Re: [pfSense Support] throughput, haproxy
On Tue, Nov 10, 2009 at 1:50 AM, Lenny five2one.le...@gmail.com wrote: At second thought, to get rid of the errors I told you about, I did 2 things: added this to /boot/loader.conf: hw.em.rxd=4096 hw.em.txd=4096 and added to /etc/sysctl.conf: dev.em.0.rx_processing_limit=1000 dev.em.1.rx_processing_limit=1000 plus, I changed net.inet.ip.intr_queue_maxlen=4096 and added kern.ipc.somaxconn=1024 These were the changes I did outside of the WebGUI. So should I still increase the dev.em.X.rx_processing_limit value? Yes, give that a try. My kernel that I have here increased em.txd and em.txr but I was unaware they where able to be set since they are hard coded in the driver? Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Port forward beyond local internal subnet.
Hi, I have a router behind pfsense with multiple internal subnets behind that. Will a pfsense port forward from the WAN to any of my internal subnets work ? Assuming pfsense can route to the internal subnets the port forward should work fine right ? thanks. Matt.
Re: [pfSense Support] Port forward beyond local internal subnet.
On Tue, Nov 10, 2009 at 8:04 PM, Matt mnaism...@gmail.com wrote: Hi, I have a router behind pfsense with multiple internal subnets behind that. Will a pfsense port forward from the WAN to any of my internal subnets work ? Assuming pfsense can route to the internal subnets the port forward should work fine right ? Yes. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Port forward beyond local internal subnet.
From: Matt [mailto:mnaism...@gmail.com] Sent: Tuesday, November 10, 2009 5:05 PM To: support@pfsense.com Subject: [pfSense Support] Port forward beyond local internal subnet. Hi, I have a router behind pfsense with multiple internal subnets behind that. Will a pfsense port forward from the WAN to any of my internal subnets work ? Assuming pfsense can route to the internal subnets the port forward should work fine right ? thanks. Matt. Most likely it will work but is not recommended. (Double NATing that is) And this is assuming the secondary router is routing the packets correctly. What is the purpose of pfSense in this case? Would using it in bridge mode work better for you? Or is there a reason you need the multiple Routers . How about removing the secondary Router and programming pfsense for all the subnets? -tim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Port forward beyond local internal subnet.
To be more specific, the other subnets are actually remote offices in an MPLS cloud. No other NAT anywhere. This works fine with a Cisco firewall and does seem to work with PFsense as well.. Just making sure its not something with known issues or frowned upon. Seems like its ok from Chris's firm YES ! thanks for the replies. Matt. On Wed, Nov 11, 2009 at 11:13 AM, Tim Dickson tdick...@calistogaranch.comwrote: From: Matt [mailto:mnaism...@gmail.com] Sent: Tuesday, November 10, 2009 5:05 PM To: support@pfsense.com Subject: [pfSense Support] Port forward beyond local internal subnet. Hi, I have a router behind pfsense with multiple internal subnets behind that. Will a pfsense port forward from the WAN to any of my internal subnets work ? Assuming pfsense can route to the internal subnets the port forward should work fine right ? thanks. Matt. Most likely it will work – but is not recommended. (Double NATing that is) And this is assuming the secondary router is routing the packets correctly. What is the purpose of pfSense in this case? Would using it in bridge mode work better for you? Or is there a reason you need the multiple Routers…. How about removing the secondary Router and programming pfsense for all the subnets? -tim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] throughput, haproxy
On Tue, Nov 10, 2009 at 1:50 AM, Lenny five2one.le...@gmail.com wrote: Lenny wrote: Scott Ullrich wrote: On Mon, Nov 9, 2009 at 3:45 PM, Scott Ullrich sullr...@gmail.com wrote: Contact me off list. I have a kernel I need you to test. In the meantime, please try increasing these sysctl's: pfSense:~# sysctl -a | grep rx_processing_limit dev.em.0.rx_processing_limit: 100 dev.em.1.rx_processing_limit: 100 dev.em.2.rx_processing_limit: 100 dev.em.3.rx_processing_limit: 100 Try increasing each to 256, then 512, 1024, 2048, etc. If these do not help contact me for a new kernel. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Hi Scott, Actually, I have them set on a 1000 for quite a while now. Before I did that I had errors on interfaces. Do you still want me to increase to 2048 and more? Thanks, Lenny. At second thought, to get rid of the errors I told you about, I did 2 things: added this to /boot/loader.conf: hw.em.rxd=4096 hw.em.txd=4096 and added to /etc/sysctl.conf: dev.em.0.rx_processing_limit=1000 dev.em.1.rx_processing_limit=1000 plus, I changed net.inet.ip.intr_queue_maxlen=4096 and added kern.ipc.somaxconn=1024 These were the changes I did outside of the WebGUI. So should I still increase the dev.em.X.rx_processing_limit value? Also let me know what this sysctl is showing: net.inet.ip.intr_queue_drops If it shows 0 then you might want to increase net.inet.ip.intr_queue_maxlen Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] throughput, haproxy
Scott Ullrich wrote: On Tue, Nov 10, 2009 at 1:50 AM, Lenny five2one.le...@gmail.com wrote: Lenny wrote: Scott Ullrich wrote: On Mon, Nov 9, 2009 at 3:45 PM, Scott Ullrich sullr...@gmail.com wrote: Contact me off list. I have a kernel I need you to test. In the meantime, please try increasing these sysctl's: pfSense:~# sysctl -a | grep rx_processing_limit dev.em.0.rx_processing_limit: 100 dev.em.1.rx_processing_limit: 100 dev.em.2.rx_processing_limit: 100 dev.em.3.rx_processing_limit: 100 Try increasing each to 256, then 512, 1024, 2048, etc. If these do not help contact me for a new kernel. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Hi Scott, Actually, I have them set on a 1000 for quite a while now. Before I did that I had errors on interfaces. Do you still want me to increase to 2048 and more? Thanks, Lenny. At second thought, to get rid of the errors I told you about, I did 2 things: added this to /boot/loader.conf: hw.em.rxd=4096 hw.em.txd=4096 and added to /etc/sysctl.conf: dev.em.0.rx_processing_limit=1000 dev.em.1.rx_processing_limit=1000 plus, I changed net.inet.ip.intr_queue_maxlen=4096 and added kern.ipc.somaxconn=1024 These were the changes I did outside of the WebGUI. So should I still increase the dev.em.X.rx_processing_limit value? Also let me know what this sysctl is showing: net.inet.ip.intr_queue_drops If it shows 0 then you might want to increase net.inet.ip.intr_queue_maxlen Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org it's 0. Lenny.
