Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

[Tortise]

Thank you Paul

We are awaiting the ISP replacing the cable modem.

I think your suggestion is interesting but probably not the explanation in our 
case.

A number of people have tried multiple NIC's on different hardware (myself 
included) and still experienced the same problem.

If the replaced modem does not fix the problem I will however try anything!

Kind regards
David Hingston

- Original Message - 
From: Paul M [EMAIL PROTECTED]
To: support@pfsense.com
Sent: Tuesday, August 28, 2007 10:28 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M RAM


Tortise wrote:
 Buy hardware that's not faulty.  pfsense is *way* more robust than what it 
 seems to be for you.  what network interfaces do you
 have?   if other than broadcom or Intel, switch to Intel.

 In frustration I have purchased 2 new Intel Pro/1000GT NIC's.  They have 
 lasted almost 48 hours before the internal disconnection
 between the LAN and WAN recurred yet again. The state table is reported 
 as having showed 56 entries on index.php. Fixed by
 rebooting.  Nothing else.  (Cheaper cards have lasted longer!)

we had a lot of problems with linux drivers and the intel giga nics
onboard our tyans; we turned off power management in the intel's eeprom.
maybe the same problem affects freebsd?

the script to fix it is here:
http://e1000.sourceforge.net/wiki/index.php/Issues#82573.28V.2FL.2FE.29_TX_Unit_Hang_messages

to use this fix on our pfsense box, I booted a linux rescue disk (suse
10.2 cd 1 as it happened) and downloaded and ran the script mentioned here:

this might or might not help... good luck!


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

[Tortise]

Dear List

Until we find a permanent solution it seems I may be able to do a temporary fix.

Firstly I note that during a download I can run

ifconfig em0 down; ifconfig em0 up

without apparently interrupting the download!  This fixes the problem - until 
it occurs again.  Looking around (using Google and 
Diagnostics: Edit File ) it seems I may be able to edit this file /etc/crontab 
thus:

{start}
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hourmdaymonth   wdaywho  command
#
#
# pfSense specific crontab entries
# Created: August 26, 2007, 7:50 am
#

0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 * 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 
sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 
virusprot
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
*/5 * * * * root /usr/local/bin/checkreload.sh
*/5 * * * * root /etc/ping_hosts.sh
*/300 * * * * root /usr/local/sbin/reset_slbd.sh

#DH Addition Start
# Hopefully his will run every minunte
#ping returns 1 when successful
#run ping to the first hop gateway (a.b.c.1) , if it fails run the fix...
*/1 * * * * root if (ping -c1 a.b.c.1 != 1) then ifconfig em0 down; ifconfig 
em0 up endif
#DH Addition End

#
# If possible do not add items to this file manually.
# If you do so, this file must be terminated with a blank line (e.g. new line)
#

{end}

Is this correct syntax?  Can I just paste it into the window and save it?  
Anything else needed?

The immediate goal here is to be able to continue remote terminal sessions and 
keep the site up!  (Or be able to log back in within 
a minute, instead of having to wait maybe hours until someone is on site to fix 
it...)

Any guidance would be greatly appreciated.

Kind regards
David Hingston 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] About a pfSense presentation

[Tomás de Barros Correia]

Hi all,
i am a entusiasth of pfSense project and I'm going to do a presentation
about it in a Free Software event, here, in Brazil, to make it more known by
the people and give them a good experience with pfSense that I had.
So I would like to know if is there some default presentation that you use
to do something like this? A presentation about the advantages, architeture,
configuring, installing...
If there isn't, I'll do it anyway. But if someone already presented
something in this line and wants to share it with me, I would aprecciate
that.

Thanks for any help,

  Tomás.



-- 
Tomás de Barros Correia

Ciência da Computação - UFCG

http://www.dsc.ufcg.edu.br/~tomas/ http://www.dsc.ufcg.edu.br/%7Etomas/

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

[Vivek Khera]

On Aug 29, 2007, at 6:20 AM, Tortise wrote:


we had a lot of problems with linux drivers and the intel giga nics
onboard our tyans; we turned off power management in the intel's  
eeprom.

maybe the same problem affects freebsd?


I've not had any issues with Intel NICs across several dozen FreeBSD  
systems of varying vintage (from the 10/100 fxp devices thru the  
1Gb em devices).  Broadcom NICs on the other hand have been mostly  
nothing but trouble until the most recent FreeBSD releases.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] multi interface traffic shaper.

