[pfSense Support] Big Problems with 2wire ADLS modem+Router.
Hi people. This week my ISP told me that i need to change my old modem: DSL modem speedstream 5400, just a modem. My LAN was behind pfsense, DHCP, one vpn to my office, it was very beautiful. Some times i just connect my box and i was at work, didn't need to get there. Now, i have this 2wire Modem+Router(Model 2701HG-T), which if came with built-in Firewall, wireless, and other cool stuff for someone with no acknowledge of pfsense could say, this is great!!! Now i don't how to hell i will have my old settings, i cannot disable the firewall from that device, i cannot access my office from my LAN clients, the only one who could access my office is the pfsense box, because i enable some rule to the 2wire firewall, but any of my clients can. I'm lost, i don't know how is the gateway now or which one i chose? What about my WAN interface? I try to connect my wan interface but i don't get any answer from my ISP. I disable the DHCP server from the device, but right now my Gateway is 2wire, what can i do to bring everything to normal? do i need tot add each rule to my LAN and NAT or forward to my 2wire gateway? Someone could point me, what i need to do, or help me understand my case and help me find some path to this? Thanks all for your time. P.S. Running pfsense 1.0.1 Release. -- LIving the dream...
Re: [pfSense Support] anyone noticed slowdown in RC1 or RC2?
On 9/1/07, Chris Buechler [EMAIL PROTECTED] wrote: Jonathan Horne wrote: i have a client, who has been running pfsense since january. i recently updated him to 1.2-RC1, and since then, his internet browsing for his site has been really poor. when a browser is opened, the initial connection to the site takes 10-15 seconds, then the site starts to open. other links within the site will seem to work fine, but when you try to open another site, pause.. then opens. For the sake of the archives - Jonathan sent me the packet captures as I instructed in a previous reply. It's nothing pfsense-related, it's DNS on the client machine. The client machine is doing several lookups (IPv6) which are timing out or getting empty responses before doing A lookups (IPv4) for the domain name. This is adding a 10-15 second delay to every DNS lookup while all the IPv6 lookups fail. Since your typical page load is going to make a few DNS queries, incurring this delay several times, it has a significant impact on page load times. Once the machine queries the A record as it should have initially, it gets a reply very quickly and immediately pulls down the web page with no delays whatsoever. Is this a Vista thing we should look out for? If so, whats the fix that worked here? sai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] anyone noticed slowdown in RC1 or RC2?
sai wrote: On 9/1/07, Chris Buechler [EMAIL PROTECTED] wrote: Jonathan Horne wrote: i have a client, who has been running pfsense since january. i recently updated him to 1.2-RC1, and since then, his internet browsing for his site has been really poor. when a browser is opened, the initial connection to the site takes 10-15 seconds, then the site starts to open. other links within the site will seem to work fine, but when you try to open another site, pause.. then opens. For the sake of the archives - Jonathan sent me the packet captures as I instructed in a previous reply. It's nothing pfsense-related, it's DNS on the client machine. The client machine is doing several lookups (IPv6) which are timing out or getting empty responses before doing A lookups (IPv4) for the domain name. This is adding a 10-15 second delay to every DNS lookup while all the IPv6 lookups fail. Since your typical page load is going to make a few DNS queries, incurring this delay several times, it has a significant impact on page load times. Once the machine queries the A record as it should have initially, it gets a reply very quickly and immediately pulls down the web page with no delays whatsoever. Is this a Vista thing we should look out for? If so, whats the fix that worked here? No clue... I haven't heard back since I emailed him offlist with some info on his captures. I would definitely be interested in knowing what caused that to happen, hopefully he'll post back. I'm running Vista and don't have this issue. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] iptables ... -j SNAT --to-source equivalent
