[pfSense Support] Dual Wireless results for Bill M.
I was testing a box with 2 wireless cards to try possible separate AP's in the same box and I promised I would give my results here. I have a test desktop and a test laptop. The desktop carries a b card while the laptop is g and both Pfsense cards are g Atheros cards (Dlink and Edimax). Under light load they seem to perform fine. However, I connected the desktop to the Dlink card and Dl'd a iso while just browsing with the laptop on the Edimax card. I began to notice pages would stall while loading and some would timeout alltogether. I didn't notice a problem with the iso downloading. I tried to put the dlink card on channel 1 and move the Edimax card to 11 but this was no help. It was suggested to try channel 1 6 as they interfere less but I haven't tested this yet, however, I do plan to. After seeing how things went last night unless more people can give me good success with this kind of setup I will probably not be putting this kind of setup into use anywhere. Jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Wireless bridging IS possible?
Ok, I was under the assumption that bridging a wireless interface running in AP mode to anything wasn't possible yet because of a driver limitation. However, right now I am running on my laptop connected to my PFsense AP that is running in AP mode and bridged to the LAN interface. This would all mean that I was wrong so would some one be kind enough to tell me my limitations with bridging a wireless interface? I'm sorry if this has been answered before. Jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] CARP NIC overhead?
Weve good experiences using 4 Port Sun HME 10/100 Ethernet PCI NICs. Maybe you have some good old unused suns to get it from. Dan Von: Vivek Khera [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 21. Juni 2006 23:09 An: support@pfsense.com Betreff: Re: [pfSense Support] CARP NIC overhead? On Jun 21, 2006, at 12:08 PM, Steve Harman wrote: Sorry to bother the list again Martin; are you able to post the model number of the Intel multiport NICs youre using please? Just to improve my chances of success. get the Intel *server* NICs. These are awesome. I've had dual-port ones (no idea the model number) which are extremely fast and stable in freebsd 6.x
RE: [pfSense Support] Wireless bridging IS possible?
You only can bridge a wireless interface to another interface if it runs in hostap (accesspoint) mode. Other modes won't work. This is a driver limitation, not pfsense. Holger -Original Message- From: Jonathan Woodard [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 9:11 AM To: support@pfsense.com Subject: [pfSense Support] Wireless bridging IS possible? Ok, I was under the assumption that bridging a wireless interface running in AP mode to anything wasn't possible yet because of a driver limitation. However, right now I am running on my laptop connected to my PFsense AP that is running in AP mode and bridged to the LAN interface. This would all mean that I was wrong so would some one be kind enough to tell me my limitations with bridging a wireless interface? I'm sorry if this has been answered before. Jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] CARP NIC overhead?
right :-) same answer would come from me :-) server nics are the best ! Von: Vivek Khera [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 21. Juni 2006 23:09An: support@pfsense.comBetreff: Re: [pfSense Support] CARP NIC overhead? On Jun 21, 2006, at 12:08 PM, Steve Harman wrote: Sorry to bother the list again Martin; are you able to post the model number of the Intel multiport NICs youre using please? Just to improve my chances of success. get the Intel *server* NICs. These are awesome. I've had dual-port ones (no idea the model number) which are extremely fast and stable in freebsd 6.x
[pfSense Support] Outbound NAT questions
I am still working with the advanced outbound NAT using pfsense a policy based dual wan router. The pfsense version is beta 4 but updated this using the cvs update script. I am attempting to specify a couple of machines that should show that they have the same IP (xxx.xxx.xxx.142). The interface IP is xxx.xxx.xxx.138. I have rules in advanced outbound nat that should set the outbound IP to be xxx.xxx.xxx.142 but it still shows xxx.xxx.xxx.138. I am using IP addresses that are setup as proxy arp. Should these be CARP or other for this to work? For that matter, what is the difference between the 3 types of virtual IP addresses? Really puzzled on this and I have not gotten any response to these direct questions on the list. I am not blaming, I know everyone has day jobs. Just need more information about how this works. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Outbound NAT questions
