RE: [pfSense Support] CPU Mib
Cool. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 4:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] CPU Mib Thast what I am planningon doing if it works (ship currents bsnmpd) On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > Just so we're clear, it need to stay in the pfSense builds unless you > start using bsnmp head. :) > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 17, 2006 3:46 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] CPU Mib > > Doh. Let me mark that out. > > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > > Oh btw my community patch is in head so it shouldn't be needed. > > > > -Original Message- > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, January 17, 2006 3:42 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] CPU Mib > > > > Sure. I'm testing building bsnmpd from -current now. > > > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> > wrote: > > > My thoughts are no unless we control when we do checkouts, meaning > we > > > keep a private bsnmp tree and somehow add it to the fbsd tree when > we > > > kick off a buildworld. My feeling is the vendor tree is sort of like > > > tracking current, where it could be broken at any point in time. > > > > > > What do you think? > > > > > > -Original Message- > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, January 17, 2006 2:11 PM > > > To: support@pfsense.com > > > Subject: Re: [pfSense Support] CPU Mib > > > > > > Should we be using this "vendor" tree of theirs instead? > > > > > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> > > wrote: > > > > Yea, I need to follow up on that. I think Harti addressed the > > > buildworld > > > > issues, but I'm not sure. I recall there were some fixes added > when > > he > > > > imported it to his bsnmp vendor tree. > > > > > > > > -Original Message- > > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > > Sent: Tuesday, January 17, 2006 1:59 PM > > > > To: support@pfsense.com > > > > Subject: Re: [pfSense Support] CPU Mib > > > > > > > > In addition the SoC patches was crashing our build so we backed > them > > > > out. > > > > > > > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> > > > wrote: > > > > > > > > > > > > > > > > > > > > This has been added to the next version of bsnmp from what I > > > > understand (see > > > > > Sumer of Code patches for bsnmp) but the new version of bsnmpd > > > hasn't > > > > been > > > > > released yet. I also don't have a ETA. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: John Cianfarani [mailto:[EMAIL PROTECTED] > > > > > Sent: Monday, January 16, 2006 7:01 PM > > > > > To: support@pfsense.com > > > > > Subject: [pfSense Support] CPU Mib > > > > > > > > > > > > > > > > > > > > Is there a mib for polling CPU on pfsense, I went through the > > entire > > > > walk > > > > > and tried some of the standard ones but couldn't find it. > > > > > > > > > > > > > > > > > > > > John > > > > > > > > > > - > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > - > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > &g
RE: [pfSense Support] CPU Mib
Just so we're clear, it need to stay in the pfSense builds unless you start using bsnmp head. :) -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 3:46 PM To: support@pfsense.com Subject: Re: [pfSense Support] CPU Mib Doh. Let me mark that out. On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > Oh btw my community patch is in head so it shouldn't be needed. > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 17, 2006 3:42 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] CPU Mib > > Sure. I'm testing building bsnmpd from -current now. > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > > My thoughts are no unless we control when we do checkouts, meaning we > > keep a private bsnmp tree and somehow add it to the fbsd tree when we > > kick off a buildworld. My feeling is the vendor tree is sort of like > > tracking current, where it could be broken at any point in time. > > > > What do you think? > > > > -Original Message- > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, January 17, 2006 2:11 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] CPU Mib > > > > Should we be using this "vendor" tree of theirs instead? > > > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> > wrote: > > > Yea, I need to follow up on that. I think Harti addressed the > > buildworld > > > issues, but I'm not sure. I recall there were some fixes added when > he > > > imported it to his bsnmp vendor tree. > > > > > > -Original Message- > > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > > Sent: Tuesday, January 17, 2006 1:59 PM > > > To: support@pfsense.com > > > Subject: Re: [pfSense Support] CPU Mib > > > > > > In addition the SoC patches was crashing our build so we backed them > > > out. > > > > > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> > > wrote: > > > > > > > > > > > > > > > > This has been added to the next version of bsnmp from what I > > > understand (see > > > > Sumer of Code patches for bsnmp) but the new version of bsnmpd > > hasn't > > > been > > > > released yet. I also don't have a ETA. > > > > > > > > > > > > > > > > > > > > > > > > > > > > From: John Cianfarani [mailto:[EMAIL PROTECTED] > > > > Sent: Monday, January 16, 2006 7:01 PM > > > > To: support@pfsense.com > > > > Subject: [pfSense Support] CPU Mib > > > > > > > > > > > > > > > > Is there a mib for polling CPU on pfsense, I went through the > entire > > > walk > > > > and tried some of the standard ones but couldn't find it. > > > > > > > > > > > > > > > > John > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CPU Mib
Oh btw my community patch is in head so it shouldn't be needed. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 3:42 PM To: support@pfsense.com Subject: Re: [pfSense Support] CPU Mib Sure. I'm testing building bsnmpd from -current now. On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > My thoughts are no unless we control when we do checkouts, meaning we > keep a private bsnmp tree and somehow add it to the fbsd tree when we > kick off a buildworld. My feeling is the vendor tree is sort of like > tracking current, where it could be broken at any point in time. > > What do you think? > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 17, 2006 2:11 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] CPU Mib > > Should we be using this "vendor" tree of theirs instead? > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > > Yea, I need to follow up on that. I think Harti addressed the > buildworld > > issues, but I'm not sure. I recall there were some fixes added when he > > imported it to his bsnmp vendor tree. > > > > -Original Message- > > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, January 17, 2006 1:59 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] CPU Mib > > > > In addition the SoC patches was crashing our build so we backed them > > out. > > > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> > wrote: > > > > > > > > > > > > This has been added to the next version of bsnmp from what I > > understand (see > > > Sumer of Code patches for bsnmp) but the new version of bsnmpd > hasn't > > been > > > released yet. I also don't have a ETA. > > > > > > > > > > > > > > > > > > > > > From: John Cianfarani [mailto:[EMAIL PROTECTED] > > > Sent: Monday, January 16, 2006 7:01 PM > > > To: support@pfsense.com > > > Subject: [pfSense Support] CPU Mib > > > > > > > > > > > > Is there a mib for polling CPU on pfsense, I went through the entire > > walk > > > and tried some of the standard ones but couldn't find it. > > > > > > > > > > > > John > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CPU Mib
My thoughts are no unless we control when we do checkouts, meaning we keep a private bsnmp tree and somehow add it to the fbsd tree when we kick off a buildworld. My feeling is the vendor tree is sort of like tracking current, where it could be broken at any point in time. What do you think? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 2:11 PM To: support@pfsense.com Subject: Re: [pfSense Support] CPU Mib Should we be using this "vendor" tree of theirs instead? On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > Yea, I need to follow up on that. I think Harti addressed the buildworld > issues, but I'm not sure. I recall there were some fixes added when he > imported it to his bsnmp vendor tree. > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Tuesday, January 17, 2006 1:59 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] CPU Mib > > In addition the SoC patches was crashing our build so we backed them > out. > > On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > > > > > > > > This has been added to the next version of bsnmp from what I > understand (see > > Sumer of Code patches for bsnmp) but the new version of bsnmpd hasn't > been > > released yet. I also don't have a ETA. > > > > > > > > > > > > > > From: John Cianfarani [mailto:[EMAIL PROTECTED] > > Sent: Monday, January 16, 2006 7:01 PM > > To: support@pfsense.com > > Subject: [pfSense Support] CPU Mib > > > > > > > > Is there a mib for polling CPU on pfsense, I went through the entire > walk > > and tried some of the standard ones but couldn't find it. > > > > > > > > John > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CPU Mib
Yea, I need to follow up on that. I think Harti addressed the buildworld issues, but I'm not sure. I recall there were some fixes added when he imported it to his bsnmp vendor tree. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 17, 2006 1:59 PM To: support@pfsense.com Subject: Re: [pfSense Support] CPU Mib In addition the SoC patches was crashing our build so we backed them out. On 1/17/06, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > > > > This has been added to the next version of bsnmp from what I understand (see > Sumer of Code patches for bsnmp) but the new version of bsnmpd hasn't been > released yet. I also don't have a ETA. > > > > > > > From: John Cianfarani [mailto:[EMAIL PROTECTED] > Sent: Monday, January 16, 2006 7:01 PM > To: support@pfsense.com > Subject: [pfSense Support] CPU Mib > > > > Is there a mib for polling CPU on pfsense, I went through the entire walk > and tried some of the standard ones but couldn't find it. > > > > John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CPU Mib
This has been added to the next version of bsnmp from what I understand (see Sumer of Code patches for bsnmp) but the new version of bsnmpd hasn’t been released yet. I also don’t have a ETA. From: John Cianfarani [mailto:[EMAIL PROTECTED] Sent: Monday, January 16, 2006 7:01 PM To: support@pfsense.com Subject: [pfSense Support] CPU Mib Is there a mib for polling CPU on pfsense, I went through the entire walk and tried some of the standard ones but couldn’t find it. John
RE: AW: AW: [pfSense Support] beeps gone?
