Re: [pfSense Support] rsync in pfsense
Indrajaya Pitra Perdana wrote: > Dear all, > > i have installed rsync in my pfsense 1.2.2* *with pkg_add and succeeded > but when i try to grab a file to it, it keeps telling me this error: > > @ERROR: max connections (10) reached -- try again later > rsync: connection unexpectedly closed (0 bytes received so far) [receiver] > rsync error: error in rsync protocol data stream (code 12) at io.c(359) > > i've increased the max connection to whatever the number is and the > problem persist > these are the rsync version that i already tried rsync-3.0.0.tbz, > rsync-3.0.4.tbz,rsync-3.0.5.tbz > > Need your help on this, thx > add a couple of "v"'s into the args, e.g. "rsync -avvz dir1 host:/dir2" and see what it says. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] rsync in pfsense
Oke i'll try, but after i commented out the max connections, rsync runs normaly :D , thx Regards ~Indrajaya Pitra Perdana~ Paul Mansfield wrote: Indrajaya Pitra Perdana wrote: Dear all, i have installed rsync in my pfsense 1.2.2* *with pkg_add and succeeded but when i try to grab a file to it, it keeps telling me this error: @ERROR: max connections (10) reached -- try again later rsync: connection unexpectedly closed (0 bytes received so far) [receiver] rsync error: error in rsync protocol data stream (code 12) at io.c(359) i've increased the max connection to whatever the number is and the problem persist these are the rsync version that i already tried rsync-3.0.0.tbz, rsync-3.0.4.tbz,rsync-3.0.5.tbz Need your help on this, thx add a couple of "v"'s into the args, e.g. "rsync -avvz dir1 host:/dir2" and see what it says. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing
hey this is getting worse we can't even get to the home page now we have to hit refresh over and over so we can get to the home page its running really slow I think just like dial up lol well I don't know what else to do I called our provider and they said everything seems to be good I connected a lap straight on the router and it loaded in 17 milliseconds any setting on the fire wall could be wrong or you think the computer where pfsence is installed it's not good enough the specs are 700 mhz 512 of ram and 100 mb/s nick cards let me know what you guys think -Original Message- From: Juan Rivera Sent: Tuesday, April 14, 2009 9:44 AM To: support@pfsense.com Subject: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Hey Tim here are the specs of the firewall its running on a 700 MHz processor 512 of ram and 2 100 MB nicks is an old gateway mid tower atx -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 4:19 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing It all depends on throughput levels - but yes, I can pretty much guarantee it can handle it. (1990's hardware can handle 70 users with modest throughput), but if you are curious - what are your specs? I was more wondering if you had a couple machines with malware that may be pegging out your connections state table, or some P2P users. Check your state table and make sure it isn't maxing out. And make sure if you have P2P users, that they aren't maxing out your bandwidth. Blank MTU in your config is fine - that means it will be at 1500 - which is the standard on most connections (at least in the US). You didn't answer if all was well when bypassing the pfSense box. If it is, then start segregating things. Try it with JUST your machine -> pfSense -> Modem, and see how that works... this is granting your box is malware free :) - if in doubt, grab an Ubuntu LiveCD (or variant) and boot it up on your machine to test. Good luck! -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 12:57 PM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Yeah just called my ISP they are checking on the modem to see if there is something wrong with it as the MTU was blank before I made any changes to it, now it got me thinking I have more than 70 computers connecting to my free BSD you think it can't handle that many ? -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 2:54 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Sounds like you are pulling at straws here - but try and find out what the root of your problem is. If your packets are fragmented, then yes this will slow things down - but it could be totally irrelevant to your issue. If you bypass pfSense is everything fine? How do your traffic graphs look? (how many connections are you doing - check the state table) If it is in fact your MTU - check with your ISP on what your MTU should be, you'll want to leave it matching theirs as changing MTU will just cause MORE packet fragmentation where it isn't necessary, or causing more packets with less data. And if your MTU is correct, your traffic is minimal, and you are still having latency issues start a trace and find the routers your traffic is passing