Re: [pfSense] APU and SSD: full install or NanoBSD
HA! well.. its been running non-stop for 2.5 yrs with zero issues so uhh.. 21,900 hours and counting so far. Not sure why you have such bad luck. I've not had a bad SSD yet. In my gaming PC i've got a couple Corsair 128GB SSD's in a software Raid 0 running good for 3 years now. Got a few various brands of them at work too with no issues yet. ;-) On Mon, Nov 3, 2014 at 6:58 PM, Jeppe Øland wrote: > On Mon, Nov 3, 2014 at 4:25 PM, Sean wrote: > > http://www.newegg.com/Product/Product.aspx?Item=N82E16820161493 <-- > notice > > the 4,000,000 MTBF > > > > Of course this stuff is all no longer for sale but my point here is I > went > > out of my way to get an mSATA chip designed for embedded systems with a > very > > high MTBF as I built this little sucker to last 7-10 years if possible. > > I hope they printed that MTBF on soft paper since then it will at > least be usable for wiping with. > > (In my case, the Kingston S100 8GB embedded/industrial SSD had a > measly MTBF of 1,000,000 which I apparently went through 3 times in 2 > years). > > Regards, > -Jeppe > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Disconnected
It's not as easy as plugins into the other lan as their behavior is opposite. If I plug in is says disconnected if I pull the cord it says connected. Very messed up. As for a low cost solution what would you recommend for hardware? What's my cheapest way out? I currently use squid and pf block which I understand doesn't play well with sd/cf media. Isn't the intent to limit writes on flash media? I don't need wireless as we have a carrier grade ap on the roof the covers the whole neighborhood. Kids love having access to the lan down the road at their friends. I suppose I could convert the 2850 to freenas and plex if I can build a dedicated box that's not too pricey. Sent from my iPad > On Nov 3, 2014, at 5:47 PM, Sean wrote: > > You could also just switch the NICs from the console to make the former > outside interface the inside interface and so on. Then you'd be able to > access the web GUI. Or in VMWare change the Virtual LANs that the NICs are > attached to. Or set a static and manually connect your client PC to the > (formerly LAN, currently WAN) side and access the GUI. There's many ways it > seems to resolve this but I don't think anyone here could tell you why VMWare > suddenly decided to alter the virtual NIC assignments or if they were not > altered in VMWare then why/how they got detected in the wrong order causing > pfSense to get confused. If your wanting to fix it there are plenty of > possible ways a few of the more obvious of which are stated above. If you're > wanting to explain the cause of it then searching vmware KB articles might be > more productive than asking here. Given the low cost of putting together a > simple fanless flash-based low power appliance (I use a "set-top" type PC) to > run pfSense the whole virtual thing doesn't make much sense to begin with > unless it's just VM's themselves that you are trying to firewall. > >> On Mon, Nov 3, 2014 at 11:35 AM, Jim Thompson wrote: >> >> > On Nov 3, 2014, at 7:25 AM, Brian Caouette wrote: >> > >> > Out of the blue this weekend pfsense went down. After further >> > investigation i've found that in VMWare 4.1 the status of the nics are >> > inverted. The ones that should be connected are disconnected. The ones >> > there had nothing plugged in show connected. If I unplugged the cable is >> > goes to connected and vise verse. I powered down the server a Dell 2850 >> > and powered it back up. No change. I used the ESXI cd and did a repair. No >> > change. I can't even get to the management software because the nics >> > status is reversed and for whatever od reason pfsense never auto starts. >> > Can anyone point me in the right direction to get this resolved? >> >> You could update. Your hardware is quite old. Your software is likely >> quite old. >> >> First, this isn’t Dell or VMware customer support. >> >> You don’t state the version of pfSense that you’re running. >> >> VMware 4.1 was first released in July of 2010. 4.1 update 3 was releases in >> August 2012. There is an update to 4.1.3 in April of this year. >> >> The PowerEdge 2850 was released in 2005, and given that the follow-on 2950 >> was first released in 2006, your 2850 dates from nearly a decade ago. >> >> It’s likely that the savings on your power bill could pay for a modern, >> low-wattage server. >> >> >> ___ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] APU and SSD: full install or NanoBSD