http://cvstrac.pfsense.com/tktview?tn=757 I've lost my test box, so I can't verify this just yet. Sorry for the delay. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 04, 2006 2:06 PM To: support@pfsense.com Subject: Re: AW: AW: [pfSense Support] beeps gone? http://wiki.pfsense.com/wikka.php?wakka=GeekGod http://cvstrac.pfsense.com/rptview?rn=6 http://cvstrac.pfsense.com/rptview?rn=19 On 1/4/06, Gary Buckmaster <[EMAIL PROTECTED]> wrote: > Ok all joking aside, what are some of the things on your list that you'd > like to see done Scott? There might be someone on the list who has the > ability to contribute and just doesn't realize that it needs doing. > > Besides, Mozart's 5th would probably be awfully hard to do. . . Beethoven's > 5th, on the other hand. . . > > -Original Message- > From: Scott Ullrich [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 04, 2006 1:47 PM > To: support@pfsense.com > Subject: Re: AW: AW: [pfSense Support] beeps gone? > > > This is fine and all, but I just cant fathom why something as silly as > beeps is getting so much attention. > > I can think of 100 things on my list that I would love for someone to > fix before reinvetning mozarts 5th symphony on every bootup... > > Scott > > On 1/4/06, Tim Dickson <[EMAIL PROTECTED]> wrote: > > Well for those who are unfamiliar with freebsd or programming in > > general... it may be a nice way to "contribute" to the cause :) > > Everyone has their talents you know... > > > > There are many, myself included, that use this fine product because it > > is a great firewall, and very useful for our company! I'm on this list > > to learn from everyone and through that perhaps someday contribute to > > the cause. > > > > -Tim > > > > On 1/4/06, Scott Ullrich [mailto:[EMAIL PROTECTED] wrote: > > > > If people are going to contribute time to pfSense, is making music > > really what we want? > > > > Seriously... > > > > On 1/4/06, Jonathan Woodard <[EMAIL PROTECTED]> wrote: > > > Someone needs to write that so we can have the option. We could even > > > have a section where people upload and download startup/shutdown > > "tones" > > > for their machine. I realize that's kinda deviating from the true > > > purpose of the project but hey we have themes, why not beeps 8-) > > > > > > Bill Marquette wrote: > > > > Back in my BBS days I had GnR Sweet Child of Mine as the sysop page > > > > themeanyone care to figure that one out? Oh god, I can see it > > > > now, we're going to have to have a 'beep' theme! Anyone writes > > > > alternate beeps and I'll add the option (but ONLY after I get Sweet > > > > child of mine) ;-P > > > > > > > > --Bill > > > > > > > > On 1/4/06, Gary Buckmaster <[EMAIL PROTECTED]> wrote: > > > > > > > >> I'd be perfectly content with the theme from Army of Darkness, or > > maybe > > > >> Knight Rider. . . > > > >> > > > >> -Original Message- > > > >> From: Jonathan Woodard [mailto:[EMAIL PROTECTED] > > > >> Sent: Wednesday, January 04, 2006 2:19 AM > > > >> To: support@pfsense.com > > > >> Subject: Re: AW: AW: [pfSense Support] beeps gone? > > > >> > > > >> > > > >> It was just a thought, lol... I know I for one would feel much more > > > >> secure with it as my startup beep. What's good enough for Lord > > Vader is > > > >> good enough for me. :-D > > > >> > > > >>> > > - > > > >>> To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >>> For additional commands, e-mail: [EMAIL PROTECTED] > > > >>> > > > >>> > > > >>> > > > >> > > - > > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > >> > > > >> > > > >> > > > >> > > - > > > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > > > >> For additional commands, e-mail: [EMAIL PROTECTED] > > > >> > > > >> > > > >> > > > > > > > > > > - > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL
RE: [pfSense Support] Slow IO operations
Are you sure its running in DMA mode? From: Szasz Revai Endre [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 27, 2005 9:35 AM To: support@pfsense.com Subject: [pfSense Support] Slow IO operations Hello I have an old 233mhz computer w/ 32 ram, udma33 hdd, that's what i'm running pfsense on. I know this question doesn't relate to pfsense, but i'll ask it. When doing any bigger io operation, the computer tends to slow down, and execute everything at an astonishingly slow rate. For example and update takes more than 40 minutes, because of chflags and find. Gstat says that the usage is 100% on that partition and the data rate is around 900 kbps. Is this mainly because of the slow processor; because i've tried another hdd with it too ? Thank you, Endre
RE: [pfSense Support] snmp and public community string
Sorry I didn't responded to you about this. It turns out the strings are hardcoded in bsnmpd. I've submitted a patch for this. -Original Message- From: alan walters [mailto:[EMAIL PROTECTED] Sent: Friday, December 23, 2005 7:03 AM To: support@pfsense.com Subject: [pfSense Support] snmp and public community string I sent a post a short while ago about this can someone please update me if I missed something. It seems that even when u put a personalalised community string in snmp still responds on the public string. I this the way it is meant to act. Alan Walters Aillweecave Company Limited Ballyvaughan Co Clare Ph (00353) 65 7077 036 Fax (00353) 65 7077 107 Lo Call 1890 AILLWEE - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Anonymous access to pfSense repository
What do you think about using the compress option? I haven't tested it before but I'm guessing you'll save some BW. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 20, 2005 4:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] Anonymous access to pfSense repository Edit /home/pfsense/tools/builder_scripts/pfSense-supfile and add this: *default host=cvs.pfsense.com *default base=/home/pfsense/cvsroot *default release=cvs *default delete use-rel-suffix pfSense Then issue update_file.sh /home/pfsense/tools/builder_scripts/builder_common.sh You should now be on the new cvsup updating system. I plan on opening up the firewall in a few short minutes. On 12/20/05, Angelo Turetta <[EMAIL PROTECTED]> wrote: > Is it possible to open the pfSense repository to public r/o access? > > Downloading the full .tar.gz to update the local copy is not very > optimized. On the other side the full 'anonymous cvs' route seems prone to > security oversights & bandwidth penalty: what about going to the cvsup > route instead? > > cvsup is quite optimized for maintaining read-only slave copies of a > repository in sync. > > I could help with the setup, if that may be an incentive. > > Angelo Turetta > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] two problems
http://www.freebsd.org/cgi/man.cgi?query=altq&apropos=0&sektion=0&manpath=FreeBSD+6.0-RELEASE+and+Ports&format=html -Original Message- From: Jure Pečar [mailto:[EMAIL PROTECTED] Sent: Monday, December 19, 2005 11:47 AM To: support@pfsense.com Subject: Re: [pfSense Support] two problems On Mon, 19 Dec 2005 12:21:49 -0500 Scott Ullrich <[EMAIL PROTECTED]> wrote: > On 12/19/05, Jure Pečar <[EMAIL PROTECTED]> wrote: > > > > Because I didn't check if there's something going on on serial ... > > Yes. It disabled VGA. Doesn't it say this on the webgui? It does. I just didn't expect this to work in such an early boot stage :) Also, is there a need for vga console to be disabled when serial is enabled? > > ALTQ > > It is dependent on nic type. Is there a list of altq supported nics? Google is not too helpful here. -- Jure Pečar http://jure.pecar.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] third problem
Well if you think it could be a general FreeBSD issue, the best was to test would be to just create a FreeBSD cdrom. You can download the ISO from here. ftp://ftp11.freebsd.org/pub/FreeBSD/ISO-IMAGES-i386/6.0/6.0-RELEASE-i386-disc1.iso If you can try to install it. My thinking is it should hose while starting the installer from the cdrom. If it doesn't try to make it thought a full install and then see if it does the same thing when booting off the hard drive. -Original Message- From: Jure Pečar [mailto:[EMAIL PROTECTED] Sent: Monday, December 19, 2005 10:29 AM To: support@pfsense.com Subject: [pfSense Support] third problem I have two different pentium 200 systems here I'm trying to install pfSense on, but on both systems, it spontanously reboots when the BTX loader should start loading the kernel. I feels like there's a line of text there in the moment before crash, so I'd suspect it actually starts the kernel, but it crashes very early on. This might be an issue with freebsd 6.0 ... as I'm not very familiar with freebsd, a question: is the kernel compiled for i686 and so the cpu can't handle certain instructions? -- Jure Pečar http://jure.pecar.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] bsnmp
15:46 * Check-in [8362]: Use mibII_interfaces.c.1130101189.diff (By sullrich) 15:44 * Check-in [8361]: Add BSNMPD operstatus patch (By sullrich) Does that mean the patches weren't applying correctly? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Tutorial under construction.
Is that something some one will have to pay for? -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Thursday, November 03, 2005 3:05 PM To: support@pfsense.com Subject: Re: [pfSense Support] Tutorial under construction. Apologies to everyone for the 5 MB list attachment. I should have instated a size limit on the list from the get go. Sending that out to almost 300 people chewed up some serious Internet bandwidth (25 Mb, more than half a T3). http://chrisbuechler.com/temp/m0n0wall-wan-1day.png /me is off to implement a size limit. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RE: Re: [pfSense Support] Serial port console ... ?
Hmm I thought you had to use a null modem for pc - to - pc but I could be wrong. At any rate it couldn't hurt to try. -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 02, 2005 2:58 PM To: support@pfsense.com Subject: Re: RE: Re: [pfSense Support] Serial port console ... ? Just using a standard roll-over cable .. I can try a null-modem, but the standard roll-over "use" to work great. -- David L. Strout Engineering Systems Plus, LLC - Original Message - Subject: RE: Re: [pfSense Support] Serial port console ... ? From: [EMAIL PROTECTED] To: support@pfsense.com Date: 11-02-2005 3:33 pm > Just wondering, what kind of serial cable do you have? > > > -Original Message- > From: David Strout [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 02, 2005 2:26 PM > To: support@pfsense.com > Subject: Re: Re: [pfSense Support] Serial port console ... ? > > http://cvstrac.pfsense.com/chngview?cn=7039 > > Check-in Number: 7039 > > SORRY it still seems to not work. > > -- > David L. Strout > Engineering Systems Plus, LLC > > - Original Message - > Subject: Re: [pfSense Support] Serial port console > ... ? > From: [EMAIL PROTECTED] > To: support@pfsense.com > Date: 11-02-2005 3:20 pm > > > > On 11/2/05, David Strout <[EMAIL PROTECTED]> > wrote: > > > Anybody have any luck in getting a console > > > connection going "Enable Serial Console"? > > > > > > I have been following the CVS track ticket > number > > > 7039, but see little activity on it since > > > 10.25.05, has it been fixed in the current > 0.90a > > > ver., or am I mis-configured? I am running > the > > > same box/config as before, so I suspect that > if it > > > were fixed it work as it did previously. > > > > Huh? There are only 700 tickets. 7039 would > the the cvs commit #. > > There are no open tickets concerning serial. > > > > > - > > To unsubscribe, e-mail: > [EMAIL PROTECTED] > > For additional commands, e-mail: > [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Re: [pfSense Support] Serial port console ... ?
Just wondering, what kind of serial cable do you have? -Original Message- From: David Strout [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 02, 2005 2:26 PM To: support@pfsense.com Subject: Re: Re: [pfSense Support] Serial port console ... ? http://cvstrac.pfsense.com/chngview?cn=7039 Check-in Number:7039 SORRY it still seems to not work. -- David L. Strout Engineering Systems Plus, LLC - Original Message - Subject: Re: [pfSense Support] Serial port console ... ? From: [EMAIL PROTECTED] To: support@pfsense.com Date: 11-02-2005 3:20 pm > On 11/2/05, David Strout <[EMAIL PROTECTED]> wrote: > > Anybody have any luck in getting a console > > connection going "Enable Serial Console"? > > > > I have been following the CVS track ticket number > > 7039, but see little activity on it since > > 10.25.05, has it been fixed in the current 0.90a > > ver., or am I mis-configured? I am running the > > same box/config as before, so I suspect that if it > > were fixed it work as it did previously. > > Huh? There are only 700 tickets. 7039 would the the cvs commit #. > There are no open tickets concerning serial. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] SQUID and SNMP
Sorry, I just noticed this. I’ll have to do some research on this. Short answer is I’m thinking not (about squid being snmp ready). I’ll have to see what it takes to get squid setup into bsnmp. From: Emanuel A. Gonzalez [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 01, 2005 12:36 AM To: support@pfsense.com Subject: [pfSense Support] SQUID and SNMP I’m working now on version 0.90a, and I was wondering if the squid package is ready for snmp? Or does it need to be configured? Besides, I don’t know if you guys had noticed it, but there is a “/” missed in the squid.conf in the line: acl for_throttled_multimedia url_regex -i "/usr/local/etc/squid/advanced/aclsdst_throttle_multimedia.acl" which should looke like this acl for_throttled_multimedia url_regex -i "/usr/local/etc/squid/advanced/acls/dst_throttle_multimedia.acl" I know it’s not big deal, but I think that may be could be corrected in further versions. Thanks again for your help and your great work! Emanuel Gonzalez Guatemala -- Se certificó que el correo Saliente no contiene virus. Verificado por Anti-Virus AVG. Versión: 7.1.362 / Base de datos de virus: 267.12.6/151 - Fecha de la versión: 28/10/2005 -- Se certificó que el correo Saliente no contiene virus. Verificado por Anti-Virus AVG. Versión: 7.1.362 / Base de datos de virus: 267.12.6/151 - Fecha de la versión: 28/10/2005
RE: [pfSense Support] Network Device pooling
