Well I got those new supermicro systems (5014C-MF) I talked about before
and popped in the pfSense .70.1 cdrom into an external usb 2.0 drive
hooked up to the machine. It sees the cdrom and tries to boot it but
right after a bunch of BTX error codes are on the screen stuff like
- Original Message -
From: Matthew Lenz [EMAIL PROTECTED]
To: pfsense discussion@pfsense.com
Sent: Wednesday, July 27, 2005 3:42 PM
Subject: Re: [pfSense-discussion] multipe ips on the wan interface?
I should have said
1. add virtual ip (am I supposed to beable to select the cidr
ok..thats what I was thinking. but it was doing this without preemption
enabled before. was the check box not functioning and enabled by default?
- Original Message -
From: Scott Ullrich [EMAIL PROTECTED]
To: Matthew Lenz [EMAIL PROTECTED]
Cc: pfsense discussion@pfsense.com
Sent
What are some good command line settings to get an idea of what kind of
throughput pfsense has? currently I'm just doing:
host1: iperf -c host2
host2: iperf -s
and getting about 613 Mbits/sec. Where host1 is on the LAN net and host2
is on the OPT1 net (in other words the route through the
On Fri, 2005-08-12 at 16:10 -0500, Bill Marquette wrote:
I usually use:
client: iperf -P 2 -w 128k -c server
server: iperf -w 128k -s
And I'd recommend using:
http://dast.nlanr.net/Projects/Iperf/iperfdocs_1.7.0.html
Also, I'm not sure FreeBSD uses polling mode for the em driver by
/A Duplex:N/A
em3: Intel(R) PRO/1000 Network Connection, Version - 2.1.7 port
0xd300-0xd33f mem 0xd006-0xd007 irq 27 at device 6.1 on pci3
em3: Ethernet address: 00:04:23:ba:7b:e7
em3: Speed:N/A Duplex:N/A
maybe?
On Fri, 2005-08-12 at 16:32 -0500, Matthew Lenz wrote:
On Fri, 2005-08-12 at 16
sorry for the top reply.. they are all debian linux (afaik the ultimate
server os ;) )
- Original Message -
From: Bill Marquette [EMAIL PROTECTED]
To: Matthew Lenz [EMAIL PROTECTED]
Cc: discussion@pfsense.com
Sent: Friday, August 12, 2005 5:47 PM
Subject: Re: [pfSense-discussion
# ifconfig em0 polling
ifconfig: polling: Invalid argument
- Original Message -
From: Scott Ullrich [EMAIL PROTECTED]
To: Fleming, John (ZeroChaos) [EMAIL PROTECTED]
Cc: Bill Marquette [EMAIL PROTECTED]; Matthew Lenz
[EMAIL PROTECTED]; discussion@pfsense.com
Sent: Friday, August 12
I guess it might not be considered secure anyway but I've got a couple
rules to allow outbound access to a couple internet hosts (some external
xmlrpc stuff one of our apps uses) but it seems that the firewall isn't
always able to reliably resolve the names during startup. It makes
sense that the
My config changes are not being synced to fw1 when I make them on fw0.
Is there a log some where I can look at to see how/why this is failing?
Here are the 'Services: CARP Settings'
on fw0 (primary firwall):
Synchronize Interface: OPT4
Synchronize to IP: OPT4's interface ip
Remote System
becomes more obvious. I figured that maybe you
guys who look to the configs all the times for issues might know of a
tool to do this.
On 8/23/05, Matthew Lenz [EMAIL PROTECTED] wrote:
My config changes are not being synced to fw1 when I make them on fw0.
Is there a log some where I can look
included when it really doesn't.
--Bill
On 8/23/05, Matthew Lenz [EMAIL PROTECTED] wrote:
My config changes are not being synced to fw1 when I make them on fw0.
Is there a log some where I can look at to see how/why this is failing?
Here are the 'Services: CARP Settings'
on fw0
or the other on the same daemon.
On Tue, 2005-08-23 at 14:05 -0400, Scott Ullrich wrote:
On 8/23/05, Matthew Lenz [EMAIL PROTECTED] wrote:
bingo, I am using https. Is there a work around other than not using
https currently?
Not at the moment.
Is this always supposed to be a /32? I'm using /32 on all of them right
now and it works but it still seems to me that since its asking for the
netmask of that ip that I should be using /24 (192.168.1.0 network) for
the private gw vips and /27 (which is what my public ip range is) for
the public
something to do with the netmask not being
entirely accurate.
On Thu, 2005-08-25 at 11:20 -0400, Scott Ullrich wrote:
On FreeBSD /32 works just fine for aliases.
Scott
On 8/25/05, Matthew Lenz [EMAIL PROTECTED] wrote:
Is this always supposed to be a /32? I'm using /32 on all of them right
now
the CARP address lives on...a /32
_should_ work, that's how I've had mine setup for ages, but I opened
it up to the netmask for correctness sake.
--Bill
On 8/25/05, Matthew Lenz [EMAIL PROTECTED] wrote:
Is this always supposed to be a /32? I'm using /32 on all of them
right
now
I had an interesting thing happen today. The watchdog (atleast thats what
the system log called it) on my WAN interface reset the WAN interface (any
idea why that would have happened?) which caused all my outbound NAT to
longer work. All my private gw (LAN/OPT*) carp interfaces/ips were still
On Fri, 2005-08-26 at 01:50 -0400, Chris Buechler wrote:
On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote:
The watchdog (atleast thats what
the system log called it) on my WAN interface reset the WAN interface (any
idea why that would have happened?)
various reasons. I have some
.
Really, use Intel.