First, you should feed the rc1 full update anyway as it contains freebsd updates that are not included if you only sync out code from the mirrors. Run a cvs_update.sh RELENG_1 after manually updating at the webgui to get fixes that were made after the update file was generated. Which kind of VIP works for you depends mainly on how your WAN connection looks like and what you want to do with it. There are some limitations for some of them: - ProxyARP: Replies for the additional entered IP-Adress with the same MAC-Adress the real interface has the VIP lives on. It simulates Layer2 Messages for this IP. Can be used with IPs outside the real interfaces subnet. Unless you forward traffic this IP can't be utilized by the firewall itself (like answer to pings, work as endpoint for services running at the firewall itself,...). - CARP: CARP generates a random fake MAC-Adress for the additional IP at bootup and uses this to answer at Layer2 for this IP (will change at next bootup as it is randomly generated). For the opposite end the pfSense Interface then looks somehow like a switch with these IP's connected to it. Additional to this CARP can be utilized to build a cluster for redundancy. Each CARP IP broadcasts a keepalive so other nodes in the same cluster know it's still alive (that's what the password is needed for). If the keepalive fails another node in the cluster will take over the IP and same MAC of the died node. This usually happens in around 1 second or even less than a second so nobody will notice the failure of the former master node. CARP IPs have to be part of the real interfaces subnet. CARP IPs can be used for services running at the firewall directly, can answer to Pings without being forwarded, ... . CARP won't work for PPPoE or DHCP WANs. - Other: Other just tells the firewall to accept the additional IPs without generating Layer2 replies for it. You usually can use this if the additional IPs are routed to you without the need to answer at Layer2 to get the traffic for this IP to you. Traffic has to be forwarded and can't be used by the firewall itself. Preview for the next version of pfSense: We'll have an additional VIP type in the next version (already implemented in HEAD Codetree) which utilizes interface alias, which works similiar to proxy arp but without the limitations of it. ProxyARP might get removed then as this way is better and does the same plus more. I usually set up additional IPs as CARP as this should nearly always work and it gives me the flexibility to just add a failovernode later if needed without transforming the configuration. Another thing we experienced in the past with VIP problems is caused by the router/device in front of you not learning the ARPs correctly when adding a VIP. In that case you should just reboot the device or flush the cache manually and see if it works after that. Hope this helps a bit, Holger -Original Message- From: Robert Goley [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 4:14 PM To: support@pfsense.com Subject: [pfSense Support] Outbound NAT questions I am still working with the advanced outbound NAT using pfsense a policy based dual wan router. The pfsense version is beta 4 but updated this using the cvs update script. I am attempting to specify a couple of machines that should show that they have the same IP (xxx.xxx.xxx.142). The interface IP is xxx.xxx.xxx.138. I have rules in advanced outbound nat that should set the outbound IP to be xxx.xxx.xxx.142 but it still shows xxx.xxx.xxx.138. I am using IP addresses that are setup as proxy arp. Should these be CARP or other for this to work? For that matter, what is the difference between the 3 types of virtual IP addresses? Really puzzled on this and I have not gotten any response to these direct questions on the list. I am not blaming, I know everyone has day jobs. Just need more information about how this works. Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Thanks for all the multiport NIC info!
Thank you to everyone who came to my aid with tips on which multiport NICs to go for. Weve now placed our hardware order for two new boxes and Im looking forward to experimenting with a pfSense CARP cluster! On an unrelated note does pfSense offer an NTP time server? i.e; can I point my LAN clients at _it_ to supply their date time sync ? Thanks again. Steve
RE: [pfSense Support] Thanks for all the multiport NIC info!
The next version will be able to act as NTP Timeserver (already in our HEAD codetree). Holger -Original Message- From: Steve Harman [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 5:11 PM To: support@pfsense.com Subject: [pfSense Support] Thanks for all the multiport NIC info! Thank you to everyone who came to my aid with tips on which multiport NICs to go for. We've now placed our hardware order for two new boxes and I'm looking forward to experimenting with a pfSense CARP cluster! On an unrelated note does pfSense offer an NTP time server? i.e; can I point my LAN clients at _it_ to supply their date time sync ? Thanks again. Steve Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Thanks for all the multiport NIC info!
On 6/22/06, Steve Harman [EMAIL PROTECTED] wrote: On an unrelated note does pfSense offer an NTP time server? i.e; can I point my LAN clients at _it_ to supply their date time sync ? Not in 1.0. It is in CVS and will be featured in 1.1 or whatever we call the next version, however. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Thanks for all the multiport NIC info!