>Also I wrote when stall happens I can't telnet to port 80 on web server >host - which means it is not just program causing stall. Are you trying this from the same host as the benchmark program? I wonder if a 2nd host would have the same problem. -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 3:53 PM To: support@pfsense.com Subject: Re: [pfSense Support] Network Device pooling On Mon, 2005-10-31 at 16:31 -0500, Scott Ullrich wrote: > Are we absolutely sure this program works as intended? Personally I > wouldn't trust anything like this but smartbits. Well... It works if filtering is disabled on pfsese - this is what worries me. If the program would be broken it should not work in both cases. Also I wrote when stall happens I can't telnet to port 80 on web server host - which means it is not just program causing stall. If it is protection on FreeBSD side from too much activity from same IP (Ie as it limits response to flood ping) this would be good to know. I hope this problem is actually something like that - I know there are a lot of FreeBSD based routers out where - if it would be broken for real workloads something would scream already. One more interesting thing I noticed: Percentage of the requests served within a certain time (ms) 50% 32 66% 33 75% 33 80% 33 90% 44 95%295 98%324 99%330 100% 21285 (longest request) Even if apache benchmark does not timeout it often shows too long response rate - (21 sec in this case) What I've noticed - it can be 3, 9 or 21 secs in this case - This really look like the times at which SYN packets are resent by TCP/IP stacks if no reply for previous one arrives. Doing more experiments I also discovered I can increase chance of passing benchmark (still not to 100%) if i reduce tcp_fin_timeout and increase ip_local_port_range variables ob my test driver host. This still brings the question why with filtering and without behavior is different but it makes me worry less :) > > Scott > > > On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > On Mon, 2005-10-31 at 16:25 -0500, Scott Ullrich wrote: > > > >apr_poll: The timeout specified has expired (70007) > > > > > > What is the above from? Your benchmark testing box? > > > > Yes. This is output from apache benchmark program. > > > > > > Benchmarking 111.111.111.158 (be patient) > > Completed 1 requests > > Completed 2 requests > > Completed 3 requests > > apr_poll: The timeout specified has expired (70007) > > Total of 30517 requests completed > > > > > > > > > > > > On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > > > On Mon, 2005-10-31 at 15:48 -0500, Scott Ullrich wrote: > > > > > Are you viewing the traffic queue status? This would be normal if you are... > > > > > > > > Heh, > > > > > > > > yes good quess. These were running in the other window. > > > > > > > > > > > > So here is the output for "stalled" case > > > > > > > > # pfctl -ss | wc -l > > > >51898 > > > > > > > > I have number of states set to 100.000 in advanced page so it is not > > > > peak number. > > > > > > > > > > > > Note what really surprises me is the number of request when if fails: > > > > > > > > apr_poll: The timeout specified has expired (70007) > > > > Total of 28217 requests completed > > > > > > > > This number of 28217 is seen so often... Sometimes it is a bit more ot > > > > less but it is very frequently withing +/- 100 of it. > > > > > > > > I was asked if I can connect to the remote box when this problem happens > > > > - yes. I can SSH to the same box which runs Apache, but I can't > > > > connect to the port 80 when this problem happens. > > > > > > > > So it looks like it does not like to see all these states corresponding > > > > to the same target port number. > > > > > > > > > > > > > > > > > > > > > > Scott > > > > > > > > > > > > > > > On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > > > > > On Mon, 2005-10-31 at 14:39 -0500, Scott Ullrich wrote: > > > > > > > On 10/31/05, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > > > > > > > > I wonder if part of the probl
RE: [pfSense Support] Locked out in bridging mode
Yea, you need to run all the command from the console (video, serial whatever) -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 1:57 PM To: support@pfsense.com Subject: [pfSense Support] Locked out in bridging mode Hi, After the tests today ( I guess I disabled firewall mode for test and then enabled it back) I got locked out of my pfsense box - it is inaccessible both from WAN and LAN (which are bridged and so anti lockout rule does not work). There seems to be no way to operate web interface from console :( Looking more into it - it looks like the problem is I actually rebooted the box while firewall was disabled. This resulted in very interesting effect - I could connect to the box behind the firewall but not to the box itself. - SSH as well as Web were dead. As soon as I did pfctl -e I could connect :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Network Device pooling
I wonder if part of the problem is PF isn't seeing the TCP tear down. It seems a little odd that the max gets hit and nothing else gets through. I guess it could be the benchmark isn't shutting down the session right after its down transferring data, but I would think it would kill the benchmark client to have 10K(ish) of open TCP sessions. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 1:28 PM To: support@pfsense.com Subject: Re: [pfSense Support] Network Device pooling On 10/31/05, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > Benchmarking 111.111.111.158 (be patient) Completed 1 requests <- > isn't 10,000 the default limit of the state table? That sure would > explain a lot. Yep. 10K is the default and it is adjustable from the System -> Advanced screen. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Network Device pooling
Benchmarking 111.111.111.158 (be patient) Completed 1 requests <- isn't 10,000 the default limit of the state table? That sure would explain a lot. -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 12:56 PM To: support@pfsense.com Subject: Re: [pfSense Support] Network Device pooling On Mon, 2005-10-31 at 12:03 -0500, Scott Ullrich wrote: > Please describe the hardware your using fully. NICS, etc. This is > not normal behavior. Sure It is Dell Poweredge 750 512MB RAM, SATA150 disk, Celeron 2.4Ghz ACPI APIC Table: Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel(R) Celeron(R) CPU 2.40GHz (2400.10-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0xf29 Stepping = 9 Features=0xbfebfbff Features2=0x4400> real memory = 536608768 (511 MB) avail memory = 515547136 (491 MB) Nics are build in Intel 10/100/1000 NICs: em0: port 0xece0-0xecff mem 0xfe1e-0xfe1f irq 18 at device 1.0 on pci1 em0: Ethernet address: 00:14:22:0a:64:4c em0: Speed:N/A Duplex:N/A It does not looks like this is hardware issue for me as if I disable firewall it works fine. I tried turning off scrub and it does not change anything. Still timeout after few requests: [EMAIL PROTECTED]:/tmp> ./ab2 -n 10 http://111.111.111.158/ This is ApacheBench, Version 2.0.41-dev <$Revision: 1.121.2.12 $> apache-2.0 Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Copyright (c) 1998-2002 The Apache Software Foundation, http://www.apache.org/ Benchmarking 111.111.111.158 (be patient) Completed 1 requests apr_poll: The timeout specified has expired (70007) > > On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > On Sun, 2005-10-30 at 23:14 +0100, Espen Johansen wrote: > > > Hi Peter, > > > > > > I have seen you have done a lot of testing with apache benchmarking. > > > I find it a little strange to use this as a test. Basically you will hit the > > > roof of standing I/O operations because you introduce latency with pfsense. > > > The lower the latency the more finished tasks/connections per time unit. > > > Most people don't take this into consideration when they tune apache. > > > Although, this is one of the most important aspects of web-server tuning. > > > > Espen, > > > > If you would see to the set of my emails you would see the growing > > latency with network pooling is not my concern, as well as well as > > dropping throughput with pfsense in the middle - it is all > > understandable. > > > > What is NOT ok however is the stall (20+ seconds) when CPU usage on > > pfsense drops almost to zero and no traffics come on connections. > > Sometimes it causes apache benchmark to abort sometimes just shows crazy > > response times. > > > > This does not happen in direct benchmark (no pfsense in the middle) or > > with pfsense with disable firewall. > > > > Why I used apache benchmark ? Well it is simple stress test which > > results in a lot of traffic and a lot of states in the state tables. > > > > > > > > This is the scenario: > > > > > > Client with low BW and high latency will generate a standing I/O because of > > > the way apache is designed. So if a client with 100ms latency asks for a > > > file of 100Kbyte and he has a 3KB/s transfer rate he will generate a > > > standing I/O operation for "latency + transfer time", and the I/O operation > > > will not be finished until he has a completed transfer. So basically you do > > > the same, because you change the amount of time the request takes to process > > > you will have more standing I/O operations then if pfsense does routing only > > > (faster then routing and filtering). So lets say that you increase latency > > > from 0.4 ms to 2 ms it will mean that you have standing I/O 250% longer. So > > > in turn that will mean that your ability to serve connections will be 1/5 > > > with 2ms compared to 0.4 ms latency. > > > > Well... This would be the case in real life scenario - slow clients > > blowing up number of apache children. But it is not the case in > > synthetic Apache benchmark test. In this case you set fixed > > concurrency. I obviously set it low enough for my Apache box to > > handle. > > > > Furthermore pfsense locks even with single connection (this is > > independent if device pooling is enabled) > > > > > > > > > > The ones listed below seems to be the once that has the most effect on > > > polling and performance. You will have to play around with these settings to > > > find out what works best on your HW, as I can't seem to find some common > > > setting that works well for all kinds of HW. > > > > > > kern.polling.each_burst=80 > > > kern.polling.burst_max=1000 > > > kern.polling.user_frac=50 > > > > > > Thanks. > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --
RE: [pfSense Support] Network Device pooling
Send the output.txt of... date >> /tmp/output.txt netstat -m >> /tmp/output.txt netstat -in >> /tmp/output.txt sysctl hw.em0.stats=1 >> /tmp/output.txt sysctl hw.em1.stats=1 >> /tmp/output.txt sysctl hw.em2.stats=1 >> /tmp/output.txt Can you send these while the machine is normal and when the machine is choking? (send the output.txt file btw) Are you able to try this test using routing ver bridging? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 1:09 PM To: support@pfsense.com Subject: Re: [pfSense Support] Network Device pooling On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > On Mon, 2005-10-31 at 12:03 -0500, Scott Ullrich wrote: > > Please describe the hardware your using fully. NICS, etc. This is > > not normal behavior. > > Sure It is Dell Poweredge 750 > 512MB RAM, SATA150 disk, Celeron 2.4Ghz > > ACPI APIC Table: > Timecounter "i8254" frequency 1193182 Hz quality 0 > CPU: Intel(R) Celeron(R) CPU 2.40GHz (2400.10-MHz 686-class CPU) > Origin = "GenuineIntel" Id = 0xf29 Stepping = 9 > > Features=0xbfebfbff > Features2=0x4400> > real memory = 536608768 (511 MB) > avail memory = 515547136 (491 MB) > > > > Nics are build in Intel 10/100/1000 NICs: > > em0: port > 0xece0-0xecff mem 0xfe1e-0xfe1f irq 18 at device 1.0 on pci1 > em0: Ethernet address: 00:14:22:0a:64:4c > em0: Speed:N/A Duplex:N/A > > > It does not looks like this is hardware issue for me as if I disable > firewall it works fine. > > I tried turning off scrub and it does not change anything. Still timeout > after few requests: And when this timeout occurs do you see anything in the system logs? Can you still telnet into the apache server behind pfsense? This really doesn't make a lot of sense. It should be able to stand up to this. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Dump states featue
Oh in that case you might as well try routed to see if it's any different as well. Also like Scott said it would help to know the complete hardware specs. Please expect complaints if your using Real Tek nics ;). BTW does anyone know how to change the way outlook quotes messages? -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 12:08 PM To: support@pfsense.com Subject: Re: [pfSense Support] Dump states featue Edit /tmp/rules.debug and remove the scrub directives. then run pfctl -f /tmp/rules.debug Please submit the hardware type, interace nics, etc. Scott On 10/31/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > On Mon, 2005-10-31 at 11:30 -0600, Fleming, John (ZeroChaos) wrote: > > John, > > > I didn't see but are you using Nat? If so do things change with Nat > > disabled? Also could you try disabling the Scrub option and seeing if > > that makes a difference? > > I'm using bridging - no NAT > > What is SCRUB and how to disable it ? > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Dump states featue
I didn't see but are you using Nat? If so do things change with Nat disabled? Also could you try disabling the Scrub option and seeing if that makes a difference? -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 10:55 AM To: support@pfsense.com Subject: Re: [pfSense Support] Dump states featue On Mon, 2005-10-31 at 06:21 -0600, Randy B wrote: > > I got to this point just running about 500 requests/sec in apache > > benchmark. No keepalive. > > > > Strike me as inexperienced here, but wouldn't you want to tweak PF a bit > for your environment? Did you try the "Firewall Optimization Options" > and set it to aggressive? Right. I tried "aggressive" - the effect is similar. I should clarify once again - I do not need 500 requests/sec I would be quite fine even with 100 req/sec at this point. The problem is what happens to the box with such load - after couple of minutes of intensive load the CPU drops to zero and there is 20-30 sec + of total inactivity (watching vmstat) - this leads to very large response times for some requests - in apache benchmark, or if I'd like to refresh status page on pfsense. > > Methinks one would have a firewall set up differently when putting it in > front of a large webserver as opposed to fronting a SOHO network, which > is what most of us have Right. I know SOHO market will get more users than what I'm trying to do :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Dump states featue
FYI a PIX 520 (the 300 mhz version) can not handle 50,000 entries in the state table. It may on paper, but just because it has enough ram. I want to say it starts to have problems at about 35,000, but then again all my PIX firewalls were fully loaded with nics (6 10/100 I think). Kind of funny to boot a 520 and hear a video failure beep code. -Original Message- From: Peter Zaitsev [mailto:[EMAIL PROTECTED] Sent: Monday, October 31, 2005 10:48 AM To: support@pfsense.com Subject: Re: [pfSense Support] Dump states featue On Sun, 2005-10-30 at 17:25 -0500, Scott Ullrich wrote: > If you want to push 50,000 states do you think this box is enough > juice? With that amount of states it seems you want to use much > better hardware. Well... I'm not going to have 50.000 states - I'm just stress testing to see the limit. Now I see these number of states takes just few MB of memory - I never got amount of memory used over 15% CPU usage in my understanding should grow with number of packets and rules - states are secondary. It must be implemented as hash table with semi-constant lookup time. And once again - my problem is not amount of packets I can pass at this point but the way it keeps up with high load. Also This is better hardware which is included in Most of Firewalls. For example SonicWall 2040 has 800Mhz x86 CPU, Cisco PIX - 300Mhz Celeron. They might have some extra hardware offloading but also have extra features such as deep packet inspections etc. > > On 10/30/05, Peter Zaitsev <[EMAIL PROTECTED]> wrote: > > On Sun, 2005-10-30 at 15:45 -0400, Scott Ullrich wrote: > > > If you don't mind me asking, what hardware are you running pfsense on > > > for these tests? > > > > This is Dell PowerEdge 750 - 512Mb RAM, Celeron 2.4Ghz > > 2 Intel 1Gbit NICs > > > > This seems to be much better than all firewalls below 5K$ have :) > > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] question ?