On Mon, Nov 3, 2014 at 4:25 PM, Sean wrote: > http://www.newegg.com/Product/Product.aspx?Item=N82E16820161493 <-- notice > the 4,000,000 MTBF > > Of course this stuff is all no longer for sale but my point here is I went > out of my way to get an mSATA chip designed for embedded systems with a very > high MTBF as I built this little sucker to last 7-10 years if possible. I hope they printed that MTBF on soft paper since then it will at least be usable for wiping with. (In my case, the Kingston S100 8GB embedded/industrial SSD had a measly MTBF of 1,000,000 which I apparently went through 3 times in 2 years). Regards, -Jeppe ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] APU and SSD: full install or NanoBSD
Ok. Admittedly I'm too lazy to read all of that but to throw in my 2 cents this is what i built my pfSense on back in summer of 2012 and I have no regrets. Total cost was just under $200 like 2 and a half years ago. It has no moving parts, low wattage, and I've not had a single issue. Very little duct tape involved. Actually just some twist ties because the screw holes for the tiny mSATA card didnt line up with the holes on the adapter. ;-) http://www.newegg.com/Product/Product.aspx?Item=N82E16856205006 http://www.newegg.com/Product/Product.aspx?Item=N82E16812186184 http://www.newegg.com/Product/Product.aspx?Item=N82E16820161493 <-- notice the 4,000,000 MTBF http://www.newegg.com/Product/Product.aspx?Item=N82E16820148195 http://www.newegg.com/Product/Product.aspx?Item=N82E16812400022 <-- not really necessary but I didn't know at the time if i'd end up doing an embedded install which would redirect console to the serial port or a regular install using the VGA. Of course this stuff is all no longer for sale but my point here is I went out of my way to get an mSATA chip designed for embedded systems with a very high MTBF as I built this little sucker to last 7-10 years if possible. 4GB is just big enough to do a full install and that's what I did. I did have an issue with the frame buffer (graphics) driver used during the install but this was remedied by pressing F-something (forgot the key but it tells you during install) repeatedly during the text install screens to force refresh the text. It was a very small price to pay since I haven't had to do it since. Recent versions of pfSense might even not have that issue. Also, I stole a tiny detachable PC speaker from an ancient desktop and connected to the mobo so I could hear the beeps on boot and shutdown. I absolutely love that speaker beep pfSense makes when it finishes booting. ;-) On Fri, Oct 31, 2014 at 1:31 PM, Jim Thompson wrote: > > > On Oct 30, 2014, at 3:06 PM, Jeppe Øland wrote: > > > > On Thu, Oct 30, 2014 at 8:33 AM, Jim Thompson > wrote: > >>> On the other hand, I tend to distrust manufacturers that shipped > >>> completely unreliable drives without any thought. > >>> Kingston/OCZ/Crucial are all in this boat for me. > >> > >> I’m sure I’ve been burned at least as badly by these, and others, and I > >> still buy from them. > > > > What can you do? The speed increase from SSDs in a PC means its almost > > impossible to go back to an HDD. > > And in a firewall/appliance, the benefits from no moving parts/lower > > power/heat/noise is hard to ignore. > > > >>> As for Nano, I thought it mounted almost everything as RO and only > >>> changed settings to write down settings changes, and RRD databases etc > >>> on reboots? > >> > >> I think I’ve already responded to this. > >> > >> nano is a > 10 year old “solution” to the problems that existed at the > time. > >> http://markmail.org/message/rxe4xfpmdwva7q3e > >> > >> That doesn’t mean it’s a bad solution, but though it’s author is a > brilliant > >> individual, he obviously didn’t envision SSD in 2004. > > > > Are you saying the "nano" release only covers the boot-slices? > > See how the there are three partitions in the below? Observe the sizes > (“922257 sectors”) of the first two. > > $ file pfSense-2.1.5-RELEASE-1g-amd64-nanobsd-20140825-0744.img > pfSense-2.1.5-RELEASE-1g-amd64-nanobsd-20140825-0744.img: x86 boot sector; > partition 1: ID=0xa5, active, starthead 1, startsector 63, 922257 sectors; > partition 2: ID=0xa5, starthead 1, startsector 922383, 922257 sectors; > partition 3: ID=0xa5, starthead 0, startsector 1844640, 102816 sectors, > code offset 