Re: [pfSense] Vlan Trunk

What exactly is your question here? I don't see any issue implementing this. -lsf On Wed, May 2, 2012 at 7:08 PM, steel max steelmax11...@gmail.com wrote: Dear All, I am trying to implement a wireless network on my corporate environment using, Authentication by Domain Controller windows AD

Re: [pfSense] Vlan Trunk

With one exception, it seems you want to use the same vlan as both lan and wan (Vlan 10)??? On Wed, May 2, 2012 at 8:34 PM, Espen Johansen pfse...@gmail.com wrote: What exactly is your question here? I don't see any issue implementing this. -lsf On Wed, May 2, 2012 at 7:08 PM, steel max

Re: [pfSense] pfSense routing and TCP sequence numbers

-in-wireshark-captures/ On Sat, Sep 14, 2013 at 1:12 PM, Espen Johansen pfse...@gmail.com wrote: Try tcpdump + wireshark. Then read this: http://packetlife.net/blog/2010/jun/7/understanding-tcp-sequence-acknowledgment-numbers/ pfSense should not change sequence numbers unless you tell it to do so

Re: [pfSense] Hardware requirements for gigabit wirespead

What else is new with thinker as op. 25. okt. 2013 02:18 skrev Jim Thompson j...@netgate.com følgende: The topic has wandered away from pfSense. -- Jim On Oct 24, 2013, at 18:48, Chris Bagnall pfse...@lists.minotaur.cc wrote: On 24/10/13 7:31 pm, Adam Thompson wrote: If I upgraded to

Re: [pfSense] Restoring from XML prevents VM from booting

Might be that serial redirection makes it show nothing. Bad drives might also cause files to be corrupted. same goes for bad memory. Make sure both are same versions. 5. feb. 2014 18:42 skrev Brian Candler b.cand...@pobox.com følgende: This is a really strange behaviour, I wonder if anyone has

Re: [pfSense] Gateway on a gateway...

Tell your provider to do what mojo said. Or set it up yourself if you have access to the provider routers. Third option is VPN between the pfsense boxes so you can override the routing. 17. mai 2014 21:53 skrev Klaus Wunder kl...@net-wunder.de følgende: Hello, you can use pfSense as a BGP

Re: [pfSense] default gateway over MPLS VPN

You asked this already and it has been responded to. Dont double post! 20. mai 2014 17:54 skrev Michael Schuh michael.sc...@gmail.com følgende: 2014-05-20 11:31 GMT+02:00 Faisal Gillani faisal.gill...@akesp.org: Hello all I am using Pfsense with everything, Pfsense based multi homed firewall

Re: [pfSense] Disk Space

1kb size should clue you in. This is however completely normal. 7. juni 2014 12:45 skrev Brian Caouette bri...@dlois.com følgende: Mounted Filesystems*Type**Partition**Percent Capacity**Free**Used**Size* /dev/da0s1a 17%4.38 GB988.37 MB5.81 GB/dev/md0 2%3.26 MB62.00 KB3.61 MB devfs 100%0.00

Re: [pfSense] Unbound vs stock

Add it to pfsense dns list. Remove it from dhcp etc. If it's used there. 12. juli 2014 01:26 skrev Brian Caouette bri...@dlois.com følgende: So the fix to make it work the same would be to add 127.0.0.1 to resolv.conf manually? Sent from my iPad On Jul 11, 2014, at 6:19 PM, Dave Warren

Re: [pfSense] Host Connectivity on a Specific Subnet

I get rid of it? SystemRoutingRoutes indicates that no static routes are set up. Is there a routing configuration file somewhere? Best Regards, -Stefan On 7/11/2014 6:35 PM, Espen Johansen wrote: Please provide a network drawing. I suspect you have a arp leak or a switch that needs

Re: [pfSense] Host Connectivity on a Specific Subnet

-enabled, I would need to run a cronjob every second or so. And even that is not a great solution -- I'd reinstall before that. I'd really prefer a more elegant solution if possible. Any other ideas? Am I searching for the wrong thing? Best Regards, -Stefan On 7/12/2014 2:46 AM, Espen