I think he wants to know if you can have a default template that you can call during install that will configure the pfsense. I want to know if can pfsense come with configurations by "default?" like Ipcop. Pienso que él desea saber si usted puede tener una plantilla del defecto durante la cual usted pueda llamar instale eso configure el pfsense. http://www.google.com/language_tools :) -Original Message- From: Cristian Menghi [mailto:[EMAIL PROTECTED] Sent: Thursday, October 13, 2005 9:49 AM To: support@pfsense.com Subject: Re: [pfSense Support] question ? that not can importat configurations of ipcop, I want to know if can pfsense come with configurations by defect like Ipcop 2005/10/13, Marcin Jessa <[EMAIL PROTECTED]>: > On Thu, 13 Oct 2005 11:23:02 -0300 > Cristian Menghi <[EMAIL PROTECTED]> wrote: > > > it is possible that pfsense it integrates configurations predefined in > > the installation like smoothwall or ipcop > > No, you cannot export configuration from your existing IPcop setup. > > > > > pd:anyone can speak spanish ? > > It's an english mailing list. > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- .::Cristian Menghi::. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] passive ftp
Well I'm not sure to tell you the truth. I wonder if binding it to the inet facing ip would fix it. The only this is this would remove the need for nat as you would have the proxy handle all the hand offs. :/ Try this. Kill pftpx (only the one with the -c 21 -f 10.0.0.2 args) Then run this. (replace $inet-address with your inet facing address) /usr/local/sbin/pftpx -b $inet-address -c 21 -f 10.0.0.2 -g 21 If there are any nat rules you created delete them but make sure the firewall holes are open. -Original Message- From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] Sent: Monday, October 10, 2005 3:29 PM To: support@pfsense.com Subject: RE: [pfSense Support] passive ftp At 12:44 PM 10/10/2005, you wrote: >This is what the man page says for the -f switch. > > -f address > Fixed server address. The proxy will always connect to the >same > server, regardless of where the client wanted to connect to > (before it was redirected). Use this option to proxy for a > server behind NAT, or to forward all connections to another > proxy. so, what went wrong, then? it is surely redirecting the tcp session, but the IP addresses in the FTP commands are not being NAT'ed? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] IPSec tunnel and Remote Desktop
Hmm do you have any telnet servers you could try to connect to thought the tunnel? I'm wondering if you're running into a MSS/no fragmentation issue. It might be nice to see a tcpdump -ni $lan-if -w output.pcap 'host $your_client_ip' from the firewall. Let it capture for 5 mins while you try the remote desktop session. When your finished just ctrl-c the tcpdump and send it this way. You should know have a output.pcap file from what ever dir you run that command. I'm guessing we might need to do some mss fixup for ipsec tunnels. My 0.02c -Original Message- From: Jason Landry [mailto:[EMAIL PROTECTED] Sent: Monday, October 10, 2005 12:58 PM To: support@pfsense.com Subject: [pfSense Support] IPSec tunnel and Remote Desktop Hi, I've created a site-to-site IPSec tunnel between my home and office. At home I'm using the latest pfsense, 0.86.4, and at work, m0n0wall. I used the basic instructions in the tutorial. The home network is 10.53.x.x/24, the work network is 192.168.x.x/24. Both are NAT'ed. At home I have a dynamic DNS, but that's ok since I only want to be able to connect *to* the office. The tunnel gets established properly, and I can ping machines at the office through the tunnel. I can access the webgui of the office's m0n0wall router without a problem. However, I cannot use remote desktop. When I attempt to connect to a machine, I get a partial connection (the screen starts drawing), but it hangs and never even shows me the login information. I was also hoping to access our office's sql server using the tunnel. I can establish the connection, but queries are never returned, and query analyzer always complains about a broken network connection. I'm guessing this has something to do with having the networks behind NAT. Any ideas? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] passive ftp
This is what the man page says for the -f switch. -f address Fixed server address. The proxy will always connect to the same server, regardless of where the client wanted to connect to (before it was redirected). Use this option to proxy for a server behind NAT, or to forward all connections to another proxy. So what is 10.0.0.2? Is that a nat ip on the firewall or the ftp server you're handing off to? -Original Message- From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] Sent: Monday, October 10, 2005 11:17 AM To: support@pfsense.com Subject: RE: [pfSense Support] passive ftp At 11:46 AM 10/10/2005, you wrote: >Oh sorry I didn't read this very well. I'm guessing the problem has to >do with the ftp proxy (pftpx) saying the data channel is on 10.0.0.2. > >227 Entering Passive Mode (10,0,0,2,191,87) <- 10,0,0,2 ah, yeah, i didn't notice that either. not enough coffee, i guess :( so it's not being nat'ed correctly? (or at all)? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] passive ftp
Oh sorry I didn't read this very well. I'm guessing the problem has to do with the ftp proxy (pftpx) saying the data channel is on 10.0.0.2. 227 Entering Passive Mode (10,0,0,2,191,87) <- 10,0,0,2 -Original Message- From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] Sent: Monday, October 10, 2005 10:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] passive ftp At 11:13 AM 10/10/2005, you wrote: >As of 0.86.4 there should be a automatic ftp helper that is launched >for internet -> lan ftp redirections. Make sure you're on the latest >version. Hmmm, I'm on 0.86.4 now, and it doesn't work for me. I went to an external linux server and ftp'ed back in to my pure-ftp server (on my freebsd 5.4 server) and see this: ftp> passive Passive mode on. ftp> dir 227 Entering Passive Mode (10,0,0,2,191,87) ftp: connect: No route to host Here are the pftpx processes: # ps ax | grep ftp 565 ?? Ss 0:00.27 /usr/local/sbin/pftpx -g 8021 216.129.135.2 699 ?? Ss 0:00.23 /usr/local/sbin/pftpx -c 21 -f 10.0.0.2 -g 21 Is there anything else you need to see? Rules? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] passive ftp
No route to host seems a little odd. Where did you start the ftp from and where was it going to (lan -> dmz)? -Original Message- From: Dan Swartzendruber [mailto:[EMAIL PROTECTED] Sent: Monday, October 10, 2005 10:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] passive ftp At 11:13 AM 10/10/2005, you wrote: >As of 0.86.4 there should be a automatic ftp helper that is launched >for internet -> lan ftp redirections. Make sure you're on the latest >version. Hmmm, I'm on 0.86.4 now, and it doesn't work for me. I went to an external linux server and ftp'ed back in to my pure-ftp server (on my freebsd 5.4 server) and see this: ftp> passive Passive mode on. ftp> dir 227 Entering Passive Mode (10,0,0,2,191,87) ftp: connect: No route to host Here are the pftpx processes: # ps ax | grep ftp 565 ?? Ss 0:00.27 /usr/local/sbin/pftpx -g 8021 216.129.135.2 699 ?? Ss 0:00.23 /usr/local/sbin/pftpx -c 21 -f 10.0.0.2 -g 21 Is there anything else you need to see? Rules? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] bochs + pfsense.
Title: bochs + pfsense. So how is everyone doing testing with bochs? If anyone is using virtual network interfaces could they please send me the bochs network config? Thanks!
RE: [pfSense Support] suggestion for LAN rule menu
Are you bridging any interfaces with the wan interface? -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:29 AM To: support@pfsense.com Subject: Re: [pfSense Support] suggestion for LAN rule menu On 10/7/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > p.s. the reason i bumped into this was looking at my ntop data, i noticed a > small amount of non-IP data going out the WAN port. no idea what - i have a > windows box (XP) but it should be doing NETBIOS over TCP (or whatever the > option is), so I thought i'd get rid of that. Hmmm, interesting. For the "default" rule, we allow any protocol out. I'm a little surprised to hear "non-IP" data though as all that should be going out is IP data. Does ntop give you any indication of what the non-IP data is? I'll try a tcpdump on my home boxen and see if we're sending something we shouldn't be. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] SNMP for pflog0
I've been meaning to write the mother of all pf-mrtg.cfgs. I would be cool if you crammed all that in there. :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, October 06, 2005 1:41 PM To: support@pfsense.com; support@pfsense.com Subject: RE: [pfSense Support] SNMP for pflog0 At 11:37 AM 10/6/2005, Fleming, John \(ZeroChaos\) wrote: >http://cvstrac.pfsense.com/tktview?tn=257,4 Thanks. Since I'm not an expert, that should keep me up twiddling with MRTG for a few nights! (grin) Really, thanks, theres a lot of good info there. -- [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] SNMP for pflog0
http://cvstrac.pfsense.com/tktview?tn=257,4 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, October 06, 2005 1:31 PM To: support@pfsense.com Subject: [pfSense Support] SNMP for pflog0 PFSense gurus- I am using MRTG to capture interface statistics of my PFSense firewall. I have a few questions: 1) I don't see anything interesting on the pflog0 interface. What traffic should I see on that? I was hoping that I'd see traffic stopped by the firewall, or at least something useful 2) Is there anything else that I can scrape with MRTGand SNMP that might be interesting other than bandwidth through the interfaces? Thanks in advance! -- [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] my status.
Oops, wrong address. :) (Doh!) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] my status.
Well I'm moved into an apartment as of yesterday and do to a lack of T.V. expect to have a large amount of free time coming up. I don't really have a set range of ips I'll becoming from yet as I'm just jumping on who ever has a free AP open for now. Anyway... So is there anything you would like me to work on? I have three things I see as being important. 1. One stop diag report. I think it would be very helpful to have a button that generates a huge amount of stats that the user can download and send into support if need be. vmstat, top, ps -ef, dmesg, netstat -in, netstat -an, ifconfig -a, pciconf -lv and config.xml (including some way to strip passwords). If this sounds like something useful I'll start working on that. 2. Automated testing. Granted this is not going to be easy as parts of the system seem to move very quickly. Maybe as a starting point I could script the installation of packages. A long term goal I would like to see is fully scripting the installation of an image into Vmware/bochs and doing some kind of firewall testing. Ok so that is a mammoth goal but I think its worth trying. 3. Documentation. Are there any parts of the system you would like documented? My job is requiring me to do more documentation then I have ever done so I think I could use the practice ;). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] A little note about vlans and netgraph in FreeBSD.
Title: A little note about vlans and netgraph in FreeBSD. http://docs.freebsd.org/cgi/getmsg.cgi?fetch=38062+0+current/freebsd-arch “I think I ran into the related problem. The vlan device calls IFQ_HANDOFF directly versus the "normal" output bits so you can't use netgraph etc. I broke up ether_output so that I could call the stuff that ether_output does so it would go through netgraph hooks if configured. Doug A.”
