Re: [pfSense] squidGuard Stopped
What do the logs say? On Jan 27, 2015 10:16 PM, A Mohan Rao mohanra...@gmail.com wrote: Hello, After i upgrade pfsense from 2.1.5 to 2.2-i386 squidGuard service is stopped i already uninstall then install with 5 times still its not started please give any idea. Also i m not get package squid3-dev on 2.2 Thanks mohan ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] polling pfsense status for a combined dashboard
Forget a dashboard for the moment. A decent API would go a long ways for writing automation tools. I've already recommended to the opnsense guys that they add on an API. If I only knew a bit more about packaging, I'd make my own fork with the tools. ;) -A On Tue, Jan 27, 2015 at 11:15 AM, Moshe Katz mo...@ymkatz.net wrote: On Tue, Jan 27, 2015 at 12:29 PM, Adam Thompson athom...@athompso.net wrote: On 2015-01-27 11:22 AM, Wolf Noble wrote: Hi Adam, Thanks for the response. Yeah, I know about SNMP. it's a route I might go, but wanted to see what else was available. Strangely enough, I did actually look on the docs site before posting. but I didn't find the page you referenced. That's why I posted here. Would you mind terribly posting a link to the page you mention? When I searched the docs site, I looked for 'api', then 'curl', and then 'header'; but didn't find any relevant results. The closest I found was https://doc.pfsense.org/index.php/Limiting_access_to_web_interface ; but that's not really relevant. My apologies, I can't find it now, either. WTF... I *know* that page used to exist. Looks like jimp is doing most of the wiki updates, perhaps he'll remember what happened to it. The only thing I can find that covers is it this: https://doc.pfsense.org/index.php/Remote_Config_Backup -- -Adam Thompson athom...@athompso.net As Adam said, I'm pretty sure that there used to be something in the Wiki. However, I'm also pretty sure that it was targeted at pfSense 1.x and that it was removed from there because something in the 2.x changes broke it. Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] secure management access on transparent bridge firewall
I think what he means is to set up an isolated management VLAN, then you VPN into your pfSense box and get access to the management VLAN. -A On Mon, Dec 8, 2014 at 11:10 AM, Richard Lussier richard.luss...@inter-node.com wrote: Hi Chris, Do you mean to redirect the vpn to the management vlan ? Thank you Richard On 2014-12-08 13:12, Chris L wrote: Management VLAN. On Dec 8, 2014, at 9:08 AM, Richard Lussier richard.luss...@inter-node.com wrote: Hi, We are providing Internet access to coop housing (50 units) We have a transit access to the exchange via Fiber and a /26 public IPV4 addresses. I purchased a Netgate C2758 router to be able to do limiter and traffic shaping at rush hour. I did set-up a transparent bridge and everything works fine so far. This feeds two Cisco SF300 Switches, and each unit has a tp-link wdr3600 wireless router with static address. I need to secure the management interface to the pfSense and to the switches. I could make a rule to let access only to a fixed IP source, but I travel a lot and need flexibility. The best for me would be on openvpn. Is this possible without a lan ? , or ? Thank you, Richard ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list -- Richard Lussier inter-node.com réseaux numériques évolutifs cuivre – sans-fil – fibre optique t. 514.316.1623 c. 514.574.5111 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense crash dump
To me, it looks like a disk issue: mfi0: 35354 (465709273s/0x0002/info) - Patrol Read corrected medium error on PD 02(e0x20/s2) at 1692f3e4 mfi0: 35355 (465709275s/0x0002/info) - Unexpected sense: PD 02(e0x20/s2) Path 539358c92146, CDB: 2f 00 16 92 f3 e5 00 10 00 00, Sense: 1/00/00 You might want to download something like The Ultimate Boot CD and use the manufacturers test tools on your drive. -A On Sun, Oct 12, 2014 at 11:43 PM, Mark Loza ml...@morphlabs.com wrote: Hi, Can anyone happen to know what's of this crash dump in pfsense http://sprunge.us/CGDH ? Actually, this already happened twice, the first crash happened approximately 30 days ago and second occurred yesterday. I suspect this might be a disk issue. Thanks in advance to those who would me determine the real cause. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfSense Routing - VPN's