Re: [pfSense] Host Connectivity on a Specific Subnet

remote as I´m on vacation with flaky 3G mobile. On Sun, Jul 13, 2014 at 12:37 AM, Stefan Maerz stefan.ma...@thecommunitypartnership.org wrote: No 3rd party routing installed. -Stefan On 7/12/2014 5:19 PM, Espen Johansen wrote: Only thing I can think of is that a package with a seperate

Re: [pfSense] ZFS warning message on local console during boot

ZFS = FS+LVM. Its efficient in many ways. Its highly resillient to things like silent data corruption ( disk FW bugs, power spikes). It has on the fly checking and repair. Copy on write, snapshoting, NFSv4 native acls and a few more nice things. I dont understand the bashing? -lsf 30. juli 2014

Re: [pfSense] ZFS warning message on local console during boot

Also remeber that pfsense has had packages like freenas (for some the Ultimate all in one home device). -lsf 30. juli 2014 22:24 skrev Paul Mather p...@gromit.dlib.vt.edu følgende: On Jul 30, 2014, at 4:09 PM, Espen Johansen pfse...@gmail.com wrote: ZFS = FS+LVM. Its efficient in many ways

Re: [pfSense] Dual IP nets over one ethernet connector

If you have a vlan capable switch (most managed switches can do this) then you can split one interface into several virtuals. Pfsense supports this. If not, a USB ethernet interface would be an option. 16. aug. 2014 19:48 skrev Bob Gustafson bob...@rcn.com følgende: I have a small Alix board

Re: [pfSense] Dual IP nets over one ethernet connector

Not doable in a sensible way. 16. aug. 2014 20:06 skrev Bob Gustafson bob...@rcn.com følgende: I'm interested in doing it all within the Alix using pfsense. A minimum hardware approach. Think of my WAN mentioned below as the LAN network created by the modem/router furnished by the ISP and

Re: [pfSense] Dual IP nets over one ethernet connector

You would have to do a major code rewrite to get this done. And it would be insecure and it would make no pf sense :-) this is network basics. You dont seem to understand some network fundamentals. Sorry but this is not doable without using vlans or 2 physical interfaces. 16. aug. 2014 20:06

Re: [pfSense] Dual IP nets over one ethernet connector

. Again, do not do it. 16. aug. 2014 22:13 skrev Adam Thompson athom...@athompso.net følgende: On 14-08-16 01:13 PM, Espen Johansen wrote: You would have to do a major code rewrite to get this done. And it would be insecure and it would make no pf sense :-) this is network basics. You dont seem

Re: [pfSense] Delete last Alias IP when CARP address in subnet

Export config. Edit. Then import. 18. aug. 2014 19:21 skrev Adam Williams a...@spreedly.com følgende: Hello. I am running 2.1-RELEASE (built on Wed Sep 11 18:16:44 EDT 2013), which I believe includes the fix for the bug documented here https://redmine.pfsense.org/issues/2406, according to

Re: [pfSense] Delete last Alias IP when CARP address in subnet

that simple, I can use `viconfig` to delete the `ipalias` element, then in FreeBSD, simply remove the IP address from the WAN interface. I just am not terribly sure of the lifecycle of the config file. On Mon, Aug 18, 2014 at 1:53 PM, Espen Johansen pfse...@gmail.com wrote: Export config. Edit

Re: [pfSense] Netgate APU2 SSD module question

I personally don't think you will have an issue with too many writes in a normal environment. Why squid tho? if its for filtering fine. For acceleration and 3-6 persons it will most likely not do you much good. Also check MLC vs SLC. SLC based SSD will last longer. Approximately 10 times longer.