I (still) have an unresolved issue with my work firewall (1.2-RC2) which I could really use some help with. To recap, my configuration (which works just fine, but) looks like this, with the last octet xxxed out in strategic places: # ifconfig -a bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 inet6 fe80::21b:24ff:fe2d:b00b%bge0 prefixlen 64 scopeid 0x1 ether 00:1b:24:2d:b0:0b media: Ethernet autoselect (1000baseTX full-duplex) status: active bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet6 fe80::21b:24ff:fe2d:b00c%bge1 prefixlen 64 scopeid 0x2 inet 10.0.2.6 netmask 0xfffc broadcast 10.0.2.7 ether 00:1b:24:2d:b0:0c media: Ethernet autoselect (1000baseTX full-duplex) status: active enc0: flags=41UP,RUNNING mtu 1536 pflog0: flags=100PROMISC mtu 33208 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 pfsync0: flags=41UP,RUNNING mtu 2020 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 vlan0: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 inet 62.245.148.xxx netmask 0xffc0 broadcast 62.245.148.xxx inet6 fe80::21b:24ff:fe2d:b00b%vlan0 prefixlen 64 scopeid 0x7 ether 00:1b:24:2d:b0:0c media: Ethernet autoselect (1000baseTX full-duplex) status: active vlan: 3 parent interface: bge1 (the vlan0 is due to a switch VLAN since I can only use 2 NICs out of 4 at the moment, until FreeBSD 7.x lands) and the ISP is rewriting the traffic originating from 10.0.2.6 to appear as if coming from 62.245.254.xxx. # pfctl -s nat nat-anchor pftpx/* all nat-anchor natearly/* all nat-anchor natrules/* all nat on bge1 inet from 192.168.0.0/24 to any - (bge1) round-robin rdr-anchor pftpx/* all rdr-anchor slb all no rdr on bge0 proto tcp from any to vpns port = ftp rdr on bge0 inet proto tcp from any to any port = ftp - 127.0.0.1 port 8021 rdr-anchor imspector all rdr-anchor miniupnpd all What I'm trying to do is to formulate the pf equivalent of (Linux) iptables ... -j SNAT --to-source 62.245.148.xxx I've tried adding some via Firewall-(advanced)NAT-Outbound which resulted in nat on bge1 inet from 192.168.0.0/24 to 62.245.148.xxx - (bge1) round-robin which has no effect if added to the existing nat on bge1 inet from 192.168.0.0/24 to any - (bge1) round-robin rule, and if used alone removes connectivity of machines behind NAT (the firewall still works fine, and whenever I check my apparent IP by fetch http://whatismyip.com cat whatismyip.com | grep 'WhatIsMyIP.com -' it's unchanged). So I'm stuck with doing something stupid, and could really use a rule or a pfctl incantation to try that rule, which does the equivalent of iptables ... -j SNAT --to-source 62.245.148.xxx ? Can I has a nice rule plz? Kthx. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] anyone noticed slowdown in RC1 or RC2?
- Original Message - From: Chris Buechler [EMAIL PROTECTED] To: support@pfsense.com Sent: Monday, September 03, 2007 4:20 AM Subject: Re: [pfSense Support] anyone noticed slowdown in RC1 or RC2? sai wrote: On 9/1/07, Chris Buechler [EMAIL PROTECTED] wrote: Jonathan Horne wrote: i have a client, who has been running pfsense since january. i recently updated him to 1.2-RC1, and since then, his internet browsing for his site has been really poor. when a browser is opened, the initial connection to the site takes 10-15 seconds, then the site starts to open. other links within the site will seem to work fine, but when you try to open another site, pause.. then opens. For the sake of the archives - Jonathan sent me the packet captures as I instructed in a previous reply. It's nothing pfsense-related, it's DNS on the client machine. The client machine is doing several lookups (IPv6) which are timing out or getting empty responses before doing A lookups (IPv4) for the domain name. This is adding a 10-15 second delay to every DNS lookup while all the IPv6 lookups fail. Since your typical page load is going to make a few DNS queries, incurring this delay several times, it has a significant impact on page load times. Once the machine queries the A record as it should have initially, it gets a reply very quickly and immediately pulls down the web page with no delays whatsoever. Is this a Vista thing we should look out for? If so, whats the fix that worked here? No clue... I haven't heard back since I emailed him offlist with some info on his captures. I would definitely be interested in knowing what caused that to happen, hopefully he'll post back. I'm running Vista and don't have this issue. this sounds more like a possible IPv6 issue than a vista issue. Vista here with IPv4 only and there's no issue. I think he would have the issue with any connection until he locks down the IPv6 DNS calls. -Sean - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] VPN can't connect with pfsense, but m0n0wall can