through. Then test the MTU levels to each router to find out which router is causing your fragmentation. You should then point your ISP to that router. The random MTU guess isn't going to get you anywhere. Just my 2cents though... -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 11:12 AM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing ok I've done that but still the internet slow the MTU is not at 1400 but internet slow is there anything else that could be the problem -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: Monday, April 13, 2009 1:28 PM To: support@pfsense.com Subject: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing This is not the way to do this as the configuration will not survive reboots. You can set the MTU on the interface configuration page for your WAN interface in the webGUI. I would encourage you to check that out. Mikel Jimenez Fernandez wrote: > Hi > > Yo have to reduce the MTU of inte
RE: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing
Juan, What about connecting a single computer behind the firewall without the rest of the network connected? Does the traffic move quickly then? If so, your firewall is probably being overloaded by traffic coming from the network. If it is still slow with a single computer behind the firewall, it's time to figure out what is wrong with the hardware. Christopher Iarocci Network Solutions Manager Twin Forks Office Products 631-727-3354 -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Thursday, April 16, 2009 7:50 AM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing hey this is getting worse we can't even get to the home page now we have to hit refresh over and over so we can get to the home page its running really slow I think just like dial up lol well I don't know what else to do I called our provider and they said everything seems to be good I connected a lap straight on the router and it loaded in 17 milliseconds any setting on the fire wall could be wrong or you think the computer where pfsence is installed it's not good enough the specs are 700 mhz 512 of ram and 100 mb/s nick cards let me know what you guys think -Original Message- From: Juan Rivera Sent: Tuesday, April 14, 2009 9:44 AM To: support@pfsense.com Subject: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Hey Tim here are the specs of the firewall its running on a 700 MHz processor 512 of ram and 2 100 MB nicks is an old gateway mid tower atx -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 4:19 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing It all depends on throughput levels - but yes, I can pretty much guarantee it can handle it. (1990's hardware can handle 70 users with modest throughput), but if you are curious - what are your specs? I was more wondering if you had a couple machines with malware that may be pegging out your connections state table, or some P2P users. Check your state table and make sure it isn't maxing out. And make sure if you have P2P users, that they aren't maxing out your bandwidth. Blank MTU in your config is fine - that means it will be at 1500 - which is the standard on most connections (at least in the US). You didn't answer if all was well when bypassing the pfSense box. If it is, then start segregating things. Try it with JUST your machine -> pfSense -> Modem, and see how that works... this is granting your box is malware free :) - if in doubt, grab an Ubuntu LiveCD (or variant) and boot it up on your machine to test. Good luck! -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 12:57 PM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Yeah just called my ISP they are checking on the modem to see if there is something wrong with it as the MTU was blank before I made any changes to it, now it got me thinking I have more than 70 computers connecting to my free BSD you think it can't handle that many ? -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 2:54 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Sounds like you are pulling at straws here - but try and find out what the root of your problem is. If your packets are fragmented, then yes this will slow things down - but it could be totally irrelevant to your issue. If you bypass pfSense is everything fine? How do your traffic graphs look? (how many connections are you doing - check the state table) If it is in fact your MTU - check with your ISP on what your MTU should be, you'll want to leave it matching theirs as changing MTU will just cause MORE packet fragmentation where it isn't necessary, or causing more packets with less data. And if your MTU is correct, your traffic is minimal, and you are still having latency issues start a trace and find the routers your traffic is passing through. Then test the MTU levels to each router to find out which router is causing your fragmentation. You should then point your ISP to that router. The random MTU guess isn't going to get you anywhere. Just my 2cents though... -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 11:12 AM To:
