Re: [pfSense Support] I love my WRAP
Because? Are you saying that both brands are bad or bad to use in the same machine? What card would you recommend? --Todd PS My WRAP with PfSense is still rock solid almost a month (I think). - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 16, 2005 7:50 AM Subject: Re: [pfSense Support] I love my WRAP Linksys and Netgear NICS. Problem solved. Scott On 11/16/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Two were Dells with a mix of Linksys and Netgear NICS. 1 with 128 mb ram and 1 with 256. Both had 1ghz processors approx.. Other was a generic board with a via chipset, same NICS mentioned and 512 mb of ram and AMD 1.4 or somewhere close. I have lots of post about my problems I am sure folks can find. Lots of help was offered, it was just too hard to wait while it was going down constantly on our production network. We had TONS of issues. Our setup was and still is this: LAN > Unused WAN > T1 Router Opt1 > Server DMZ Network bridged to the WAN interface No traffic shaping or anything else really in use. Hope this helps.. - Original Message - From: "Holger Bauer" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 16, 2005 1:30 AM Subject: AW: [pfSense Support] I love my WRAP Thanks for the info, but pfSense should run fine on other hardware than WRAPS as well AND it actually DOES run stable on other hardware as well. The WRAP is a very fine device, I agree, but if it comes to pushing larger loads you need something with more power under the hood (a WRAP does 28+ mbit/s with maxed out CPU). Can you provide info about the 3 other systems that caused all these troubles? Maybe someone might find it useful for avoiding some components or replacing some parts to get stability? Holger > -Ursprüngliche Nachricht- > Von: Mojo Jojo [mailto:[EMAIL PROTECTED] > Gesendet: Mittwoch, 16. November 2005 06:51 > An: PfSense Support List > Betreff: [pfSense Support] I love my WRAP > > > Just wanted to report that after many miserable weeks/months > of trying to > get PfSense to run in any sort of stable/production situation > on 3 different > PC's, I finally bought a WRAP a few weeks ago and I couldn't > be happier! > > While on any of the three PC's my PfSense box would go down > anywhere between > 0-8 times a night. Sometimes it would last 2 or 3 days > without going down > but sometimes it would go into fits where it would go down > over and over > ever 10 minutes, it would do this 10-12 times in a row before > staying up. > > I was about to give up on the product when I purchased a > WRAP, since putting > PfSense on the WRAP with basically the same config as before, > I have had > nothing but sheer joy! > > I am going on 17 days of straight uptime without so much as a hiccup. > > I don't know what was up with my three different pieces of > hardware and > PfSense but I do know that all is well now running 0.88 on the WRAP. > > So, the purpose of my post is to let you folks know if you are have > stability issues in a production environment and really want > to get to a > better place quickly, BUY A WRAP! > > No I do not get anything out of this, just trying to save > others from going > through the pain I did and go straight to the Joy of a stable PfSense > solution. > > Hope this helps some of you. > > --Todd > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] I love my WRAP
Two were Dells with a mix of Linksys and Netgear NICS. 1 with 128 mb ram and 1 with 256. Both had 1ghz processors approx.. Other was a generic board with a via chipset, same NICS mentioned and 512 mb of ram and AMD 1.4 or somewhere close. I have lots of post about my problems I am sure folks can find. Lots of help was offered, it was just too hard to wait while it was going down constantly on our production network. We had TONS of issues. Our setup was and still is this: LAN > Unused WAN > T1 Router Opt1 > Server DMZ Network bridged to the WAN interface No traffic shaping or anything else really in use. Hope this helps.. - Original Message - From: "Holger Bauer" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 16, 2005 1:30 AM Subject: AW: [pfSense Support] I love my WRAP Thanks for the info, but pfSense should run fine on other hardware than WRAPS as well AND it actually DOES run stable on other hardware as well. The WRAP is a very fine device, I agree, but if it comes to pushing larger loads you need something with more power under the hood (a WRAP does 28+ mbit/s with maxed out CPU). Can you provide info about the 3 other systems that caused all these troubles? Maybe someone might find it useful for avoiding some components or replacing some parts to get stability? Holger -Ursprüngliche Nachricht- Von: Mojo Jojo [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 16. November 2005 06:51 An: PfSense Support List Betreff: [pfSense Support] I love my WRAP Just wanted to report that after many miserable weeks/months of trying to get PfSense to run in any sort of stable/production situation on 3 different PC's, I finally bought a WRAP a few weeks ago and I couldn't be happier! While on any of the three PC's my PfSense box would go down anywhere between 0-8 times a night. Sometimes it would last 2 or 3 days without going down but sometimes it would go into fits where it would go down over and over ever 10 minutes, it would do this 10-12 times in a row before staying up. I was about to give up on the product when I purchased a WRAP, since putting PfSense on the WRAP with basically the same config as before, I have had nothing but sheer joy! I am going on 17 days of straight uptime without so much as a hiccup. I don't know what was up with my three different pieces of hardware and PfSense but I do know that all is well now running 0.88 on the WRAP. So, the purpose of my post is to let you folks know if you are have stability issues in a production environment and really want to get to a better place quickly, BUY A WRAP! No I do not get anything out of this, just trying to save others from going through the pain I did and go straight to the Joy of a stable PfSense solution. Hope this helps some of you. --Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] I love my WRAP
Just wanted to report that after many miserable weeks/months of trying to get PfSense to run in any sort of stable/production situation on 3 different PC's, I finally bought a WRAP a few weeks ago and I couldn't be happier! While on any of the three PC's my PfSense box would go down anywhere between 0-8 times a night. Sometimes it would last 2 or 3 days without going down but sometimes it would go into fits where it would go down over and over ever 10 minutes, it would do this 10-12 times in a row before staying up. I was about to give up on the product when I purchased a WRAP, since putting PfSense on the WRAP with basically the same config as before, I have had nothing but sheer joy! I am going on 17 days of straight uptime without so much as a hiccup. I don't know what was up with my three different pieces of hardware and PfSense but I do know that all is well now running 0.88 on the WRAP. So, the purpose of my post is to let you folks know if you are have stability issues in a production environment and really want to get to a better place quickly, BUY A WRAP! No I do not get anything out of this, just trying to save others from going through the pain I did and go straight to the Joy of a stable PfSense solution. Hope this helps some of you. --Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] WRAP/PfSense & PCMCIA :)
COOL! There are Linux drivers, not sure if someone can port them. Thanks.. Any chance PfSense will work with this? Can it maybe see it as a NIC or a Modem? - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Tuesday, November 08, 2005 11:45 AM Subject: Re: [pfSense Support] WRAP/PfSense & PCMCIA :) For this task you could use a Soekris 4511 which has a PCMCIA slot. I however have no clue if FreeBSD has support for the verizon. On 11/8/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: This is why I am asking, I think it would be slick to have a self contained wireless router that works almost anywhere you can get a Verizon signal. VERY slick! Been drooling over this idea for a while, I emailed PC Engines, maybe they will consider a board with a PCMCIA slot. --Todd - Original Message - From: "Robert Goley" <[EMAIL PROTECTED]> To: Sent: Tuesday, November 08, 2005 8:24 AM Subject: Re: [pfSense Support] WRAP/PfSense & PCMCIA :) >I would like to see support for some form of the Verizon cards. I have > thought of making a wireless internet router using pfsense and the > Verizon cellular broadband service. > > Robert > > On Tue, 2005-11-08 at 03:01 -0600, Mojo Jojo wrote: >> Has anyone considered trying to get a WRAP and PfSense working with a >> PCMCIA >> interface and the Verizon wireless cards? >> >> I have been thinking about this for a while and thought it would be >> worth >> a >> post to see what sort of trouble I could stir up :) >> >> I have already been successful getting the cards to work in Linux, just >> really need the PCMCIA interface with CardBus support. >> >> Maybe a MiniPCI to PCMCIA converter? Beats me.. >> >> Thoughts? >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] WRAP/PfSense & PCMCIA :)
This is why I am asking, I think it would be slick to have a self contained wireless router that works almost anywhere you can get a Verizon signal. VERY slick! Been drooling over this idea for a while, I emailed PC Engines, maybe they will consider a board with a PCMCIA slot. --Todd - Original Message - From: "Robert Goley" <[EMAIL PROTECTED]> To: Sent: Tuesday, November 08, 2005 8:24 AM Subject: Re: [pfSense Support] WRAP/PfSense & PCMCIA :) I would like to see support for some form of the Verizon cards. I have thought of making a wireless internet router using pfsense and the Verizon cellular broadband service. Robert On Tue, 2005-11-08 at 03:01 -0600, Mojo Jojo wrote: Has anyone considered trying to get a WRAP and PfSense working with a PCMCIA interface and the Verizon wireless cards? I have been thinking about this for a while and thought it would be worth a post to see what sort of trouble I could stir up :) I have already been successful getting the cards to work in Linux, just really need the PCMCIA interface with CardBus support. Maybe a MiniPCI to PCMCIA converter? Beats me.. Thoughts? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] WRAP/PfSense & PCMCIA :)
Has anyone considered trying to get a WRAP and PfSense working with a PCMCIA interface and the Verizon wireless cards? I have been thinking about this for a while and thought it would be worth a post to see what sort of trouble I could stir up :) I have already been successful getting the cards to work in Linux, just really need the PCMCIA interface with CardBus support. Maybe a MiniPCI to PCMCIA converter? Beats me.. Thoughts? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] forums vs mailing list
I am always a bigger fan of forums, where do I find this forum? Of course, will take the PfSense help wherever it's offered :) I just think forums have more features, easier to use and I don't have to download and store a bunch of stuff I don't care about, instead I can browse the threads or search for what I need. I know there are many that prefer list but I just can't see the point of having my email client notifying me of new mail every two seconds for a bunch of emails I could care less about most times. --Todd - Original Message - From: Holger Bauer To: support@pfsense.com Sent: Sunday, November 06, 2005 6:36 PM Subject: AW: [pfSense Support] forums vs mailing list The forum was a kind of "experiment". There were many people complaining about the lists demanding a forum. We don't shut down the ML because of the forum. Actually it's up to the user to decide if the forum or the ml is the better way. From what it looks at the moment, most people seem to like the forums more. We could try to setup a mailinfo if a new post is started in the forum to help keep the ml informed what's going on. Would you think this is a good idea to have? Holger -Ursprüngliche Nachricht-Von: alan walters [mailto:[EMAIL PROTECTED]Gesendet: Montag, 7. November 2005 00:46An: support@pfsense.comBetreff: [pfSense Support] forums vs mailing list Now there is not much email in the mailig lists. I am disappointed about this change. Felt I ad to voice my concern. I follow pfsense from a development point of view. I know forums are great for archiving but very annoying for people that just want to stay up to date. Sorry for the gripe but felt it was nessercery. Regards alanVirus checked by G DATA AntiVirusKit
[pfSense Support] Host Names instead of IPs when setting up an alias
We have an alias setup with all the home IPs of our employees. Problem we have is they all have dynamic IPs that change. I am wondering if I can have each of them setup a hostname with a service like dyndns.org and enter their hostname in the alias list instead of their IPs which should keep their access through the firewall working, even when their IPs change. Will this work? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Scott, Trying to get the latest full version since you explained that the update doesn't update the BSD code. You gave me this URL: http://www.pfsense.com/~sullrich/ The files were there the other day but are gone now, I don't see this version on the mirrors. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:17 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Nope. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Doh! No better way to do this than removing the CF card and rewriting the whole thing? Just curious.. Thanks - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:52 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k If you are on a embedded image you need to reflash. The mini update does not contain freebsd changes! On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > OK, I got the latest version from the URL below.. > > I changed the line from sis1 to ng0 in /tmp/rules.debug > > I ran: > > # pfctl -f /tmp/rules.debug > pfctl: ng0: driver does not support altq > > As you can see I still get the same error. > > Todd > - Original Message - > From: "Scott Ullrich" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 4:11 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link > speed > to > less than 100k > > > Grab the latest version which does support ALTQ on NG0. > > http://www.pfsense.com/~sullrich/ > > Repeat tests and report back what Dan is looking for. > > On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > Hmmm... > > > > Since I turned shaper back off.. I had to turn it back on, I noticed > > that > > my > > changes to /tmp/rules.debug had gone away so I put the ng0 back on the > > line > > where it belongs. > > > > After doing so, I ran: > > > > # pfctl -f /tmp/rules.debug > > pfctl: ng0: driver does not support altq > > > > and you see what I am getting. > > > > So... > > > > What now? > > > > Todd > > - Original Message - > > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > > To: > > Sent: Wednesday, October 26, 2005 3:53 PM > > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link > > speed > > to > > less than 100k > > > > > > > At 04:51 PM 10/26/2005, you wrote: > > >>OK, I did it and my link is still hosed. > > >> > > >>Do you want me to run any of those commands again or anything else > > >>now > > >>that I have reloaded the rules? > > > > > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > > > > > > > > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FreeBSD 6 release with 2 days
That's great bill, thanks.. Moving sucks :) Todd - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Thursday, October 27, 2005 5:37 PM Subject: Re: [pfSense Support] FreeBSD 6 release with 2 days On 10/27/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: >> LAN/WAN will no longer be hardcoded, interfaces will become selectable - HOWEVER, you will still only be able to shape between two interfaces >> Sweet, so are you saying that I will be able to use the shaper wizard to prioritize VOIP traffic from and to my Opt1 interface in a bridged Wan/Opt1 environment? Yes. Lastly, when will this become available? In the 1.0 beta? If so, any idea when this is going to be released? I have most of the code for it written although I'm going to rewrite it a hair to match the exact specs I just mentioned ;) I'll commit it in the next few days, depending on how much we realize we still have to pack. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FreeBSD 6 release with 2 days
I can try to help test things concerning PPPOE when I have hardware available to do so. My hardware goes back and forth between the office and home. PPPOE is at home only and I don't plan on losing it any time soon. Todd - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Thursday, October 27, 2005 5:35 PM Subject: Re: [pfSense Support] FreeBSD 6 release with 2 days On 10/27/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: >> This should be in the next image, we (Scott) recently backported the change from FreeBSD -CURRENT. >> Oops, one more question regarding this comment above. So, are you saying that I should be able to use the wizard to prioritize VOIP traffic to/from my PPPOE/Lan connection? Yes, assuming it (the FreeBSD code) works (I have no reason to assume it won't). We need testers ;-P In 4 days I lose my PPPOE, so we'll officially have no developers using it (except for Hoba and he tries very hard to stay away from the PHP) in production. Lastly, when you say the next image? You mean the next version release? Will there be a WRAP version of this image? What version number should I look for? Next version release, I'm not sure what that will be, Scott's the release master .89.8 maybe? --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FreeBSD 6 release with 2 days