0x31 > > > I thought the nano/embedded versions also write less to the disk. > > I don't have a full install handy to check, but the nano install > > definitely mounts the drive RO, and all runtime stuff (/var, /tmp) is > > run out of RAM disks. > > Yes, and I am aware of the differences with the “nano” builds. > > CF devices don’t have the same type of sophisticated wear-leveling and > virtual block remapping that modern SSDs and eMMC devices have. > > Yes, I am saying that compression (which on a modern 64-bit Intel / AMD > CPU is way faster than disk I/O (yes, even to a SSD)) and making those > sectors available to the drive has > potentially far greater impact than the crippled nature of the > “nano/embedded” version. > > We’re not changing this for pfSense software version 2.2, but you can bet > $CURRENCY to $SNACK_FOOD that it’s being evaluated and tested for something > subsequent. > > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Install CD - I don't know where to go with this
CDBurnerXP (just google it) is decent free CD burning software for Windows. If you're properly burning the ISO as an image and not just dragging and dropping an ISO file onto a data disc and burning it then I don't think it matters what software you use. Windows 7 even includes an extremely simple ISO image burner app. Don't open the ISO and alter it in anyway, that should be entirely unnecessary and if anything will break it. Also of course when the machine boots you're going to need to either manually choose the boot device or make sure the CDROM is higher in the boot priority than the local hard drive or RAID card in the system BIOS. Given the age of that machine (Current gen is G9 for the DL380), odds are not horrible that the CDROM is fried too or at least so dirty/dusty that it doesn't read anything right. External USB CDROM drive or a can of air will get you running in that case. Again, you'd still need to configure the boot priority in the BIOS. On Fri, Oct 31, 2014 at 6:44 PM, Mark Hisel wrote: > Exactly correct. The HP hardware can only use CD-R, not DVD-R > I also found some Dell documentation saying to use DVD-R for better > compatibility. > The truth may not set you free, but it is the way out. > > > -- > *From:* Walter Parker > *To:* pfSense Support and Discussion Mailing List > > *Sent:* Friday, October 31, 2014 8:56 AM > *Subject:* Re: [pfSense] Install CD - I don't know where to go with this > > I use imgburn to burn all of my pfSense CDs (and Windows, Linux and > FreeBSD DVDs). I second the recommendation. If you have picked the correct > image, it should boot unless there is something strange with the HP > hardware. The fact that a Windows disk boots doesn't prove that hardware > isn't "strange" or have some sort of other issue. I'd double check that > everything is correct. > > > Walter > > On Thu, Oct 30, 2014 at 4:19 PM, Harlan Stenn wrote: > > I use imgburn to put a .iso on a CD. > > I use imgburn to burn all of my windows optical media. > > H > > On 10/30/14 4:01 PM, Mark Hisel wrote: > > > > I'm trying to make an install CD but no joy. Upfront, this is not a > > pfSense issue but maybe someone can help. Thanks to those who have > > already responded. > > > > I used WinISO, which lets me fiddle with the boot record, so I burned a > > CD and then made an ISO from it and the ISO has a boot record. > > > > But it won't boot. I went through the same exercise with Oracle Linux > > and got the same results. The same machine boots up a Windows OS just > > fine. I'm trying to boot onto a DL380 G3 > > > > > > ___ > > List mailing list > > List@lists.pfsense.org > > https://lists.pfsense.org/mailman/listinfo/list > > > > > > > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > > > > > -- > The greatest dangers to liberty lurk in insidious encroachment by men of > zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > > > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Disconnected