I have the same issue. We manage firewalls for a growing business, and currently everything links to their 'corp' office. But their corp office connection is overloaded with all the traffic going between offices. When I ran plain Linux boxes with Shorewall installed, I wrote a tool called 'openmesher' that would automatically generate all the link combinations and create DEB packages to install the SITE-to-SITE.conf file in /etc/openvpn/ along with shared keys. Then my boss decided he wanted a GUI to manage the firewalls, so we switched to pfSense. Unfortunately there is no API or easy way to automate the configuration (XML, ugh!) ...but I'm working on modifying openmesher to generate the XML snippet for OpenVPN configs. You still have to copy/paste in to your config file, but it'll still save a bunch of clinking. I love pfSense, but I *hate* XML and the lack of an API. The power of *nix comes from the tools to rapidly edit simple text files and interop through simple APIs. *wonders about funding the next pfSense hackathon with an eye towards an API* -A On Thu, May 15, 2014 at 11:55 PM, Karl Fife karlf...@gmail.com wrote: This is exactly what we do. We make the hub the OpenVPN server, and the spokes the clients because the hub IP is static, and we can manage all of the OpenVPN listeners on one instance. If your whole network is a /16, and each spoke is a /24, all you need is a route directive on each of the spokes for the entire /16. In OpenVPN Advanced route 192.168.0.0 255.255.0.0; You don't need any routing directives on the 'hub' because the addition of each connection will take care of that. With respect to rules: We find it best to make the first rule on the hub's OpenVPN interface this: Any source/port NOT destined for THIS hub subnet is allowed to pass. That way each branch can manage their ingress policy privately because the hub will just route anything not destined for its subnet. We also find it best to set up DNS forwarders to the spoke networks, i.e. Hub: mybranch.mycompany.com dns dips are at 192.168.11.1. Spokes can dip the hub if so configured which can in turn dip OTHER spokes if so configured. Inverse lookups work too. For example, add a dns forwarder of 10.168.192.in-addr.arpa to allow inverse lookups in the spoke in the subnet 192.168.10.0/24 It's been rock-solid for many years now! Good luck. On 5/16/2014 1:16 AM, A Mohan Rao wrote: its very simple...! first u have to configure a main vpn site to site vpn server at your main branch then u can easily configure a b c etc. with share key and tunnel network. On Fri, May 16, 2014 at 2:53 AM, Alex Threlfall a...@cyberprog.netwrote: Hi All, I currently have a number of sites which have VPN’s between them, with each site having a VPN to one another. This is becoming harder to manage, we currently have 5 sites, (6 if you include my home) and it would make sense to me to adopt more of a star architecture with a central site. However, I can’t work out how to configure this! Each site has it’s own /24 of private address, and I have a central branch. How can I configure things so that the if branch B needs to get to branch C, it knows that it must go via branch A? Branch A has the best connectivity – bonded FTTC’s, so would make sense as well as it being our “hub” branch for the stock control system also. Any advice would be appreciated! -- Alex Threlfall Cyberprog New Media www.cyberprog.net ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing listList@lists.pfsense.orghttps://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Annoying Comcast Issue When Changing Hardware
Interesting. Thanks Chris. -A On Tue, May 13, 2014 at 6:19 AM, Chris Buechler c...@pfsense.com wrote: On Sat, May 10, 2014 at 9:58 PM, Aaron C. de Bruyn aa...@heyaaron.com wrote: Slightly OT, but why would they have ARP cache timeouts of four hours? What benefit do you get with such high cache times as opposed to the obvious support calls you will get when equipment is swapped around? That's Cisco's default and others aren't too far from that generally. I believe that's something that hasn't changed since originally implemented decades ago. Originally, it was likely because networks were slow and not switched, so you didn't want to chew up a lot of bandwidth just handling ARP. As with many cases along those lines, it got entrenched and once a vendor sets a specific default, they tend to not want to change it. That's largely educated guessing, as I'm not completely sure the reasoning, just that it's been like that more or less forever. Yes, with modern networks, in a lot of cases it's really not sensible to hang onto your ARP cache for hours. A number of cable modems are worse than 4 hours. I can think of a handful of times over the last 7 years or so, with the most recent being a couple months ago, where a support customer got in touch with us after trying to move some IPs and messing with it for multiple days and couldn't make it work. Packet capture on WAN for the affected IPs, check the destination MAC, see something other than the firewall. Ask What's this X MAC? The old box we unplugged last week. Power cycle cable modem, all is well. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Annoying Comcast Issue When Changing Hardware
