[pfSense] supermicro A1SRI-2758F-O igb0: Could not setup recieve structures
Has anyone that recently build or purchased the supermicro 2758 (Rangley) seen these errors before? This box would be somewhat identical to what is sold in the pfsense store and netgate minus the support and custom tuning, http://store.netgate.com/Firewall/C2758.aspx http://store.pfsense.org/c2758/ I seem to get the message *igb0: Could not setup recieve structures* multiple times on my LAN interface. I found this case documented here as a bug for the igb driver but it has been marked as resolve and is over three years old so didnt figure it was still a problem. https://redmine.pfsense.org/issues/1221 Please help... ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] supermicro A1SRI-2758F-O igb0: Could not setup recieve structures
Hi Kevin Am 12.05.2014 08:37, schrieb Kevin Boatswain: Has anyone that recently build or purchased the supermicro 2758 (Rangley) seen these errors before? This box would be somewhat identical to what is sold in the pfsense store and netgate minus the support and custom tuning, http://store.netgate.com/Firewall/C2758.aspx http://store.pfsense.org/c2758/ I seem to get the message *igb0: Could not setup recieve structures* multiple times on my LAN interface. I found this case documented here as a bug for the igb driver but it has been marked as resolve and is over three years old so didnt figure it was still a problem. https://redmine.pfsense.org/issues/1221 I've seen such errors on a system with quad i350 NICs where I could only enable 2 out of 4 ports if I remember correctly. Have you tried the loader.conf.local changes as reference in the bug tracker? Also see the wiki on this topic: https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards If you have built it yourself you don't a Netgate-flavoured but vanilla image, the images on Netgate appliances (as Jim T. mentioned once on the list) contain some pre-tuning in order to run pfSense smoothly out-of-the-box. The tuning is specific per system which is why it isn't applied to the standard image. -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] supermicro A1SRI-2758F-O igb0: Could not setup recieve structures
Mathieu Thank you for the response I wasn't sure if anyone would be up at this time to help (2:30 am central time us where i am at). I ended up trying these settings in the /boot/loader.conf.local kern.ipc.nmbclusters=131072 hw.igb.num_queues=4 I however am not sure if these settings are appropiate for my setup or not. My box does currently have 4 igb nics (intel i354 x 4) and also currently has 8 cores (c2756) . Does this mean I should try hw.igb.num_queues=8 instead of hw.igb.num_queues=4 ? I am not familiar with these settings just trying to figure out what settings I should apply for stability and out of the box performance. On Mon, May 12, 2014 at 2:28 AM, Mathieu Simon (Lists) matsimon.li...@simweb.ch wrote: Hi Kevin Am 12.05.2014 08:37, schrieb Kevin Boatswain: Has anyone that recently build or purchased the supermicro 2758 (Rangley) seen these errors before? This box would be somewhat identical to what is sold in the pfsense store and netgate minus the support and custom tuning, http://store.netgate.com/Firewall/C2758.aspx http://store.pfsense.org/c2758/ I seem to get the message *igb0: Could not setup recieve structures* multiple times on my LAN interface. I found this case documented here as a bug for the igb driver but it has been marked as resolve and is over three years old so didnt figure it was still a problem. https://redmine.pfsense.org/issues/1221 I've seen such errors on a system with quad i350 NICs where I could only enable 2 out of 4 ports if I remember correctly. Have you tried the loader.conf.local changes as reference in the bug tracker? Also see the wiki on this topic: https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards If you have built it yourself you don't a Netgate-flavoured but vanilla image, the images on Netgate appliances (as Jim T. mentioned once on the list) contain some pre-tuning in order to run pfSense smoothly out-of-the-box. The tuning is specific per system which is why it isn't applied to the standard image. -- Mathieu --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] blog.pfsense.org OCSP lookup fails
On 11 May 2014 at 11:18, Chris L wrote: The OCSP server is run by the registrar, not pfSense. Good point. I don´t believe this error has anything to do with mixed content on the page. It simply means that you have hard fail turned on for OCSP and, for some reason, couldn´t check the status at the globalsign server. $ openssl ocsp -CAfile globalsign.pem -issuer globalsign.pem -VAfile globalsign.pem -cert wildcard.pfsense.org.pem -url http://ocsp2.globalsign.com/gsdomainvalg2 -header HOST ocsp2.globalsign.com Response verify OK wildcard.pfsense.org.pem: good This Update: May 11 18:19:06 2014 GMT Works here. It worked this morning, must have been a temporary problem at Globalsign's OCSP server. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Intel Pro/1000 PT Quad Port PCI-e Gigabit Ethernet