RE: [pfSense Support] why beep(1) when you can speaker(4)
Just something to look out for. My laptop would do odd things if the audio was muted. I seem to remember it blocking forever if say the device was muted or something along those lines. Let me also say this was under 4.x and that sound card never worked after 5.2.1 so its possible it was a funky driver issue. echo 'System going down' | logger /dev/speaker < /boot/kernel/kern.gz -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, October 03, 2005 6:40 PM To: support@pfsense.com Subject: Re: [pfSense Support] why beep(1) when you can speaker(4) No, it's not active yet. It will not show up until 0.86.2. Scott On 10/3/05, Jonathan Woodard <[EMAIL PROTECTED]> wrote: > scott, is the beep script active, i upgraded to 0.86 which i'm assuming > is the right one. when i rebooted i heard nothing. just wondering if/how > i get it active, thanks :) > > Scott Ullrich wrote: > > >Hrm. Good point. I didn't honestly know you could echo items to > >/dev/speaker to have it play sounds. Currently we are using beep > >from the FreeBSD ports tree with a small wrapper script that plays > >tones going up (machine is up) or tones going down (machine is on its > >way down). > > > >Thanks to Seth Mos for putting together the script. > > > >Scott > > > > > >On 10/3/05, Vivek Khera <[EMAIL PROTECTED]> wrote: > > > > > >>I was just browsing the kernel config files for pfsense and noticed > >>that the speaker pseudo device is built in. Then I recalled the > >>'beep' discussion... which got me to thinking: Why use beep when you > >>can just echo strings into /dev/speaker and play lots of nice > >>tunes? You could even make the theme music customizable :-) > >> > >> > >> > >>- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] NIC issues
Btw the microcode is loaded via the option link0 which is passed to ifconfig. I'm not sure where that is set but a few grep for link0 in /etc/ should show you. -Original Message- From: J B [mailto:[EMAIL PROTECTED] Sent: Thursday, September 29, 2005 12:22 PM To: support@pfsense.com Subject: Re: [pfSense Support] NIC issues Is there anyway to turn off the microcode on a per/NIC basis? I only have older Pro100 cards - (trying to recycle some old equipment and make it usefull again) JB On Thu, September 29, 2005 1:14 pm, Scott Ullrich wrote: > I suspect the microcode is borking the NIC.Do you have a newer > NIC that you could try? I would rather not remove the microcode > support as it works wonders for newer cards. > > Scott > > > > On 9/29/05, J B <[EMAIL PROTECTED]> wrote: > >> Well - it keeps timing out, I wish I had the machine in front of me so >> I >> could send the actual error - but it keeps saying that the microcoad >> load is timing out >> >> JB >> >> >> On Thu, September 29, 2005 1:08 pm, Dan Swartzendruber wrote: >> >>> At 12:48 PM 9/29/2005, you wrote: >>> >>> yes - it shows up as fxp0 - but then I get errors loading microcode - and it just don't work on the network >>> >>> "gets errors". can you be more specific? >>> >>> >>> >>> >>> >>> - >>> To unsubscribe, e-mail: [EMAIL PROTECTED] >>> For additional commands, e-mail: [EMAIL PROTECTED] >>> >>> >>> >>> >> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] NIC issues
So what irqs are the 3com and Intel on? -Original Message- From: J B [mailto:[EMAIL PROTECTED] Sent: Thursday, September 29, 2005 2:53 PM To: support@pfsense.com Subject: Re: [pfSense Support] NIC issues The issue is the Intel Pro - not the 3C509 (I have to use this until the QFE card is supported - because I only have 3 pci slots, and need 4 interfaces) The 3C509 is an ISA card - and works just fine JB On Thu, September 29, 2005 3:49 pm, Chris Buechler wrote: > Fleming, John (ZeroChaos) wrote: > > >> 3c509 or 3c905? >> >> >> The 509 is an ISA card which means you need to run the 3com util >> 3c5x9cfg (I think that's what its called) to make sure you don't have >> any irq/io conflicts. >> >> >> > > might have jumpers on the card in lieu of that, a few of them did. Might > also have to muck with some of your resource settings in your BIOS. > > Honestly, unless you have a lot of hair you wouldn't mind losing, I > would suggest trashing ISA cards and getting some PCI NIC's. :) They can > be had for ~$5 USD a pop on ebay. I think the start of the gray hair I'm > getting at 25 was caused by using multiple ISA NIC's on Linux and BSD > firewalls several years ago. ;) > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] NIC issues
3c509 or 3c905? The 509 is an ISA card which means you need to run the 3com util 3c5x9cfg (I think that's what its called) to make sure you don't have any irq/io conflicts. 3c905 being PCI wouldn't have that issue. -Original Message- From: J B [mailto:[EMAIL PROTECTED] Sent: Thursday, September 29, 2005 11:40 AM To: support@pfsense.com Subject: Re: [pfSense Support] NIC issues the freebsd device name is hme: The hme(4) driver supports the on-board Ethernet interfaces of many Sun UltraSPARC workstation and server models. Cards supported by the hme(4) driver include: * Sun PCI SunSwift Adapter * Sun SBus SunSwift Adapter .( hme. and .SUNW,hme.) * Sun PCI Sun100BaseT Adapter 2.0 * Sun SBus Sun100BaseT 2.0 * Sun PCI Quad FastEthernet Controller * Sun SBus Quad FastEthernet Controller As for the Intel Pro - different system - that system I was using 1 Intel Pro 100 (stand alone), 1 Linksys Fast eth (shows up as dc0) and a 3com 3c509 JB On Thu, September 29, 2005 12:20 pm, Scott Ullrich wrote: > That NIC is not supported as far as I can tell. If you know the > device name in freebsd please let me know.Try removing the quad port > nic and I bet the single nic will work. > > Scott > > > > On 9/29/05, J B <[EMAIL PROTECTED]> wrote: > >> I'm having issues with the following NIC cards: >> >> >> Sun Quad Fast Ethernet - not recognized >> Intel Pro 100 - recognized, but doesn't seem to work - used it as my LAN >> interface - connected it back to back with another maching using a >> X-over >> cable and configured both on the same net - couldn't access the config >> page >> >> >> any help would be appreciated >> >> JB >> >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Trouble/Questions about the development version.
I'm guessing something from gcc is missing. I've seen this error before when include files are missing (/usr/include). See if something very simple will compile. vi test.c #include main (){ printf("hello yorld\n"); } I think that will compile ;) gcc -o test test.c ./test Should spit out "hello yorld" -Original Message- From: Robert Goley [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 28, 2005 12:17 PM To: support@pfsense.com Subject: [pfSense Support] Trouble/Questions about the development version. I have been testing pssense to use it to replace a Firebox we currently have on one of our connections. The Firebox currently does webfiltering. I tried to get this working with pfsense and ran into some issues. I installed the pfsense developer version (84 I think). I loaded the ports info and tried to compile dansguardian. I got a message that I have never seen from gcc. Something to the affect that it could not create an executable. Has something been restricted? What do I need to do to get this comiled properly under pfsense/FreeBSD? Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CDROM Version Install
Err ..of "FreeBSD 6.0" - Beta 5 -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 5:23 PM To: support@pfsense.com Subject: Re: [pfSense Support] CDROM Version Install Yes, s0ren changed tha ATAPI CDRom code recently. :/ Scott On 9/27/05, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: > "If you get a chance try a default install (just for testing) of FreeBSD > Beta 5 (or whatever the latest beta of 6.0 is) and see if you get the > same issues." > :) > > -Original Message- > From: Holger Bauer [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 27, 2005 5:15 PM > To: support@pfsense.com > Subject: AW: [pfSense Support] CDROM Version Install > > I'm seeing this problem since 0.85.2. the same cd-rom reader was working ever > since pfsense 0.20 for me :-/ > > Holger > > -Ursprüngliche Nachricht- > Von: Fleming, John (ZeroChaos) [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 28. September 2005 00:12 > An: support@pfsense.com > Betreff: RE: [pfSense Support] CDROM Version Install > > > FreeBSD is having love issue (see no) with your cdrom. It could be.. > 1. bad cdrom drive > 2. bad cdrom > 3. bad cable > 4. sucky IDE chipset. > 5. FreeBSD bug. > > If you get a chance try a default install (just for testing) of FreeBSD > Beta 5 (or whatever the lastest beta of 6.0 is) and see if you get the > same issues. > -Original Message- > From: Mike [mailto:[EMAIL PROTECTED] > Sent: Tuesday, September 27, 2005 5:06 PM > To: support@pfsense.com > Subject: [pfSense Support] CDROM Version Install > Importance: High > > Hi Guys, > I am pulling my hair out trying to figure this out. > I have PFSense now running on several boxes in different locations. > > I am building a new firewall for a client and during the install I am > getting the following error on versions 80.0, 80.4, 85.0 and 85.2. > > The error is as follows: > > Acd0: Failure_Read_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 > error=4 > > Letting this run it finally comes up asking if I want to setup my vlan > now. > I go through the setup fine add a few rules and reboot and the process > starts over. > > Please help as I am bald enough now and the ole lady hates when I start > pulling her hair out of her head. > > Thanks in Advance, > > Mike > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > Virus checked by G DATA AntiVirusKit > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CDROM Version Install
"If you get a chance try a default install (just for testing) of FreeBSD Beta 5 (or whatever the latest beta of 6.0 is) and see if you get the same issues." :) -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 5:15 PM To: support@pfsense.com Subject: AW: [pfSense Support] CDROM Version Install I'm seeing this problem since 0.85.2. the same cd-rom reader was working ever since pfsense 0.20 for me :-/ Holger -Ursprüngliche Nachricht----- Von: Fleming, John (ZeroChaos) [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 28. September 2005 00:12 An: support@pfsense.com Betreff: RE: [pfSense Support] CDROM Version Install FreeBSD is having love issue (see no) with your cdrom. It could be.. 1. bad cdrom drive 2. bad cdrom 3. bad cable 4. sucky IDE chipset. 5. FreeBSD bug. If you get a chance try a default install (just for testing) of FreeBSD Beta 5 (or whatever the lastest beta of 6.0 is) and see if you get the same issues. -Original Message- From: Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 5:06 PM To: support@pfsense.com Subject: [pfSense Support] CDROM Version Install Importance: High Hi Guys, I am pulling my hair out trying to figure this out. I have PFSense now running on several boxes in different locations. I am building a new firewall for a client and during the install I am getting the following error on versions 80.0, 80.4, 85.0 and 85.2. The error is as follows: Acd0: Failure_Read_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 error=4 Letting this run it finally comes up asking if I want to setup my vlan now. I go through the setup fine add a few rules and reboot and the process starts over. Please help as I am bald enough now and the ole lady hates when I start pulling her hair out of her head. Thanks in Advance, Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CDROM Version Install
FreeBSD is having love issue (see no) with your cdrom. It could be.. 1. bad cdrom drive 2. bad cdrom 3. bad cable 4. sucky IDE chipset. 5. FreeBSD bug. If you get a chance try a default install (just for testing) of FreeBSD Beta 5 (or whatever the lastest beta of 6.0 is) and see if you get the same issues. -Original Message- From: Mike [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 27, 2005 5:06 PM To: support@pfsense.com Subject: [pfSense Support] CDROM Version Install Importance: High Hi Guys, I am pulling my hair out trying to figure this out. I have PFSense now running on several boxes in different locations. I am building a new firewall for a client and during the install I am getting the following error on versions 80.0, 80.4, 85.0 and 85.2. The error is as follows: Acd0: Failure_Read_BIG ILLEGAL REQUEST asc=0x64 ascq=0x00 error=4 Letting this run it finally comes up asking if I want to setup my vlan now. I go through the setup fine add a few rules and reboot and the process starts over. Please help as I am bald enough now and the ole lady hates when I start pulling her hair out of her head. Thanks in Advance, Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Argg! My PfSense just died!