On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote:
On Fri, 2005-08-26 at 01:50 -0400, Chris Buechler wrote:
On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote:
The watchdog (atleast thats what
the system log called it) on my WAN interface reset the WAN interface
I'm seeing something kinda weird the 0PT1/em0 interface on my secondary
firewall. For some reason its 100/full and should be running 1000/full.
I checked the switch (managed) and confirmed it. The switch is
configured (but negotiation isn't disabled) to run 1000/full for that
port and all my
Marquette wrote:
Are you using pre-empt?
--Bill
On 8/26/05, Matthew Lenz [EMAIL PROTECTED] wrote:
I had an interesting thing happen today. The watchdog (atleast thats what
the system log called it) on my WAN interface reset the WAN interface (any
idea why that would have happened?) which
Scott mentioned that functionality required ifdepd .. preempt results in the
same behavior?
- Original Message -
From: Bill Marquette [EMAIL PROTECTED]
To: Matthew Lenz [EMAIL PROTECTED]
Cc: discussion@pfsense.com
Sent: Friday, August 26, 2005 7:00 PM
Subject: Re: [pfSense-discussion
Aug 27 21:02:02 kernel: pool_ticket: 34320 != 34322
Aug 27 21:02:02 php: : There were error(s) loading the rules: - The line in
question reads []:
Not sure what either of those lines imply. i included both because they
happened at the same time. Above those lines were more of the slbd 'poll
if disabling some of the extra
onboard hardware helps matters. Does freebsd do smp very well? this is a
hyperthreaded intel cpu in these machines and it looks like its enabling smp
in the syslog.
- Original Message -
From: Scott Ullrich [EMAIL PROTECTED]
To: Matthew Lenz [EMAIL PROTECTED
ok I take some of that back.. I'm getting the poll failures on the primary
as well.
Side/unrelated note. Does carp log any where when it switches an interface
from master to backup?
- Original Message -
From: Matthew Lenz [EMAIL PROTECTED]
To: Scott Ullrich [EMAIL PROTECTED]
Cc
If you have two firewalls and are going to do failover I'd say go for it.
If you only have one you can't make a change and see if it breaks stuff and
still recover quickly. If you have two you can simply disable CARP on the
malfunctioning firewall until its fixed. Its worked well for me and I
.. above is all there is.
-Matt
On 9/13/05, Matthew Lenz [EMAIL PROTECTED] wrote:
i logged in and killed the pftpx server.. and restarted it with full
debugging. when i hit an ftp site from LAN net machine .. i see it
proxying everything. however, when I attempt it from the OPT net
machine
to any port 21 - 127.0.0.1 port 8021
rdr on em3 proto tcp from any to any port 21 - 127.0.0.1 port 8021
rdr on bge1 proto tcp from any to any port 21 - 127.0.0.1 port 8021
^^ Those are it. Do you see a rdr for the interface in question?
On 9/13/05, Matthew Lenz [EMAIL PROTECTED] wrote
I didn't think that it was supposed to be possible to access a VIP from
behind the firewall which is serving that VIP? Is it possible that
since I'm using CARP on all my VIPs that I've found an exception?
Basically: I'm able to hit a public CARP ip from my LAN segment
(private non-routable ips)
Matthew Lenz wrote:
Just had a situation where a backend job was hanging because it couldn't
get to an ip. the tcp connect just kinda hung and this particular
software module had a really long timeout set. Is there a reason why
for example there is a global block in pfsense as opposed
I think checkpoint has been reading the mailing list ;)
http://it.slashdot.org/article.pl?sid=05/10/06/1640258tid=172tid=218
I've said it before, pfSense is the only open source FW that comes close
to (and exceeds in some aspects) commercial offerings like checkpoint.
On Thu, 2005-09-22 at
did this get fixed yet? I'm still running a 82.x version and haven't had a
chance to upgrade yet. Was planning on upgrading once 1.0 came out.
-Matt
Is this the main drive in the system? I wouldn't want to send you
something slow since its a new system. If you'd rather wait a few days
and see if people donate enough to get a nicer SATA drive we can do
that.
On Wed, 2005-10-19 at 12:52 -0500, Bill Marquette wrote:
On 10/19/05, Matthew Lenz
from the release notes for FreeBSD 6.0
cdboot now works around a BIOS problem observed on some systems when
booting from USB CDROM drives.
swet. This was kicking my butt when I first started using pfSense.
I was really hesitant about upgrading my FWs because if they got horked
really bad
we use the same switch for everything and have it broken into untagged
vlans which simulate breaking the switch up into smaller switches. we
have two switches total with the same configuration and one port on each
is configured as a trunk (the switches are connected to one another).
All servers
offer is avoid Dell switches, they are junk.
-Matt
On Tue, 2005-12-13 at 11:35 -0500, Scott Ullrich wrote:
Fancy. Have to say that I haven't experimented with multiple
switches as of yet.
Good to know!
On 12/13/05, Matthew Lenz [EMAIL PROTECTED] wrote:
we use the same switch
most 1U units come with 2 gig ethernet ports now days and you can add a
quad-gig intel pci-x card to them. Thats what we did.
http://www.supermicro.com/products/system/ for the machines (case+mb)
you can buy these machines from lots of different resellers. newegg.com
is where we got ours.
could probably do it with a tool tip. think thats provided by some
standard html tag if I remember right. something with alt text or
something.
On Sun, 2006-03-05 at 10:04 -0600, Bill Marquette wrote:
On 3/5/06, Lawrence Farr [EMAIL PROTECTED] wrote:
How about having the ip's pop up if you
39 matches
Mail list logo