[Jan Zorz]

sai wrote:

Traffic shaper currently only works with 1 WAN interface

sai
  

Hi.

I understand that (and I have only 1 WAN interface). I would like shaper 
to work between 1 WAN and multiple LAN interfaces in the same manner


/jan


On 8/15/07, Jan Zorz [EMAIL PROTECTED] wrote:
  

Hi gang (again).

I already posted this question on forum, but no replies, so I'm trying
my luck here.

I went through traffic shaper wizard and created limited badwith rules
between WAN and LAN interface and assigned all priorities and bandwith
limit to 1/10 of WAN actual speed. Now I would like to add same rules
and limit between newly created OPT1 interface and WAN.

Any quick tips, tricks or links, how to do that in any way?

If no idea, any tips just how to limit bandwith between OPT1 and WAN to
1/10 of actual WAN speed?

Thank you, Jan Zorz

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

  



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] file upload and attachment size limitation

[Sonny Sarai]

Hello,

I am running pfsense 1.2-RC2. I am new to pfsense. Nobody inside the 
network can send attachments over 48Kb if the filters are enabled in
advanced settings. If I check off the check box in advanced settings, I 
can send well over 48Kb.


I tried disabling every rule and turning them on one by one to test it 
but to no avail. Is there a default rule I am missing and how do I 
disable that. The challenge is that our sister company also uses pfsense 
but  they can continue to send attachments over 48Kb. I have mirrored 
their settings except that I have bridged the WAN and LAN otherwise the 
LAN cannot get out to the public internet. I also disabled firewall 
scrub, waited 2 minutes and I still could not send over 48Kb. I then 
cleared the DF bit andf I stil could sent out attachments.


I also set up PPTP VPN  and I can send attachments over 48Kb out when I 
am connected from outside the office. Does this mean there is a 
limitation on my LAN interface. If so, how would I open that up?


Can someone let me know what is causing this and how it can be rectified 
other than scrapping pfsense. The attachment size limitation is a big 
drawback.


Thank you

Sonny

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] file upload and attachment size limitation

[Scott Ullrich]

Stop posting new threads!  I already answered your last 2 threads
titled: Unless I disable filter in Advanced setting, I can't send
attachments over 48Kb or upload files above 48Kb 

Opening new threads over and over is not going to help you solve this
issue.  It will do the opposite and upset the list participants with
duplicate messages for no reason.

Thanks.

On 8/29/07, Sonny Sarai [EMAIL PROTECTED] wrote:
 Hello,

 I am running pfsense 1.2-RC2. I am new to pfsense. Nobody inside the
 network can send attachments over 48Kb if the filters are enabled in
 advanced settings. If I check off the check box in advanced settings, I
 can send well over 48Kb.

 I tried disabling every rule and turning them on one by one to test it
 but to no avail. Is there a default rule I am missing and how do I
 disable that. The challenge is that our sister company also uses pfsense
 but  they can continue to send attachments over 48Kb. I have mirrored
 their settings except that I have bridged the WAN and LAN otherwise the
 LAN cannot get out to the public internet. I also disabled firewall
 scrub, waited 2 minutes and I still could not send over 48Kb. I then
 cleared the DF bit andf I stil could sent out attachments.

 I also set up PPTP VPN  and I can send attachments over 48Kb out when I
 am connected from outside the office. Does this mean there is a
 limitation on my LAN interface. If so, how would I open that up?

 Can someone let me know what is causing this and how it can be rectified
 other than scrapping pfsense. The attachment size limitation is a big
 drawback.

 Thank you

 Sonny

 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] IPSEC and NAT

[Denny Page]

Hello,

I have what I thought would be a simple item to solve, but have been  
unable to find a way to make this work with pfSense.  Here's the  
configuration:


remote-host (10.101.1.1)
 |
remote-net (10.0.0.0/8)
 |
   remote-ipsec-server (11.11.11.11)
 |
 internet
 |
  pfsense (wan 22.22.22.22, lan 192.168.0.1/16)
 |
 local-net (192.168.0.0/16)
 |
local-host (192.168.0.2)

The way IPSEC is set up is that the remote net is 10.0.0.0/8, whereas  
my local portion is 10.100.100.80/28.  What I am trying to do is to  
have hosts in the local network access the remote 10.0.0.0/8 network  
in the same way that they access hosts in the internet.  In other  
words, I want to hide them behind nat.  There are no inbound  
connections to the local net from the remote net, all connections  
originate from the local net.