Is there a feature-roadmap available somewhere, clearly showing what's going into f.ex., 1.1 (not RequestedFeatures / RequestedExtensions, as they don't show a timeline)? BR, / oscar -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: den 22 juni 2006 17:15 To: support@pfsense.com Subject: Re: [pfSense Support] Thanks for all the multiport NIC info! On 6/22/06, Steve Harman [EMAIL PROTECTED] wrote: On an unrelated note does pfSense offer an NTP time server? i.e; can I point my LAN clients at _it_ to supply their date time sync ? Not in 1.0. It is in CVS and will be featured in 1.1 or whatever we call the next version, however. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Thanks for all the multiport NIC info!
On 6/22/06, Oscar Rylin [EMAIL PROTECTED] wrote: Is there a feature-roadmap available somewhere, clearly showing what's going into f.ex., 1.1 (not RequestedFeatures / RequestedExtensions, as they don't show a timeline)? BR, No official roadmap as of yet. There is this however: http://wiki.pfsense.com/wikka.php?wakka=GeekGod http://wiki.pfsense.com/wikka.php?wakka=BillM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Thanks for all the multiport NIC info!
http://pfsense.com/~sullrich/pics/ holds some screenshots of new features. Most should be selfexplanaiting. Holger -Original Message- From: Oscar Rylin [mailto:[EMAIL PROTECTED] Sent: Thursday, June 22, 2006 6:46 PM To: support@pfsense.com Subject: RE: [pfSense Support] Thanks for all the multiport NIC info! Is there a feature-roadmap available somewhere, clearly showing what's going into f.ex., 1.1 (not RequestedFeatures / RequestedExtensions, as they don't show a timeline)? BR, / oscar -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: den 22 juni 2006 17:15 To: support@pfsense.com Subject: Re: [pfSense Support] Thanks for all the multiport NIC info! On 6/22/06, Steve Harman [EMAIL PROTECTED] wrote: On an unrelated note does pfSense offer an NTP time server? i.e; can I point my LAN clients at _it_ to supply their date time sync ? Not in 1.0. It is in CVS and will be featured in 1.1 or whatever we call the next version, however. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Dual Wireless results for Bill M.
This is a guess - but maybe because both wireless cards are physically right beside each other maybe their aerials are crosstalking. Try moving the cards so they are in PCI slots as far apart as possible. If that doesn't help try a replacement aerial on a cable rather than a pencil aerial out the back of your NIC. This is what happens when 6 APs are all in the same room and arguing over channels. http://staff.avonside.school.nz/cf/lala-wireless.png Actual throughput was almost 0 because everything kept channel hopping to what looked clear. -Original Message- From: Jonathan Woodard [mailto:[EMAIL PROTECTED] Sent: Thursday, 22 June 2006 7:26 p.m. To: support@pfsense.com Subject: [pfSense Support] Dual Wireless results for Bill M. I was testing a box with 2 wireless cards to try possible separate AP's in the same box and I promised I would give my results here. I have a test desktop and a test laptop. The desktop carries a b card while the laptop is g and both Pfsense cards are g Atheros cards (Dlink and Edimax). Under light load they seem to perform fine. However, I connected the desktop to the Dlink card and Dl'd a iso while just browsing with the laptop on the Edimax card. I began to notice pages would stall while loading and some would timeout alltogether. I didn't notice a problem with the iso downloading. I tried to put the dlink card on channel 1 and move the Edimax card to 11 but this was no help. It was suggested to try channel 1 6 as they interfere less but I haven't tested this yet, however, I do plan to. After seeing how things went last night unless more people can give me good success with this kind of setup I will probably not be putting this kind of setup into use anywhere. Jonathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] SSH Conenction issues
I have my traffic shaper configured, except there is no option for me to put SSH at Higest Priorty, my SSH sessions will lag out when I am in a remote location. Is there any way in pfSense to give it a higher priority? Thanks! -Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] SSH Conenction issues
SSH is handled by the ACK queue by default that has high priority: http://faq.pfsense.com/index.php?action=artikelcat=10id=56artlang=enhighlight=ssh Holger -Original Message- From: toxikco2 [mailto:[EMAIL PROTECTED] Sent: Friday, June 23, 2006 12:36 AM To: support@pfsense.com Subject: [pfSense Support] SSH Conenction issues I have my traffic shaper configured, except there is no option for me to put SSH at Higest Priorty, my SSH sessions will lag out when I am in a remote location. Is there any way in pfSense to give it a higher priority? Thanks! -Nick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