Re: [pfSense] Netgate APU2 SSD module question

: Thank you Espen, Squid is for filtering purpose only, not to save bandwidth. On Netgate they have only this SSD as an option. But I’ll keep your advice in mind. Best regards, Sergii Cherkashyn Date: Mon, 25 Aug 2014 20:45:46 +0200 From: Espen Johansen pfse...@gmail.com

Re: [pfSense] Netgate APU2 SSD module question

: Espen Johansen pfse...@gmail.com To: pfSense support and discussion list@lists.pfsense.org Subject: Re: [pfSense] Netgate APU2 SSD module question Message-ID: caadq7-adzhlsv1p6rl7kwaaomaws1uqcet6fxa5ngdn8sl5...@mail.gmail.com Content-Type: text/plain; charset=utf-8

Re: [pfSense] Netgate APU2 SSD module question

bandwidth. On Netgate they have only this SSD as an option. But I’ll keep your advice in mind. Best regards*,* *Sergii Cherkashyn* Date: Mon, 25 Aug 2014 20:45:46 +0200 From: Espen Johansen pfse...@gmail.com To: pfSense support and discussion list@lists.pfsense.org Subject: Re: [pfSense] Netgate

Re: [pfSense] Netgate APU2 SSD module question

of the early fracas around SSDs.) I’m not going to depend on what someone said in the forum over 3 years ago, since it’s unlikely to apply today. Jim On Aug 27, 2014, at 1:32 PM, Espen Johansen pfse...@gmail.com wrote: For completeness sake. Just to clarify. You can get SDHC cards that are SLC

Re: [pfSense] understand the CARP advskew option

advbase: This optional parameter specifies how often, in seconds, to advertise that we're a member of the redundancy group. The default is 1 second. Acceptable values are from 1 to 255. advskew: This optional parameter specifies how much to skew the advbase when sending CARP advertisements. By

Re: [pfSense] Routing between LAN interfaces

This should work wothout any special magic. Can a pc on a vlan segment ping the gateway and reach internet? Also did you configure the ip on the vlan interface or the physical? What does a traceroute show if you trace to an unreachable part. Does arp register hosts on the vlan interface? -lsf 12.

Re: [pfSense] Adding Ethernetports

check dmesg and pciconf -lv. If its not seen at all then try different slots and try to verify that card/slot is working. -lsf On Fri, Sep 19, 2014 at 4:31 PM, Brian Caouette bri...@dlois.com wrote: I added a dual port nic to my pfsense box and it doesn't show the additional ports. The new

Re: [pfSense] Pftop confusion.

Run pftop in interactive mode (-i) then press capital K for who is peaking. Or capital B for byte amount sorting. Or try capital R for instant speed rate. See man page for all options in interactive mode. -lsf 24. sep. 2014 17:04 skrev Muhammad Yousuf Khan sir...@gmail.com følgende: Darkstat

Re: [pfSense] Https blocking

Sorry. That just means you are incompetent at your job. There is no way in h...l you can demand others to do your job. We are all here for free. Buy a pfSens support agreement and pay for it! People like you annoys me. -lsf 24. sep. 2014 19:22 skrev A Mohan Rao mohanra...@gmail.com følgende:

Re: [pfSense] Reports

You can install time based access control apps on most devices. Same goes for time based rules. I use this for the kids. 26. sep. 2014 21:23 skrev Brian Caouette bri...@dlois.com følgende: Is there a way to do a weekly report based on MAC address showing times used, total time and date for the

Re: [pfSense] States Issue with Asterisk behind pfSense

If this is to be implemented it should be a tick box on each interfance. Dropping all states if you want to move a cable/reroute it is not a good idea. This needs to be user controllable or only affect interface if is_interface_type=pppoe. Just my 2 cents. -lsf 28. sep. 2014 19:19 skrev Hannes

Re: [pfSense] Snort as IPS in Pfsense

You might want to use google insted og relying on others. Maybe try to do your own homework?

Re: [pfSense] Snort as IPS in Pfsense

Depends on what you want. A splitt design is normaly better and safer then a all in one box. If you want suricata +snorby and barnyard its not recommended to run it all on pfsense. There are many deps. that will cause a security nightmare and you will probably run out of hw resources as well. OK,

Re: [pfSense] Snort as IPS in Pfsense

with firewall rules enabled ??? Really thanks, Roberto 2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com: Depends on what you want. A splitt design is normaly better and safer then a all in one box. If you want suricata +snorby and barnyard its not recommended to run it all

Re: [pfSense] Snort as IPS in Pfsense

you recommend to setup the Pfsense WAN and LAN interfaces in bridge mode with firewall rules enabled ??? Really thanks, Roberto 2014-09-29 16:15 GMT-03:00 Espen Johansen pfse...@gmail.com: Depends on what you want. A splitt design is normaly better and safer then a all