This should be in the next image, we (Scott) recently backported the change from FreeBSD -CURRENT. Oops, one more question regarding this comment above. So, are you saying that I should be able to use the wizard to prioritize VOIP traffic to/from my PPPOE/Lan connection? Lastly, when you say the next image? You mean the next version release? Will there be a WRAP version of this image? What version number should I look for? Thanks! Todd - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Thursday, October 27, 2005 5:20 PM Subject: Re: [pfSense Support] FreeBSD 6 release with 2 days On 10/27/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: General comments about traffic shaping in PFSense from a fairly new user who chose Pfsense mostly because it did offer traffic shaping. This may sound like a put down and I don't mean it that way, I just want you to see it from another point of view. Taken as such. I setup the WRAP at home to burn it in before putting it in front of my NOC in a production environment. Since it was at home, I figured hey, what a great chance to setup and try out the Traffic shaping since I am now part of the 80 percent (at least while testing) who uses Wan/Lan. Also figured I may replace IP Cop with PfSense at home on a WRAP just because it's smaller, less noisy etc. and I like PfSense. So then I ran into the issue where traffic shaping can't currently be used with PPPOE. Not sure about other countries but at least in the US, many DSL offerings only offer PPPOE. This should be in the next image, we (Scott) recently backported the change from FreeBSD -CURRENT. So, I am once again out of luck with the shaper. For me, the shaper has been non existent because I can't use it in any of my environments, office or home. I swear, I am not bitching at all, you guys are all great!! I only want you to see what I see which is that the shaping tools seem to only work for a very small set of configurations at this point and maybe when working on it you can keep this in mind. I only mention it to you because you said you will be working on it in the near future etc. Absolutely. I'll be putting interface selection into 1.0, since I can't fix some of the other stuff in time for 1.0. I still need to re-flash my card with the latest version and continue with the trouble shooting Dan and Scott were doing with me. Even if this does work with my Wan/Lan setup, the real place I need it to work is at our office which is a Bridging setup WAN/Opt1. Thoughts? Concerns? Flames? It may seem like comments go into a black hole, but I do listen to them and do try and incorporate them when it makes sense. My biggest concern right now is to not do anything that looks like a feature and to write as little code as possible to fix what's currently broken so I'm not rewriting gobs of code during the larger rewrite. So to summarize stuff that I'm expecting to make into our 1.0 release: LAN/WAN will no longer be hardcoded, interfaces will become selectable - HOWEVER, you will still only be able to shape between two interfaces PPPOE support (already merged) Any 'I do this and it blows up' fixes (although they might not be appreciated, the queue addition removal I mentioned earlier) FTP shaping (it'll be crude at best, but _should_ work) One or two other minor items that slip my mind right now Post 1.0...heh, too many items to list, although it probably won't be the end-all :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FreeBSD 6 release with 2 days
LAN/WAN will no longer be hardcoded, interfaces will become selectable - HOWEVER, you will still only be able to shape between two interfaces Sweet, so are you saying that I will be able to use the shaper wizard to prioritize VOIP traffic from and to my Opt1 interface in a bridged Wan/Opt1 environment? This is exactly what I need to do and I wanted to clarify. Lastly, when will this become available? In the 1.0 beta? If so, any idea when this is going to be released? Sorry for all the questions, just excited about the changes and the product in general. Also, I need to make some plans and PfSense are part of them. Thanks! - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Thursday, October 27, 2005 5:20 PM Subject: Re: [pfSense Support] FreeBSD 6 release with 2 days On 10/27/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: General comments about traffic shaping in PFSense from a fairly new user who chose Pfsense mostly because it did offer traffic shaping. This may sound like a put down and I don't mean it that way, I just want you to see it from another point of view. Taken as such. I setup the WRAP at home to burn it in before putting it in front of my NOC in a production environment. Since it was at home, I figured hey, what a great chance to setup and try out the Traffic shaping since I am now part of the 80 percent (at least while testing) who uses Wan/Lan. Also figured I may replace IP Cop with PfSense at home on a WRAP just because it's smaller, less noisy etc. and I like PfSense. So then I ran into the issue where traffic shaping can't currently be used with PPPOE. Not sure about other countries but at least in the US, many DSL offerings only offer PPPOE. This should be in the next image, we (Scott) recently backported the change from FreeBSD -CURRENT. So, I am once again out of luck with the shaper. For me, the shaper has been non existent because I can't use it in any of my environments, office or home. I swear, I am not bitching at all, you guys are all great!! I only want you to see what I see which is that the shaping tools seem to only work for a very small set of configurations at this point and maybe when working on it you can keep this in mind. I only mention it to you because you said you will be working on it in the near future etc. Absolutely. I'll be putting interface selection into 1.0, since I can't fix some of the other stuff in time for 1.0. I still need to re-flash my card with the latest version and continue with the trouble shooting Dan and Scott were doing with me. Even if this does work with my Wan/Lan setup, the real place I need it to work is at our office which is a Bridging setup WAN/Opt1. Thoughts? Concerns? Flames? It may seem like comments go into a black hole, but I do listen to them and do try and incorporate them when it makes sense. My biggest concern right now is to not do anything that looks like a feature and to write as little code as possible to fix what's currently broken so I'm not rewriting gobs of code during the larger rewrite. So to summarize stuff that I'm expecting to make into our 1.0 release: LAN/WAN will no longer be hardcoded, interfaces will become selectable - HOWEVER, you will still only be able to shape between two interfaces PPPOE support (already merged) Any 'I do this and it blows up' fixes (although they might not be appreciated, the queue addition removal I mentioned earlier) FTP shaping (it'll be crude at best, but _should_ work) One or two other minor items that slip my mind right now Post 1.0...heh, too many items to list, although it probably won't be the end-all :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FreeBSD 6 release with 2 days
Were the graphs fixed on the main page? CPU/Mem usage etc? Not sure but I know this was broke before. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Thursday, October 27, 2005 1:21 PM Subject: [pfSense Support] FreeBSD 6 release with 2 days Okay, the time is here. We now need to start a massive push to find and kill any remaining bugs. Please test every nook and cranny of pfSense and report back if you have problems. We really need to buckle down and get the remaining bugs removed. So starting today begins the official final push on the road to beta! Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FreeBSD 6 release with 2 days
General comments about traffic shaping in PFSense from a fairly new user who chose Pfsense mostly because it did offer traffic shaping. This may sound like a put down and I don't mean it that way, I just want you to see it from another point of view. I tried to use it with my setup at our NOC if you remember and couldn't because it doesn't support using it in a bridged environment. You mentioned that you went after the 80/20 rule meaning that 80 percent of people use PfSense in a Wan/Lan setup and that it only works in a Wan/Lan setup, not in a bridged setup Wan/Opt1 etc. So, I thought.. Bummer, I will wait and hope it will work for me in the future and decided to stick with PfSense until this happens at some point. Due to ongoing issues with more than one computer just dying over and over and taking my network out (PfSense on PC hardware) I decided to give the WRAP platform a try. I setup the WRAP at home to burn it in before putting it in front of my NOC in a production environment. Since it was at home, I figured hey, what a great chance to setup and try out the Traffic shaping since I am now part of the 80 percent (at least while testing) who uses Wan/Lan. Also figured I may replace IP Cop with PfSense at home on a WRAP just because it's smaller, less noisy etc. and I like PfSense. So then I ran into the issue where traffic shaping can't currently be used with PPPOE. Not sure about other countries but at least in the US, many DSL offerings only offer PPPOE. So, I am once again out of luck with the shaper. For me, the shaper has been non existent because I can't use it in any of my environments, office or home. I swear, I am not bitching at all, you guys are all great!! I only want you to see what I see which is that the shaping tools seem to only work for a very small set of configurations at this point and maybe when working on it you can keep this in mind. I only mention it to you because you said you will be working on it in the near future etc. I sincerely hope you don't take my comments as anything but useful in your development. I still need to re-flash my card with the latest version and continue with the trouble shooting Dan and Scott were doing with me. Even if this does work with my Wan/Lan setup, the real place I need it to work is at our office which is a Bridging setup WAN/Opt1. Thoughts? Concerns? Flames? Todd - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Thursday, October 27, 2005 2:22 PM Subject: Re: [pfSense Support] FreeBSD 6 release with 2 days On 10/27/05, Szasz Revai Endre <[EMAIL PROTECTED]> wrote: Yesss, Finally the release which will fix those nasty stuff in the kernel now providing full uniprocessor usage. Because the kernel of the 5.x didn't really support uniprocessors from scratch, it was just a tare-down from SMP. Okay first bug, even if it's not core pfsense, is the squid package, it still doesn't treat that ACL list problem. I think Bill won't have time to play with the traffic shaper enabling users to use multiple parent queues. The rest of the traffic shaper interface superb, thanks Bill! I move in 4 days, I plan on spending every last second I can before the move hammering on the shaper. For 1.0 I'm going to remove the ability to custom create queues - sorry, it's part of the issue. The wizard will be required to generate a shaper config (custom rules after the fact will still be supported), so please hammer at rules and the wizard - I'll work on any fixes for that for release. I've got some good ideas for post 1.0, alot of them will make it into the code soon, just in HEAD, not in RELENG_1. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Doh! No better way to do this than removing the CF card and rewriting the whole thing? Just curious.. Thanks - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:52 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k If you are on a embedded image you need to reflash. The mini update does not contain freebsd changes! On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: OK, I got the latest version from the URL below.. I changed the line from sis1 to ng0 in /tmp/rules.debug I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq As you can see I still get the same error. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Grab the latest version which does support ALTQ on NG0. http://www.pfsense.com/~sullrich/ Repeat tests and report back what Dan is looking for. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > Hmmm... > > Since I turned shaper back off.. I had to turn it back on, I noticed > that > my > changes to /tmp/rules.debug had gone away so I put the ng0 back on the > line > where it belongs. > > After doing so, I ran: > > # pfctl -f /tmp/rules.debug > pfctl: ng0: driver does not support altq > > and you see what I am getting. > > So... > > What now? > > Todd > - Original Message - > From: "Dan Swartzendruber" <[EMAIL PROTECTED]> > To: > Sent: Wednesday, October 26, 2005 3:53 PM > Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link > speed > to > less than 100k > > > > At 04:51 PM 10/26/2005, you wrote: > >>OK, I did it and my link is still hosed. > >> > >>Do you want me to run any of those commands again or anything else now > >>that I have reloaded the rules? > > > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
So then no PfSense for me or at least no VOIP prioritization for me on my home connection? Just confirming before I give up. Thanks everyone (Dan, Scott, Bill) for your help with this! Todd - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:48 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: altq on sis1 hfsc queue { qWANRoot } altq on sis0 hfsc queue { qLANRoot } Ahahhaha, oops. Looks like I need to put a better check in the wizard :) I forgot that ng0 isn't what shows up in the XML config, doh. At this time ALTQ isn't supported for PPPOE, I believe we just backported the FreeBSD fix for this that's in HEAD. But that totally explains your issue (I think) :) --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
At the beginning of the wizard when it ask for: The download speed of your WAN link in Kbits/second. and The upload speed of your WAN link in Kbits/second. It wants the speed of the DSL connection right? Not the speed of the actual NIC (10mb or 100mb etc.)? How about in the Interfaces>WAN and Interfaces>LAN? I assume that here it wants the actual speed of the NIC, right? Todd - Original Message - From: "Mojo Jojo" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:31 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k OK, I got the latest version from the URL below.. I changed the line from sis1 to ng0 in /tmp/rules.debug I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq As you can see I still get the same error. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Grab the latest version which does support ALTQ on NG0. http://www.pfsense.com/~sullrich/ Repeat tests and report back what Dan is looking for. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Hmmm... Since I turned shaper back off.. I had to turn it back on, I noticed that my changes to /tmp/rules.debug had gone away so I put the ng0 back on the line where it belongs. After doing so, I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq and you see what I am getting. So... What now? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:53 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k > At 04:51 PM 10/26/2005, you wrote: >>OK, I did it and my link is still hosed. >> >>Do you want me to run any of those commands again or anything else now >>that I have reloaded the rules? > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
OK, I got the latest version from the URL below.. I changed the line from sis1 to ng0 in /tmp/rules.debug I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq As you can see I still get the same error. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 4:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Grab the latest version which does support ALTQ on NG0. http://www.pfsense.com/~sullrich/ Repeat tests and report back what Dan is looking for. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Hmmm... Since I turned shaper back off.. I had to turn it back on, I noticed that my changes to /tmp/rules.debug had gone away so I put the ng0 back on the line where it belongs. After doing so, I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq and you see what I am getting. So... What now? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:53 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k > At 04:51 PM 10/26/2005, you wrote: >>OK, I did it and my link is still hosed. >> >>Do you want me to run any of those commands again or anything else now >>that I have reloaded the rules? > > yes, please send 'pfctl -sq' now that you reloaded 'em. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Hmmm... Since I turned shaper back off.. I had to turn it back on, I noticed that my changes to /tmp/rules.debug had gone away so I put the ng0 back on the line where it belongs. After doing so, I ran: # pfctl -f /tmp/rules.debug pfctl: ng0: driver does not support altq and you see what I am getting. So... What now? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:53 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 04:51 PM 10/26/2005, you wrote: OK, I did it and my link is still hosed. Do you want me to run any of those commands again or anything else now that I have reloaded the rules? yes, please send 'pfctl -sq' now that you reloaded 'em. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
OK, I did it and my link is still hosed. Do you want me to run any of those commands again or anything else now that I have reloaded the rules? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:38 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 04:36 PM 10/26/2005, you wrote: Reloaded? How? after editing /tmp/rules.debug, you need to do 'pfctl -f /tmp/rules.debug' or your changes have no effect. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Reloaded? How? - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:27 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 04:12 PM 10/26/2005, you wrote: queue root_sis1 bandwidth 10Mb priority 0 {qWANRoot} are you sure you reloaded the rules after changing sis1 to ng0? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