You could also just switch the NICs from the console to make the former outside interface the inside interface and so on. Then you'd be able to access the web GUI. Or in VMWare change the Virtual LANs that the NICs are attached to. Or set a static and manually connect your client PC to the (formerly LAN, currently WAN) side and access the GUI. There's many ways it seems to resolve this but I don't think anyone here could tell you why VMWare suddenly decided to alter the virtual NIC assignments or if they were not altered in VMWare then why/how they got detected in the wrong order causing pfSense to get confused. If your wanting to fix it there are plenty of possible ways a few of the more obvious of which are stated above. If you're wanting to explain the cause of it then searching vmware KB articles might be more productive than asking here. Given the low cost of putting together a simple fanless flash-based low power appliance (I use a "set-top" type PC) to run pfSense the whole virtual thing doesn't make much sense to begin with unless it's just VM's themselves that you are trying to firewall. On Mon, Nov 3, 2014 at 11:35 AM, Jim Thompson wrote: > > > On Nov 3, 2014, at 7:25 AM, Brian Caouette wrote: > > > > Out of the blue this weekend pfsense went down. After further > investigation i've found that in VMWare 4.1 the status of the nics are > inverted. The ones that should be connected are disconnected. The ones > there had nothing plugged in show connected. If I unplugged the cable is > goes to connected and vise verse. I powered down the server a Dell 2850 and > powered it back up. No change. I used the ESXI cd and did a repair. No > change. I can't even get to the management software because the nics status > is reversed and for whatever od reason pfsense never auto starts. Can > anyone point me in the right direction to get this resolved? > > You could update. Your hardware is quite old. Your software is likely > quite old. > > First, this isn’t Dell or VMware customer support. > > You don’t state the version of pfSense that you’re running. > > VMware 4.1 was first released in July of 2010. 4.1 update 3 was releases > in August 2012. There is an update to 4.1.3 in April of this year. > > The PowerEdge 2850 was released in 2005, and given that the follow-on 2950 > was first released in 2006, your 2850 dates from nearly a decade ago. > > It’s likely that the savings on your power bill could pay for a modern, > low-wattage server. > > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Disconnected
> On Nov 3, 2014, at 7:25 AM, Brian Caouette wrote: > > Out of the blue this weekend pfsense went down. After further investigation > i've found that in VMWare 4.1 the status of the nics are inverted. The ones > that should be connected are disconnected. The ones there had nothing plugged > in show connected. If I unplugged the cable is goes to connected and vise > verse. I powered down the server a Dell 2850 and powered it back up. No > change. I used the ESXI cd and did a repair. No change. I can't even get to > the management software because the nics status is reversed and for whatever > od reason pfsense never auto starts. Can anyone point me in the right > direction to get this resolved? You could update. Your hardware is quite old. Your software is likely quite old. First, this isn’t Dell or VMware customer support. You don’t state the version of pfSense that you’re running. VMware 4.1 was first released in July of 2010. 4.1 update 3 was releases in August 2012. There is an update to 4.1.3 in April of this year. The PowerEdge 2850 was released in 2005, and given that the follow-on 2950 was first released in 2006, your 2850 dates from nearly a decade ago. It’s likely that the savings on your power bill could pay for a modern, low-wattage server. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Disconnected
Out of the blue this weekend pfsense went down. After further investigation i've found that in VMWare 4.1 the status of the nics are inverted. The ones that should be connected are disconnected. The ones there had nothing plugged in show connected. If I unplugged the cable is goes to connected and vise verse. I powered down the server a Dell 2850 and powered it back up. No change. I used the ESXI cd and did a repair. No change. I can't even get to the management software because the nics status is reversed and for whatever od reason pfsense never auto starts. Can anyone point me in the right direction to get this resolved? ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] E-Mail notification only using Auth-Mechanism "PLAIN"
Hi all,
while researching the issue that pfSense won't send using our Exchange
2010 Server I found the underlying cause for it.
pfSense (our version is 2.1.5-RELEASE, but I guess other versions are
also affected) seems to support several Authentication mechanisms for
SMTP (at least that's what I gathered from the various files), but it
ALWAYS uses "PLAIN".