Re: [pfSense] Adding Ethernetports

Bridge to LAN. 3. okt. 2014 18:05 skrev Brian Caouette bri...@dlois.com følgende: Just wanted to thank those of you who replied. Finally got the card noticed in pFsense. Had to use the add hardware feature on the VM. Now the problem is getting it to route traffic. I am able to ping the two

Re: [pfSense] Adding Ethernetports

of my issues does it solve? On 10/3/2014 12:08 PM, Espen Johansen wrote: Bridge to LAN. 3. okt. 2014 18:05 skrev Brian Caouette bri...@dlois.com følgende: Just wanted to thank those of you who replied. Finally got the card noticed in pFsense. Had to use the add hardware feature on the VM

Re: [pfSense] pfsense crash dump

Is this a RAID? Seen this on dells with PERC/megaraid controllers when they run the sceduled BBU test. 13. okt. 2014 18:44 skrev Mark Loza ml...@morphlabs.com følgende: Hi, pfsense is running fine for now. Is there any pfsense package that I can perform a live test on the drive? On 10/14/14

Re: [pfSense] pfsense crash dump

Mark Loza ml...@morphlabs.com følgende: Does this something have to do with faulty PERC controller? On 10/14/14 1:29 AM, Mark Loza wrote: Yes, a hardware raid and pfsense is physically running on a Dell PE R515 machine. On 10/14/14 12:49 AM, Espen Johansen wrote: Is this a RAID? Seen

Re: [pfSense] little problem with pfsense

Just a hunch. Did you by any chance drop udp port 137/138 traffic between client and dhcp server? As in, is this traffic allowed? Try tcpdump and check for requests from a problem machine. You might block something win7 has decided it needs. MS tends to have strange/unexpected needs ;) -lsf Hi

Re: [pfSense] little problem with pfsense

Tcpdump and you will know the answer to that. 24. nov. 2014 13:35 skrev Jean-Laurent Ivars jl.iv...@ipgenius.fr følgende: Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But

Re: [pfSense] little problem with pfsense

Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr Le 24 nov. 2014 à 13:56, Espen Johansen pfse...@gmail.com a écrit

Re: [pfSense] Gold hangout - what time?

Is should be... i also had to think twice about it. CMB, maybe you can note that for the future? 25. nov. 2014 17:16 skrev Adam Thompson athom...@athompso.net følgende: On 14-11-25 10:14 AM, Espen Johansen wrote: https://blog.pfsense.org 25. nov. 2014 17:11 skrev Adam Thompson athom

Re: [pfSense] Message could not be delivered

It's not from list. Sender is spoofed. -lsf 26. jan. 2015 10:28 skrev Geoff Jankowski geoff.jankow...@me.com: Am I the only person to receive this? It contains a .scr file which would not do anything to me but will to any gamers out there. I hope the lists address has not been compromised

Re: [pfSense] Visual seperators?

A seperator might make sense. But grouping and hiding rules is a bad idea based on my experience. A tree structure that is allways collapsed is annoying when you need overview of all rules. And defaulting to a expanded look will just act as a seperator. Imho interface tabs acts as grouping

Re: [pfSense] VIPs : CARP vs IP Alias

My bad. The IP can be in the same subnet as well as in a different subnet. As far as a true alias goes it is not implemented afaik. Try ifconfig in a shell and see if your aliases are listed as ips on the interface. If they where they would respond to ping and have a derived mac from the main

Re: [pfSense] VIPs : CARP vs IP Alias

the mac/arp timeout. And if so a reboot of pfsense and router/modem should clear that up quickly. If the modem is a true bridge then you might have to wait for the uplink router to update its arp table. I have had issues with that in the past. Brgds, Espen 9. mars 2015 12:24 skrev Espen Johansen pfse

Re: [pfSense] VIPs : CARP vs IP Alias

told you tho. If ifconfig shows multiple IPs it is a true alias. If not then they are something else. Brgds, Espen 9. mars 2015 12:51 skrev Brian Candler b.cand...@pobox.com: On 09/03/2015 11:24, Espen Johansen wrote: As far as a true alias goes it is not implemented afaik. Try ifconfig