It happens occasionally with their older SMC modems, but it seems to happen frequently with the Netgear modems. If you don't reboot the modem, it usually picks up on the changes within 5-15 minutes. Sometimes longer. -A On Fri, May 9, 2014 at 8:30 PM, Ryan Coleman ryanjc...@me.com wrote: I’m not running CARP but I am doing many things like yours on my Comcast Business account… I’ve never had that happen - and I think my modem only reboots when I lose power (it’s on the UPS but not on battery - by design). Which modem did they install? I suspect it’s a firmware “feature” of that modem. On May 9, 2014, at 21:56, Aaron C. de Bruyn aa...@heyaaron.com wrote: Spent about an hour beating my head against the wall with this issue, hopefully this will save others some time. We had a stand-alone pfSense router. We just purchased two machines from ixsystems and were preparing them to be a failover pair of pfSense routers and then decommission the smaller older box. While we were installing the new servers, the HDD in the old firewall died. We figured we would just get the two new boxes up. Plugged them into the Comcast modem and configured everything. Comcast assigned us a /28 a while back and we were using a handful of IPs to access various internal services over HTTPS. The /28 looked roughly like: .1 - router1 .2 - router2 .3 - exchange (CARP) .4 - remote (CARP) .5 - VPN (CARP) .6 - spamfilter (physical machine) ...etc After everything was configured, I had someone test remotely that they could access the interface for router1 and router2 remotely. I then went home to finish up a few config details remotely. When I got home, I found I could access router1 and router2 as well as the physical spam filter, but I couldn't access any of the HTTPS services on the CARP IPs. I checked my NAT rules about 100 times, looked through firewall logs, and found nothing. Finally I connected in to the spam filter (linux box) and ran 'openssl s_client -connect exchange.example.tld:4433' and noticed it worked perfectly from a machine on the same WAN segment. ...but not remotely. I called Comcast and had them remotely reboot the modem. Everything immediately came up and started working perfectly. Hopefully this will save someone time. Reboot the brain-damaged Netgear CPE after swapping hardware around. -A ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Annoying Comcast Issue When Changing Hardware
Yeah--I figured it was related to the MAC address. It'd be nice to know why the Comcast equipment does that--I've never run in to it with other providers. -A On Fri, May 9, 2014 at 9:01 PM, compdoc comp...@hotrodpc.com wrote: I called Comcast and had them remotely reboot the modem. Whenever I connect a different network card to my home Comcast modem, I have to power cycle the modem for it come up. I think it keys off the MAC address of the old card, and won't accept the new one until then. I get a new IP address each time I test firewall builds. Not exactly the same situation, but something like. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Annoying Comcast Issue When Changing Hardware
Yeah--I had gone over all the 'usual' stuff. DHCP disabled, firewall settings disabled, Smart Packet Detection disabled. -A On Sat, May 10, 2014 at 4:28 AM, Ryan Coleman ryanjc...@me.com wrote: You may want to make sure the DHCP server is disabled on the modem completely. I’ve noticed that caused issues in the past for me. The default user/pass is cusadmin/highspeed on those modems. On May 10, 2014, at 2:19, Aaron C. de Bruyn aa...@heyaaron.com wrote: Yeah--I figured it was related to the MAC address. It'd be nice to know why the Comcast equipment does that--I've never run in to it with other providers. -A On Fri, May 9, 2014 at 9:01 PM, compdoc comp...@hotrodpc.com wrote: I called Comcast and had them remotely reboot the modem. Whenever I connect a different network card to my home Comcast modem, I have to power cycle the modem for it come up. I think it keys off the MAC address of the old card, and won't accept the new one until then. I get a new IP address each time I test firewall builds. Not exactly the same situation, but something like. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Annoying Comcast Issue When Changing Hardware