Hi! I got this strange PPTP VPN problem. I use Ubuntu 7.04 and Win XP as VM image. This works from ubuntu win xp (win xp is bridged): Client pc -- lan 192.168.35.0/24 -- m0n0wall 1.231 -- WAN -- m0n0wall 1.231 -- lan 10.2.12.0/24 This works only from ubuntu, win xp just times out on username password verify: Client pc -- lan 192.168.35.0/24 -- pfsense 1.2.RC2 -- WAN -- m0n0wall 1.231 -- lan 10.2.12.0/24 The only difference here is pfsense. Anything I must open to be able to passtrhough PPTP VPN? All WAN IPs are static. Odd K. Norway - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] iptables ... -j SNAT --to-source equivalent
Shouldn't that be nat on vlan0 not nat on bge1? Not quite sure how this is working actually. I'm surprised we give access to the parent interface of a vlan trunk. --Bill On 9/3/07, Eugen Leitl [EMAIL PROTECTED] wrote: I (still) have an unresolved issue with my work firewall (1.2-RC2) which I could really use some help with. To recap, my configuration (which works just fine, but) looks like this, with the last octet xxxed out in strategic places: # ifconfig -a bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255 inet6 fe80::21b:24ff:fe2d:b00b%bge0 prefixlen 64 scopeid 0x1 ether 00:1b:24:2d:b0:0b media: Ethernet autoselect (1000baseTX full-duplex) status: active bge1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 options=1bRXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING inet6 fe80::21b:24ff:fe2d:b00c%bge1 prefixlen 64 scopeid 0x2 inet 10.0.2.6 netmask 0xfffc broadcast 10.0.2.7 ether 00:1b:24:2d:b0:0c media: Ethernet autoselect (1000baseTX full-duplex) status: active enc0: flags=41UP,RUNNING mtu 1536 pflog0: flags=100PROMISC mtu 33208 lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 pfsync0: flags=41UP,RUNNING mtu 2020 pfsync: syncdev: lo0 syncpeer: 224.0.0.240 maxupd: 128 vlan0: flags=9843UP,BROADCAST,RUNNING,SIMPLEX,LINK0,MULTICAST mtu 1500 inet 62.245.148.xxx netmask 0xffc0 broadcast 62.245.148.xxx inet6 fe80::21b:24ff:fe2d:b00b%vlan0 prefixlen 64 scopeid 0x7 ether 00:1b:24:2d:b0:0c media: Ethernet autoselect (1000baseTX full-duplex) status: active vlan: 3 parent interface: bge1 (the vlan0 is due to a switch VLAN since I can only use 2 NICs out of 4 at the moment, until FreeBSD 7.x lands) and the ISP is rewriting the traffic originating from 10.0.2.6 to appear as if coming from 62.245.254.xxx. # pfctl -s nat nat-anchor pftpx/* all nat-anchor natearly/* all nat-anchor natrules/* all nat on bge1 inet from 192.168.0.0/24 to any - (bge1) round-robin rdr-anchor pftpx/* all rdr-anchor slb all no rdr on bge0 proto tcp from any to vpns port = ftp rdr on bge0 inet proto tcp from any to any port = ftp - 127.0.0.1 port 8021 rdr-anchor imspector all rdr-anchor miniupnpd all What I'm trying to do is to formulate the pf equivalent of (Linux) iptables ... -j SNAT --to-source 62.245.148.xxx I've tried adding some via Firewall-(advanced)NAT-Outbound which resulted in nat on bge1 inet from 192.168.0.0/24 to 62.245.148.xxx - (bge1) round-robin which has no effect if added to the existing nat on bge1 inet from 192.168.0.0/24 to any - (bge1) round-robin rule, and if used alone removes connectivity of machines behind NAT (the firewall still works fine, and whenever I check my apparent IP by fetch http://whatismyip.com cat whatismyip.com | grep 'WhatIsMyIP.com -' it's unchanged). So I'm stuck with doing something stupid, and could really use a rule or a pfctl incantation to try that rule, which does the equivalent of iptables ... -j SNAT --to-source 62.245.148.xxx ? Can I has a nice rule plz? Kthx. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - From: Lance Peterson To: support@pfsense.com Sent: Monday, September 03, 2007 2:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Big Problems with 2wire ADLS modem+Router.