Did you send in your config.xml? BTW add this to the list of commands to run (at the top). ( ifconfig -a ; echo ) >> /usr/crash.info; -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd - Original Message - From: "Mojo Jojo" <[EMAIL PROTECTED]> To: Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! > > OK fellas, once again you are all very helpful.. Sorry for my rant > earlier, I just got the wrong idea I guess... > > I will take all the questions and suggestions as well as any more you can > provide today and take care of all of them later today. > > Just send me any questions you have about my install and I will dig, dig, > dig and get you all I can. I would love to fix this.. > > Some quick info: > > WAN = T1 Router (Ascend) static IP > LAN = Nothing hooked up here > OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk > etc.) BRIDGED TO WAN > OPT 2 = Unused at the moment > > Hardware brands and specifics I am not sure of at the moment, I will have > to dig a little more. Off the top of my head it looks something like this: > > AMD 2200+ CPU (Could be way off here, I have to check > 512 Mb RAM (Corsair I think) > Motherboard (via chipset, I think) > WAN NIC (Onboard Yuck, I know) > 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember > which are assigned to which at the moment. > > I will get more specifics later. > > The big thing to remember here is this.. When this happens, the GUI still > works, I just can't get to any of the servers behind PfSense.. Restarting > PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. > > What logs should I look at for a clue? > > I wonder if I should stick a PC on the LAN interface just to see if I can > get to it when this happens again. Maybe it's just the bridging from mt > WAN to OPT 1 that takes a dump? > > > > - Original Message - > From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> > To: > Sent: Monday, September 26, 2005 12:55 AM > Subject: RE: [pfSense Support] Argg! My PfSense just died! > > > I'd like to see dmesg output from the new box as well. What kind of nics > do you have in this box? It really sounds like we need someway to gather > as much information as possible during the next outage without rebooting > the box. Off the top of my head some of the things I would like to know > are.. > Send the output of these commands. If you can just paste them into the > console. Each command should append to the log file. > ( dmesg ; echo ) >> /usr/crash.info > ( netstat -in ; echo ) >> /usr/crash.info > ( netstat -m ; echo ) >> /usr/crash.info > ( top ; echo ) >> /usr/crash.info > ( ps -ax ; echo ) >> /usr/crash.info > ( find / -name "*.core" -print ; echo ) >> /usr/crash.info > ( df -h ; echo ) >> /usr/crash.info > ( ls -l /var/crash/* ; echo ) >> /usr/crash.info > > I'm also thinking something like this should be in a diag menu and the > ssh/serial console. That way we could grab some kind of snap shot of > hosed systems before it gets rebooted. > > > > > -Original Message- > From: Chris Buechler [mailto:[EMAIL PROTECTED] > Sent: Sunday, September 25, 2005 10:50 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > sending your entire config.xml to the list or Scott directly if you need > > to keep it private would likely help very much. > > > Scott Ullrich wrote: > >>On 9/25/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: >>[snip] >> >> >>>I have no motive here other than to use the product and possibly help > where >>>I can. It almost seems like you feel I am bashing PfSense or > something, not >>>really sure. Seems like a strange answer though if this is not your >>>thought.. >>> >>> >> >>I do not feel you are bashing pfSense. It's funny because this is >>going to be difficult to track down without nobody else having the >>same issue. >>
RE: [pfSense Support] Argg! My PfSense just died!
Just to be clear, if the boxes goes down again run those commands again without rebooting the box. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:35 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! Please gather that John requested and send to the list. Thanks. On 9/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > OK, here is what I have hardware wise: > > CPU: AMD Duron 950 Mhz > RAM: 256 MB not sure of the brand > Hard Drive: Maxtor 5T02oH2 20GB > Motherboard: Soyo with a Via Chipset > WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo > LAN NIC: Linksys LNE100TX unused interface > Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are > Opt 2 NIC: FA 311 Rev C-1 > > Hope some of this helps.. > > --Todd > > > - Original Message - > From: "Mojo Jojo" <[EMAIL PROTECTED]> > To: > Sent: Monday, September 26, 2005 6:14 AM > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > > > > > OK fellas, once again you are all very helpful.. Sorry for my rant > > earlier, I just got the wrong idea I guess... > > > > I will take all the questions and suggestions as well as any more you can > > provide today and take care of all of them later today. > > > > Just send me any questions you have about my install and I will dig, dig, > > dig and get you all I can. I would love to fix this.. > > > > Some quick info: > > > > WAN = T1 Router (Ascend) static IP > > LAN = Nothing hooked up here > > OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk > > etc.) BRIDGED TO WAN > > OPT 2 = Unused at the moment > > > > Hardware brands and specifics I am not sure of at the moment, I will have > > to dig a little more. Off the top of my head it looks something like this: > > > > AMD 2200+ CPU (Could be way off here, I have to check > > 512 Mb RAM (Corsair I think) > > Motherboard (via chipset, I think) > > WAN NIC (Onboard Yuck, I know) > > 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember > > which are assigned to which at the moment. > > > > I will get more specifics later. > > > > The big thing to remember here is this.. When this happens, the GUI still > > works, I just can't get to any of the servers behind PfSense.. Restarting > > PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. > > > > What logs should I look at for a clue? > > > > I wonder if I should stick a PC on the LAN interface just to see if I can > > get to it when this happens again. Maybe it's just the bridging from mt > > WAN to OPT 1 that takes a dump? > > > > > > > > - Original Message - > > From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> > > To: > > Sent: Monday, September 26, 2005 12:55 AM > > Subject: RE: [pfSense Support] Argg! My PfSense just died! > > > > > > I'd like to see dmesg output from the new box as well. What kind of nics > > do you have in this box? It really sounds like we need someway to gather > > as much information as possible during the next outage without rebooting > > the box. Off the top of my head some of the things I would like to know > > are.. > > Send the output of these commands. If you can just paste them into the > > console. Each command should append to the log file. > > ( dmesg ; echo ) >> /usr/crash.info > > ( netstat -in ; echo ) >> /usr/crash.info > > ( netstat -m ; echo ) >> /usr/crash.info > > ( top ; echo ) >> /usr/crash.info > > ( ps -ax ; echo ) >> /usr/crash.info > > ( find / -name "*.core" -print ; echo ) >> /usr/crash.info > > ( df -h ; echo ) >> /usr/crash.info > > ( ls -l /var/crash/* ; echo ) >> /usr/crash.info > > > > I'm also thinking something like this should be in a diag menu and the > > ssh/serial console. That way we could grab some kind of snap shot of > > hosed systems before it gets rebooted. > > > > > > > > > > -Original Message- > > From: Chris Buechler [mailto:[EMAIL PROTECTED] > > Sent: Sunday, September 25, 2005 10:50 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > > > sending your entire config.xml to the list or Scott directly if you need > > > > to keep it private would likely help very much. > > > > > > Scott Ullrich wrote: > > >
RE: [pfSense Support] Argg! My PfSense just died!
:/ I think my mua hosed that message a little. If the first one doesn't work try this one. ( dmesg ; echo ) >> /usr/crash.info ; ( netstat -in ; echo ) >> /usr/crash.info ; ( netstat -m ; echo ) >> /usr/crash.info ; ( top ; echo ) >> /usr/crash.info ; ( ps -ax ; echo ) >> /usr/crash.info ; ( find / -name "*.core" -print ; echo ) >> /usr/crash.info ; ( df -h ; echo ) >> /usr/crash.info ; ( ls -l /var/crash/* ; echo ) >> /usr/crash.info -Original Message- From: Fleming, John (ZeroChaos) [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 12:55 AM To: support@pfsense.com Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) >> /usr/crash.info ( netstat -in ; echo ) >> /usr/crash.info ( netstat -m ; echo ) >> /usr/crash.info ( top ; echo ) >> /usr/crash.info ( ps -ax ; echo ) >> /usr/crash.info ( find / -name "*.core" -print ; echo ) >> /usr/crash.info ( df -h ; echo ) >> /usr/crash.info ( ls -l /var/crash/* ; echo ) >> /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: >On 9/25/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: >[snip] > > >>I have no motive here other than to use the product and possibly help where >>I can. It almost seems like you feel I am bashing PfSense or something, not >>really sure. Seems like a strange answer though if this is not your >>thought.. >> >> > >I do not feel you are bashing pfSense. It's funny because this is >going to be difficult to track down without nobody else having the >same issue. > >[snip] > >Are you running dhcp on the wan? What else can you tell us about the >install because I didn't see too much of this type of information when >I went back through my archives. > >Scott > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Argg! My PfSense just died!
I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) >> /usr/crash.info ( netstat -in ; echo ) >> /usr/crash.info ( netstat -m ; echo ) >> /usr/crash.info ( top ; echo ) >> /usr/crash.info ( ps -ax ; echo ) >> /usr/crash.info ( find / -name "*.core" -print ; echo ) >> /usr/crash.info ( df -h ; echo ) >> /usr/crash.info ( ls -l /var/crash/* ; echo ) >> /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: >On 9/25/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: >[snip] > > >>I have no motive here other than to use the product and possibly help where >>I can. It almost seems like you feel I am bashing PfSense or something, not >>really sure. Seems like a strange answer though if this is not your >>thought.. >> >> > >I do not feel you are bashing pfSense. It's funny because this is >going to be difficult to track down without nobody else having the >same issue. > >[snip] > >Are you running dhcp on the wan? What else can you tell us about the >install because I didn't see too much of this type of information when >I went back through my archives. > >Scott > >- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Argg! My PfSense just died!
This doesn't look good. " pnpbios: Bad PnP BIOS data checksum" This looks bad as well. " pci_link3: BIOS IRQ 11 does not match initial IRQ 9" Looks like you've got a dc nic on 9 and 11. Do you have your serial ports disabled in the BIOS? Looks like you also have a dc nic on IRQ 3. I'd bet the problems are all related to this. Maybe try a bios update and what ever that reset option is called under the pci options. It should be around the same place where you enable/disable PNPBIOS. Speaking of you might also try enable/disable PNPBIOS. -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 1:45 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! OK, I assume you wanted me to send you the output to this. Not sure, here it is anyhow. # $ cat /var/log/dmesg.boot Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-BETA4 #0: Fri Sep 9 03:28:50 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/pfSense.6 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel Pentium III (930.32-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x686 Stepping = 6 Features=0x383f9ff real memory = 132907008 (126 MB) avail memory = 120291328 (114 MB) pnpbios: Bad PnP BIOS data checksum wlan: mac acl policy registered ath_hal: 0.9.14.9 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413) npx0: [FAST] npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard acpi0: Power Button (fixed) pci_link0: irq 11 on acpi0 pci_link1: irq 10 on acpi0 pci_link2: irq 3 on acpi0 pci_link3: irq 9 on acpi0 Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0 cpu0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xf800-0xfbff,0xffa8-0xffaf irq 11 at device 1.0 on pci0 pcib1: at device 30.0 on pci0 pci_link3: BIOS IRQ 11 does not match initial IRQ 9 pci1: on pcib1 fxp0: port 0xdf00-0xdf3f mem 0xff8ef000-0xff8e,0xff70-0xff7f irq 9 at device 1.0 on pci1 miibus0: on fxp0 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:03:47:70:0d:5a dc0: port 0xde00-0xdeff mem 0xff8ff000-0xff8ff3ff irq 11 at device 8.0 on pci1 miibus1: on dc0 ukphy0: on miibus1 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc0: Ethernet address: 00:12:17:55:3d:dc dc1: port 0xd000-0xd0ff mem 0xff8ff400-0xff8ff7ff irq 10 at device 9.0 on pci1 miibus2: on dc1 ukphy1: on miibus2 ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc1: Ethernet address: 00:12:17:55:00:1c dc2: port 0xd400-0xd4ff mem 0xff8ff800-0xff8ffbff irq 3 at device 10.0 on pci1 miibus3: on dc2 ukphy2: on miibus3 ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc2: Ethernet address: 00:12:17:55:00:18 dc3: port 0xd800-0xd8ff mem 0xff8ffc00-0xff8f irq 9 at device 11.0 on pci1 miibus4: on dc3 ukphy3: on miibus4 ukphy3: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc3: Ethernet address: 00:12:17:55:00:10 isab0: at device 31.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0 ata0: on atapci0 ata1: on atapci0 uhci0: port 0xef80-0xef9f irq 9 at device 31.2 on pci0 uhci0: [GIANT-LOCKED] usb0: on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pci0: at device 31.3 (no driver attached) speaker0: port 0x61 on acpi0 atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] fdc0: port 0x3f0-0x3f1,0x3f2-0x3f3,0x3f4-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 pmtimer0 on isa0 orm0: at iomem 0xc-0xc7fff,0xc8000-0xc8fff on isa0 vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0: configured irq 4 not in bitmap of probed irqs 0 sio0: port may not be enabled sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 8250 or not responding sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled ppc0: parallel port not found. Timecounter "TSC" frequency 930319448 Hz quality 800 Timecounters tick every 1.000 msec Fast IPsec: Initialized Security Association Processing. ad0: 19092MB at ata0-master UDMA66 acd0: CDRW at ata1-master UDMA33 Trying to mount root from ufs:/dev/ad0s1a bridge0: Ethernet address: ac:de:48:4e:3f:64 ############ ## -
RE: [pfSense Support] Argg! My PfSense just died!