- # pfctl -sq queue root_sis1 bandwidth 10Mb priority 0 {qWANRoot} queue qWANRoot bandwidth 768Kb priority 6 {qWANdef, qWANacks, qVOIPUp} queue qWANdef bandwidth 7.68Kb priority 3 hfsc( default realtime(76.80Kb 1 76.80Kb) linkshare(0 b 1000 76.80Kb) upperlimit(768Kb 100 691.20Kb) ) queue qWANacks bandwidth 7.68Kb priority 6 hfsc( realtime(76.80Kb 1 76.80Kb) linkshare(0 b 1000 76.80Kb) upperlimit(614.40Kb 1 614.40Kb) ) queue qVOIPUp bandwidth 7.68Kb priority 7 hfsc( red ecn realtime(256Kb 1 256Kb) linkshare(0 b 1000 76.80Kb) upperlimit(256Kb 1 256Kb) ) queue root_sis0 bandwidth 100Mb priority 0 {qLANRoot} queue qLANRoot bandwidth 1.50Mb priority 6 {qLANdef, qLANacks, qVOIPDown} queue qLANdef bandwidth 15Kb priority 3 hfsc( default realtime(150Kb 1 150Kb) linkshare(0 b 1000 150Kb) upperlimit(1.50Mb 100 1.35Mb) ) queue qLANacks bandwidth 15Kb priority 6 hfsc( realtime(150Kb 1 150Kb) linkshare(0 b 1000 150Kb) upperlimit(1.20Mb 1 1.20Mb) ) queue qVOIPDown bandwidth 15Kb priority 7 hfsc( red ecn realtime(256Kb 1 256Kb) linkshare(0 b 1000 150Kb) upperlimit(256Kb 1 256Kb) ) # -- -- # # pfctl -sr scrub on ng0 all max-mss 1452 fragment reassemble pass in on sis0 inet from 192.168.1.0/24 to any tos 0x10 keep state tag qVOIPDown pass out on ng0 all tos 0x10 keep state tag qVOIPUp pass in on ng0 inet from any to 192.168.1.0/24 tos 0x10 keep state tag qVOIPUp pass out on sis0 inet from any to 192.168.1.0/24 tos 0x10 keep state tag qVOIPDown anchor "firewallrules" all anchor "loopback" all pass in quick on lo0 all label "pass loopback" pass out quick on lo0 all label "pass loopback" anchor "packageearly" all anchor "carp" all anchor "ftpproxy" all anchor "pftpx/*" all pass in quick on ng0 inet proto tcp from any port = ftp-data to (ng0) port > 49000 user = 62 flags S/SA keep state label "FTP PROXY: PASV mode data connection" anchor "dhcpserverlan" all pass in quick on sis0 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps label "allow access to DHCP server on LAN" pass in quick on sis0 inet proto udp from any port = bootpc to 192.168.1.1 port = bootps label "allow access to DHCP server on LAN" pass out quick on sis0 inet proto udp from 192.168.1.1 port = bootps to any port = bootpc label "allow access to DHCP server on LAN" anchor "wanspoof" all block drop in log quick on ng0 inet from 192.168.1.0/24 to any label "WAN spoof check" anchor "wandhcp" all pass out quick on ng0 proto udp from any port = bootpc to any port = bootps label "allow dhcp client out wan" block drop in log quick on ng0 inet proto udp from any port = bootps to 192.168.1.0/24 port = bootpc label "allow dhcp client out wan" pass in quick on ng0 proto udp from any port = bootps to any port = bootpc label "allow dhcp client out wan" block drop in on ! sis0 inet from 192.168.1.0/24 to any block drop in on sis0 inet6 from fe80::20d:b9ff:fe02:59d8 to any block drop in inet from 192.168.1.1 to any anchor "spoofing" all block drop in log quick on ng0 inet from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block drop in log quick on ng0 inet from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block drop in log quick on ng0 inet from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" block drop in log quick on ng0 inet from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" anchor "limitingesr" all anchor "wanbogons" all block drop in log quick on ng0 from to any label "block bogon networks from wan" anchor "firewallout" all pass out quick on ng0 all keep state label "let out anything from firewall host itself" queue qWANRoot tagged qWANRoot pass out quick on ng0 all keep state label "let out anything from firewall host itself" queue qWANdef tagged qWANdef pass out quick on ng0 all keep state label "let out anything from firewall host itself" queue qLANRoot tagged qLANRoot pass out quick on ng0 all keep state label "let out anything from firewall host itself" queue qLANdef tagged qLANdef pass out quick on ng0 all keep state label "let out anything from firewall host itself" queue qLANacks tagged qLANacks pass out quick on ng0 all keep state label "let out anything from firewall host itself" queue qWANacks tagged qWANacks pass out quick on ng0 all keep state label "let out anything from firewall host itself" queue qVOIPUp tagged qVOIPUp pass out quick on ng0 all keep state label "let out anything from firewall host itself" queue qVOIPDown tagged qVOIPDown pass out quick on ng0 all keep state label "let out anything from firewall host itself" pass out quick on sis0 all keep state label "let out anything from firewall host itself" queue qWANRoot tagged qWANRoot pass out quick on sis0 all keep state label "let out anything from firewall host itself" queue qWANdef tagged qWANdef pass out quick on sis0 all keep state
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Looks like this now: scrub on ng0 all max-mss 1452 #altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot } altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot } altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot } --- No joy. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 3:03 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 04:01 PM 10/26/2005, you wrote: hmmm, this should have read: altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot } Should I change it and give it a whirl? yes, please. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
I ran: 'pfctl -f /tmp/rules.debug' with the shaper back on and got no errors at all. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:46 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k did you turn shaper back off? please turn it on and add the following two lines before the queue directives (by editing /tmp/rules.debug) altq on fxp1 hfsc bandwidth 10Mb queue { qWANRoot } altq on vlan0 hfsc bandwidth 10Mb queue { qLANRoot } NOTE: change fxp1 to your wan interface and change vlan0 to your lan interface. then do 'pfctl -f /tmp/rules.debug' and report results... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
hmmm, this should have read: altq on ng0 hfsc bandwidth 10Mb queue { qWANRoot } Should I change it and give it a whirl? Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
also post results of 'pfctl -sq' # pfctl -sq queue root_sis1 bandwidth 10Mb priority 0 {qWANRoot} queue qWANRoot bandwidth 768Kb priority 6 {qWANdef, qWANacks, qVOIPUp} queue qWANdef bandwidth 7.68Kb priority 3 hfsc( default realtime(76.80Kb 1 76.80Kb) linkshare(0 b 1000 76.80Kb) upperlimit(768Kb 100 691.20Kb) ) queue qWANacks bandwidth 7.68Kb priority 6 hfsc( realtime(76.80Kb 1 76.80Kb) linkshare(0 b 1000 76.80Kb) upperlimit(614.40Kb 1 614.40Kb) ) queue qVOIPUp bandwidth 7.68Kb priority 7 hfsc( red ecn realtime(256Kb 1 256Kb) linkshare(0 b 1000 76.80Kb) upperlimit(256Kb 1 256Kb) ) queue root_sis0 bandwidth 100Mb priority 0 {qLANRoot} queue qLANRoot bandwidth 1.50Mb priority 6 {qLANdef, qLANacks, qVOIPDown} queue qLANdef bandwidth 15Kb priority 3 hfsc( default realtime(150Kb 1 150Kb) linkshare(0 b 1000 150Kb) upperlimit(1.50Mb 100 1.35Mb) ) queue qLANacks bandwidth 15Kb priority 6 hfsc( realtime(150Kb 1 150Kb) linkshare(0 b 1000 150Kb) upperlimit(1.20Mb 1 1.20Mb) ) queue qVOIPDown bandwidth 15Kb priority 7 hfsc( red ecn realtime(256Kb 1 256Kb) linkshare(0 b 1000 150Kb) upperlimit(256Kb 1 256Kb) ) # --- - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:46 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k also post results of 'pfctl -sq' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
After turning the shaper back on, I do have this already in the file: altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot } altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot } Do you want me to still replace this with yours? Seems to be the same basically.. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:46 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k did you turn shaper back off? please turn it on and add the following two lines before the queue directives (by editing /tmp/rules.debug) altq on fxp1 hfsc bandwidth 10Mb queue { qWANRoot } altq on vlan0 hfsc bandwidth 10Mb queue { qLANRoot } NOTE: change fxp1 to your wan interface and change vlan0 to your lan interface. then do 'pfctl -f /tmp/rules.debug' and report results... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Here is the file after turning shaping back on and before making the changes you requested. Working on the changes now. Todd - # System Aliases lan = "{ sis0 }" wan = "{ ng0 }" pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" DMZ = "{ sis2 }" # User Aliases set loginterface sis1 set loginterface sis0 set loginterface sis2 set optimization normal scrub on ng0 all max-mss 1452 altq on sis1 hfsc bandwidth 10Mb queue { qWANRoot } altq on sis0 hfsc bandwidth 100Mb queue { qLANRoot } queue qWANRoot bandwidth 768Kb priority 6 hfsc { qWANdef, qWANacks, qVOIPUp } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 1500Kb priority 6 hfsc { qLANdef, qLANacks, qVOIPDown } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qVOIPUp bandwidth 1% priority 7 hfsc ( ecn upperlimit(256Kb 1 256Kb) linkshare(0% 1000 10%) realtime(256Kb 1 256Kb) ) queue qVOIPDown bandwidth 1% priority 7 hfsc ( ecn upperlimit(256Kb 1 256Kb) linkshare(0% 1000 10%) realtime(256Kb 1 256Kb) ) nat-anchor "pftpx/*" nat-anchor "natearly/*" nat-anchor "natrules/*" nat on ng0 from 192.168.1.0/24 to any port 500 -> (ng0) port 500 nat on ng0 from 192.168.1.0/24 to any -> (ng0) #SSH Lockout Table table persist # spam table table persist # Load balancing anchor - slbd updates rdr-anchor "slb" # FTP proxy rdr-anchor "pftpx/*" rdr on sis0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021 pass in on sis0 from 192.168.1.0/24 to any tos lowdelay keep state tag qVOIPDown pass out on ng0 from any to any tos lowdelay keep state tag qVOIPUp pass in on ng0 from any to 192.168.1.0/24 tos lowdelay keep state tag qVOIPUp pass out on sis0 from any to 192.168.1.0/24 tos lowdelay keep state tag qVOIPDown anchor "firewallrules" # loopback anchor "loopback" pass in quick on lo0 all label "pass loopback" pass out quick on lo0 all label "pass loopback" # package manager early specific hook anchor "packageearly" # carp anchor "carp" # enable ftp-proxy anchor "ftpproxy" anchor "pftpx/*" pass in quick on ng0 inet proto tcp from port 20 to (ng0) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection" # allow access to DHCP server on LAN anchor "dhcpserverlan" pass in quick on sis0 proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN" pass in quick on sis0 proto udp from any port = 68 to 192.168.1.1 port = 67 label "allow access to DHCP server on LAN" pass out quick on sis0 proto udp from 192.168.1.1 port = 67 to any port = 68 label "allow access to DHCP server on LAN" # WAN spoof check anchor "wanspoof" block in log quick on ng0 from 192.168.1.0/24 to any label "WAN spoof check" # allow our DHCP client out to the WAN # XXX - should be more restrictive # (not possible at the moment - need 'me' like in ipfw) anchor "wandhcp" pass out quick on ng0 proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan" block in log quick on ng0 proto udp from any port = 67 to 192.168.1.0/24 port = 68 label "allow dhcp client out wan" pass in quick on ng0 proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan" # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses) antispoof for sis0 # block anything from private networks on WAN interface anchor "spoofing" block in log quick on ng0 from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block in log quick on ng0 from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block in log quick on ng0 from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" block in log quick on ng0 from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" # Support for allow limiting of TCP connections by establishment rate anchor "limitingesr" table # block bogon networks # http://www.cymru.com/Documents/bogon-bn-nonagg.txt anchor "wanbogons" table persist file "/etc/bogons" block in log quick on ng0 from to any label "block bogon networks from wan" # let out anything from the firewall host itself and decrypted IPsec traffic # pass out quick on ng0 all keep state label "let out anything from firewall host itself" # pass traffic from firewall -> out anchor "firewallout" pass out quick on ng0 all keep state tagged qWANRoot queue qWANRoot label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qWANdef
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Yes I turned it back off, I have to leave it off or my speed is miserable :) I will turn it back on, then add the two lines you requested to rules.debug Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:46 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k did you turn shaper back off? please turn it on and add the following two lines before the queue directives (by editing /tmp/rules.debug) altq on fxp1 hfsc bandwidth 10Mb queue { qWANRoot } altq on vlan0 hfsc bandwidth 10Mb queue { qLANRoot } NOTE: change fxp1 to your wan interface and change vlan0 to your lan interface. then do 'pfctl -f /tmp/rules.debug' and report results... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? Nope.. # # # pfctl -f /tmp/rules.debug # - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:31 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:29 PM 10/26/2005, you wrote: try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. Are you sure you get no errors when loading this? Sorry, when loading what? what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? p.s. if you would have gotten errors, the gui should complain too - should be message in blue scrolling sideways up at the top of the browser window? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
what does /tmp/rules.debug show now? ## # System Aliases lan = "{ sis0 }" wan = "{ ng0 }" pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" DMZ = "{ sis2 }" # User Aliases set loginterface sis1 set loginterface sis0 set loginterface sis2 set optimization normal scrub on ng0 all max-mss 1452 nat-anchor "pftpx/*" nat-anchor "natearly/*" nat-anchor "natrules/*" nat on ng0 from 192.168.1.0/24 to any port 500 -> (ng0) port 500 nat on ng0 from 192.168.1.0/24 to any -> (ng0) #SSH Lockout Table table persist # spam table table persist # Load balancing anchor - slbd updates rdr-anchor "slb" # FTP proxy rdr-anchor "pftpx/*" rdr on sis0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021 anchor "firewallrules" # loopback anchor "loopback" pass in quick on lo0 all label "pass loopback" pass out quick on lo0 all label "pass loopback" # package manager early specific hook anchor "packageearly" # carp anchor "carp" # enable ftp-proxy anchor "ftpproxy" anchor "pftpx/*" pass in quick on ng0 inet proto tcp from port 20 to (ng0) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection" # allow access to DHCP server on LAN anchor "dhcpserverlan" pass in quick on sis0 proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN" pass in quick on sis0 proto udp from any port = 68 to 192.168.1.1 port = 67 label "allow access to DHCP server on LAN" pass out quick on sis0 proto udp from 192.168.1.1 port = 67 to any port = 68 label "allow access to DHCP server on LAN" # WAN spoof check anchor "wanspoof" block in log quick on ng0 from 192.168.1.0/24 to any label "WAN spoof check" # allow our DHCP client out to the WAN # XXX - should be more restrictive # (not possible at the moment - need 'me' like in ipfw) anchor "wandhcp" pass out quick on ng0 proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan" block in log quick on ng0 proto udp from any port = 67 to 192.168.1.0/24 port = 68 label "allow dhcp client out wan" pass in quick on ng0 proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan" # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses) antispoof for sis0 # block anything from private networks on WAN interface anchor "spoofing" block in log quick on ng0 from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block in log quick on ng0 from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block in log quick on ng0 from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" block in log quick on ng0 from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" # Support for allow limiting of TCP connections by establishment rate anchor "limitingesr" table # block bogon networks # http://www.cymru.com/Documents/bogon-bn-nonagg.txt anchor "wanbogons" table persist file "/etc/bogons" block in log quick on ng0 from to any label "block bogon networks from wan" # let out anything from the firewall host itself and decrypted IPsec traffic # pass out quick on ng0 all keep state label "let out anything from firewall host itself" # pass traffic from firewall -> out anchor "firewallout" pass out quick on ng0 all keep state label "let out anything from firewall host itself" pass out quick on sis0 all keep state label "let out anything from firewall host itself" pass out quick on ng0 all keep state label "let out anything from firewall host itself pptp" pass out quick on ng0 all keep state label "let out anything from firewall host itself pppoe" # make sure the user cannot lock himself out of the webGUI or SSH anchor "anti-lockout" pass in quick from 192.168.1.0/24 to 192.168.1.1 keep state label "anti-lockout web rule" # SSH lockout block in log proto tcp from to any port 22 label "sshlockout" # User-defined rules follow pass in quick on $lan from 192.168.1.0/24 to any keep state label "USER_RULE: Default LAN -> any" # VPN Rules #--- # default rules (just to be sure) #--- block in log quick all label "Default block all just to be sure." block out log quick all label "Default block all just to be sure." ## - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:36 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:34 PM 10/26/2005, you wrote: After setting the LAN interface to 100 mb, the screen came back OK except I saw this at the very bottom of the screen: ifconfig: not found Warning: unlink(/var/run/lan.conf.dirty): No such file or dir
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. OK, I set my WAN to 10mb and my LAN to 100mb. I then turned traffic shaper back on and did a speed test and no joy, same thing, can't get past 100k or so. I will run the commands you suggested and reply soon. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:31 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:29 PM 10/26/2005, you wrote: try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. Are you sure you get no errors when loading this? Sorry, when loading what? what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? p.s. if you would have gotten errors, the gui should complain too - should be message in blue scrolling sideways up at the top of the browser window? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
After setting the LAN interface to 100 mb, the screen came back OK except I saw this at the very bottom of the screen: ifconfig: not found Warning: unlink(/var/run/lan.conf.dirty): No such file or directory in /usr/local/www/interfaces_lan.php on line 283 Anyone know what this is about? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:31 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:29 PM 10/26/2005, you wrote: try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? yes. Are you sure you get no errors when loading this? Sorry, when loading what? what happens if you manually type: pfctl -f /tmp/rules.debug any error messages? p.s. if you would have gotten errors, the gui should complain too - should be message in blue scrolling sideways up at the top of the browser window? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
try putting manual bandwidth for WAN and LAN in the gui and see if that helps. You mean under "Interfaces>WAN" and "Interfaces>LAN"? Are you sure you get no errors when loading this? Sorry, when loading what? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:22 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 03:15 PM 10/26/2005, you wrote: this is really odd. no queue stuff at all? what happens if you manually type: pfctl -f /tmp/rules.debug any errors? Try this: ### # System Aliases lan = "{ sis0 }" wan = "{ ng0 }" pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" DMZ = "{ sis2 }" # User Aliases set loginterface sis1 set loginterface sis0 set loginterface sis2 set optimization normal scrub on ng0 all max-mss 1452 altq on sis1 hfsc queue { qWANRoot } <=== bingo! altq on sis0 hfsc queue { qLANRoot } < bingo! If no bandwidth is in the GUI for an interface, it tries to guess by the interface name. For vlan (my problem) that doesn't work, so i get errors. dunno what ppoe does. try putting manual bandwidth for WAN and LAN in the gui and see if that helps. Are you sure you get no errors when loading this? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Huh? Aren't lots of people using PPPOE? This is all I can get at home these days. Confused as to why this should matter, the bandwidth is the same. So, should I give up on PfSense working for me at home in regards to traffic shaping? This stinks since I have to have VOIP traffic prioritized or I can't us it. Thanks for the info. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:15 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k ng0 <--- this shows that your using pppoe. I don't think the traffic shaper is compatible with this. I have a patch in the system today that will change this, but I am not sure how this would affect your situation. On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Sorry... I have it turned off at the moment because it kills my connection speed :) I guess I have to turn it back on so the info will show up in this file? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k > > this is really odd. no queue stuff at all? what happens if you > manually > type: > > pfctl -f /tmp/rules.debug > > any errors? > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
