[pfSense Support] Routing throughput on Soekris boards
Greetings list, I know there've been discussions on the m0n0wall list in the past regarding throughput benchmarking on Soekris platforms. Would those same figures also apply to pfSense? If not, has anyone done any benchmarking on 4801/5501 boards they'd be willing to share with the list? I'm currently trying to work out whether a site needs a 4801 or a 5501. They have a 10mbit synchronous WAN link, a standard office LAN, but also a WLAN used for streaming CCTV footage from remote buildings. I'm trying to calculate whether the Soekris will handle the theoretical max throughput (about 25mbps WLAN + 10mbps WAN). Thanks in advance. Regards, Chris -- C.M. Bagnall, Director, Minotaur I.T. Limited For full contact details visit http://www.minotaur.it This email is made from 100% recycled electrons - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Thanks Vivek This hub was placed between the cable modem and the WAN for data capture purposes only, prior was just a direct patch cable connection, no apparent need for a switch/hub intermediary as the Motorola seems to accept direct and crossover cables, at least I have not tried a cross over cableseemed no need, as (I assumed) either it will work completely or not at all...at that level...but any assumption is dangerous I guess... I also expected a direct link took away one potential source of problems. Since my last post it has now misbehaved, with the hub in place, I have caught it all into a 1G (!) file, however I need to figure out how to split it up to inspect now At least it won't all load up into wireshark, even with 4G of RAM It crashes when the RAM is consumed - at about halfway through the file! When I have some more time I'll see if it will load up without the ARP data. I am hoping the times coincide well enough, I know the stop and reboot times Interestingly it commonly occurs when a remote terminal session is running, but not always. Kind regards David Hingston - Original Message - From: Vivek Khera To: support@pfsense.com Sent: Wednesday, August 22, 2007 10:30 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M On Aug 21, 2007, at 7:31 AM, Tortise wrote: I am running wireshark - however the connection has yet to misbehave whilst doing so. (Now I know why I kept those old 100M hubs!) Well, perhaps your switch and your NIC don't agree with each other? I've had that problem before...
RE: [pfSense Support] Routing throughput on Soekris boards
4801 will be too weak for this or at least run under heavy load all the time. If you want to use some services and need ipsec encryption for example it will definately be too weak. Go for a 5501. I heard from one of the developers that it performs pretty good. Holger -Original Message- From: Chris Bagnall [mailto:[EMAIL PROTECTED] On Behalf Of Chris Bagnall Sent: Wednesday, August 22, 2007 1:03 PM To: support@pfsense.com Subject: [pfSense Support] Routing throughput on Soekris boards Greetings list, I know there've been discussions on the m0n0wall list in the past regarding throughput benchmarking on Soekris platforms. Would those same figures also apply to pfSense? If not, has anyone done any benchmarking on 4801/5501 boards they'd be willing to share with the list? I'm currently trying to work out whether a site needs a 4801 or a 5501. They have a 10mbit synchronous WAN link, a standard office LAN, but also a WLAN used for streaming CCTV footage from remote buildings. I'm trying to calculate whether the Soekris will handle the theoretical max throughput (about 25mbps WLAN + 10mbps WAN). Thanks in advance. Regards, Chris -- C.M. Bagnall, Director, Minotaur I.T. Limited For full contact details visit http://www.minotaur.it This email is made from 100% recycled electrons - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Want to know
If you are using the reauthenticate users every minute against an external Radiusserver with the CP that might explain the load. Search the m0n0list for the designlimitations of the current CP implementation and why that will cause problems when having lots of users. We currently don't do any work on the CP and probably won't do. To change these limitations a complete rewrite from scratch would be needed which is a full time job and needs some funding. Btw, there doesn't seem to be much inovation regarding the CP in m0n0wall either currently afaik. Holger From: Mohd Saidy [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 2:54 PM To: support@pfsense.com Subject: [pfSense Support] Want to know Hi, I'm using pfsense-1.2-BETA Release. I got 80% processing in php and also have another 2 php running but in 0.00% as file attached. It make our server slow to connected to internet. Cocurrently user are 110 peoples using captive portal. May i know if the new release already solve this issue? Thank you - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Issues with system-advanced/certification issues.
I did a little more testing and if I remove the certs in the System-Advanced function and set the webGUI protocol to http (or https) in the System- General Setup, it works without failure. Still doing some more checking. Where would I find the source code for pfSense so that we can possibly trace down the issue ourselves? Thank you for everyone's help. Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 21, 2007 9:29 AM To: support@pfsense.com Subject: RE: [pfSense Support] Issues with system-advanced/certification issues. Another question I have as far as certificates go for pfSense, we use a private IP address for the WAN. When we create the certificates using OpenSSL for Windows, we use the IP address as the Common Name (CN). Should we use the Fully Qualified Domain Name (FQDN) as the CN or is the IP address OK? Thanks Dwane From: Atkins, Dwane P [mailto:[EMAIL PROTECTED] Sent: Monday, August 20, 2007 4:52 PM To: support@pfsense.com Subject: [pfSense Support] Issues with system-advanced/certification issues. Good afternoon, I just installed 1.2RC2. I wanted to see if our issue was resolved concerning when we have self-signed (or self generated certificates), and we click on System-Advanced, it will conclude every session on the Captive Portal. Personnel have to re-authenticate in order to regain connectivity. These are the scenarios that I performed today and each of them came up with the same error about the webConfigurator certificates have changed. Tried with System-General Setup-webGUI protocol set to http, self-signed certs, System-Advanced- webGUI SSL, generated from OpenSSL intalled and I received this error Tried with System-General Setup-webGUI protocol set to https, self-signed cert, in System-Advanced- webGUI SSL, generated from OpenSSL installed and still receive the same error. Tried with System-General Setup-webGUI protocol set to http, no self signed certs in the System-Advanced- webGUI SSL certificate/key and it does not conclude connectivity on the CaptivePortal. Aug 20 16:33:12 check_reload_status: webConfigurator restart in progress Aug 20 16:33:06 php[1496]: /system_advanced.php: webConfigurator certificates have changed. Restarting webConfigurator. Aug 20 16:31:50 check_reload_status: reloading filter Is there an issue with creating self-signed certificate using OpenSSL and pfSense? Can someone explain the Create Certificate automatically link on the System-Advanced- webGUI SSL certificate/key? Thank you all for your help. Dwane mailto:[EMAIL PROTECTED]
Re: [pfSense Support] Multiple Subnet Transparent Bridging?