If the E-Mail-Server does not support "PLAIN", E-Mail-Notifications will
fail - typically with "Authentication mechanism not supported".
Now - guess what ... Exchange does support plaintext-logins when
configured correctly, but only using the method "LOGIN" ...
The culprit is in File /etc/inc/notices.inc , Line 324:
// Use SMTP Auth if fields are filled out
if($config['notifications']['smtp']['username'] &&
$config['notifications']['smtp']['password']) {
*$smtp->authentication_mechanism = "PLAIN";*
$smtp->user = $config['notifications']['smtp']['username'];
$smtp->password = $config['notifications']['smtp']['password'];
if I change this line to
$smtp->authentication_mechanism = "LOGIN"; *
*I can send e-mail-notifications via our Exchange-Server. But I guess
this will break Notifications for other mailservers.
IMHO there are two ways to fix this behaviour (sadly both beyond my
pfSense/php-Knowledge):
1) get the list of supported auth-mechanisms from the server (after
doing TLS if necessary - some servers offer plaintext-login only after a
secue session was established) and "match" with local supported
mechanisms (perhaps the smtp-class allows this already)?
2) allow the admin to select the auth-mechanism from a list of
mechanisms supported by pfsense
Hope that helps, Kind regards,
W. Voos
*
*
smime.p7s
Description: S/MIME Cryptographic Signature
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] thermo sensors from motherboard
Hi, you can set thermal sensors under "System > Advanced > Miscellaneous : Thermal Sensors section". For me there is only cpu-temp available there. For notification/mail look at "System > Advanced > Notifications: SMTP E-Mail". I do not use temp-error-notification via email. You have to allow access(rule in firewall) to the smtp-server... Look at your system-logs for errors; like "unalbe to connect to mail-server" and so... I have to widget for cpu-temp on the dashboard. If you want to monitor your pfsense system take a look at nagios/icinga/etc (Network Monitoring Tools) - I use icinga with nrpe, but want to change to check_mk (nrpe and check_mk are monitoring agents available for pfsense). Getting back to your question; I found a script last week to monitor cpu-temp on freebsd/pfsense - works for me: http://exchange.nagios.org/directory/Plugins/Hardware/Environmental/check_cputemp_freebsd/details > [2.1.5-RELEASE][admin@bamm]/usr/pbi/nrpe-amd64/libexec/nagios(25): python2 > check_cputemp_freebsd.py -C 0 -w 55 -c 75 > OK: Temperature: 53 C|Temperature=53;55;75;50;80 > [2.1.5-RELEASE][admin@bamm]/usr/pbi/nrpe-amd64/libexec/nagios(26): python2 > check_cputemp_freebsd.py -C 1 -w 55 -c 75 > OK: Temperature: 52 C|Temperature=52;55;75;50;80 > [2.1.5-RELEASE][admin@bamm]/usr/pbi/nrpe-amd64/libexec/nagios(27): Greets > Gesendet: Freitag, 31. Oktober 2014 um 14:33 Uhr > Von: "Martin crysman Zahradník" > An: list@lists.pfsense.org > Betreff: [pfSense] thermo sensors from motherboard > > Hello, please, I am a newbie to pfsense, I just want to ask if the termo > sensors available to system (on motherboard etc.) are available in the > pfsense user frontend? Is pfsense able to send mails (with the > temperature > included)? > > Thanks a lot > McZ > > -- > > Martin crysman Zahradník > www: crysmanovo.blogspot.com[http://crysmanovo.blogspot.com] > e-mail: crys...@seznam.cz[crys...@seznam.cz] > jabber: crys...@jabber.org[crys...@jabber.org] > Google talk/hangout: crysman...@gmail.com[crysman...@gmail.com] > facebook: no way! > Skype: no way! using Ekiga - SIP:crys...@ekiga.net[SIP:crys...@ekiga.net] > running GNU/Linux Xubuntu___ List > mailing list List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list[https://lists.pfsense.org/mailman/listinfo/list] ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