Re: [pfSense] VIPs : CARP vs IP Alias

Actually you cant use proxy arp as it has a limit affecting you. Proxyarp IPs cant be in same subnet. Sorry. Carp is what you want/need. As for your issue with not reaching the firewall when WAN is down is probably something else. What you really want is a alias ip on the interface and pfsense

Re: [pfSense] VIPs : CARP vs IP Alias

9. mars 2015 11:52 skrev Brian Candler b.cand...@pobox.com: On 09/03/2015 10:47, Espen Johansen wrote: Actually you cant use proxy arp as it has a limit affecting you. Proxyarp IPs cant be in same subnet. Sorry. Are you sure? I have a pfsense box where it's working. For 2.2 I'm not sure

Re: [pfSense] Have you set up a system with no default route?

Are you going to load a full internet BGP routing table? Is that why you do not want a default? Remember that even if you have a default route any route that is more specific will take preference. I dont see the problem? And if you want to prevent any unknown IP destination being routed to your

Re: [pfSense] VIPs : CARP vs IP Alias

I beleive the key to this is proxy arp. Brgds, Espen 8. mars 2015 23:50 skrev Bryan D. pfse...@derman.com: While we're on the topic, I have a functioning v2.2 setup that uses a /29 set of static IPs: - 1 IP is the gateway address and 5 IPs are usable (quite common, I believe) - one of the

Re: [pfSense] PF 2.15 Release (AMD64) Gateway Monitoring with OSPF

to static route the path to the monitoring ip on your front routers so that each front router will allways send it out on the correct wan. Hth. Brgds, Espen 8. mars 2015 00:06 skrev Espen Johansen pfse...@gmail.com: Let ne see if i understand this correctly. You have 2 wans on your pfsense box. You

Re: [pfSense] msk or em Legacy?

Intel em is normally what I prefer. If its old or not does not matter that much. Just my 2 cents. 22. feb. 2015 00:17 skrev Joe Laffey j...@laffey.tv: Hi, Which would you favor the msk driver with some on board Marvel controllers (P6T Deluze) or the em driver with a Legacy 10.4 Intel card?

Re: [pfSense] best way to change WAN interface after migration

In the past I have edited a config backup and restored it. Maybe there are better ways, but find and replace in a editor does the trick :-) Brgds, Espen 11. apr. 2015 20:46 skrev Martin Fuchs mar...@fuchs-kiel.de: Hi ! Does anyone have any experience with changing WAN-interfaces ? We

Re: [pfSense] Using on Fiber

Any chance you have set something in the shaper that causes it? fre. 5. juni 2015, 17:43 skrev Ryan Coleman ryan.cole...@cwis.biz: On Jun 5, 2015, at 10:12 AM, Brennan H. McNenly bmcne...@singularisit.com wrote: And those of you with VMware experience… if I run the virtual firewall I

Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table

Don't double post please. Brgds, Espen 3. juni 2015 15:00 skrev Lukas Hubschmid lukas.hubsch...@pop.agri.ch: Hello everybody, Is there any documentation about: * the process how pfSense firewall handles packets (lookup in firewall rules, lookup in state table, add new state, ...) e.g.

Re: [pfSense] Documentation about Firewall Lookup Process, State Table, Firewall Rules Table

Pfsense is based on openbsds PF (PacketFilter) and runs freebsd as base OS. That should give you enough to google how it works. Also remeber that this is opensource and everything is freely available. The source code tells you everything there is to know ;-) Good luck :-) ons. 3. juni 2015,

Re: [pfSense] reverse proxy situation

Exclude varnish its primarily made for frontend LB proxy. søn. 31. mai 2015, 15:32 skrev Adam Thompson athom...@athompso.net: Oh, shoot, that's a good point - I probably do need SNI support for SSL. I may be able to get a wildcard cert, but that will be an issue one way or another. Varnish

Re: [pfSense] reverse proxy situation

Actually. Are you looking for reverse proxy or a user proxy. I'm confused after reading your mail a few times. Brgds, Espen 31. mai 2015 15:35 skrev Espen Johansen pfse...@gmail.com: Exclude varnish its primarily made for frontend LB proxy. søn. 31. mai 2015, 15:32 skrev Adam Thompson athom

