Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Thank you Paul We are awaiting the ISP replacing the cable modem. I think your suggestion is interesting but probably not the explanation in our case. A number of people have tried multiple NIC's on different hardware (myself included) and still experienced the same problem. If the replaced modem does not fix the problem I will however try anything! Kind regards David Hingston - Original Message - From: Paul M [EMAIL PROTECTED] To: support@pfsense.com Sent: Tuesday, August 28, 2007 10:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Tortise wrote: Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) we had a lot of problems with linux drivers and the intel giga nics onboard our tyans; we turned off power management in the intel's eeprom. maybe the same problem affects freebsd? the script to fix it is here: http://e1000.sourceforge.net/wiki/index.php/Issues#82573.28V.2FL.2FE.29_TX_Unit_Hang_messages to use this fix on our pfsense box, I booted a linux rescue disk (suse 10.2 cd 1 as it happened) and downloaded and ran the script mentioned here: this might or might not help... good luck! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Dear List Until we find a permanent solution it seems I may be able to do a temporary fix. Firstly I note that during a download I can run ifconfig em0 down; ifconfig em0 up without apparently interrupting the download! This fixes the problem - until it occurs again. Looking around (using Google and Diagnostics: Edit File ) it seems I may be able to edit this file /etc/crontab thus: {start} SHELL=/bin/sh PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin HOME=/var/log #minute hourmdaymonth wdaywho command # # # pfSense specific crontab entries # Created: August 26, 2007, 7:50 am # 0 * * * * root /usr/bin/nice -n20 newsyslog 1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a 1 * 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout 1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot */60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c */5 * * * * root /usr/local/bin/checkreload.sh */5 * * * * root /etc/ping_hosts.sh */300 * * * * root /usr/local/sbin/reset_slbd.sh #DH Addition Start # Hopefully his will run every minunte #ping returns 1 when successful #run ping to the first hop gateway (a.b.c.1) , if it fails run the fix... */1 * * * * root if (ping -c1 a.b.c.1 != 1) then ifconfig em0 down; ifconfig em0 up endif #DH Addition End # # If possible do not add items to this file manually. # If you do so, this file must be terminated with a blank line (e.g. new line) # {end} Is this correct syntax? Can I just paste it into the window and save it? Anything else needed? The immediate goal here is to be able to continue remote terminal sessions and keep the site up! (Or be able to log back in within a minute, instead of having to wait maybe hours until someone is on site to fix it...) Any guidance would be greatly appreciated. Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] About a pfSense presentation
Hi all, i am a entusiasth of pfSense project and I'm going to do a presentation about it in a Free Software event, here, in Brazil, to make it more known by the people and give them a good experience with pfSense that I had. So I would like to know if is there some default presentation that you use to do something like this? A presentation about the advantages, architeture, configuring, installing... If there isn't, I'll do it anyway. But if someone already presented something in this line and wants to share it with me, I would aprecciate that. Thanks for any help, Tomás. -- Tomás de Barros Correia Ciência da Computação - UFCG http://www.dsc.ufcg.edu.br/~tomas/ http://www.dsc.ufcg.edu.br/%7Etomas/
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
On Aug 29, 2007, at 6:20 AM, Tortise wrote: we had a lot of problems with linux drivers and the intel giga nics onboard our tyans; we turned off power management in the intel's eeprom. maybe the same problem affects freebsd? I've not had any issues with Intel NICs across several dozen FreeBSD systems of varying vintage (from the 10/100 fxp devices thru the 1Gb em devices). Broadcom NICs on the other hand have been mostly nothing but trouble until the most recent FreeBSD releases. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] multi interface traffic shaper.
sai wrote: Traffic shaper currently only works with 1 WAN interface sai Hi. I understand that (and I have only 1 WAN interface). I would like shaper to work between 1 WAN and multiple LAN interfaces in the same manner /jan On 8/15/07, Jan Zorz [EMAIL PROTECTED] wrote: Hi gang (again). I already posted this question on forum, but no replies, so I'm trying my luck here. I went through traffic shaper wizard and created limited badwith rules between WAN and LAN interface and assigned all priorities and bandwith limit to 1/10 of WAN actual speed. Now I would like to add same rules and limit between newly created OPT1 interface and WAN. Any quick tips, tricks or links, how to do that in any way? If no idea, any tips just how to limit bandwith between OPT1 and WAN to 1/10 of actual WAN speed? Thank you, Jan Zorz - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] file upload and attachment size limitation
Hello, I am running pfsense 1.2-RC2. I am new to pfsense. Nobody inside the network can send attachments over 48Kb if the filters are enabled in advanced settings. If I check off the check box in advanced settings, I can send well over 48Kb. I tried disabling every rule and turning them on one by one to test it but to no avail. Is there a default rule I am missing and how do I disable that. The challenge is that our sister company also uses pfsense but they can continue to send attachments over 48Kb. I have mirrored their settings except that I have bridged the WAN and LAN otherwise the LAN cannot get out to the public internet. I also disabled firewall scrub, waited 2 minutes and I still could not send over 48Kb. I then cleared the DF bit andf I stil could sent out attachments. I also set up PPTP VPN and I can send attachments over 48Kb out when I am connected from outside the office. Does this mean there is a limitation on my LAN interface. If so, how would I open that up? Can someone let me know what is causing this and how it can be rectified other than scrapping pfsense. The attachment size limitation is a big drawback. Thank you Sonny - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] file upload and attachment size limitation