this is really odd. no queue stuff at all? what happens if you manually type: pfctl -f /tmp/rules.debug any errors? Try this: ### # System Aliases lan = "{ sis0 }" wan = "{ ng0 }" pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" DMZ = "{ sis2 }" # User Aliases set loginterface sis1 set loginterface sis0 set loginterface sis2 set optimization normal scrub on ng0 all max-mss 1452 altq on sis1 hfsc queue { qWANRoot } altq on sis0 hfsc queue { qLANRoot } queue qWANRoot bandwidth 768Kb priority 6 hfsc { qWANdef, qWANacks, qVOIPUp } queue qWANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANRoot bandwidth 1500Kb priority 6 hfsc { qLANdef, qLANacks, qVOIPDown } queue qLANdef bandwidth 1% priority 3 hfsc ( default upperlimit(100% 100 90%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qLANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qWANacks bandwidth 1% priority 6 hfsc ( upperlimit(80% 1 80%) linkshare(0% 1000 10%) realtime(10% 1 10%) ) queue qVOIPUp bandwidth 1% priority 7 hfsc ( ecn upperlimit(256Kb 1 256Kb) linkshare(0% 1000 10%) realtime(256Kb 1 256Kb) ) queue qVOIPDown bandwidth 1% priority 7 hfsc ( ecn upperlimit(256Kb 1 256Kb) linkshare(0% 1000 10%) realtime(256Kb 1 256Kb) ) nat-anchor "pftpx/*" nat-anchor "natearly/*" nat-anchor "natrules/*" nat on ng0 from 192.168.1.0/24 to any port 500 -> (ng0) port 500 nat on ng0 from 192.168.1.0/24 to any -> (ng0) #SSH Lockout Table table persist # spam table table persist # Load balancing anchor - slbd updates rdr-anchor "slb" # FTP proxy rdr-anchor "pftpx/*" rdr on sis0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021 pass in on sis0 from 192.168.1.0/24 to any tos lowdelay keep state tag qVOIPDown pass out on ng0 from any to any tos lowdelay keep state tag qVOIPUp pass in on ng0 from any to 192.168.1.0/24 tos lowdelay keep state tag qVOIPUp pass out on sis0 from any to 192.168.1.0/24 tos lowdelay keep state tag qVOIPDown anchor "firewallrules" # loopback anchor "loopback" pass in quick on lo0 all label "pass loopback" pass out quick on lo0 all label "pass loopback" # package manager early specific hook anchor "packageearly" # carp anchor "carp" # enable ftp-proxy anchor "ftpproxy" anchor "pftpx/*" pass in quick on ng0 inet proto tcp from port 20 to (ng0) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection" # allow access to DHCP server on LAN anchor "dhcpserverlan" pass in quick on sis0 proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN" pass in quick on sis0 proto udp from any port = 68 to 192.168.1.1 port = 67 label "allow access to DHCP server on LAN" pass out quick on sis0 proto udp from 192.168.1.1 port = 67 to any port = 68 label "allow access to DHCP server on LAN" # WAN spoof check anchor "wanspoof" block in log quick on ng0 from 192.168.1.0/24 to any label "WAN spoof check" # allow our DHCP client out to the WAN # XXX - should be more restrictive # (not possible at the moment - need 'me' like in ipfw) anchor "wandhcp" pass out quick on ng0 proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan" block in log quick on ng0 proto udp from any port = 67 to 192.168.1.0/24 port = 68 label "allow dhcp client out wan" pass in quick on ng0 proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan" # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses) antispoof for sis0 # block anything from private networks on WAN interface anchor "spoofing" block in log quick on ng0 from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block in log quick on ng0 from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block in log quick on ng0 from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" block in log quick on ng0 from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" # Support for allow limiting of TCP connections by establishment rate anchor "limitingesr" table # block bogon networks # http://www.cymru.com/Documents/bogon-bn-nonagg.txt anchor "wanbogons" table persist file "/etc/bogons" block in log quick on ng0 from to any label "block bogon networks from wan" # let out anything from the firewall host itself and decrypted IPsec traffic # pass out quick on ng0 all keep state label "let out anything from firewall host itself" # pass traffic from firewall -> out anchor "firewallout" pass out quick on ng0 all keep state tagged qWANRoot queue qWANRoot label "let out anything from firewall host itself" pass out quick on ng0 all keep state tagged qWANdef queue qWANdef label "
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Sorry... I have it turned off at the moment because it kills my connection speed :) I guess I have to turn it back on so the info will show up in this file? Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:11 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k this is really odd. no queue stuff at all? what happens if you manually type: pfctl -f /tmp/rules.debug any errors? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Sending /tmp/rules.debug may help show the problem. Sanitize any personal data before sending (if you don't want your ips shown,etc) # System Aliases lan = "{ sis0 }" wan = "{ ng0 }" pptp = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" pppoe = "{ ng1 ng2 ng3 ng4 ng5 ng6 ng7 ng8 ng9 ng10 ng11 ng12 ng13 ng14 }" DMZ = "{ sis2 }" # User Aliases set loginterface sis1 set loginterface sis0 set loginterface sis2 set optimization normal scrub on ng0 all max-mss 1452 nat-anchor "pftpx/*" nat-anchor "natearly/*" nat-anchor "natrules/*" nat on ng0 from 192.168.1.0/24 to any port 500 -> (ng0) port 500 nat on ng0 from 192.168.1.0/24 to any -> (ng0) #SSH Lockout Table table persist # spam table table persist # Load balancing anchor - slbd updates rdr-anchor "slb" # FTP proxy rdr-anchor "pftpx/*" rdr on sis0 proto tcp from any to any port 21 -> 127.0.0.1 port 8021 anchor "firewallrules" # loopback anchor "loopback" pass in quick on lo0 all label "pass loopback" pass out quick on lo0 all label "pass loopback" # package manager early specific hook anchor "packageearly" # carp anchor "carp" # enable ftp-proxy anchor "ftpproxy" anchor "pftpx/*" pass in quick on ng0 inet proto tcp from port 20 to (ng0) port > 49000 user proxy flags S/SA keep state label "FTP PROXY: PASV mode data connection" # allow access to DHCP server on LAN anchor "dhcpserverlan" pass in quick on sis0 proto udp from any port = 68 to 255.255.255.255 port = 67 label "allow access to DHCP server on LAN" pass in quick on sis0 proto udp from any port = 68 to 192.168.1.1 port = 67 label "allow access to DHCP server on LAN" pass out quick on sis0 proto udp from 192.168.1.1 port = 67 to any port = 68 label "allow access to DHCP server on LAN" # WAN spoof check anchor "wanspoof" block in log quick on ng0 from 192.168.1.0/24 to any label "WAN spoof check" # allow our DHCP client out to the WAN # XXX - should be more restrictive # (not possible at the moment - need 'me' like in ipfw) anchor "wandhcp" pass out quick on ng0 proto udp from any port = 68 to any port = 67 label "allow dhcp client out wan" block in log quick on ng0 proto udp from any port = 67 to 192.168.1.0/24 port = 68 label "allow dhcp client out wan" pass in quick on ng0 proto udp from any port = 67 to any port = 68 label "allow dhcp client out wan" # LAN/OPT spoof check (needs to be after DHCP because of broadcast addresses) antispoof for sis0 # block anything from private networks on WAN interface anchor "spoofing" block in log quick on ng0 from 10.0.0.0/8 to any label "block private networks from wan block 10/8" block in log quick on ng0 from 127.0.0.0/8 to any label "block private networks from wan block 127/8" block in log quick on ng0 from 172.16.0.0/12 to any label "block private networks from wan block 172.16/12" block in log quick on ng0 from 192.168.0.0/16 to any label "block private networks from wan block 192.168/16" # Support for allow limiting of TCP connections by establishment rate anchor "limitingesr" table # block bogon networks # http://www.cymru.com/Documents/bogon-bn-nonagg.txt anchor "wanbogons" table persist file "/etc/bogons" block in log quick on ng0 from to any label "block bogon networks from wan" # let out anything from the firewall host itself and decrypted IPsec traffic # pass out quick on ng0 all keep state label "let out anything from firewall host itself" # pass traffic from firewall -> out anchor "firewallout" pass out quick on ng0 all keep state label "let out anything from firewall host itself" pass out quick on sis0 all keep state label "let out anything from firewall host itself" pass out quick on ng0 all keep state label "let out anything from firewall host itself pptp" pass out quick on ng0 all keep state label "let out anything from firewall host itself pppoe" # make sure the user cannot lock himself out of the webGUI or SSH anchor "anti-lockout" pass in quick from 192.168.1.0/24 to 192.168.1.1 keep state label "anti-lockout web rule" # SSH lockout block in log proto tcp from to any port 22 label "sshlockout" # User-defined rules follow pass in quick on $lan from 192.168.1.0/24 to any keep state label "USER_RULE: Default LAN -> any" # VPN Rules #--- # default rules (just to be sure) #--- block in log quick all label "Default block all just to be sure." block out log quick all label "Default block all just to be sure." - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 2:00 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k Sending /tmp/rules.debug may help show the problem. Sanitize any personal data before sending (if you don't want your ips shown,etc)
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
I think this is what you want: - hfsc - qWANRoot 0 6 on 768 Kb - qWANdef qWANRoot 0 true 3 on 10% 1 10% on 0% 1000 10% on 100% 100 90% 1 % - qLANRoot 0 6 on 1500 Kb - qLANdef 3 qLANRoot 0 true on 10% 1 10% on 0% 1000 10% on 100% 100 90% 1 % - qLANacks qLANRoot 0 6 on 10% 1 10% on 0% 1000 10% on 80% 1 80% 1 % - qWANacks qWANRoot 0 6 on 10% 1 10% on 0% 1000 10% on 80% 1 80% 1 % - qVOIPUp 0 7 on on 256Kb 1 256Kb on 0% 1000 10% on 256Kb 1 256Kb 1 % qWANRoot - qVOIPDown 0 7 on on 256Kb 1 256Kb on 0% 1000 10% on 256Kb 1 256Kb 1 % qLANRoot - DiffServ/Lowdelay/Upload qVOIPDown qVOIPUp lan - lan - lowdelay - DiffServ/Lowdelay/Download qVOIPUp qVOIPDown wan - - lan lowdelay - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:56 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 02:54 PM 10/26/2005, you wrote: Also, I tried lower the guarantee to 256k just in case this part of the problem. No joy, same issue.. now *that* is really weird. can you post your rules and queues? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Sure, what would be the easiest way to do this? I have nothing more than I mentioned before.. Plain vanilla setup with just the shaper stuff I mentioned. I don't even have any firewall rules or anything else really in place. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:56 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 02:54 PM 10/26/2005, you wrote: Also, I tried lower the guarantee to 256k just in case this part of the problem. No joy, same issue.. now *that* is really weird. can you post your rules and queues? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Also, I tried lower the guarantee to 256k just in case this part of the problem. No joy, same issue.. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:48 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k On 10/26/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: I probably don't but I do testing sometimes with multiple lines back to my SoftSwitch at the office and don't want to yank it down to 100k or so and have problems. Either way the bandwidth here is only suppose to be reserved for the VOIP if the VOIP is actually using it, when it's not being used then it's allocated back to data etc. At least this is the way I understand it.. That's correct. Bill will have to chime in here on if this is no longer the way it works. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
I probably don't but I do testing sometimes with multiple lines back to my SoftSwitch at the office and don't want to yank it down to 100k or so and have problems. Either way the bandwidth here is only suppose to be reserved for the VOIP if the VOIP is actually using it, when it's not being used then it's allocated back to data etc. At least this is the way I understand it.. Todd - Original Message - From: "Dan Swartzendruber" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 26, 2005 1:34 PM Subject: Re: [pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k At 02:31 PM 10/26/2005, you wrote: Here is my setup: WRAP 128 mb CF Card First install 0.864 then upgraded via the web GUI to 0.892 WRAP. Currently using WAN/LAN only, OPT1 is not doing anything. This is a home setup using a DSL connection with PPPOE. All is well until I turn on traffic shaping and run the wizard, then my data speed using most speedtest sites goes from 1500/768 or so, to approx 94/46 or so. Happens everytime I turn shaping on or off, it's definitely the shaping causing this issue without a doubt. All I did in the traffic shaper wizard is tell it to prioritize VOIP and guarantee 768k of the bandwidth for this purpose. I selected Generic for the type of VOIP service. I finished the wizard and that's it.. So, I am confused what I did wrong which made this kill my bandwidth. Thoughts? why on earth do you need 768kb for VOIP??? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Traffic Shaping, killing my DSL link speed to less than 100k
Here is my setup: WRAP 128 mb CF Card First install 0.864 then upgraded via the web GUI to 0.892 WRAP. Currently using WAN/LAN only, OPT1 is not doing anything. This is a home setup using a DSL connection with PPPOE. All is well until I turn on traffic shaping and run the wizard, then my data speed using most speedtest sites goes from 1500/768 or so, to approx 94/46 or so. Happens everytime I turn shaping on or off, it's definitely the shaping causing this issue without a doubt. All I did in the traffic shaper wizard is tell it to prioritize VOIP and guarantee 768k of the bandwidth for this purpose. I selected Generic for the type of VOIP service. I finished the wizard and that's it.. So, I am confused what I did wrong which made this kill my bandwidth. Thoughts? Thanks, Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 050.2 CARP won't go Master or Backup
I am just curious why you failed over twice.. Why did your primary go down? Todd - Original Message - From: "Holger Bauer" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 27, 2005 6:41 AM Subject: AW: [pfSense Support] 050.2 CARP won't go Master or Backup I have a working carp config at home. Have failed over several times the last days, with 0.85.2 and 0.85.4 no session was dropped (I even was tunnelling from a client behind the carpmachines to the office). DNS and DHCP is configured for failover as well. I haven't seen any issues so far. Anybody else seeing having problems? Strange. Holger -Ursprüngliche Nachricht- Von: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 27. September 2005 11:47 An: support@pfsense.com Betreff: RE: [pfSense Support] 050.2 CARP won't go Master or Backup HI Yes .. 085.2 .. 085.4 does the same too. Enable / disable does not work ... goes to init always. 0.85 worked.. did an upgrade to 085.2 it stopped working. I deleted all carp entries and re-setup from scratch. I will try update_file.sh and let you know results. Tx Ivan -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:55 AM To: support@pfsense.com Subject: AW: [pfSense Support] 050.2 CARP won't go Master or Backup 0.50.2? I guess you are talking about 0.85.2, if not upgrade! ;-) I only have experienced such problems if the carpinterfaces didn't match the real ip/subnet-range of the real interface the carp interface is running on. Another thing to try is to manually disable and enable CARP at Status>CARP(failover) in the webgui. If it's working after that there might be a problem bringing up everything in the right order. There also have been some changes to CARP lately. You might want to run "update_file.sh -all" from the shell to grab the latest changes. Holger -Ursprüngliche Nachricht- Von: Frimmel, Ivan (ISS South Africa) [mailto:[EMAIL PROTECTED] Gesendet: Montag, 26. September 2005 09:34 An: support@pfsense.com Betreff: [pfSense Support] 050.2 CARP won't go Master or Backup HI I have Carp running successfully on 0.50. Upgraded yesterday to 050.2 and CARP absolutely refuses to start. OPT1 is up. PPPoE is UP. CARP goes to INIT and does not ever go master or backup. I deleted all CARP configs and recreated everything from scratch. On both boxes CARP will not start. Hitting Disable / enable makes it go from disable to INIT.. but never starts. Even tried doing everything with the second box physically turned off. No difference. Any ideas? Tx Ivan. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