RE: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing
Hi Juan, My recommendation would be to do the following 1. Setup another box get it up and running with the minimum config necessary to keep all your users happy, especially if they are paying customers or employee's. This will get them off your back while you troubleshoot your throughput problems with less pressure to get them back online. When you are sure that your normal box is stable, swap it over after giving users advance notice of the swap over, with an expected downtime to swap 1 PC out and 1 back in and reversed if unsatisfactory result. 2. Depending what NIC's you are using, I did use Realtek chipset Netgear NIC's for a while. These lasted about 1 - 2 years before slowing to a standstill. I replaced these about 6 months ago with Intel Gigabit NIC's. Loadbalancing Dual WAN's, 2x 8MB WAN connections. When I replaced the Realtek Chipset NIC's, 1 only was failing, but I replaced ALL 4, as they were all the same age and Unix is hard on NIC's. I didn't want the same thing to happen a few weeks down the track. 3. Clean install PFSense, configure the system and do a Config Backup for a later stage. Test the throughput on your new install, PC eitherside and confirm data transfer. On Gigabit NIC's I am getting about 100MB/Sec or more throughput (steady on a file about 60GB). 4. If you still have issues on the older system, it's not uncommon for those older boards to have PCI slots fail. If this is the situation, replace PC and start again. In Australia, it's easy to get 2 or 3 year old PC's, EX GOV, for $200 - $300 with 3GHz P4 CPU, 40 - 80GB HDD's (some IDE/SATA) and 1GB RAM. So it should be possible for you as well. 5. You might also consider replacing patch cables between NIC's and Router and PFSense. Eliminates the unexpected. Kindest regards, -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Thursday, 16 April 2009 9:50 PM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing hey this is getting worse we can't even get to the home page now we have to hit refresh over and over so we can get to the home page its running really slow I think just like dial up lol well I don't know what else to do I called our provider and they said everything seems to be good I connected a lap straight on the router and it loaded in 17 milliseconds any setting on the fire wall could be wrong or you think the computer where pfsence is installed it's not good enough the specs are 700 mhz 512 of ram and 100 mb/s nick cards let me know what you guys think -Original Message- From: Juan Rivera Sent: Tuesday, April 14, 2009 9:44 AM To: support@pfsense.com Subject: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Hey Tim here are the specs of the firewall its running on a 700 MHz processor 512 of ram and 2 100 MB nicks is an old gateway mid tower atx -Original Message- From: Tim Dickson [mailto:tdick...@calistogaranch.com] Sent: Monday, April 13, 2009 4:19 PM To: support@pfsense.com Subject: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing It all depends on throughput levels - but yes, I can pretty much guarantee it can handle it. (1990's hardware can handle 70 users with modest throughput), but if you are curious - what are your specs? I was more wondering if you had a couple machines with malware that may be pegging out your connections state table, or some P2P users. Check your state table and make sure it isn't maxing out. And make sure if you have P2P users, that they aren't maxing out your bandwidth. Blank MTU in your config is fine - that means it will be at 1500 - which is the standard on most connections (at least in the US). You didn't answer if all was well when bypassing the pfSense box. If it is, then start segregating things. Try it with JUST your machine -> pfSense -> Modem, and see how that works... this is granting your box is malware free :) - if in doubt, grab an Ubuntu LiveCD (or variant) and boot it up on your machine to test. Good luck! -Tim -Original Message- From: Juan Rivera [mailto:jriv...@americancableco.com] Sent: Monday, April 13, 2009 12:57 PM To: support@pfsense.com Subject: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsing Yeah just called my ISP they are checking on the modem to see if there is something wrong with it as the MTU was blank before I made any changes to it, now it got me thinking I have more than 70 computers connecting to my free BSD you think it can't handle that many ? -Original Message- From: Tim Dick
[pfSense Support] how to build ipmi
can anyone tell me how to build ipmi into the pfsense kernel? an easy way? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] VMware ESXi - Protect all VM's with pfSense VM in Bridge Mode - HELP!