Is that a quad dc card? Output looks fine. Did you send dmesg output? -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 12:04 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! $ netstat -m 294/486/780 mbufs in use (current/cache/total) 263/143/406/4800 mbuf clusters in use (current/cache/total/max) 0/3/1456 sfbufs in use (current/peak/max) 599K/407K/1007K bytes allocated to network (current/cache/total) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 7 calls to protocol drain routines $ netstat -in NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll fxp0* 1500 00:03:47:70:0d:5a0 00 0 0 dc01500 00:12:17:55:3d:dc0 00 0 0 dc01500 fe80:2::212:1 fe80:2::212:17ff:0 - 4 - - dc01500 192.168.1 192.168.1.1 0 - 0 - - dc11500 00:12:17:55:00:1c 2469246 0 3370226 0 0 dc11500 fe80:3::212:1 fe80:3::212:17ff:0 - 4 - - dc11500 **REMOVED IP** **REMOVED IP** 283 - 1748 - - dc21500 00:12:17:55:00:18 3883347 0 2474537 0 0 dc21500 fe80:4::212:1 fe80:4::212:17ff:0 - 4 - - dc3* 1500 00:12:17:55:00:100 00 0 0 pflog 332080 00 0 0 pfsyn 20200 00 0 0 lo0 163840 00 0 0 lo0 16384 ::1/128 ::1 0 - 0 - - lo0 16384 fe80:8::1/64 fe80:8::10 - 0 - - lo0 16384 127 127.0.0.10 - 0 - - bridg 1500 ac:de:48:4e:3f:64 6333840 0 5844759 0 0 - Original Message - From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:53 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! Might be a long show but also get the output of netstat -m And netstat -in -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 11:47 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! This is what top says, if it's of any help: ## $ top last pid: 6598; load averages: 0.34, 0.29, 0.22 up 0+14:30:39 11:46:07 54 processes: 1 running, 53 sleeping Mem: 27M Active, 39M Inact, 35M Wired, 4992K Cache, 22M Buf, 9828K Free Swap: 256M Total, 256M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 6247 _pflogd 1 -580 1536K 1108K bpf 0:05 0.49% pflogd 6586 root1 -8 10 11032K 9848K piperd 0:00 0.20% php 6598 root1 139 10 2196K 1300K RUN 0:00 0.20% top 6597 root1 8 10 1620K 1156K wait 0:00 0.20% sh 264 root1 -580 6060K 3980K bpf 34:50 0.00% tcpdump 3390 root1 -580 5528K 3456K bpf 6:42 0.00% tcpdump 470 root1 760 1332K 768K select 3:17 0.00% syslogd 265 root1 -80 1188K 604K piperd 1:50 0.00% logger 3391 root1 -80 1188K 604K piperd 0:26 0.00% logger 263 _pflogd 1 -580 1536K 1036K bpf 0:08 0.00% pflogd 3388 _pflogd 1 -580 1536K 1056K bpf 0:04 0.00% pflogd 550 root1 80 232K 104K nanslp 0:01 0.00% check_reload_status 539 root1 80 1300K 840K nanslp 0:00 0.00% cron 3620 root1 80 1620K 928K wait 0:00 0.00% sh 6248 root1 -80 1188K 688K piperd 0:00 0.00% logger 121 root1 760 1208K 664K select 0:00 0.00% usbd 5883 root1 760 5580K 2088K select 0:00 0.00% sshd 555 root1 50 1632K 920K ttyin0:00 0.00% sh # - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:33 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! top from a shell will tell you this. I have never ever seen a box just all of the sudden stop working. If a box blows up, it goes big time with kernel panics, etc. And even this I have not seen since being on crappy 5.X. 6.X of FreeBSD is looking mighty fine. Scott On 9/21/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > I meant, nothing plugged into the LAN NIC and nothing plugged into the OPT > 2 > NIC. > > Sorry about that. > > I am starting t
RE: [pfSense Support] Argg! My PfSense just died!
Might be a long show but also get the output of netstat -m And netstat -in -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 11:47 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! This is what top says, if it's of any help: ## $ top last pid: 6598; load averages: 0.34, 0.29, 0.22 up 0+14:30:39 11:46:07 54 processes: 1 running, 53 sleeping Mem: 27M Active, 39M Inact, 35M Wired, 4992K Cache, 22M Buf, 9828K Free Swap: 256M Total, 256M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 6247 _pflogd 1 -580 1536K 1108K bpf 0:05 0.49% pflogd 6586 root1 -8 10 11032K 9848K piperd 0:00 0.20% php 6598 root1 139 10 2196K 1300K RUN 0:00 0.20% top 6597 root1 8 10 1620K 1156K wait 0:00 0.20% sh 264 root1 -580 6060K 3980K bpf 34:50 0.00% tcpdump 3390 root1 -580 5528K 3456K bpf 6:42 0.00% tcpdump 470 root1 760 1332K 768K select 3:17 0.00% syslogd 265 root1 -80 1188K 604K piperd 1:50 0.00% logger 3391 root1 -80 1188K 604K piperd 0:26 0.00% logger 263 _pflogd 1 -580 1536K 1036K bpf 0:08 0.00% pflogd 3388 _pflogd 1 -580 1536K 1056K bpf 0:04 0.00% pflogd 550 root1 80 232K 104K nanslp 0:01 0.00% check_reload_status 539 root1 80 1300K 840K nanslp 0:00 0.00% cron 3620 root1 80 1620K 928K wait 0:00 0.00% sh 6248 root1 -80 1188K 688K piperd 0:00 0.00% logger 121 root1 760 1208K 664K select 0:00 0.00% usbd 5883 root1 760 5580K 2088K select 0:00 0.00% sshd 555 root1 50 1632K 920K ttyin0:00 0.00% sh # - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:33 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! top from a shell will tell you this. I have never ever seen a box just all of the sudden stop working. If a box blows up, it goes big time with kernel panics, etc. And even this I have not seen since being on crappy 5.X. 6.X of FreeBSD is looking mighty fine. Scott On 9/21/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > I meant, nothing plugged into the LAN NIC and nothing plugged into the OPT > 2 > NIC. > > Sorry about that. > > I am starting to wonder if this could be a RAM issue, as in, not enough of > it. > > Todd > > > - Original Message - > From: "Chris Buechler" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, September 21, 2005 9:19 AM > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > > > Mojo Jojo wrote: > > > >> > >> Just some further info.. > >> > >> System died last night again after approx 6 hours of uptime. > >> > >> I could still get to the GUI, could still SSH to it but it would pass > >> any > >> traffic through to the OPT 2 (DMZ) interface. > >> > >> I attempted to run /etc/rc.bootup at the command line which restarted > >> Pf > >> fine. After the restart of Pf (not the whole computer) everything thing > >> was still in the same shape with no traffic passing through to the DMZ. > >> > >> The only thing that corrected this was a reboot which I initiated via > >> the > >> Pf GUI. > >> > >> Further info: > >> V. 0.84 > >> Running on a PIII 933 with 128mb of ram. I have 4 Linksys NICS > >> installed > >> on the PCI bus and one on the motherboard which I had disabled. > >> > >> Onboard NIC (disabled in BIOS) > >> Linksys NIC 1 > LAN > >> Linksys NIC 2 > WAN (static IP on a T1 with ascend T1 router on other > >> end) > >> Linksys NIC 3 > OPT 1 (DMZ where servers are) > >> Linksys NIC 4 > OPT2 (not in use at the moment) > >> > >> The PC is a DELL, Pf is running on a Hard Drive. > >> > >> I installed a fresh copy of 0.84, this is not an upgrade. > >> > >> All Linksys/Network Everywhere NICS are identical model NC100. > >> > >> I have 26 aliases setup, 46 rules on the WAN tab, 14 rules on the DMZ > >> tab > >> and none on the LAN or OPT 2. > >> > >> I have nothing plugged into the WAN NIC and nothing plugged into the > >> LAN > >> NIC at this time. > >> > > > > umm, above you say it stops passing traffic, here you say you only have > > one NIC plugged in? It can't pass traffic with only one NIC plugged in. > > system logs after it stops passing traffic if it happens again may prove > > very useful. > > -cmb > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional co
RE: [pfSense Support] WARNING: R/W mount of denied. File system is not clean - run fsck
Just an FYI this is why you see the error message. You should only be worried if you see it twice. # Mount all. If it fails run a fsck. /sbin/mount -a || /sbin/fsck -y && /sbin/mount -a || /sbin/fsck -y The error message you've seen came from the first /sbin/mount -a. fsck then cleaned all the file systems (fsck -a). Had the file system been dirty after that you would have seen the error again, but that would mean something was really hosed as in Bad hard drive or some kind of storage communications error (flash, IDE or SCSI write error). -Original Message- From: Tomas Hodan [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 30, 2005 2:10 PM To: support@pfsense.com Subject: [pfSense Support] WARNING: R/W mount of denied. Filesystem is not clean - run fsck hi, I installed pfsense to CF card, booted once, repowered wrap and on next boot I got lot of messages like: WARNING: R/W mount of denied. Filesystem is not clean - run fsck should not be pfsense able to handle such situations? or I'm doing something wrong regards, tomas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Running multiple routed subnets on LAN interface
My guess is 172.16.11.x isn't being nated through the firewall. Tcpdump on WAN interface should reveal if its even getting out and if so what address is it being sourced with. Not sure what could be going on with OPT1, OPT3 and OPT4. could you send the output of netstat -rn also? (route table) Tcpdump -ni $wanif 'host $inter-router' Assuming that is what you are trace routing to. -Original Message- From: Ted Crow [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 3:28 PM To: Bill Marquette Cc: support@pfsense.com Subject: RE: [pfSense Support] Running multiple routed subnets on LAN interface I'll try to bump up to the latest version tonight and see what happens. Hopefully no crash this time... Anyway, here is a rough diagram, if you *really* want a Visio drawing I can do that too: +-+ | Internet Router | | Public Block | +-+ ^ | v <-WAN +--+ | pfSense Firewall |<---> OPT1 (172.16.2.1/24) |172.16.0.1|<---> OPT2 (Public, Bridged with WAN) | |<---> OPT3 (172.16.3.1/24) | |<---> OPT4 (172.16.4.1/24) +--+ ^ <-LAN | v +---+ +---+++ | Core Switch |-| core-side |->[T1]<-| remote-side | | 172.16.0.x/23 | | 172.16.0.2/23 || 172.16.11.1/24 | +---+ +---+++ | | | | | | ++ ++ |Core Network| | Remote Network | | 172.16.0.x /23 | | 172.16.11.x/24 | ++ ++ The firewall has the static route: Interface: LAN, NW:172.16.11.0/24, GW:172.16.0.2 There is a pass rule on LAN: 172.16.11.0/24 -> any Core gateway of last resort is 172.16.0.1 Remote gateway of last resort is 172.16.0.1 (Also tried 172.16.0.2) The Serial (T1) interface of each router is unnumbered to Ethernet. All routers are running IOS 12.3+ Core network default gateway: 172.16.0.1 Remote network default gateway: 172.16.11.1 Ted Crow MCP/W2K Information Technology Manager Tuttle Services, Inc. (419) 228-6262 x 247 -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 4:06 PM To: Ted Crow Cc: support@pfsense.com Subject: Re: [pfSense Support] Running multiple routed subnets on LAN interface iy yi yi...I can't ever begin to remember what bugs lurked back that far. Any chance you can upgrade to current? We're fixing stuff left and right, I'm not going to go back through the last three months changelogs to see if we've already fixed whatever might be affecting you (if anything). If it's still affecting you on something recent (preferably .80 at a minimum) we can take a look. --Bill PS. I agree with John, we need a network diagram. If you don't have Visio, please use Dia (http://www.gnome.org/projects/dia/) On 8/25/05, Ted Crow <[EMAIL PROTECTED]> wrote: > I am (still) running pfSense 70.4 and I am in the process of adding a > routed subnet to my LAN. > > I don't have any trouble seeing the remote LAN from my core LAN, nor > any trouble seeing the core LAN from the remote LAN. But, my remote > LAN gets no responses from devices on any other interface on the firewall. > > The routing appears to be correct as far as I can tell using > traceroute/ping. I can ping machines on the remote LAN from the > firewall, and the firewall from the remote network. The firewall > appears to be black-holing the remote LAN traffic. > > -- From REMOTE LAN -- > Tracing the route to xx.xx.xx.xx (public) > > 1 1 ms1 ms1 ms172.16.11.1 <--- New Remote (172.16.11/24) > 2 4 ms4 ms4 ms172.16.0.2 <--- Internal Router > (172.16.0/23) > 3 5 ms5 ms5 ms172.16.0.1 <--- pfSense Firewall > (172.16.0/23) > 4 * * * <--- should be Gateway Router > (public) > 5 * * * <--- should be ISP Router > (public) > ... <--- on to oblivion > > I do have a LAN rule explicitly allowing the remote subnet to have > full access to "any^3". > > Any ideas? Or do I just need to get the latest version of pfSense on > the box? > > Ted Crow > MCP/W2K > Information Technology Manager > Tuttle Services, Inc. > (419) 228-6262 x 247 > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe,