Re: [pfSense] Block Torrentz

Focus on layer 7. Most torrent clients use dynamic ports. And disable upnp as that will defeat the ports blocking as well. -lsf tir. 18. aug. 2015, 21.21 skrev A Mohan Rao mohanra...@gmail.com: Hello pfSense experts, I find out torrents ports like 6881-6889 etc. And create firewall block

Re: [pfSense] Multi-Wan Setup, High Availability and Traffic Segmentation

VLANs ? VLAN is l2 not L3. I have no idea what you are trying to do with VLANs in the mix. Policy routing is easy and probably what you need. -lsf fre. 13. nov. 2015, 23.29 skrev David White : > I have a unique scenario: > > The higher ups require a multi-wan high

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

Bsed on your need I think you should convert to l2tp. https://doc.pfsense.org/index.php/L2TP/IPsec -lsf lør. 14. nov. 2015, 03.22 skrev Vick Khera : > On Thu, Nov 12, 2015 at 5:20 AM, Marco wrote: > > > > Setting up BIND 9 to manage a dynamic zone is not

Re: [pfSense] Hostname resolution of OpenVPN-connected clients

I think you have to set up a radius server and assign ip based on the user. That way they will be "static" and then add DNS entries to that static IP. My 2cents, -lsf ons. 11. nov. 2015, 15.47 skrev Marco : > Hello, > > we use pfSense since quite a while with success and are

Re: [pfSense] IPSec tunnel and routing on a CentOS 7 machine

er running: > systemctl stop firewalld; systemctl disable firewalld; systemctl enable > iptables; systemctl start iptables > > You can manage rules the old fashioned way by either editing > /etc/sysconfig/iptables or by running iptables directly and using > iptables-save > /etc/s

Re: [pfSense] Bug? Firewall disable no random connection drop, firewall enable random connection drop

Firewall disable = no state = asymmetric routing will not get return packets dropped. Are your servers multihomed? On Wed, Feb 10, 2016, 22:48 Romain Lapoux wrote: > I am not agree, because how do you explain that all works correctly when I > disable only the

Re: [pfSense] WLAN reboot loop

Do not bridge and do not use same subnet. If you want lan and wlan to talk add rules for the subnets to talk to each other. On Wed, Feb 24, 2016, 19:12 Sean Pohl wrote: > The problem is an endless boot-loop on my pfSense installation after I > made one > change to

Re: [pfSense] WLAN reboot loop

et it out of the endless > boot loop? Or will my path of least resistance be to simply do a fresh > install again? Many thanks. > On Feb 24, 2016 12:26, "Espen Johansen" <pfse...@gmail.com> wrote: > > > Do not bridge and do not use same subnet. If you want lan and w

Re: [pfSense] WLAN reboot loop

Reboots usually happen when irq is shared and/or memory. On Wed, Feb 24, 2016, 20:17 Espen Johansen <pfse...@gmail.com> wrote: > You might try to put the wlan card in another slot on the motherboard. > Also use bios to disable stuff like sound card, unused usb ports, Lpt, com

Re: [pfSense] WLAN reboot loop

You might try to put the wlan card in another slot on the motherboard. Also use bios to disable stuff like sound card, unused usb ports, Lpt, com ports etc. On Wed, Feb 24, 2016, 20:15 Espen Johansen <pfse...@gmail.com> wrote: > Remove the wlan card. Then remove config. It sounds like

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

t over 12Mpps on this hardware (about 80% of line-rate on a 10g interface). Neither pfSense or FreeBSD (nor Linux) will do 1/10th of this rate. Jim On Thursday, January 26, 2017, Espen Johansen <pfse...@gmail.com> wrote: > It should autotune by default based on memory iirc. > > On

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

Are you saying worst case is 80%? Its not normal to have all minimum size packets unless you are under ddos. Default ethernet is 1526 (1530 with vlan) with a MTU 1500 on a layer 1 frame. A layer 2 frame is 1518 (1522 with vlan). If you want to include all layer headers then 1542 including vlan is