Not yet guys, tryin' to keep up, had a real busy day and night :) I will try to get all this together soon and send it. Just wanted to get you the hardware info while I was in front of it this morning. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Monday, September 26, 2005 11:48 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! I have not received anything. On 9/26/05, Fleming, John (ZeroChaos) <[EMAIL PROTECTED]> wrote: Did you send in your config.xml? BTW add this to the list of commands to run (at the top). ( ifconfig -a ; echo ) >> /usr/crash.info; -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Monday, September 26, 2005 10:24 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd ----- Original Message - From: "Mojo Jojo" <[EMAIL PROTECTED]> To: Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! > > OK fellas, once again you are all very helpful.. Sorry for my rant > earlier, I just got the wrong idea I guess... > > I will take all the questions and suggestions as well as any more you can > provide today and take care of all of them later today. > > Just send me any questions you have about my install and I will dig, dig, > dig and get you all I can. I would love to fix this.. > > Some quick info: > > WAN = T1 Router (Ascend) static IP > LAN = Nothing hooked up here > OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk > etc.) BRIDGED TO WAN > OPT 2 = Unused at the moment > > Hardware brands and specifics I am not sure of at the moment, I will have > to dig a little more. Off the top of my head it looks something like this: > > AMD 2200+ CPU (Could be way off here, I have to check > 512 Mb RAM (Corsair I think) > Motherboard (via chipset, I think) > WAN NIC (Onboard Yuck, I know) > 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember > which are assigned to which at the moment. > > I will get more specifics later. > > The big thing to remember here is this.. When this happens, the GUI still > works, I just can't get to any of the servers behind PfSense.. Restarting > PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. > > What logs should I look at for a clue? > > I wonder if I should stick a PC on the LAN interface just to see if I can > get to it when this happens again. Maybe it's just the bridging from mt > WAN to OPT 1 that takes a dump? > > > > - Original Message - > From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> > To: > Sent: Monday, September 26, 2005 12:55 AM > Subject: RE: [pfSense Support] Argg! My PfSense just died! > > > I'd like to see dmesg output from the new box as well. What kind of nics > do you have in this box? It really sounds like we need someway to gather > as much information as possible during the next outage without rebooting > the box. Off the top of my head some of the things I would like to know > are.. > Send the output of these commands. If you can just paste them into the > console. Each command should append to the log file. > ( dmesg ; echo ) >> /usr/crash.info > ( netstat -in ; echo ) >> /usr/crash.info > ( netstat -m ; echo ) >> /usr/crash.info > ( top ; echo ) >> /usr/crash.info > ( ps -ax ; echo ) >> /usr/crash.info > ( find / -name "*.core" -print ; echo ) >> /usr/crash.info > ( df -h ; echo ) >> /usr/crash.info > ( ls -l /var/crash/* ; echo ) >> /usr/crash.info > > I'm also thinking something like this should be in a diag menu and the > ssh/serial console. That way we could grab some kind of snap shot of > hosed systems before it gets rebooted. > > > > > -----Original Message- > From: Chris Buechler [mailto:[EMAIL PROTECTED] > Sent: Sunday, September 25, 2005 10:50 PM > To: support@pfsense.com > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > sending your entire config.xml to the list or Scott directly if you need > > to keep it private would likely help very much. > > > Scott Ullrich wrote: > >>On 9/25/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: >>[snip] >> >> >>&g
Re: [pfSense Support] Argg! My PfSense just died!
OK, here is what I have hardware wise: CPU: AMD Duron 950 Mhz RAM: 256 MB not sure of the brand Hard Drive: Maxtor 5T02oH2 20GB Motherboard: Soyo with a Via Chipset WAN NIC: Onboard Realtek (I think it's a RealTek) on a Soyo LAN NIC: Linksys LNE100TX unused interface Opt 1 (DMZ) NIC: FA310TX Rev2 this is where my servers are Opt 2 NIC: FA 311 Rev C-1 Hope some of this helps.. --Todd - Original Message - From: "Mojo Jojo" <[EMAIL PROTECTED]> To: Sent: Monday, September 26, 2005 6:14 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK fellas, once again you are all very helpful.. Sorry for my rant earlier, I just got the wrong idea I guess... I will take all the questions and suggestions as well as any more you can provide today and take care of all of them later today. Just send me any questions you have about my install and I will dig, dig, dig and get you all I can. I would love to fix this.. Some quick info: WAN = T1 Router (Ascend) static IP LAN = Nothing hooked up here OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk etc.) BRIDGED TO WAN OPT 2 = Unused at the moment Hardware brands and specifics I am not sure of at the moment, I will have to dig a little more. Off the top of my head it looks something like this: AMD 2200+ CPU (Could be way off here, I have to check 512 Mb RAM (Corsair I think) Motherboard (via chipset, I think) WAN NIC (Onboard Yuck, I know) 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember which are assigned to which at the moment. I will get more specifics later. The big thing to remember here is this.. When this happens, the GUI still works, I just can't get to any of the servers behind PfSense.. Restarting PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. What logs should I look at for a clue? I wonder if I should stick a PC on the LAN interface just to see if I can get to it when this happens again. Maybe it's just the bridging from mt WAN to OPT 1 that takes a dump? - Original Message - From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> To: Sent: Monday, September 26, 2005 12:55 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) >> /usr/crash.info ( netstat -in ; echo ) >> /usr/crash.info ( netstat -m ; echo ) >> /usr/crash.info ( top ; echo ) >> /usr/crash.info ( ps -ax ; echo ) >> /usr/crash.info ( find / -name "*.core" -print ; echo ) >> /usr/crash.info ( df -h ; echo ) >> /usr/crash.info ( ls -l /var/crash/* ; echo ) >> /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: On 9/25/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: [snip] I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I do not feel you are bashing pfSense. It's funny because this is going to be difficult to track down without nobody else having the same issue. [snip] Are you running dhcp on the wan? What else can you tell us about the install because I didn't see too much of this type of information when I went back through my archives. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --
Re: [pfSense Support] Argg! My PfSense just died!
OK fellas, once again you are all very helpful.. Sorry for my rant earlier, I just got the wrong idea I guess... I will take all the questions and suggestions as well as any more you can provide today and take care of all of them later today. Just send me any questions you have about my install and I will dig, dig, dig and get you all I can. I would love to fix this.. Some quick info: WAN = T1 Router (Ascend) static IP LAN = Nothing hooked up here OPT 1 (DMZ) = Server network with approx 8-10 servers (web, mail, Asterisk etc.) BRIDGED TO WAN OPT 2 = Unused at the moment Hardware brands and specifics I am not sure of at the moment, I will have to dig a little more. Off the top of my head it looks something like this: AMD 2200+ CPU (Could be way off here, I have to check 512 Mb RAM (Corsair I think) Motherboard (via chipset, I think) WAN NIC (Onboard Yuck, I know) 3 other cards consist of 2 Netgear and 1 Linksys but I don't remember which are assigned to which at the moment. I will get more specifics later. The big thing to remember here is this.. When this happens, the GUI still works, I just can't get to any of the servers behind PfSense.. Restarting PfSense with /etc/rc.bootup doesn't fix anything, only a full reboot. What logs should I look at for a clue? I wonder if I should stick a PC on the LAN interface just to see if I can get to it when this happens again. Maybe it's just the bridging from mt WAN to OPT 1 that takes a dump? - Original Message - From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> To: Sent: Monday, September 26, 2005 12:55 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! I'd like to see dmesg output from the new box as well. What kind of nics do you have in this box? It really sounds like we need someway to gather as much information as possible during the next outage without rebooting the box. Off the top of my head some of the things I would like to know are.. Send the output of these commands. If you can just paste them into the console. Each command should append to the log file. ( dmesg ; echo ) >> /usr/crash.info ( netstat -in ; echo ) >> /usr/crash.info ( netstat -m ; echo ) >> /usr/crash.info ( top ; echo ) >> /usr/crash.info ( ps -ax ; echo ) >> /usr/crash.info ( find / -name "*.core" -print ; echo ) >> /usr/crash.info ( df -h ; echo ) >> /usr/crash.info ( ls -l /var/crash/* ; echo ) >> /usr/crash.info I'm also thinking something like this should be in a diag menu and the ssh/serial console. That way we could grab some kind of snap shot of hosed systems before it gets rebooted. -Original Message- From: Chris Buechler [mailto:[EMAIL PROTECTED] Sent: Sunday, September 25, 2005 10:50 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! sending your entire config.xml to the list or Scott directly if you need to keep it private would likely help very much. Scott Ullrich wrote: On 9/25/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: [snip] I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I do not feel you are bashing pfSense. It's funny because this is going to be difficult to track down without nobody else having the same issue. [snip] Are you running dhcp on the wan? What else can you tell us about the install because I didn't see too much of this type of information when I went back through my archives. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
How different? Same CPU? Same NICS? Same power supply? As in totally different.. Different CPU, Different NICS, Motherboard brand, RAM, Case, screws etc.. Funny that we don't get any other reports of this. I have no motive here other than to use the product and possibly help where I can. It almost seems like you feel I am bashing PfSense or something, not really sure. Seems like a strange answer though if this is not your thought.. I love the product but the most important feature is that it can stay up and running and keep my servers accessible, so far it does many other things great but fails at this one, at least for me. I only want to get it working, if I am offending you then I will quite posting. I fail to see how you can develop an Alpha product into a production version without feedback like this. Again, if the feedback and info is unwanted then I will quit bitching and move on to another product. Ever heard of CARP? We have that you know. Yes, it's one of the reasons I chose your product over others.. However, I was going to set it up in case of unplanned failure of hardware or software. In this case, I am basically planning on failure because that's exactly what's happening AND it's consistent. This is sort of like putting a UPS battery on a server because the power goes out every two or three days. The UPS is a good idea but it's a better idea to fix the real problem. I love PfSense and you guys have been great so far. The product is just dying on me so, where next.. I need some guidance, that's all.. I have very logically tried to troubleshoot this problem by using the same exact version of Pf on a completely different piece of hardware. I have not jumped to any conclusions, I am just trouble shooting which is the only way to dig out the issue. It's not in my mind, the software just dies, trust me.. I can't imagine what motive I would have to make this all up, yet I somehow feel accused of doing so. Scratches Head<< --Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Sunday, September 25, 2005 5:31 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! On 9/25/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: This just happen again after about two days of uptime. Thing is, it's on totally different hardware. How different? Same CPU? Same NICS? Same power supply? [snip] Makes me think it's not hardware at this point but that's just because I have the same result with two drastically different sets of hardware. Funny that we don't get any other reports of this. Not sure where to go at this point, I may have back off of using PfSense I am sad to say. I just can't seem to make sense of the downtime I am ending up with. Ever heard of CARP? We have that you know. [snip] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
This just happen again after about two days of uptime. Thing is, it's on totally different hardware. So, same version 0.84, completely different hardware with same result. I did this as Scott suggested while it was in this state and it did nothing so I waited a bit then rebooted the box. pfctl -f /tmp/rules.debug After rebooting all is well again. Makes me think it's not hardware at this point but that's just because I have the same result with two drastically different sets of hardware. Not sure where to go at this point, I may have back off of using PfSense I am sad to say. I just can't seem to make sense of the downtime I am ending up with. Great product, just not working for me. Of course, I am not sure where to go from here either.. I pretty much had my mind set on using PfSense. Not sure if I will get different results with M0n0wall or not. Just tough to deal with the downtime because I have customers that don't take too kindly to it as you can imagine. Is there a log I should look at for clues as to what happen? --Todd - Original Message - From: "Mojo Jojo" <[EMAIL PROTECTED]> To: "PfSense Support List" Sent: Monday, September 19, 2005 7:46 PM Subject: [pfSense Support] Argg! My PfSense just died! This is an ouch for sure.. Just got the last of about 10 servers behind PfSense with all the rules etc. after testing with a few machines for about a week. I had at least 4 days straight up time without a hiccup (except the GUI dying a lot).. Today, I just put the very last machine which I setup as a VERY temporary allow all in and out just for that server until I got home in a few minutes. I wanted to finish configuring it there. I made the last changes, moved the cable to the new switch behind PfSense. Everything worked for about 2 minutes then it all died, except the ability to continue to move around the PfSense GUI. Everything behind PfSense was all of a sudden inaccessible. Since I was a bit freaked out I decided to try a reboot, at reboot it died and would come back up. I had to move everything back. Here is what the message says on the console at the moment, tried rebooting 3 times and this is all I get. Not sure if my hard drive died or not, going to check that next. Also, I am only running 128 mb of ram to handle an average T1s worth of traffic with about 30 or 40 rules and 10 or so servers with 20 or 30 aliases. Running on a 900 or so Mhz processor inside of a Dell desktop type PC. Here is the message, any help would be greatly appreciated! Oh yeah, running 0.84, fresh install on a hard drive. --- Can't work out which disk we are booting from. Guessed BIOS device 0x not found by probes, defaulting to disk0: panic: free: gaurd1 fail @ 0x519ac from /usr/src/sys/boot/i386/loader/../../comm on/module.c:957 --> Press any key on the console to reboot <-- -- Thanks, Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
OK, I assume you wanted me to send you the output to this. Not sure, here it is anyhow. # $ cat /var/log/dmesg.boot Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 6.0-BETA4 #0: Fri Sep 9 03:28:50 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/pfSense.6 Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Intel Pentium III (930.32-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x686 Stepping = 6 Features=0x383f9ff real memory = 132907008 (126 MB) avail memory = 120291328 (114 MB) pnpbios: Bad PnP BIOS data checksum wlan: mac acl policy registered ath_hal: 0.9.14.9 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413) npx0: [FAST] npx0: on motherboard npx0: INT 16 interface acpi0: on motherboard acpi0: Power Button (fixed) pci_link0: irq 11 on acpi0 pci_link1: irq 10 on acpi0 pci_link2: irq 3 on acpi0 pci_link3: irq 9 on acpi0 Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000 acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0 cpu0: on acpi0 pcib0: port 0xcf8-0xcff on acpi0 pci0: on pcib0 agp0: mem 0xf800-0xfbff,0xffa8-0xffaf irq 11 at device 1.0 on pci0 pcib1: at device 30.0 on pci0 pci_link3: BIOS IRQ 11 does not match initial IRQ 9 pci1: on pcib1 fxp0: port 0xdf00-0xdf3f mem 0xff8ef000-0xff8e,0xff70-0xff7f irq 9 at device 1.0 on pci1 miibus0: on fxp0 inphy0: on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto fxp0: Ethernet address: 00:03:47:70:0d:5a dc0: port 0xde00-0xdeff mem 0xff8ff000-0xff8ff3ff irq 11 at device 8.0 on pci1 miibus1: on dc0 ukphy0: on miibus1 ukphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc0: Ethernet address: 00:12:17:55:3d:dc dc1: port 0xd000-0xd0ff mem 0xff8ff400-0xff8ff7ff irq 10 at device 9.0 on pci1 miibus2: on dc1 ukphy1: on miibus2 ukphy1: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc1: Ethernet address: 00:12:17:55:00:1c dc2: port 0xd400-0xd4ff mem 0xff8ff800-0xff8ffbff irq 3 at device 10.0 on pci1 miibus3: on dc2 ukphy2: on miibus3 ukphy2: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc2: Ethernet address: 00:12:17:55:00:18 dc3: port 0xd800-0xd8ff mem 0xff8ffc00-0xff8f irq 9 at device 11.0 on pci1 miibus4: on dc3 ukphy3: on miibus4 ukphy3: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto dc3: Ethernet address: 00:12:17:55:00:10 isab0: at device 31.0 on pci0 isa0: on isab0 atapci0: port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf at device 31.1 on pci0 ata0: on atapci0 ata1: on atapci0 uhci0: port 0xef80-0xef9f irq 9 at device 31.2 on pci0 uhci0: [GIANT-LOCKED] usb0: on uhci0 usb0: USB revision 1.0 uhub0: Intel UHCI root hub, class 9/0, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered pci0: at device 31.3 (no driver attached) speaker0: port 0x61 on acpi0 atkbdc0: port 0x60,0x64 irq 1 on acpi0 atkbd0: irq 1 on atkbdc0 kbd0 at atkbd0 atkbd0: [GIANT-LOCKED] fdc0: port 0x3f0-0x3f1,0x3f2-0x3f3,0x3f4-0x3f5,0x3f7 irq 6 drq 2 on acpi0 fdc0: [FAST] fd0: <1440-KB 3.5" drive> on fdc0 drive 0 pmtimer0 on isa0 orm0: at iomem 0xc-0xc7fff,0xc8000-0xc8fff on isa0 vga0: at port 0x3c0-0x3df iomem 0xa-0xb on isa0 sc0: at flags 0x100 on isa0 sc0: VGA <16 virtual consoles, flags=0x300> sio0: configured irq 4 not in bitmap of probed irqs 0 sio0: port may not be enabled sio0 at port 0x3f8-0x3ff irq 4 flags 0x10 on isa0 sio0: type 8250 or not responding sio1: configured irq 3 not in bitmap of probed irqs 0 sio1: port may not be enabled ppc0: parallel port not found. Timecounter "TSC" frequency 930319448 Hz quality 800 Timecounters tick every 1.000 msec Fast IPsec: Initialized Security Association Processing. ad0: 19092MB at ata0-master UDMA66 acd0: CDRW at ata1-master UDMA33 Trying to mount root from ufs:/dev/ad0s1a bridge0: Ethernet address: ac:de:48:4e:3f:64 ## - Original Message - From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 12:10 PM Subject: RE: [pfSense Support] Argg! My PfSense just died! Is that a quad dc card? Output looks fine. Did you send dmesg output? -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 12:04 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! $ netstat -m 294/486/780 mbufs in use (current/cache/total) 263/143/406/4800 mbuf clusters in use (current/cache/total/max) 0/3/1456 sfbufs in use (current/peak/max) 599K/407K/1007K bytes allocated to network (current/cache/total) 0 requests for sfbufs denied 0
Re: [pfSense Support] Argg! My PfSense just died!