RE: [pfSense Support] Running multiple routed subnets on LAN interface
We don't need no stinking visio! -Original Message- From: Ted Crow [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 3:28 PM To: Bill Marquette Cc: support@pfsense.com Subject: RE: [pfSense Support] Running multiple routed subnets on LAN interface I'll try to bump up to the latest version tonight and see what happens. Hopefully no crash this time... Anyway, here is a rough diagram, if you *really* want a Visio drawing I can do that too: +-+ | Internet Router | | Public Block | +-+ ^ | v <-WAN +--+ | pfSense Firewall |<---> OPT1 (172.16.2.1/24) |172.16.0.1|<---> OPT2 (Public, Bridged with WAN) | |<---> OPT3 (172.16.3.1/24) | |<---> OPT4 (172.16.4.1/24) +--+ ^ <-LAN | v +---+ +---+++ | Core Switch |-| core-side |->[T1]<-| remote-side | | 172.16.0.x/23 | | 172.16.0.2/23 || 172.16.11.1/24 | +---+ +---+++ | | | | | | ++ ++ |Core Network| | Remote Network | | 172.16.0.x /23 | | 172.16.11.x/24 | ++ ++ The firewall has the static route: Interface: LAN, NW:172.16.11.0/24, GW:172.16.0.2 There is a pass rule on LAN: 172.16.11.0/24 -> any Core gateway of last resort is 172.16.0.1 Remote gateway of last resort is 172.16.0.1 (Also tried 172.16.0.2) The Serial (T1) interface of each router is unnumbered to Ethernet. All routers are running IOS 12.3+ Core network default gateway: 172.16.0.1 Remote network default gateway: 172.16.11.1 Ted Crow MCP/W2K Information Technology Manager Tuttle Services, Inc. (419) 228-6262 x 247 -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 4:06 PM To: Ted Crow Cc: support@pfsense.com Subject: Re: [pfSense Support] Running multiple routed subnets on LAN interface iy yi yi...I can't ever begin to remember what bugs lurked back that far. Any chance you can upgrade to current? We're fixing stuff left and right, I'm not going to go back through the last three months changelogs to see if we've already fixed whatever might be affecting you (if anything). If it's still affecting you on something recent (preferably .80 at a minimum) we can take a look. --Bill PS. I agree with John, we need a network diagram. If you don't have Visio, please use Dia (http://www.gnome.org/projects/dia/) On 8/25/05, Ted Crow <[EMAIL PROTECTED]> wrote: > I am (still) running pfSense 70.4 and I am in the process of adding a > routed subnet to my LAN. > > I don't have any trouble seeing the remote LAN from my core LAN, nor > any trouble seeing the core LAN from the remote LAN. But, my remote > LAN gets no responses from devices on any other interface on the firewall. > > The routing appears to be correct as far as I can tell using > traceroute/ping. I can ping machines on the remote LAN from the > firewall, and the firewall from the remote network. The firewall > appears to be black-holing the remote LAN traffic. > > -- From REMOTE LAN -- > Tracing the route to xx.xx.xx.xx (public) > > 1 1 ms1 ms1 ms172.16.11.1 <--- New Remote (172.16.11/24) > 2 4 ms4 ms4 ms172.16.0.2 <--- Internal Router > (172.16.0/23) > 3 5 ms5 ms5 ms172.16.0.1 <--- pfSense Firewall > (172.16.0/23) > 4 * * * <--- should be Gateway Router > (public) > 5 * * * <--- should be ISP Router > (public) > ... <--- on to oblivion > > I do have a LAN rule explicitly allowing the remote subnet to have > full access to "any^3". > > Any ideas? Or do I just need to get the latest version of pfSense on > the box? > > Ted Crow > MCP/W2K > Information Technology Manager > Tuttle Services, Inc. > (419) 228-6262 x 247 > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Running multiple routed subnets on LAN interface
Its hard to say without some kind of diagram and ip listing. -Original Message- From: Ted Crow [mailto:[EMAIL PROTECTED] Sent: Thursday, August 25, 2005 2:11 PM To: support@pfsense.com Subject: [pfSense Support] Running multiple routed subnets on LAN interface I am (still) running pfSense 70.4 and I am in the process of adding a routed subnet to my LAN. I don't have any trouble seeing the remote LAN from my core LAN, nor any trouble seeing the core LAN from the remote LAN. But, my remote LAN gets no responses from devices on any other interface on the firewall. The routing appears to be correct as far as I can tell using traceroute/ping. I can ping machines on the remote LAN from the firewall, and the firewall from the remote network. The firewall appears to be black-holing the remote LAN traffic. -- From REMOTE LAN -- Tracing the route to xx.xx.xx.xx (public) 1 1 ms1 ms1 ms172.16.11.1 <--- New Remote (172.16.11/24) 2 4 ms4 ms4 ms172.16.0.2 <--- Internal Router (172.16.0/23) 3 5 ms5 ms5 ms172.16.0.1 <--- pfSense Firewall (172.16.0/23) 4 * * * <--- should be Gateway Router (public) 5 * * * <--- should be ISP Router (public) ... <--- on to oblivion I do have a LAN rule explicitly allowing the remote subnet to have full access to "any^3". Any ideas? Or do I just need to get the latest version of pfSense on the box? Ted Crow MCP/W2K Information Technology Manager Tuttle Services, Inc. (419) 228-6262 x 247 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Virtual IPs not working
# ifconfig rl1 inet 192.168.3.1 netmask 255.255.255.0 alias The mask is almost always 255.255.255.255 for alias ips on FreeBSD btw. -Original Message- From: Bastian Schern [mailto:[EMAIL PROTECTED] Sent: Monday, August 22, 2005 3:25 PM To: Scott Ullrich Cc: support@pfsense.com Subject: Re: [pfSense Support] Virtual IPs not working Bastian Schern schrieb: [...] > The Virtual IPs on the WAN side should be forwarded to different LAN Hosts. > I Already fixed the 1:1 NAT problem. I had to open the LAN Ports for WAN and not the external WAN IP. ;-) > The internal Virtual IPs should be pingable. The FW should handle 3 > Private LANs: 192.168.0.0/24, 192.168.3.0/24 and 192.168.101.0/24. --- snip --- other lan Private LAN single 32 192.168.3.1 other lan AH-P LAN single 32 192.168.101.1 proxyarp wan WAN Subnet network 28 213.xxx.xxx.64 --- snap --- --- snip --- # ifconfig rl1 rl1: flags=8843 mtu 1500 options=8 inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 inet6 fe80::2e0:7dff:fe98:5c60%rl1 prefixlen 64 scopeid 0x2 ether 00:e0:7d:98:5c:60 media: Ethernet autoselect (100baseTX ) status: active --- snap --- It looks like the virtual IPs are not existing. If I try to ping e.g. 192.168.3.1 I get "Destination Host Unreachable". But if I try to setup the virtual IP manualy I get this: # ifconfig rl1 inet 192.168.3.1 netmask 255.255.255.0 alias ifconfig: ioctl (SIOCAIFADDR): File exists Is this a bug or a feature? ;-) Regards Bastian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Virtual IPs not working
Do you have a second machine directly connected to 213.x.x.67? If so try to ping .67 and check the local arp table. If .67 shows up on the machine that is trying to ping .67 then you have a firewall/nat/route issue. If it doesn't show up then there is something wrong with the virtual ip. Let us/me know either way and we'll see what we can do. -Original Message- From: Bastian Schern [mailto:[EMAIL PROTECTED] Sent: Monday, August 22, 2005 2:00 PM To: Scott Ullrich Cc: support@pfsense.com Subject: Re: [pfSense Support] Virtual IPs not working I already set up a 1:1 NAT: --- snip --- 213.xxx.xxx.67 192.168.101.67 32 maja55 wan 213.xxx.xxx.68 192.168.0.2 32 lion wan --- snap --- The Virtual IPs on the WAN side should be forwarded to different LAN Hosts. The internal Virtual IPs should be pingable. The FW should handle 3 Private LANs: 192.168.0.0/24, 192.168.3.0/24 and 192.168.101.0/24. Is this Possible? Regards Bastian Scott Ullrich schrieb: > You cannot ping proxy-arp'd ips unless there are 1:1 NAT setup. > > Is this how your forwarding or using port forward? > > Scott > > > On 8/22/05, Bastian Schern <[EMAIL PROTECTED]> wrote: > >>Hi, >> >>I'm using pfSense Version 0.79.2 and my Virtual IPs are not functional. >> >>--- snip --- >> >> >>proxyarp >>wan >>WAN Subnet >>network >>28 >>213.191.xxx.xxx >> >> >>proxyarp >>lan >>Private LAN >>single >>32 >>192.168.3.1 >> >> >>proxyarp >>lan >>AH-P LAN >>single >>32 >>192.168.101.1 >> >> >>--- snap --- >> >>It's not possible to ping any Virtual Interface. Most important thing is >>to get the external IPs back to work. Because all of them should be >>forwarded to Webserver, Mailserver, ... >> >>Regards >>Bastian >> >>- >>To unsubscribe, e-mail: [EMAIL PROTECTED] >>For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] iperf question
I'd also like to know which rl cards these are. Can you send the output of pciconf -lv? thanks -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Friday, August 19, 2005 8:31 AM Cc: support@pfsense.com Subject: Re: [pfSense Support] iperf question On 8/18/05, Randy B <[EMAIL PROTECTED]> wrote: > Chris Buechler wrote: > > Not unless you're running both a client and server at each end. > > Unfortunately, not the case - Yes it is. iperf doesn't test full duplex, it's one direction only (with one connection, run a server and a client on each side and you can test full duplex). You'll never get more than 100 Mb on a 100Mb link or 10 Mb on a 10 Mb link, even if it's full duplex, with a single iperf server and client. > > I'm able to get 93Mb to another machine on the network - acceptable, > given the cheap switch I have. > that's roughly as good as you're going to get on 100 Mb. > > I have two rl cards and one sis - sis0 is linked to my cable modem and > my LAN is to rl0. The RL NICs are both rather new, and both say they've > autonegotiated at 100Mb. rl's are known for poor performance, but should be better than that unless you're only running a 100-200 MHz machine or so. what duplex does it say? or does it not say? I'm still thinking duplex mismatch, though 20 something Mb is quite a bit for having a mismatch. You should be seeing: media: Ethernet autoselect (100baseTX ) in your ifconfig output. Exactly what are you seeing on that line? -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]