Set the 2Wire to bridge mode. Let pfsense to handle all the setting (incl. PPPoE). Your may find more information on www.dslreports.com -Raylund Alberto Moreno wrote: Hi people. This week my ISP told me that i need to change my old modem: DSL modem speedstream 5400, just a modem. My LAN was behind pfsense, DHCP, one vpn to my office, it was very beautiful. Some times i just connect my box and i was at work, didn't need to get there. Now, i have this 2wire Modem+Router(Model 2701HG-T), which if came with built-in Firewall, wireless, and other cool stuff for someone with no acknowledge of pfsense could say, this is great!!! Now i don't how to hell i will have my old settings, i cannot disable the firewall from that device, i cannot access my office from my LAN clients, the only one who could access my office is the pfsense box, because i enable some rule to the 2wire firewall, but any of my clients can. I'm lost, i don't know how is the gateway now or which one i chose? What about my WAN interface? I try to connect my wan interface but i don't get any answer from my ISP. I disable the DHCP server from the device, but right now my Gateway is 2wire, what can i do to bring everything to normal? do i need tot add each rule to my LAN and NAT or forward to my 2wire gateway? Someone could point me, what i need to do, or help me understand my case and help me find some path to this? Thanks all for your time. P.S. Running pfsense 1.0.1 Release. -- LIving the dream... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Sean I guess you saw we've gone down that road, the cards I am currently using are in the subject line and would seem to be of the type you advocate, however perhaps you were inquiring the NIC types used by Lance? Are you also behind a Motorola SB 51xx cable modem? The fix I posted has now proven to perform the necessary rescue several times. It is such a refreshing change to be off site running a terminal session, to be cut out, and to know it will come back within a minute! (Assuming the issue is the one that is the subject of this thread!) Its not perfect but it is a significant advance! If I knew how to reference and extract the WAN driver type (e.g. em0) I could have the script fully cross machine, so it might then be considered for the image. So I don't have to add it in manually with every upgrade! Even if it is there so that the appropriate CRON line would only remain to be added or commented in. Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Tuesday, September 04, 2007 8:11 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - From: Lance Peterson To: support@pfsense.com Sent: Monday, September 03, 2007 2:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I haven't closely followed this particular thread, but a couple months back I got some pcap files from one of the people with this issue. It got buried in my inbox, and I never got back around to it until now. The capture from that time, with the same issue, shows ARP working fine, traffic going out fine, but it never sees any responses. SYN's go out and never see a SYN ACK, ICMP echo requests go out and never see a reply. As is typical with cable modems, there were over 100,000 ARP requests are replies in the capture (with a couple dozen non-ARP frames). So I have no idea what's happening - it definitely looks like an ISP issue since the traffic is going out properly and never sees replies, ARP is working fine, and the cable modem is obviously up and the NIC is receiving traffic from it fine given the amount of ARP frames in the capture. Rebooting does temporarily fix it, which makes absolutely no sense. Given that it's limited to this one particular ISP, and there doesn't seem to be any other ISP in the world that has the same problem, it definitely looks like something strange with their network. The captures don't show anything to indicate what that might be. Tortise wrote: Sean I guess you saw we've gone down that road, the cards I am currently using are in the subject line and would seem to be of the type you advocate, however perhaps you were inquiring the NIC types used by Lance? Are you also behind a Motorola SB 51xx cable modem? The fix I posted has now proven to perform the necessary rescue several times. It is such a refreshing change to be off site running a terminal session, to be cut out, and to know it will come back within a minute! (Assuming the issue is the one that is the subject of this thread!) Its not perfect but it is a significant advance! If I knew how to reference and extract the WAN driver type (e.g. em0) I could have the script fully cross machine, so it might then be considered for the image. So I don't have to add it in manually with every upgrade! Even if it is there so that the appropriate CRON line would only remain to be added or commented in. Kind regards David Hingston - Original Message - *From:* Sean Cavanaugh mailto:[EMAIL PROTECTED] *To:* support@pfsense.com mailto:support@pfsense.com *Sent:* Tuesday, September 04, 2007 8:11 AM *Subject:* Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - *From:* Lance Peterson mailto:[EMAIL PROTECTED] *To:* support@pfsense.com mailto:support@pfsense.com *Sent:* Monday, September 03, 2007 2:28 PM *Subject:* Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, *Bill Marquette* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I have two connections to Comcast through two different modems (their voip capable modem and their business modem - static IPs) at my house and have _never_ had an issue with the connection. The Comcast user with issues is likely a hardware issue. I'm not sure I have anything more to add to David's issue though - it's obviously not hardware. Question for Chris on the trace. Does it show the upstream router sending arp requests for the local IP and getting a response? Not sure if there's a way to force a gratuitous arp in FreeBSD without installing some third party tool like nemesis, but that might be worth looking at I 'spose. --Bill On 9/3/07, Sean Cavanaugh [EMAIL PROTECTED] wrote: David, sorry, I was referencing Lance in my response. Personally I am using a Dlink DCM-202 on my comcast service. I also have it set up at another persons house running on the small square ?motorola? cable modem with no issues (actually used it to replace a crappy linksys router) also on comcast but in a different county/service area. -Sean - Original Message - From: Tortise To: support@pfsense.com Sent: Monday, September 03, 2007 4:33 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Sean I guess you saw we've gone down that road, the cards I am currently using are in the subject line and would seem to be of the type you advocate, however perhaps you were inquiring the NIC types used by Lance? Are you also behind a Motorola SB 51xx cable modem? The fix I posted has now proven to perform the necessary rescue several times. It is such a refreshing change to be off site running a terminal session, to be cut out, and to know it will come back within a minute! (Assuming the issue is the one that is the subject of this thread!) Its not perfect but it is a significant advance! If I knew how to reference and extract the WAN driver type (e.g. em0) I could have the script fully cross machine, so it might then be considered for the image. So I don't have to add it in manually with every upgrade! Even if it is there so that the appropriate CRON line would only remain to be added or commented in. Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Tuesday, September 04, 2007 8:11 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - From: Lance Peterson To: support@pfsense.com Sent: Monday, September 03, 2007 2:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Big Problems with 2wire ADLS modem+Router.