The remote IPSEC device is a Cisco.  The pfSense version is 1.2-RC2.   
I'm migrating to pfSense from Shorewall on Linux.


I have the IPSEC vpn configured in fpSense with local network  
10.100.100.80/28, and remote network 10.0.0.0/8.  I have a virtual IP  
10.100.100.81 set up on the WAN interface.


I have AON enabled, and I have a NAT rule on the WAN interface for  
destination 10.0.0.0/8 with NAT address 10.100.100.81.
For testing, I have a firewall rule for IPSEC that allows all packets  
from the remote host (10.101.1.1) to any destination.


If I ping 10.10.1.1 from the local host, nothing happens--pfsense  
does not initiate the IPSEC connection.  If I ping any address in the  
10.100.100.80/28 network from the remote host, the tunnel  
successfully initiates.  IPSEC traffic is seen between the remote  
server and fpSense.  Even though the tunnel is already up, ping from  
the local host to the remote host still results in no traffic  
whatsoever.


I cannot get pfSense to route packets destined for 10.0.0.0/8 through  
the tunnel.


Can anyone suggest a way to solve this?

Thanks,

Denny

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] DMZ (public IP) problem

[Android Andrew[:]]

Chris Buechler wrote:

On Tue, 2007-08-28 at 22:20 +0300, Android Andrew[:] wrote:

Does your ISP actually route those public IP's to your WAN IP? If not,
you'll need proxy ARP or CARP IP's for those addresses. Though when
using the IP's directly on the systems, you really need your ISP to
route the subnet to your WAN IP to avoid having to do that. 


Thank you Chris!
Yes, ISP routes these IP's to my WAN interface (if I set Virtual IP on 
WAN, I can ping it from outside). I tried to enable proxy ARP, but it 
took no effect.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] anyone noticed slowdown in RC1 or RC2?

[Jonathan Horne]

i have a client, who has been running pfsense since january.  i recently 
updated him to 1.2-RC1, and since then, his internet browsing for his site 
has been really poor.  when a browser is opened, the initial connection to 
the site takes 10-15 seconds, then the site starts to open.  other links 
within the site will seem to work fine, but when you try to open another 
site, pause.. then opens.

a few days ago, my RC1 pfsense started doing the same thing.  i updated it to 
RC2, and for a short while, the problem seemed to have passed, but now its 
back again.

has anyone else experienced anything like this?  both of these pfsense boxes 
in question are p4 1.8 or higher boxes, with 512 or 768 MB ram, and have 
never been a problem before.

also, if i get into a pinch and have a dire need to go back to an older 
firmware, is that type of downgrade supported, or would i have to do a 
reinstall/config reload?

thanks,
-- 
Jonathan Horne
http://dfwlpiki.dfwlp.org
[EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] anyone noticed slowdown in RC1 or RC2?

[Chris Buechler]

On Wed, 2007-08-29 at 20:43 -0500, Jonathan Horne wrote:
 i have a client, who has been running pfsense since january.  i recently 
 updated him to 1.2-RC1, and since then, his internet browsing for his site 
 has been really poor.  when a browser is opened, the initial connection to 
 the site takes 10-15 seconds, then the site starts to open.  other links 
 within the site will seem to work fine, but when you try to open another 
 site, pause.. then opens.
 

Very little has changed OS-wise between B1, RC1 and RC2, the pfSense
code which has changed substantially has no effect on performance. We've
actually fixed a performance issue between B1 and RC1, which makes RC1
and later releases measurably faster than previous 1.2 releases. 

Pausing between page loads can be about a million different things. Grab
a packet capture and see what the real underlying cause is. If you don't
know how to do this, read on. 

Enable SSH if you haven't already. Open two SSH sessions and run the
following (one in each)

tcpdump -i XXX -s 1514 - -w /tmp/wan.pcap
tcpdump -i YYY -s 1514 - -w /tmp/lan.pcap

replace XXX with the actual name of your WAN interface (i.e. fxp0, xl0,
or whatever) and YYY with the actual name of your LAN interface. 

Then duplicate the issue by loading up 4-5 sites. Go back to the SSH
sessions and hit ctrl-c on both. 

Go into the webGUI and go to exec.php, in download file,
download /tmp/wan.pcap and /tmp/lan.pcap. Email me those files offlist
and I'll take a look. 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]