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

It should autotune by default based on memory iirc. On Wed, Jan 25, 2017, 23:27 Peder Rovelstad wrote: > FWiW - My nano (4 NICs, 1GB, Community), PuTTY says: > > kern.ipc.nmbufs: 131925 > kern.ipc.nmbclusters: 20612 > > but nothing explicitly set on the tunables page,

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

gigabit/s if you are able yo push 1200 pps with that payload. Your statement of 80% is just confusing, that is all. On Fri, Jan 27, 2017, 04:02 Jim Thompson <j...@netgate.com> wrote: > On Thursday, January 26, 2017, Espen Johansen <pfse...@gmail.com> wrote: > > > Are you

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

should > have no problem pushing 10GE. A MTU of 600 should give you about 53 > gigabit/s if you are able yo push 1200 pps with that payload. Your > statement of 80% is just confusing, that is all. > > On Fri, Jan 27, 2017, 04:02 Jim Thompson <j...@netgate.com> wrote: > >&g

Re: [pfSense] Intel Atom C2758 (Rangeley/Avoton) install/boot failure with pfSense 2.3.2

Karl fife. Take a look at a config backup. I assume you at some point set them manually? On Wed, Jan 25, 2017, 21:42 Peder Rovelstad wrote: > There were changes in the defaults from FreeBSD 9 to 10. > > https://pleiades.ucsc.edu/hyades/FreeBSD_Network_Tuning > > Could

Re: [pfSense] Bridging to wireless interface issues (ping not working) on 2.3.2

Did you add a rule to allow ICMP on the wlan? -lsf On Thu, Sep 8, 2016, 15:58 Moshe Katz wrote: > Ray, > > Can you clarify which IP range is assigned where? > We can make an educated guess based on the information you provided, but > it's always better to have confirmation. >

Re: [pfSense] 3 hard locks this week... any ideas?

Compdoc: Your spinrite comments just show how dangerous some knowledge is without propper understanding. Spinrite does indeed force SSDs to "fix" themselves because it reads extensively (causes heat) and forces "half" working areas to be marked bad. Most SSDs has minor defects from day one. Just

Re: [pfSense] 2 networks Cards, but OPT1 not acess internet.

And you need to add a nat rule for the opt1 network as well. Either that or turn of nat on pfsense and add routes on your router to all networks behind your pfsense. -lsf On Fri, Sep 23, 2016, 21:48 Moshe Katz wrote: > You need to add a firewall rule on the OPT1 interface to

Re: [pfSense] pfSense 2.3.2-p1 RELEASE Now Available

They usually do. And with kernel updates you have to. On Mon, Oct 10, 2016, 19:20 Morten Christensen wrote: > You should consider to state clearly in such announcements, if the > upgrade includes a reboot of the box. > > > > Den 06-10-2016 21:29, skrev Jim Thompson: > > Details

Re: [pfSense] Lightning strike

Map interfaces based on mac and give them a name. Then adress the interfaces based on that name. When it comes to reorganization of interfaces the answer is; don't do it. Let the user remap interfaces manually only. If the user wants to drop their DMZ to get wan back online then it should be a

Re: [pfSense] massive CARP Failover

Are you sure you disabled IGMP completely? On Wed, Jun 7, 2017, 16:44 Mark Wiater wrote: > > > On 6/7/2017 10:10 AM, Daniel wrote: > > Hi, > > > > the Sync interface is connected directly without a Switch. > > But Carp is running WAN/LAB for example. > > Let's go back

Re: [pfSense] massive CARP Failover

7/Screenshot%202017-06-08%2011.19.07.png?dl=0 > > Yes i am sure ;) > > > -- > Grüsse > > Daniel > > Am 08.06.17, 01:12 schrieb "List im Auftrag von Espen Johansen" < > list-boun...@lists.pfsense.org im Auftrag von pfse...@gmail.com>: > > Are

Re: [pfSense] massive CARP Failover

I assume you did a pfsync (HA) interface on each firewall? If so did you connect this directly without going thru the switch? A direct connection is prefered for the sync interface. Also make sure that if you do direct connection then use a 6ft cable first to connect them. Some interfaces have