Does anyone have any experience with this? Is it stable? Tips? --Tim - Original Message - From: Tim Nelson [EMAIL PROTECTED] To: support support@pfsense.com Sent: Monday, August 20, 2007 2:27:00 PM (GMT-0600) America/Chicago Subject: [pfSense Support] Multiple Subnet Transparent Bridging? After being inspired by an earlier topic on the list, I decided to start playing with transparent bridging again. I've come across a situation where firewalling using a transparent bridge will work perfect... but I need it to handle multiple subnets. Can I assign secondary, tertiary, etc... IPs to the WAN interface using Virtual IPs? If so, is there a limit to the number of additional IPs? Thank you! Tim Nelson Technical Consultant Rockbochs Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Unless I disable filter in Advanced setting, I can't send attachments over 48Kb or upload files above 48Kb
Hello, I am running pfsense 1.0.1. I am new to pfsense. Nobody inside the network can send attachments over 48Kb if the filters are enabled in advanced settings. If I check off the check box in advanced settings, I can send well over 48Kb. I tried disabling every rule and turning them on one by one to test it but to no avail. Is there a default rule I am missing and how do I disable that. The challenge is that our sister company also uses pfsense but they can continue to send attachments over 48Kb. I have mirrored their settings except bridging the WAN and LAN..otherwise the LAN cannot get out to the public internet. Can someone let me know what is causing this and how it can be rectified other than scrapping pfsense. The attachment size was not an issue with sonicwall. Any advice is appreciated. I would love to continue to use pfsense but this is a major drawback. Thank you -- Sonny Sarai - System Administrator Digital Ocean Marketing Inc. Office: +1-604-895-7423 www.digitaloceanmarketing.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Unless I disable filter in Advanced setting, I can't send attachments over 48Kb or upload files above 48Kb
On 8/22/07, Sonny Sarai [EMAIL PROTECTED] wrote: Hello, I am running pfsense 1.0.1. I am new to pfsense. Nobody inside the network can send attachments over 48Kb if the filters are enabled in advanced settings. If I check off the check box in advanced settings, I can send well over 48Kb. I tried disabling every rule and turning them on one by one to test it but to no avail. Is there a default rule I am missing and how do I disable that. The challenge is that our sister company also uses pfsense but they can continue to send attachments over 48Kb. I have mirrored their settings except bridging the WAN and LAN..otherwise the LAN cannot get out to the public internet. Can someone let me know what is causing this and how it can be rectified other than scrapping pfsense. The attachment size was not an issue with sonicwall. Any advice is appreciated. I would love to continue to use pfsense but this is a major drawback. Try checking System - Advanced - Disable Firewall Scrub. If this does not work try checking System - Advanced - Clear DF bit instead of dropping Give the firewall a good minute or 2 between testing after changing the option and saving. If the above does not work then upgrade to 1.2-RC2 (I would recommend this either way, actually). Scott Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Unless I disable filter in Advanced setting, I can't send attachments over 48Kb or upload files above 48Kb
upgrade to 1.2-RC2 and try again. I'm sure whatever was causing this has been fixed a while ago -Sean - Original Message - From: Sonny Sarai [EMAIL PROTECTED] To: support@pfsense.com Sent: Wednesday, August 22, 2007 4:56 PM Subject: [pfSense Support] Unless I disable filter in Advanced setting, I can't send attachments over 48Kb or upload files above 48Kb Hello, I am running pfsense 1.0.1. I am new to pfsense. Nobody inside the network can send attachments over 48Kb if the filters are enabled in advanced settings. If I check off the check box in advanced settings, I can send well over 48Kb. I tried disabling every rule and turning them on one by one to test it but to no avail. Is there a default rule I am missing and how do I disable that. The challenge is that our sister company also uses pfsense but they can continue to send attachments over 48Kb. I have mirrored their settings except bridging the WAN and LAN..otherwise the LAN cannot get out to the public internet. Can someone let me know what is causing this and how it can be rectified other than scrapping pfsense. The attachment size was not an issue with sonicwall. Any advice is appreciated. I would love to continue to use pfsense but this is a major drawback. Thank you -- Sonny Sarai - System Administrator Digital Ocean Marketing Inc. Office: +1-604-895-7423 www.digitaloceanmarketing.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]