing when the watchdog timeout occurred so that we can try to reproduce it, and Pyun can fix it. Thanks to all that have helped, and thanks to those that are willing to test! Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pfSense on PICO / ITX with SSD
In some of our locations we will need to abandon embedded pfSense in favor of a "full" system so we will have package support. Does anyone have experience running 'full' pfSense on fanless PICO / ITX type form factors with an SSD (no moving parts)? Our highest priority is availability, second is power consumptioin. Hardware cost nearly irrelavent. Would the answer to the previous question change if the installation were running the SNORT package on a 6mb (symmetrical) internet connection. I understand SNORT to be very resource intensive, although it seems that something like a dual core 1.6 atom should be able to handle ANYTING that could flow over a 6 x 6 mb fiber.If the snort package poses a risk of "death-by-writes" am I correct in my understanding that SNORT can be configured to write to a network resource, which if OFFLINE by disaster, would not cause the perimiter firewall function to cease? Does anyone have any specific hardware recommendations that meet these design priorities? This dual core ATOM-based board has a FANLESS version expected to debut in a month or so. http://www.logicsupply.com/products/nc92_330_lf Fanless boards with DOM's or SSD's draw a mere 20 watts and have no moving parts! It seems like the best of both worlds, but I need a sanity check. Are these boards/chipsets too new to actually be supported in BSD 7.x? Am I failing to consider other design priorities? Any help would be greatly appreciated. I'm happy to share my experience with the list because I can't imagine that I am alone in my design prioirites. Thank you! -Karl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] bridging 2 networks with pfsense+openvpn
What you could also do is subnet the 192.168.1.0/24 network in two, using 192.168.1.0/25 and 192.168.1.128/25. That will give you 126 IP addresses for each site, with only changing your subnet mask. Chris Buechler told you that you can bridge OpenVPN, but you'll have broadcast traversing the VPN. Also, using different subnets will help you to pinpoint where a particular IP is located. On Wed, Apr 22, 2009 at 7:22 PM, Brian Josefsen wrote: > Hi > > I have 2 pfsense boxes, one embedded on each side of the atlantic > ocean. They connect fine, but i can't contact any of the other side, > both side have the pfsense as a primary gw. > > network 192.168.1.0/24 > Box local is 192.168.1.241 > Box remote is 192.168.1.242 > > I can only reach the other box with a ssh login to one of the boxes > and use ssh to the other box's ipaddress on the tun adapter. > > Do I need fw rules, or am I missing some commands? > > -- > Med venlig hilsen / Best regards > Brian Josefsen > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] adding options to DHCP
I would like to add option 66 (TFTP) to my DHCP leases on the LAN side, is there an easy way to do that? Thanks Sam Hammand
Re: [pfSense Support] 1.2.3-RC1 released!
Thank you team. I will test update tomorow from 1.2 to 1.2.3. I hope the issues with some drivers form FreeBSD 7.0 are fixed in 7.1 Great work. On Thu, Apr 23, 2009 at 12:09 PM, Mikel Jimenez wrote: > Pfsense team is fantastic!! > > > > Paul Mansfield wrote: > >> Chris Buechler wrote: >> >> >>> Info here: http://blog.pfsense.org/?p=428 >>> >>> >> >> Great news and a testimony to all the hard work you guys have put in. >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> >> > > > -- > Mikel Jimenez Fernandez > Irontec, Internet y Sistemas sobre GNU/LinuX - http://www.irontec.com > +34 94.404.81.82 > > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- честността не е порок
Re: [pfSense Support] 1.2.3-RC1 released!
Pfsense team is fantastic!! Paul Mansfield wrote: Chris Buechler wrote: Info here: http://blog.pfsense.org/?p=428 Great news and a testimony to all the hard work you guys have put in. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Mikel Jimenez Fernandez Irontec, Internet y Sistemas sobre GNU/LinuX - http://www.irontec.com +34 94.404.81.82 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1.2.3-RC1 released!
Chris Buechler wrote: > Info here: http://blog.pfsense.org/?p=428 Great news and a testimony to all the hard work you guys have put in. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