Is that a quad dc card? No, it's 4 identical Linksys cards. Did you send dmesg output? Sorry, I don't follow.. --Todd - Original Message - From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 12:10 PM Subject: RE: [pfSense Support] Argg! My PfSense just died! Is that a quad dc card? Output looks fine. Did you send dmesg output? -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 12:04 PM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! $ netstat -m 294/486/780 mbufs in use (current/cache/total) 263/143/406/4800 mbuf clusters in use (current/cache/total/max) 0/3/1456 sfbufs in use (current/peak/max) 599K/407K/1007K bytes allocated to network (current/cache/total) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 7 calls to protocol drain routines $ netstat -in NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll fxp0* 1500 00:03:47:70:0d:5a0 00 0 0 dc01500 00:12:17:55:3d:dc0 00 0 0 dc01500 fe80:2::212:1 fe80:2::212:17ff:0 - 4 - - dc01500 192.168.1 192.168.1.1 0 - 0 - - dc11500 00:12:17:55:00:1c 2469246 0 3370226 0 0 dc11500 fe80:3::212:1 fe80:3::212:17ff:0 - 4 - - dc11500 **REMOVED IP** **REMOVED IP** 283 - 1748 - - dc21500 00:12:17:55:00:18 3883347 0 2474537 0 0 dc21500 fe80:4::212:1 fe80:4::212:17ff:0 - 4 - - dc3* 1500 00:12:17:55:00:100 00 0 0 pflog 332080 00 0 0 pfsyn 20200 00 0 0 lo0 163840 00 0 0 lo0 16384 ::1/128 ::1 0 - 0 - - lo0 16384 fe80:8::1/64 fe80:8::10 - 0 - - lo0 16384 127 127.0.0.10 - 0 - - bridg 1500 ac:de:48:4e:3f:64 6333840 0 5844759 0 0 - Original Message - From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:53 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! Might be a long show but also get the output of netstat -m And netstat -in -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 11:47 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! This is what top says, if it's of any help: ## $ top last pid: 6598; load averages: 0.34, 0.29, 0.22 up 0+14:30:39 11:46:07 54 processes: 1 running, 53 sleeping Mem: 27M Active, 39M Inact, 35M Wired, 4992K Cache, 22M Buf, 9828K Free Swap: 256M Total, 256M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 6247 _pflogd 1 -580 1536K 1108K bpf 0:05 0.49% pflogd 6586 root1 -8 10 11032K 9848K piperd 0:00 0.20% php 6598 root1 139 10 2196K 1300K RUN 0:00 0.20% top 6597 root1 8 10 1620K 1156K wait 0:00 0.20% sh 264 root1 -580 6060K 3980K bpf 34:50 0.00% tcpdump 3390 root1 -580 5528K 3456K bpf 6:42 0.00% tcpdump 470 root1 760 1332K 768K select 3:17 0.00% syslogd 265 root1 -80 1188K 604K piperd 1:50 0.00% logger 3391 root1 -80 1188K 604K piperd 0:26 0.00% logger 263 _pflogd 1 -580 1536K 1036K bpf 0:08 0.00% pflogd 3388 _pflogd 1 -580 1536K 1056K bpf 0:04 0.00% pflogd 550 root1 80 232K 104K nanslp 0:01 0.00% check_reload_status 539 root1 80 1300K 840K nanslp 0:00 0.00% cron 3620 root1 80 1620K 928K wait 0:00 0.00% sh 6248 root1 -80 1188K 688K piperd 0:00 0.00% logger 121 root1 760 1208K 664K select 0:00 0.00% usbd 5883 root1 760 5580K 2088K select 0:00 0.00% sshd 555 root1 50 1632K 920K ttyin0:00 0.00% sh # - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:33 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! top from a shell will tell you this. I have never ever seen a box just all of the sudden stop working. If a box blows up, it goes big tim
Re: [pfSense Support] Argg! My PfSense just died!
$ netstat -m 294/486/780 mbufs in use (current/cache/total) 263/143/406/4800 mbuf clusters in use (current/cache/total/max) 0/3/1456 sfbufs in use (current/peak/max) 599K/407K/1007K bytes allocated to network (current/cache/total) 0 requests for sfbufs denied 0 requests for sfbufs delayed 0 requests for I/O initiated by sendfile 7 calls to protocol drain routines $ netstat -in NameMtu Network Address Ipkts IerrsOpkts Oerrs Coll fxp0* 1500 00:03:47:70:0d:5a0 00 0 0 dc01500 00:12:17:55:3d:dc0 00 0 0 dc01500 fe80:2::212:1 fe80:2::212:17ff:0 - 4 - - dc01500 192.168.1 192.168.1.1 0 - 0 - - dc11500 00:12:17:55:00:1c 2469246 0 3370226 0 0 dc11500 fe80:3::212:1 fe80:3::212:17ff:0 - 4 - - dc11500 **REMOVED IP** **REMOVED IP** 283 - 1748 - - dc21500 00:12:17:55:00:18 3883347 0 2474537 0 0 dc21500 fe80:4::212:1 fe80:4::212:17ff:0 - 4 - - dc3* 1500 00:12:17:55:00:100 00 0 0 pflog 332080 00 0 0 pfsyn 20200 00 0 0 lo0 163840 00 0 0 lo0 16384 ::1/128 ::1 0 - 0 - - lo0 16384 fe80:8::1/64 fe80:8::10 - 0 - - lo0 16384 127 127.0.0.10 - 0 - - bridg 1500 ac:de:48:4e:3f:64 6333840 0 5844759 0 0 - Original Message - From: "Fleming, John (ZeroChaos)" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:53 AM Subject: RE: [pfSense Support] Argg! My PfSense just died! Might be a long show but also get the output of netstat -m And netstat -in -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 21, 2005 11:47 AM To: support@pfsense.com Subject: Re: [pfSense Support] Argg! My PfSense just died! This is what top says, if it's of any help: ## $ top last pid: 6598; load averages: 0.34, 0.29, 0.22 up 0+14:30:39 11:46:07 54 processes: 1 running, 53 sleeping Mem: 27M Active, 39M Inact, 35M Wired, 4992K Cache, 22M Buf, 9828K Free Swap: 256M Total, 256M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 6247 _pflogd 1 -580 1536K 1108K bpf 0:05 0.49% pflogd 6586 root1 -8 10 11032K 9848K piperd 0:00 0.20% php 6598 root1 139 10 2196K 1300K RUN 0:00 0.20% top 6597 root1 8 10 1620K 1156K wait 0:00 0.20% sh 264 root1 -580 6060K 3980K bpf 34:50 0.00% tcpdump 3390 root1 -580 5528K 3456K bpf 6:42 0.00% tcpdump 470 root1 760 1332K 768K select 3:17 0.00% syslogd 265 root1 -80 1188K 604K piperd 1:50 0.00% logger 3391 root1 -80 1188K 604K piperd 0:26 0.00% logger 263 _pflogd 1 -580 1536K 1036K bpf 0:08 0.00% pflogd 3388 _pflogd 1 -580 1536K 1056K bpf 0:04 0.00% pflogd 550 root1 80 232K 104K nanslp 0:01 0.00% check_reload_status 539 root1 80 1300K 840K nanslp 0:00 0.00% cron 3620 root1 80 1620K 928K wait 0:00 0.00% sh 6248 root1 -80 1188K 688K piperd 0:00 0.00% logger 121 root1 760 1208K 664K select 0:00 0.00% usbd 5883 root1 760 5580K 2088K select 0:00 0.00% sshd 555 root1 50 1632K 920K ttyin0:00 0.00% sh # - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:33 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! top from a shell will tell you this. I have never ever seen a box just all of the sudden stop working. If a box blows up, it goes big time with kernel panics, etc. And even this I have not seen since being on crappy 5.X. 6.X of FreeBSD is looking mighty fine. Scott On 9/21/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: I meant, nothing plugged into the LAN NIC and nothing plugged into the OPT 2 NIC. Sorry about that. I am starting to wonder if this could be a RAM issue, as in, not enough of it. Todd - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 9:19 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! > Mojo Jojo wrote:
Re: [pfSense Support] Argg! My PfSense just died!