Good to know. Slightly OT, but why would they have ARP cache timeouts of four hours? What benefit do you get with such high cache times as opposed to the obvious support calls you will get when equipment is swapped around? -A On Sat, May 10, 2014 at 7:55 PM, Moshe Katz mo...@ymkatz.net wrote: On Fri, May 9, 2014 at 10:56 PM, Aaron C. de Bruyn aa...@heyaaron.comwrote: Spent about an hour beating my head against the wall with this issue, hopefully this will save others some time. We had a stand-alone pfSense router. We just purchased two machines from ixsystems and were preparing them to be a failover pair of pfSense routers and then decommission the smaller older box. While we were installing the new servers, the HDD in the old firewall died. We figured we would just get the two new boxes up. Plugged them into the Comcast modem and configured everything. Comcast assigned us a /28 a while back and we were using a handful of IPs to access various internal services over HTTPS. The /28 looked roughly like: .1 - router1 .2 - router2 .3 - exchange (CARP) .4 - remote (CARP) .5 - VPN (CARP) .6 - spamfilter (physical machine) ...etc After everything was configured, I had someone test remotely that they could access the interface for router1 and router2 remotely. I then went home to finish up a few config details remotely. When I got home, I found I could access router1 and router2 as well as the physical spam filter, but I couldn't access any of the HTTPS services on the CARP IPs. I checked my NAT rules about 100 times, looked through firewall logs, and found nothing. Finally I connected in to the spam filter (linux box) and ran 'openssl s_client -connect exchange.example.tld:4433' and noticed it worked perfectly from a machine on the same WAN segment. ...but not remotely. I called Comcast and had them remotely reboot the modem. Everything immediately came up and started working perfectly. Hopefully this will save someone time. Reboot the brain-damaged Netgear CPE after swapping hardware around. -A Hi Aaron, Most cable modems I have worked with in the US (on Comcast, Optimum, and RCN) all do ARP caching, so you need to reboot them when you change the connected device (or you need to clone the old device's MAC address). Actually though, working with DSL is worse. Verizon DSL does ARP caching in the Central Office for up to four hours. I have found that replacing equipment hooked up to Verison DSL, it is best to already be on the phone with Verizon support to have them manually clear the cache. At least rebooting the cable modem is something you can do yourself. Moshe -- Moshe Katz -- mo...@ymkatz.net -- +1(301)867-3732 ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Annoying Comcast Issue When Changing Hardware
Spent about an hour beating my head against the wall with this issue, hopefully this will save others some time. We had a stand-alone pfSense router. We just purchased two machines from ixsystems and were preparing them to be a failover pair of pfSense routers and then decommission the smaller older box. While we were installing the new servers, the HDD in the old firewall died. We figured we would just get the two new boxes up. Plugged them into the Comcast modem and configured everything. Comcast assigned us a /28 a while back and we were using a handful of IPs to access various internal services over HTTPS. The /28 looked roughly like: .1 - router1 .2 - router2 .3 - exchange (CARP) .4 - remote (CARP) .5 - VPN (CARP) .6 - spamfilter (physical machine) ...etc After everything was configured, I had someone test remotely that they could access the interface for router1 and router2 remotely. I then went home to finish up a few config details remotely. When I got home, I found I could access router1 and router2 as well as the physical spam filter, but I couldn't access any of the HTTPS services on the CARP IPs. I checked my NAT rules about 100 times, looked through firewall logs, and found nothing. Finally I connected in to the spam filter (linux box) and ran 'openssl s_client -connect exchange.example.tld:4433' and noticed it worked perfectly from a machine on the same WAN segment. ...but not remotely. I called Comcast and had them remotely reboot the modem. Everything immediately came up and started working perfectly. Hopefully this will save someone time. Reboot the brain-damaged Netgear CPE after swapping hardware around. -A ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Packet loss with pfsense but not with linux or windows.