Stop posting new threads! I already answered your last 2 threads titled: Unless I disable filter in Advanced setting, I can't send attachments over 48Kb or upload files above 48Kb Opening new threads over and over is not going to help you solve this issue. It will do the opposite and upset the list participants with duplicate messages for no reason. Thanks. On 8/29/07, Sonny Sarai [EMAIL PROTECTED] wrote: Hello, I am running pfsense 1.2-RC2. I am new to pfsense. Nobody inside the network can send attachments over 48Kb if the filters are enabled in advanced settings. If I check off the check box in advanced settings, I can send well over 48Kb. I tried disabling every rule and turning them on one by one to test it but to no avail. Is there a default rule I am missing and how do I disable that. The challenge is that our sister company also uses pfsense but they can continue to send attachments over 48Kb. I have mirrored their settings except that I have bridged the WAN and LAN otherwise the LAN cannot get out to the public internet. I also disabled firewall scrub, waited 2 minutes and I still could not send over 48Kb. I then cleared the DF bit andf I stil could sent out attachments. I also set up PPTP VPN and I can send attachments over 48Kb out when I am connected from outside the office. Does this mean there is a limitation on my LAN interface. If so, how would I open that up? Can someone let me know what is causing this and how it can be rectified other than scrapping pfsense. The attachment size limitation is a big drawback. Thank you Sonny - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] IPSEC and NAT
Hello, I have what I thought would be a simple item to solve, but have been unable to find a way to make this work with pfSense. Here's the configuration: remote-host (10.101.1.1) | remote-net (10.0.0.0/8) | remote-ipsec-server (11.11.11.11) | internet | pfsense (wan 22.22.22.22, lan 192.168.0.1/16) | local-net (192.168.0.0/16) | local-host (192.168.0.2) The way IPSEC is set up is that the remote net is 10.0.0.0/8, whereas my local portion is 10.100.100.80/28. What I am trying to do is to have hosts in the local network access the remote 10.0.0.0/8 network in the same way that they access hosts in the internet. In other words, I want to hide them behind nat. There are no inbound connections to the local net from the remote net, all connections originate from the local net. The remote IPSEC device is a Cisco. The pfSense version is 1.2-RC2. I'm migrating to pfSense from Shorewall on Linux. I have the IPSEC vpn configured in fpSense with local network 10.100.100.80/28, and remote network 10.0.0.0/8. I have a virtual IP 10.100.100.81 set up on the WAN interface. I have AON enabled, and I have a NAT rule on the WAN interface for destination 10.0.0.0/8 with NAT address 10.100.100.81. For testing, I have a firewall rule for IPSEC that allows all packets from the remote host (10.101.1.1) to any destination. If I ping 10.10.1.1 from the local host, nothing happens--pfsense does not initiate the IPSEC connection. If I ping any address in the 10.100.100.80/28 network from the remote host, the tunnel successfully initiates. IPSEC traffic is seen between the remote server and fpSense. Even though the tunnel is already up, ping from the local host to the remote host still results in no traffic whatsoever. I cannot get pfSense to route packets destined for 10.0.0.0/8 through the tunnel. Can anyone suggest a way to solve this? Thanks, Denny - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] DMZ (public IP) problem
Chris Buechler wrote: On Tue, 2007-08-28 at 22:20 +0300, Android Andrew[:] wrote: Does your ISP actually route those public IP's to your WAN IP? If not, you'll need proxy ARP or CARP IP's for those addresses. Though when using the IP's directly on the systems, you really need your ISP to route the subnet to your WAN IP to avoid having to do that. Thank you Chris! Yes, ISP routes these IP's to my WAN interface (if I set Virtual IP on WAN, I can ping it from outside). I tried to enable proxy ARP, but it took no effect. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] anyone noticed slowdown in RC1 or RC2?
i have a client, who has been running pfsense since january. i recently updated him to 1.2-RC1, and since then, his internet browsing for his site has been really poor. when a browser is opened, the initial connection to the site takes 10-15 seconds, then the site starts to open. other links within the site will seem to work fine, but when you try to open another site, pause.. then opens. a few days ago, my RC1 pfsense started doing the same thing. i updated it to RC2, and for a short while, the problem seemed to have passed, but now its back again. has anyone else experienced anything like this? both of these pfsense boxes in question are p4 1.8 or higher boxes, with 512 or 768 MB ram, and have never been a problem before. also, if i get into a pinch and have a dire need to go back to an older firmware, is that type of downgrade supported, or would i have to do a reinstall/config reload? thanks, -- Jonathan Horne http://dfwlpiki.dfwlp.org [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] anyone noticed slowdown in RC1 or RC2?
On Wed, 2007-08-29 at 20:43 -0500, Jonathan Horne wrote: i have a client, who has been running pfsense since january. i recently updated him to 1.2-RC1, and since then, his internet browsing for his site has been really poor. when a browser is opened, the initial connection to the site takes 10-15 seconds, then the site starts to open. other links within the site will seem to work fine, but when you try to open another site, pause.. then opens. Very little has changed OS-wise between B1, RC1 and RC2, the pfSense code which has changed substantially has no effect on performance. We've actually fixed a performance issue between B1 and RC1, which makes RC1 and later releases measurably faster than previous 1.2 releases. Pausing between page loads can be about a million different things. Grab a packet capture and see what the real underlying cause is. If you don't know how to do this, read on. Enable SSH if you haven't already. Open two SSH sessions and run the following (one in each) tcpdump -i XXX -s 1514 - -w /tmp/wan.pcap tcpdump -i YYY -s 1514 - -w /tmp/lan.pcap replace XXX with the actual name of your WAN interface (i.e. fxp0, xl0, or whatever) and YYY with the actual name of your LAN interface. Then duplicate the issue by loading up 4-5 sites. Go back to the SSH sessions and hit ctrl-c on both. Go into the webGUI and go to exec.php, in download file, download /tmp/wan.pcap and /tmp/lan.pcap. Email me those files offlist and I'll take a look. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]