This is what top says, if it's of any help: ## $ top last pid: 6598; load averages: 0.34, 0.29, 0.22 up 0+14:30:39 11:46:07 54 processes: 1 running, 53 sleeping Mem: 27M Active, 39M Inact, 35M Wired, 4992K Cache, 22M Buf, 9828K Free Swap: 256M Total, 256M Free PID USERNAME THR PRI NICE SIZERES STATETIME WCPU COMMAND 6247 _pflogd 1 -580 1536K 1108K bpf 0:05 0.49% pflogd 6586 root1 -8 10 11032K 9848K piperd 0:00 0.20% php 6598 root1 139 10 2196K 1300K RUN 0:00 0.20% top 6597 root1 8 10 1620K 1156K wait 0:00 0.20% sh 264 root1 -580 6060K 3980K bpf 34:50 0.00% tcpdump 3390 root1 -580 5528K 3456K bpf 6:42 0.00% tcpdump 470 root1 760 1332K 768K select 3:17 0.00% syslogd 265 root1 -80 1188K 604K piperd 1:50 0.00% logger 3391 root1 -80 1188K 604K piperd 0:26 0.00% logger 263 _pflogd 1 -580 1536K 1036K bpf 0:08 0.00% pflogd 3388 _pflogd 1 -580 1536K 1056K bpf 0:04 0.00% pflogd 550 root1 80 232K 104K nanslp 0:01 0.00% check_reload_status 539 root1 80 1300K 840K nanslp 0:00 0.00% cron 3620 root1 80 1620K 928K wait 0:00 0.00% sh 6248 root1 -80 1188K 688K piperd 0:00 0.00% logger 121 root1 760 1208K 664K select 0:00 0.00% usbd 5883 root1 760 5580K 2088K select 0:00 0.00% sshd 555 root1 50 1632K 920K ttyin0:00 0.00% sh # - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:33 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! top from a shell will tell you this. I have never ever seen a box just all of the sudden stop working. If a box blows up, it goes big time with kernel panics, etc. And even this I have not seen since being on crappy 5.X. 6.X of FreeBSD is looking mighty fine. Scott On 9/21/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: I meant, nothing plugged into the LAN NIC and nothing plugged into the OPT 2 NIC. Sorry about that. I am starting to wonder if this could be a RAM issue, as in, not enough of it. Todd - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 9:19 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! > Mojo Jojo wrote: > >> >> Just some further info.. >> >> System died last night again after approx 6 hours of uptime. >> >> I could still get to the GUI, could still SSH to it but it would pass >> any >> traffic through to the OPT 2 (DMZ) interface. >> >> I attempted to run /etc/rc.bootup at the command line which restarted >> Pf >> fine. After the restart of Pf (not the whole computer) everything thing >> was still in the same shape with no traffic passing through to the DMZ. >> >> The only thing that corrected this was a reboot which I initiated via >> the >> Pf GUI. >> >> Further info: >> V. 0.84 >> Running on a PIII 933 with 128mb of ram. I have 4 Linksys NICS >> installed >> on the PCI bus and one on the motherboard which I had disabled. >> >> Onboard NIC (disabled in BIOS) >> Linksys NIC 1 > LAN >> Linksys NIC 2 > WAN (static IP on a T1 with ascend T1 router on other >> end) >> Linksys NIC 3 > OPT 1 (DMZ where servers are) >> Linksys NIC 4 > OPT2 (not in use at the moment) >> >> The PC is a DELL, Pf is running on a Hard Drive. >> >> I installed a fresh copy of 0.84, this is not an upgrade. >> >> All Linksys/Network Everywhere NICS are identical model NC100. >> >> I have 26 aliases setup, 46 rules on the WAN tab, 14 rules on the DMZ >> tab >> and none on the LAN or OPT 2. >> >> I have nothing plugged into the WAN NIC and nothing plugged into the >> LAN >> NIC at this time. >> > > umm, above you say it stops passing traffic, here you say you only have > one NIC plugged in? It can't pass traffic with only one NIC plugged in. > system logs after it stops passing traffic if it happens again may prove > very useful. > -cmb > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
Oh yes, GUI still constantly blows up on me. Not sure if this is related to my issues or not. Interestingly, when the GUI blows up the box continues all other functions perfectly and passes traffic as normal. /etc/rc.bootup brings my GUI back up each time. Lastly, just wanted to mention again that I am not here to complain, just to give info to you guys to: A- Help with the development of the product B- Help me personally get a production PfSense system stable enough to rely on C- Possibly help others having the same issues. If my nagging is not welcome, I can certainly tone it down. Todd - Original Message - From: "Mojo Jojo" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:32 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! See my last message regarding what NICS are plugged in, I didn't explain that quite right earlier :) As for logs, the GUI on shows the last 100 or so log entries (even when I tell it to give me more, I think). With log viewing from the GUI limited I assume I need to look at some logs at the shell prompt. What are the names and locations of the logs that would be useful for me to look at? Thanks! Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 9:31 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! One nic only? How about system logs? Console messages? Scott On 9/21/05, Chris Buechler <[EMAIL PROTECTED]> wrote: Mojo Jojo wrote: > > Just some further info.. > > System died last night again after approx 6 hours of uptime. > > I could still get to the GUI, could still SSH to it but it would pass > any traffic through to the OPT 2 (DMZ) interface. > > I attempted to run /etc/rc.bootup at the command line which restarted > Pf fine. After the restart of Pf (not the whole computer) everything > thing was still in the same shape with no traffic passing through to > the DMZ. > > The only thing that corrected this was a reboot which I initiated via > the Pf GUI. > > Further info: > V. 0.84 > Running on a PIII 933 with 128mb of ram. I have 4 Linksys NICS > installed on the PCI bus and one on the motherboard which I had > disabled. > > Onboard NIC (disabled in BIOS) > Linksys NIC 1 > LAN > Linksys NIC 2 > WAN (static IP on a T1 with ascend T1 router on other > end) > Linksys NIC 3 > OPT 1 (DMZ where servers are) > Linksys NIC 4 > OPT2 (not in use at the moment) > > The PC is a DELL, Pf is running on a Hard Drive. > > I installed a fresh copy of 0.84, this is not an upgrade. > > All Linksys/Network Everywhere NICS are identical model NC100. > > I have 26 aliases setup, 46 rules on the WAN tab, 14 rules on the DMZ > tab and none on the LAN or OPT 2. > > I have nothing plugged into the WAN NIC and nothing plugged into the > LAN NIC at this time. > umm, above you say it stops passing traffic, here you say you only have one NIC plugged in? It can't pass traffic with only one NIC plugged in. system logs after it stops passing traffic if it happens again may prove very useful. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
I have never ever seen a box just all of the sudden stop working. Now you have :) Maybe I missed the point you were trying to make here. I am sure it stops passing traffic to my DMZ (OPT 2) interface and I am also sure that the GUI and SSH continue to operate. Additionally I am sure that /etc/rc.bootup at the shell does not change anything at all once the machine is in this state and that only a reboot brings it all back. As for console messages, I have not been in front of the machine at the console to see if there were any. This has happened twice so far, the first time after 4 days of uptime and the second after about 4 or 6 hours of uptime (can't remember exactly). Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 11:33 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! top from a shell will tell you this. I have never ever seen a box just all of the sudden stop working. If a box blows up, it goes big time with kernel panics, etc. And even this I have not seen since being on crappy 5.X. 6.X of FreeBSD is looking mighty fine. Scott On 9/21/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: I meant, nothing plugged into the LAN NIC and nothing plugged into the OPT 2 NIC. Sorry about that. I am starting to wonder if this could be a RAM issue, as in, not enough of it. Todd - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 9:19 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! > Mojo Jojo wrote: > >> >> Just some further info.. >> >> System died last night again after approx 6 hours of uptime. >> >> I could still get to the GUI, could still SSH to it but it would pass >> any >> traffic through to the OPT 2 (DMZ) interface. >> >> I attempted to run /etc/rc.bootup at the command line which restarted >> Pf >> fine. After the restart of Pf (not the whole computer) everything thing >> was still in the same shape with no traffic passing through to the DMZ. >> >> The only thing that corrected this was a reboot which I initiated via >> the >> Pf GUI. >> >> Further info: >> V. 0.84 >> Running on a PIII 933 with 128mb of ram. I have 4 Linksys NICS >> installed >> on the PCI bus and one on the motherboard which I had disabled. >> >> Onboard NIC (disabled in BIOS) >> Linksys NIC 1 > LAN >> Linksys NIC 2 > WAN (static IP on a T1 with ascend T1 router on other >> end) >> Linksys NIC 3 > OPT 1 (DMZ where servers are) >> Linksys NIC 4 > OPT2 (not in use at the moment) >> >> The PC is a DELL, Pf is running on a Hard Drive. >> >> I installed a fresh copy of 0.84, this is not an upgrade. >> >> All Linksys/Network Everywhere NICS are identical model NC100. >> >> I have 26 aliases setup, 46 rules on the WAN tab, 14 rules on the DMZ >> tab >> and none on the LAN or OPT 2. >> >> I have nothing plugged into the WAN NIC and nothing plugged into the >> LAN >> NIC at this time. >> > > umm, above you say it stops passing traffic, here you say you only have > one NIC plugged in? It can't pass traffic with only one NIC plugged in. > system logs after it stops passing traffic if it happens again may prove > very useful. > -cmb > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
See my last message regarding what NICS are plugged in, I didn't explain that quite right earlier :) As for logs, the GUI on shows the last 100 or so log entries (even when I tell it to give me more, I think). With log viewing from the GUI limited I assume I need to look at some logs at the shell prompt. What are the names and locations of the logs that would be useful for me to look at? Thanks! Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 9:31 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! One nic only? How about system logs? Console messages? Scott On 9/21/05, Chris Buechler <[EMAIL PROTECTED]> wrote: Mojo Jojo wrote: > > Just some further info.. > > System died last night again after approx 6 hours of uptime. > > I could still get to the GUI, could still SSH to it but it would pass > any traffic through to the OPT 2 (DMZ) interface. > > I attempted to run /etc/rc.bootup at the command line which restarted > Pf fine. After the restart of Pf (not the whole computer) everything > thing was still in the same shape with no traffic passing through to > the DMZ. > > The only thing that corrected this was a reboot which I initiated via > the Pf GUI. > > Further info: > V. 0.84 > Running on a PIII 933 with 128mb of ram. I have 4 Linksys NICS > installed on the PCI bus and one on the motherboard which I had > disabled. > > Onboard NIC (disabled in BIOS) > Linksys NIC 1 > LAN > Linksys NIC 2 > WAN (static IP on a T1 with ascend T1 router on other > end) > Linksys NIC 3 > OPT 1 (DMZ where servers are) > Linksys NIC 4 > OPT2 (not in use at the moment) > > The PC is a DELL, Pf is running on a Hard Drive. > > I installed a fresh copy of 0.84, this is not an upgrade. > > All Linksys/Network Everywhere NICS are identical model NC100. > > I have 26 aliases setup, 46 rules on the WAN tab, 14 rules on the DMZ > tab and none on the LAN or OPT 2. > > I have nothing plugged into the WAN NIC and nothing plugged into the > LAN NIC at this time. > umm, above you say it stops passing traffic, here you say you only have one NIC plugged in? It can't pass traffic with only one NIC plugged in. system logs after it stops passing traffic if it happens again may prove very useful. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
I meant, nothing plugged into the LAN NIC and nothing plugged into the OPT 2 NIC. Sorry about that. I am starting to wonder if this could be a RAM issue, as in, not enough of it. Todd - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Wednesday, September 21, 2005 9:19 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! Mojo Jojo wrote: Just some further info.. System died last night again after approx 6 hours of uptime. I could still get to the GUI, could still SSH to it but it would pass any traffic through to the OPT 2 (DMZ) interface. I attempted to run /etc/rc.bootup at the command line which restarted Pf fine. After the restart of Pf (not the whole computer) everything thing was still in the same shape with no traffic passing through to the DMZ. The only thing that corrected this was a reboot which I initiated via the Pf GUI. Further info: V. 0.84 Running on a PIII 933 with 128mb of ram. I have 4 Linksys NICS installed on the PCI bus and one on the motherboard which I had disabled. Onboard NIC (disabled in BIOS) Linksys NIC 1 > LAN Linksys NIC 2 > WAN (static IP on a T1 with ascend T1 router on other end) Linksys NIC 3 > OPT 1 (DMZ where servers are) Linksys NIC 4 > OPT2 (not in use at the moment) The PC is a DELL, Pf is running on a Hard Drive. I installed a fresh copy of 0.84, this is not an upgrade. All Linksys/Network Everywhere NICS are identical model NC100. I have 26 aliases setup, 46 rules on the WAN tab, 14 rules on the DMZ tab and none on the LAN or OPT 2. I have nothing plugged into the WAN NIC and nothing plugged into the LAN NIC at this time. umm, above you say it stops passing traffic, here you say you only have one NIC plugged in? It can't pass traffic with only one NIC plugged in. system logs after it stops passing traffic if it happens again may prove very useful. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
Just some further info.. System died last night again after approx 6 hours of uptime. I could still get to the GUI, could still SSH to it but it would pass any traffic through to the OPT 2 (DMZ) interface. I attempted to run /etc/rc.bootup at the command line which restarted Pf fine. After the restart of Pf (not the whole computer) everything thing was still in the same shape with no traffic passing through to the DMZ. The only thing that corrected this was a reboot which I initiated via the Pf GUI. Further info: V. 0.84 Running on a PIII 933 with 128mb of ram. I have 4 Linksys NICS installed on the PCI bus and one on the motherboard which I had disabled. Onboard NIC (disabled in BIOS) Linksys NIC 1 > LAN Linksys NIC 2 > WAN (static IP on a T1 with ascend T1 router on other end) Linksys NIC 3 > OPT 1 (DMZ where servers are) Linksys NIC 4 > OPT2 (not in use at the moment) The PC is a DELL, Pf is running on a Hard Drive. I installed a fresh copy of 0.84, this is not an upgrade. All Linksys/Network Everywhere NICS are identical model NC100. I have 26 aliases setup, 46 rules on the WAN tab, 14 rules on the DMZ tab and none on the LAN or OPT 2. I have nothing plugged into the WAN NIC and nothing plugged into the LAN NIC at this time. Any other info needed, just let me know and I will be happy to supply it. Thanks, Todd - Original Message ----- From: "Mojo Jojo" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 20, 2005 8:33 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! I will be happy to give you all the info I have, just not sure what you need. :) Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 20, 2005 1:24 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! I have no idea without knowing more information. Scott On 9/20/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Well, I did read all of the post.. This does hopefully keep the boot issues from occurring again but.. The even bigger question I still have is why did PfSense just stop working in the middle of doing it's business? As mentioned, I made a bunch of config changes and all was fine, PF continued routing and filtering traffic to a from my servers. I made one last change which was simply an allow all in and out of a particular server, once I did this everything worked fine for about two minutes then all traffic stopped passing through Pfs. I could still move around the GUI fine but all other functions of PfS were dead as a doornail. This is scary considering I have no explanation as to why it happen. I have the box with me, fixed the boot issue and I guess I will go put it back in place at the office later and hope it doesn't die again in the middle of the night :) See what I am saying? It's not just the boot issue, it's the issue that caused me to reboot in the first place. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 20, 2005 9:44 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! Yes, someone didn't read every message when they said they did :P We have no idea of the cause. We're still looking. But this should prevent it from happening again... If not we have a huge kernel / ufs issue on our hands. Scott On 9/20/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > Nevermind, I just saw this which should keep this from happening again. > > Thanks! > > ## > Everyone if you can go to a shell (option 8, and issue): > > chmod a-w /boot/loader.rc > chflags schg /boot/loader.rc > ## > > - Original Message - > From: Mojo Jojo > To: support@pfsense.com > Sent: Monday, September 19, 2005 11:37 PM > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > > OK, none of that happen to me either. > > Just trying to dig and see if I can figure out what happen so I can > feel > good about moving forward with PfSense. > > It's not too comforting I guess to just fix it and move on, my brain > wants > to find a reason I guess. > > Thanks for any help anyone can offer, otherwise I will just have hope > it > doesn't happen again. > > Todd > > - Original Message - > From: Bill Marquette > To: support@pfsense.com > Sent: Monday, September 19, 2005 11:28 PM > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > On 9/19/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > > Any idea why my Pf died in the middle of running? I didn't do an > > upgrade, > it > > was a system running on a fresh install of 0.84 days before. > > > > Also, besided the booting problem, I am wondering why it just stopped > > working which is what caus
Re: [pfSense Support] Argg! My PfSense just died!
I will be happy to give you all the info I have, just not sure what you need. :) Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 20, 2005 1:24 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! I have no idea without knowing more information. Scott On 9/20/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Well, I did read all of the post.. This does hopefully keep the boot issues from occurring again but.. The even bigger question I still have is why did PfSense just stop working in the middle of doing it's business? As mentioned, I made a bunch of config changes and all was fine, PF continued routing and filtering traffic to a from my servers. I made one last change which was simply an allow all in and out of a particular server, once I did this everything worked fine for about two minutes then all traffic stopped passing through Pfs. I could still move around the GUI fine but all other functions of PfS were dead as a doornail. This is scary considering I have no explanation as to why it happen. I have the box with me, fixed the boot issue and I guess I will go put it back in place at the office later and hope it doesn't die again in the middle of the night :) See what I am saying? It's not just the boot issue, it's the issue that caused me to reboot in the first place. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 20, 2005 9:44 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! Yes, someone didn't read every message when they said they did :P We have no idea of the cause. We're still looking. But this should prevent it from happening again... If not we have a huge kernel / ufs issue on our hands. Scott On 9/20/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > Nevermind, I just saw this which should keep this from happening again. > > Thanks! > > ## > Everyone if you can go to a shell (option 8, and issue): > > chmod a-w /boot/loader.rc > chflags schg /boot/loader.rc > ## > > - Original Message - > From: Mojo Jojo > To: support@pfsense.com > Sent: Monday, September 19, 2005 11:37 PM > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > > OK, none of that happen to me either. > > Just trying to dig and see if I can figure out what happen so I can feel > good about moving forward with PfSense. > > It's not too comforting I guess to just fix it and move on, my brain > wants > to find a reason I guess. > > Thanks for any help anyone can offer, otherwise I will just have hope it > doesn't happen again. > > Todd > > - Original Message - > From: Bill Marquette > To: support@pfsense.com > Sent: Monday, September 19, 2005 11:28 PM > Subject: Re: [pfSense Support] Argg! My PfSense just died! > > On 9/19/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > > > Any idea why my Pf died in the middle of running? I didn't do an > > upgrade, > it > > was a system running on a fresh install of 0.84 days before. > > > > Also, besided the booting problem, I am wondering why it just stopped > > working which is what caused me to reboot it in the first place. > > > > Thanks for any insight on this.. > > > > We've had reports on the IRC channel of this happening after a power > hit, > or > other crash too. > > --Bill > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
Well, I did read all of the post.. This does hopefully keep the boot issues from occurring again but.. The even bigger question I still have is why did PfSense just stop working in the middle of doing it's business? As mentioned, I made a bunch of config changes and all was fine, PF continued routing and filtering traffic to a from my servers. I made one last change which was simply an allow all in and out of a particular server, once I did this everything worked fine for about two minutes then all traffic stopped passing through Pfs. I could still move around the GUI fine but all other functions of PfS were dead as a doornail. This is scary considering I have no explanation as to why it happen. I have the box with me, fixed the boot issue and I guess I will go put it back in place at the office later and hope it doesn't die again in the middle of the night :) See what I am saying? It's not just the boot issue, it's the issue that caused me to reboot in the first place. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 20, 2005 9:44 AM Subject: Re: [pfSense Support] Argg! My PfSense just died! Yes, someone didn't read every message when they said they did :P We have no idea of the cause. We're still looking. But this should prevent it from happening again... If not we have a huge kernel / ufs issue on our hands. Scott On 9/20/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Nevermind, I just saw this which should keep this from happening again. Thanks! ## Everyone if you can go to a shell (option 8, and issue): chmod a-w /boot/loader.rc chflags schg /boot/loader.rc ## - Original Message - From: Mojo Jojo To: support@pfsense.com Sent: Monday, September 19, 2005 11:37 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK, none of that happen to me either. Just trying to dig and see if I can figure out what happen so I can feel good about moving forward with PfSense. It's not too comforting I guess to just fix it and move on, my brain wants to find a reason I guess. Thanks for any help anyone can offer, otherwise I will just have hope it doesn't happen again. Todd - Original Message - From: Bill Marquette To: support@pfsense.com Sent: Monday, September 19, 2005 11:28 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! On 9/19/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: > Any idea why my Pf died in the middle of running? I didn't do an > upgrade, it > was a system running on a fresh install of 0.84 days before. > > Also, besided the booting problem, I am wondering why it just stopped > working which is what caused me to reboot it in the first place. > > Thanks for any insight on this.. > We've had reports on the IRC channel of this happening after a power hit, or other crash too. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Argg! My PfSense just died!