Have you tried changing the Enable device polling option under System-Advanced-Networking? -A On Tue, Aug 13, 2013 at 7:56 PM, Sandeep A.S sani...@gmail.com wrote: Hi All I have pfsense box deployed for 3-4 customers, where with one particular ISP:- Airtel, I face high latency and packet loss with pfsense systems.With either linux or windows systems I am getting 7ms and 0 % packet loss to the gateway. But with pfsense It goes between 80ms to 700ms and packet loss of nearly 20-40%. Initially I was thinking this is because of CARP setups I have. But even without any CARP setup the packet loss is same. I have tried with D-Link 520TX card and Intel Pro 1000mbps dual port card. Both the cards are giving similar issue. This is not only in one place but most of the customers who use Airtel Leased line or DSL line. This issue is there in all my setups. One more information is that Airtel provides leased line or DSL over the copper line in India. I am not facing this issue with other providers. As it works fine with both Linux and windows systems I am not able to ask them to make any changes at their side. So far I have made the following changes. 1. Tried with both Intel and D-link cards . Also tried with different cables. 2. Tried with all duplexing option. I had to come back to 100mbps UTP full Duplex to at-least work. 3. From the command line tried with 1420 MTU. 4. Tried disabling/enabling hardware checksum offload 5. Tried disabling/enabling TCP segmentation offload 6. Tried upgrading the pfsense from 2.0.2 to 2.1.RC1 snapshot. All these trials were failure. Please let me know whether I can try any other options ?. Or what other parameter I have to check. ? Thanks for the support. Sandeep ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
Verbatim Tough-'n'-Tiny flash drives. 2 GB and 4 GB. http://www.newegg.com/Product/Product.aspx?Item=9SIA0SF0BP6305 http://www.newegg.com/Product/Product.aspx?Item=9SIA0SF0BP6306 Most of the ones we have in production are under 1 year old, but we had a lot of SSDs fail before the 1-year mark. I didn't really pay attention to the speed, but I write an image to the 2 GB drive in about 8 minutes. (Not a scientific number!) -A On Sun, Jun 9, 2013 at 11:40 AM, Odhiambo Washington odhia...@gmail.comwrote: @Aaron, Which brand of USB sticks are these you use? I've tried working with Transcend and found the performance awful. I'll appreciate your recommendation on USB sticks. On 8 June 2013 21:17, Aaron C. de Bruyn aa...@heyaaron.com wrote: Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 I can't hear you -- I'm using the scrambler. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Best practice for SSD installs
Just a note of personal experience. I've deployed ~20 pfSense firewalls that had SSDs (both cheap and rated 'good' from Newegg) over the past 2 years. I am not convinced SSDs are more reliable. Nearly every one has had an SSD die or become corrupt. We switched them all to USB sticks and haven't had any more issues. Plus it's easier for us to ship a replacement USB stick to the client and have them plug it in than to have them pop open the case and replace the drive. Maybe we've just had bad luck with SSDs, but I'm not convinced they are ready. -A On Sat, Jun 8, 2013 at 12:20 AM, Eugen Leitl eu...@leitl.org wrote: On Sat, Jun 08, 2013 at 12:40:34AM +0100, Chris Bagnall wrote: Which brings me to the question: the last time I performed a pfSense 'full' install (i.e. not embedded) was several years, and many versions ago. What's the best practice when using an SSD? Use the CD-based installer to do a 'full' install, or continue to use the embedded NanoBSD image? Modern SSDs are at least as reliable as HDs. I've used SSDs with pfSense for years (including IDE DoMs) with full install and never had a failure yet. As an aside, there are several options on the Advanced tab relating to NIC performance options: - Disable hardware checksum offload - Disable hardware TCP segmentation offload - Disable hardware large receive offload Has anyone done any tests / is there a list maintained anywhere with details of which NICs are problematic with these, and hence should be disabled? The motherboard I'm using is a mix of Intel and Realtek gigabit NICs (em and re respectively). I've used Supermicro Atoms with 2 Intel NICs onboard and with a dual-port Intel NIC added. I would be also interested in suggested list of settings for Intel NICs. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list