Alberto Moreno wrote: Hi people. This week my ISP told me that i need to change my old modem: DSL modem speedstream 5400, just a modem. My LAN was behind pfsense, DHCP, one vpn to my office, it was very beautiful. Some times i just connect my box and i was at work, didn't need to get there. Now, i have this 2wire Modem+Router(Model 2701HG-T), which if came with built-in Firewall, wireless, and other cool stuff for someone with no acknowledge of pfsense could say, this is great!!! Now i don't how to hell i will have my old settings, i cannot disable the firewall from that device, i cannot access my office from my LAN clients, the only one who could access my office is the pfsense box, because i enable some rule to the 2wire firewall, but any of my clients can. I'm lost, i don't know how is the gateway now or which one i chose? What about my WAN interface? I try to connect my wan interface but i don't get any answer from my ISP. I disable the DHCP server from the device, but right now my Gateway is 2wire, what can i do to bring everything to normal? do i need tot add each rule to my LAN and NAT or forward to my 2wire gateway? Someone could point me, what i need to do, or help me understand my case and help me find some path to this? Thanks all for your time. P.S. Running pfsense 1.0.1 Release. -- LIving the dream... I have the same gateway, and I just set the PFsense box in DMZ plus mode (in the 2wire gateway) and specified that it gets the external IP from my ISP. I am thinking that the 2wire's allow for proprietary firmware/ software for each ISP though, so this may not work for you. When you attempt to log in, do you use the http://gateway address? The address you type in here is found in your PFsense WAN gateway. After you have made the changes in your 2wire, you will need to reboot the pfsense box. Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Hadn't thought about it being a FreeBSD problem with limited driver support for common home user NIC's. That very well may be the problem, in my case. Fortunately, I didn't have to buy new, higher level NIC's to get my Linux firewall up and running without connection issues. On 9/3/07, Sean Cavanaugh [EMAIL PROTECTED] wrote: considering smoothwall is based on linux whereas pfSense is based on FreeBSD, I lean towards it being a driver issue with your setup. using cheapo cards like the linksys or Netgear ones can cause this. try and get a higher level card like a 3com 3c905c or intel card. I personally run the gigabit Netgear card with hardware offloading internally and a 3com WAN side and it runs with zero issue. -Sean - Original Message - *From:* Lance Peterson [EMAIL PROTECTED] *To:* support@pfsense.com *Sent:* Monday, September 03, 2007 2:28 PM *Subject:* Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM I'm a home user with a cable modem connected to a small firewall computer built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense installed. I started experiencing connection problems with computers attached to this small network within 24 hours. I reloaded, reconfigured, started and stopped services, etc. and nothing permanently fixed my connection issues. Then I formatted and installed Smoothwall Express using all the same hardware -- problem solved -- no more lost connections. Definately seems like a PFSense problem, in my opinion. Sorry if this is a little off topic or already discussed, I just scanned though these replies and wanted to post my experience with lost connections. On 9/3/07, Bill Marquette [EMAIL PROTECTED] wrote: On 9/2/07, Tortise [EMAIL PROTECTED] wrote: Thanks Bill They are static IP's, so I assume (you may know better?) DHCP lease times are (or should be?) irrelevant. Not sure if this what you mean but this might answer? No worries, if it's static assigned and not a dhcp static assignment then you won't have the files I was looking for. Honestly not sure what else to look at here. This doesn't appear to be due to traffic inactivity. I'm not sure how any other system would work any better :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Ports collection?
Now that i've installed the developers tools, has anyone successfully installed and used the FreeBSD ports collection? Thanks-- Gabe