Nevermind, I just saw this which should keep this from happening again. Thanks! ## Everyone if you can go to a shell (option 8, and issue): chmod a-w /boot/loader.rcchflags schg /boot/loader.rc ## - Original Message - From: Mojo Jojo To: support@pfsense.com Sent: Monday, September 19, 2005 11:37 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! OK, none of that happen to me either. Just trying to dig and see if I can figure out what happen so I can feel good about moving forward with PfSense. It's not too comforting I guess to just fix it and move on, my brain wants to find a reason I guess. Thanks for any help anyone can offer, otherwise I will just have hope it doesn't happen again. Todd - Original Message - From: Bill Marquette To: support@pfsense.com Sent: Monday, September 19, 2005 11:28 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! On 9/19/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Any idea why my Pf died in the middle of running? I didn't do an upgrade, itwas a system running on a fresh install of 0.84 days before.Also, besided the booting problem, I am wondering why it just stoppedworking which is what caused me to reboot it in the first place.Thanks for any insight on this..We've had reports on the IRC channel of this happening after a power hit, or other crash too.--Bill
Re: [pfSense Support] Argg! My PfSense just died!
OK, none of that happen to me either. Just trying to dig and see if I can figure out what happen so I can feel good about moving forward with PfSense. It's not too comforting I guess to just fix it and move on, my brain wants to find a reason I guess. Thanks for any help anyone can offer, otherwise I will just have hope it doesn't happen again. Todd - Original Message - From: Bill Marquette To: support@pfsense.com Sent: Monday, September 19, 2005 11:28 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! On 9/19/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Any idea why my Pf died in the middle of running? I didn't do an upgrade, itwas a system running on a fresh install of 0.84 days before.Also, besided the booting problem, I am wondering why it just stoppedworking which is what caused me to reboot it in the first place.Thanks for any insight on this..We've had reports on the IRC channel of this happening after a power hit, or other crash too.--Bill
Re: [pfSense Support] Argg! My PfSense just died!
OK, I have read every post within this thread. Thing I don't understand is this.. All the people who had trouble mentioned it happen during an upgrade.. So, question is.. Any idea why my Pf died in the middle of running? I didn't do an upgrade, it was a system running on a fresh install of 0.84 days before. Also, besided the booting problem, I am wondering why it just stopped working which is what caused me to reboot it in the first place. Thanks for any insight on this.. Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Monday, September 19, 2005 9:36 PM Subject: Re: [pfSense Support] Argg! My PfSense just died! This thread is played out now. Solutions and everything else is located at: http://www.mail-archive.com/support%40pfsense.com/msg01108.html On 9/19/05, Vivek Khera <[EMAIL PROTECTED]> wrote: On Sep 19, 2005, at 8:46 PM, Mojo Jojo wrote: > Running on a 900 or so Mhz processor inside of a Dell desktop type PC. > boot to your dell utility partition (I hope you didn't zap that when you installed pfSense). then run the system diagnostics. you probably want to turn off interactive tests so it checks out most of your system without bothering you. i'll bet it finds some hardware fault. freebsd works extremely well on most dell hardware as it is quite generic. Vivek Khera, Ph.D. +1-301-869-4449 x806 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Argg! My PfSense just died!
This is an ouch for sure.. Just got the last of about 10 servers behind PfSense with all the rules etc. after testing with a few machines for about a week. I had at least 4 days straight up time without a hiccup (except the GUI dying a lot).. Today, I just put the very last machine which I setup as a VERY temporary allow all in and out just for that server until I got home in a few minutes. I wanted to finish configuring it there. I made the last changes, moved the cable to the new switch behind PfSense. Everything worked for about 2 minutes then it all died, except the ability to continue to move around the PfSense GUI. Everything behind PfSense was all of a sudden inaccessible. Since I was a bit freaked out I decided to try a reboot, at reboot it died and would come back up. I had to move everything back. Here is what the message says on the console at the moment, tried rebooting 3 times and this is all I get. Not sure if my hard drive died or not, going to check that next. Also, I am only running 128 mb of ram to handle an average T1s worth of traffic with about 30 or 40 rules and 10 or so servers with 20 or 30 aliases. Running on a 900 or so Mhz processor inside of a Dell desktop type PC. Here is the message, any help would be greatly appreciated! Oh yeah, running 0.84, fresh install on a hard drive. --- Can't work out which disk we are booting from. Guessed BIOS device 0x not found by probes, defaulting to disk0: panic: free: gaurd1 fail @ 0x519ac from /usr/src/sys/boot/i386/loader/../../comm on/module.c:957 --> Press any key on the console to reboot <-- -- Thanks, Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] What happen to 0.84.6?
Yes, in my last message to the list I said: "Sorry, just saw the blog message about the mirrors. Anyhow, I don't see the 0.84.6 ISO on there. Did I miss it? Todd" Thing is, I went to the "old" download location and can't find 0.84.6.. Anyhow, I found it on my machine because I had downloaded it the other day. Thanks.. Todd -- Need A Toll Free Number That Follows You? http://www.CallChasers.com - Original Message - From: "Gary Buckmaster" <[EMAIL PROTECTED]> To: Sent: Monday, September 19, 2005 3:09 PM Subject: RE: [pfSense Support] What happen to 0.84.6? Todd, It's been covered several times already on the mailing list, and on the blog. You do read the blog right? http://pfsense.blogspot.com/ -Gary -Original Message- From: Mojo Jojo [mailto:[EMAIL PROTECTED] Sent: Monday, September 19, 2005 2:59 PM To: PfSense Support List Subject: [pfSense Support] What happen to 0.84.6? What happen to the 0.84.6 ISO downloads on all the mirrors? I thought I saw it there the other day, now I only see 0.84. Thanks, Todd -- Need A Toll Free Number That Follows You? http://www.CallChasers.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] What happen to 0.84.6?
Sorry, just saw the blog message about the mirrors. Anyhow, I don't see the 0.84.6 ISO on there. Did I miss it? Todd -- Need A Toll Free Number That Follows You? http://www.CallChasers.com - Original Message - From: "Mojo Jojo" <[EMAIL PROTECTED]> To: "PfSense Support List" Sent: Monday, September 19, 2005 2:59 PM Subject: [pfSense Support] What happen to 0.84.6? What happen to the 0.84.6 ISO downloads on all the mirrors? I thought I saw it there the other day, now I only see 0.84. Thanks, Todd -- Need A Toll Free Number That Follows You? http://www.CallChasers.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] What happen to 0.84.6?
What happen to the 0.84.6 ISO downloads on all the mirrors? I thought I saw it there the other day, now I only see 0.84. Thanks, Todd -- Need A Toll Free Number That Follows You? http://www.CallChasers.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Problems in Traffis shapper in 0.84.6 are outlive, but even more.
Guys (developers and all those helpful on the list) Sometimes it's nice to be reminded how much people appreciate you working on a free opensource project! I for one really love the work you guys do and I am sure many other users of PfSense do as well. So, even though you may feel pooped on, I am hear to tip my hat to you and remind you that many others also appreciate what you do! Keep on keeping on.. --Todd - Original Message - From: Bill Marquette To: support@pfsense.com Sent: Friday, September 16, 2005 10:03 AM Subject: Re: [pfSense Support] Problems in Traffis shapper in 0.84.6 are outlive, but even more. On 9/16/05, Robo.K. <[EMAIL PROTECTED]> wrote: 2./ In Queues isn`t displayed three boxes for speed - min/max/shared.Not sure what you're asking for here? Is this a bug, or a feature request?O my god. In 0.84 it works . In 0.84.6 it missing.Are you blind :-]? Hang on a second, this is what I get for helping? Forget it, I'm done with you.--Bill
Re: [pfSense Support] Understand log entry
So, if I am reading you right, this is something I should mostly ignore and not worry about too much? Oh and if I haven't said it yet.. Thanks to all those involved in this project, it's a GREAT piece of software! Regards, Todd - Original Message - From: Bill Marquette To: support@pfsense.com Sent: Thursday, September 15, 2005 9:30 PM Subject: Re: [pfSense Support] Understand log entry Looks like a packet from MyIPWasHere destined for 209.86.93.236 port 25 with the flags FIN/PSH/ACK set was blocked. This happens frequently for traffic that is out of state - most commonly because it's a delayed packet. There are other reasons, but it usually has something to do with timing of the packet involved.--Bill On 9/15/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: Can anyone tell me what this log entry means?Sep 15 20:36:16 pf: 594200 rule 65/0(match): block in on dc2:MyIPwasHere.1284 > 209.86.93.236.25: FP 0:6(6) ack 1 win 16954I have replaced my IP with "MyIPwasHere"... It looks to me like a packet going out from my server (MyIPwasHere) on thedc2 interface (my DMZ interface) to 209.86.93.236 on port 25 was blocked byPfSense.Is this all correct? If so, I am not sure why because I have a rule setup to specifically allow this.In fact, if the rule wasn't working I would have serious phone calls at thispoint because customers wouldn't be getting their mail.I don't see a ton of these but I do see enough to make me wonder why things are being rejected on port 25 out from my DMZ on occassion.Thanks in advance for any help.Todd-To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Understand log entry
Can anyone tell me what this log entry means? Sep 15 20:36:16 pf: 594200 rule 65/0(match): block in on dc2: MyIPwasHere.1284 > 209.86.93.236.25: FP 0:6(6) ack 1 win 16954 I have replaced my IP with "MyIPwasHere"... It looks to me like a packet going out from my server (MyIPwasHere) on the dc2 interface (my DMZ interface) to 209.86.93.236 on port 25 was blocked by PfSense. Is this all correct? If so, I am not sure why because I have a rule setup to specifically allow this. In fact, if the rule wasn't working I would have serious phone calls at this point because customers wouldn't be getting their mail. I don't see a ton of these but I do see enough to make me wonder why things are being rejected on port 25 out from my DMZ on occassion. Thanks in advance for any help. Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Wan-side problem...
Scott, Is it the GUI failing in general that's fixed? Not sure if you were referring to a specific issue with DynDNS and the GUI or if you mean the GUI problems in general. Thanks, Todd - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Cc: <[EMAIL PROTECTED]> Sent: Thursday, September 15, 2005 10:00 AM Subject: Re: [pfSense Support] Wan-side problem... This is fixed in CVS. Look for the new version soon. Scott On 9/15/05, Damien Dupertuis <[EMAIL PROTECTED]> wrote: Hello, Here I am again with my dyndns/pppoe problems :-) For three day my 0.83 seems to have strange comportments... After a day or so, the wan side seems to fail... ewerythig else works ok... then I'm forced to do a reboot and it works for a day and fail... :-( I disabled the dyndns service and it seems to work...but I don't know if there is a real connection... next time it hangs, what do you want me to spot in the logs??? regards... ___ Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger Téléchargez cette version sur http://fr.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Autodetect & CPU Usage
Thanks Chris, I just now saw your email about the display being wrong. Todd - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 13, 2005 3:16 PM Subject: Re: [pfSense Support] Autodetect & CPU Usage Scott Ullrich wrote: 2- On the "System Overview" screen I show the following: CPU usage: 67% Memory usage: 29% SWAP usage: 0% Disk usage: 3% Should be fixed in CVS Erik redid all of our meters in ajax. I might add it's a display quirk that's been going on for a while now, it wasn't actually using that much CPU. -cmb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Autodetect & CPU Usage
2- On the "System Overview" screen I show the following: CPU usage: 67% Memory usage: 29% SWAP usage: 0% Disk usage: 3% Should be fixed in CVS Erik redid all of our meters in ajax. --- OK, how would I get the fix? Is it already available? Also, are you saying that the display is just wrong? It must be, I can't imagine using that much CPU with basically nothing happening on the box. Sorry for all the questions, a little new here. Thanks! --- - Original Message - From: "Scott Ullrich" <[EMAIL PROTECTED]> To: Sent: Tuesday, September 13, 2005 2:55 PM Subject: Re: [pfSense Support] Autodetect & CPU Usage On 9/13/05, Mojo Jojo <[EMAIL PROTECTED]> wrote: --snip-- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Autodetect & CPU Usage
OK, loaded up M0n0wall first and played with that a while and now I have installed PfSense. Two things I noticed so far that I found curious, maybe you folks could comment. 1- When installing M0n0wall earlier on the same piece of hardware (see below for hardware specs) the "a" option for auto detecting the cable when it's connected worked perfectly, in fact I did this three or four times without fail. When attempting this with the same hardware, cables, switch and DSL modem, it fails every time and on every NIC using PfSense. I just named the interfaces by hand and when on and all is well. So, not a complaint of course just thought it might be a bug in v. 0.84. 2- On the "System Overview" screen I show the following: CPU usage: 67% Memory usage: 29% SWAP usage: 0% Disk usage: 3% My CPU usage seems to go between 67% and 71% or so and doesn't move much from this range. Seems to me that with the hardware I am using, and the fact that I only have one desktop machine turned on and accessing the internet, that this amount of CPU usage is excessive. Can someone tell me if this much CPU usage is normal? I am planning on using this solution to protect a much larger setup with a LOT more traffic than what's going through this device now. I am afraid to see what happens with traffic if my CPU is already at 70% with virtually no bandwidth passing through. I am running a fresh install of 0.84. Also, I think my CPU usage with M0n0wall was like some tiny number like 5%. Thoughts? Specs below. Hardware: PIII 933 128 mb ram 4 Linksys 10/100 Network Everywhere NICS 1 Onboard NIC which I have disabled. Dell Mboard of some sort. Thanks, Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]