On Fri, May 9, 2014 at 6:02 PM, Dave Warren da...@hireahit.com mailto:da...@hireahit.com wrote: Anyone have experience with a Intel Pro/1000 PT Quad Port PCI-e Gigabit Ethernet Server Adapter EXP19404PT on pfSense? From wandering the forums it looks like it should be supported in pfSense 2, but I can't find any confirmation that it actually works. Or alternatively, can anyone else recommend a quad port that's available at a reasonable price for a small deployment? -- Dave Warren http://www.hireahit.com/ http://ca.linkedin.com/in/davejwarren I have used these (and the Dual-port Pro/1000 MT version) in pfSense with no problems. Moshe -- Moshe Katz -- mo...@ymkatz.net mailto:mo...@ymkatz.net -- +1(301)867-3732 Same here… no problems… we use them in a clustered pfsense environment (2 servers in a cluster) and have 2 card in each server… runs great ;-) regards, martin ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] High iostat
My pfsense laptop with a PATA CF card is disk bound these days. The disk is always busy above 60% and mostly in the 90's. Futhermore the service times are abysmal. It takes more than a minute just to refresh the dashboard. Initially the system was very quick but then i later i intruduced Captive Portal and then Radius (with accounting). I think all of these are writing constantly to the filesystem. I do have plenty of RAM so i was thinking to place the captive portal and other logs on a ram disk. Is this possible in pfsense? BTW it would be very nice to have a tool like lsof to see what files a pid has open and writing too. But pfsense does not have lsof package. Thanks ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] High iostat
pfSense has menu options that allow to move/create /tmp and /var in RAM. These can be found in SystemAdvancedMiscellaneous. Then logging would be written to the RAM disk. Note that the logs will be lost when the power goes out. You will need to setup a scheduled job that does backups if you wish to persist the logs across reboots. Also note that all file systems slow down as the get full. As flash runs out of empty write blocks, its performance also suffers. Something you might try is the replace the existing flash card with something 2x-4x times larger. You might try getting the lsof package/tool from a FreeBSD 8.3 machine (assuming you are running the current version of pfSense) and installing/copying it to your system. FreeBSD has two commands that provide many of the features in lsof: fstat sockstat pfSense has both of these commands installed. On Mon, May 12, 2014 at 8:09 PM, Wajih Ahmed wajih.ah...@gmail.com wrote: My pfsense laptop with a PATA CF card is disk bound these days. The disk is always busy above 60% and mostly in the 90's. Futhermore the service times are abysmal. It takes more than a minute just to refresh the dashboard. Initially the system was very quick but then i later i intruduced Captive Portal and then Radius (with accounting). I think all of these are writing constantly to the filesystem. I do have plenty of RAM so i was thinking to place the captive portal and other logs on a ram disk. Is this possible in pfsense? BTW it would be very nice to have a tool like lsof to see what files a pid has open and writing too. But pfsense does not have lsof package. Thanks ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] High iostat
On Mon, May 12, 2014 at 11:22 PM, Walter Parker walt...@gmail.com wrote: You might try getting the lsof package/tool from a FreeBSD 8.3 machine (assuming you are running the current version of pfSense) and installing/copying it to your system. On Mon, May 12, 2014 at 8:09 PM, Wajih Ahmed wajih.ah...@gmail.comwrote: BTW it would be very nice to have a tool like lsof to see what files a pid has open and writing too. But pfsense does not have lsof package. You can install lsof on pfsense with the following command: pkg_add -r lsof. Note that some of the older 2.x versions of pfSense (likely just 2.0.x) look for the package in a location on the FreeBSD ports servers that no longer exists. If you get an error about the package not being found, you can run this longer version of the command: pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.3-release/Latest/lsof.tbz (The 8.3 version of the package should work even on the older 8.1-based pfSense. I've had no problems with it on an older testing box I have.) Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] High iostat
On 05/12/14 23:09, Wajih Ahmed wrote: BTW it would be very nice to have a tool like lsof to see what files a pid has open and writing too. But pfsense does not have lsof package. In addition to the other things mentioned, run: top -aSH press 'm' to switch to i/o view to see what process is hogging the disk. Jim ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