Greetings all- I've got a beefy machine running VMware ESXi with a handful of hosts. I'd like to protect those hosts with a pfSense VM in bridge mode. Here is my vSwitch configuration: vSwitch0 -vmnic0 (Physical NIC 0) -OUTSIDE_FW (VM Port Group) *TBRIDGE (pfSense WAN) -VMkernel Port (Management Network) vSwitch1 -vmnic1 (Physical NIC 1 - Unplugged) -INSIDE_FW (VM Port Group) *TBRIDGE (pfSense LAN - Bridged to WAN) *VM_1 *VM_2 *VM_etc... I've setup "ALLOW ALL from ALL to ALL protocol ALL" rules on both interfaces and also enabled promiscuous mode on the vSwitches. However, I'm not getting any traffic flowing. It's incredibly bizarre. What am I missing? --Tim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VMware ESXi - Protect all VM's with pfSense VM in Bridge Mode - HELP!
Apparently I wasn't missing anything. I rebooted the pfSense VM and walked a way for a while and now all is well. I suspect an ARP or other layer two issue after introducing the bridge and moving the VM nics over to vSwitch1. Thanks for all your help! :-) --Tim On Thu, 16 Apr 2009 10:42:24 -0500, Tim Nelson wrote: > Greetings all- > > I've got a beefy machine running VMware ESXi with a handful of hosts. I'd > like to protect those hosts with a pfSense VM in bridge mode. Here is my > vSwitch configuration: > > vSwitch0 > -vmnic0 (Physical NIC 0) > -OUTSIDE_FW (VM Port Group) >*TBRIDGE (pfSense WAN) > -VMkernel Port (Management Network) > > vSwitch1 > -vmnic1 (Physical NIC 1 - Unplugged) > -INSIDE_FW (VM Port Group) >*TBRIDGE (pfSense LAN - Bridged to WAN) >*VM_1 >*VM_2 >*VM_etc... > > > I've setup "ALLOW ALL from ALL to ALL protocol ALL" rules on both > interfaces and also enabled promiscuous mode on the vSwitches. However, I'm > not getting any traffic flowing. It's incredibly bizarre. > > What am I missing? > > --Tim > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] VMware ESXi - Protect all VM's with pfSense VM in Bridge Mode - HELP!
There is a promiscuous mode on the vSwitches. That setting might need to be adjusted. Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com -Original Message- From: Tim Nelson [mailto:tnel...@fudnet.net] Sent: Thursday, April 16, 2009 9:01 AM To: support@pfsense.com Subject: Re: [pfSense Support] VMware ESXi - Protect all VM's with pfSense VM in Bridge Mode - HELP! Apparently I wasn't missing anything. I rebooted the pfSense VM and walked a way for a while and now all is well. I suspect an ARP or other layer two issue after introducing the bridge and moving the VM nics over to vSwitch1. Thanks for all your help! :-) --Tim On Thu, 16 Apr 2009 10:42:24 -0500, Tim Nelson wrote: > Greetings all- > > I've got a beefy machine running VMware ESXi with a handful of hosts. I'd > like to protect those hosts with a pfSense VM in bridge mode. Here is my > vSwitch configuration: > > vSwitch0 > -vmnic0 (Physical NIC 0) > -OUTSIDE_FW (VM Port Group) >*TBRIDGE (pfSense WAN) > -VMkernel Port (Management Network) > > vSwitch1 > -vmnic1 (Physical NIC 1 - Unplugged) > -INSIDE_FW (VM Port Group) >*TBRIDGE (pfSense LAN - Bridged to WAN) >*VM_1 >*VM_2 >*VM_etc... > > > I've setup "ALLOW ALL from ALL to ALL protocol ALL" rules on both > interfaces and also enabled promiscuous mode on the vSwitches. However, I'm > not getting any traffic flowing. It's incredibly bizarre. > > What am I missing? > > --Tim > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org smime.p7s Description: S/MIME cryptographic signature
Re: [pfSense Support] VMware ESXi - Protect all VM's with pfSense VM in Bridge Mode - HELP!
Tim Nelson wrote: > I've setup "ALLOW ALL from ALL to ALL protocol ALL" rules on both > interfaces and also enabled promiscuous mode on the vSwitches. However, I'm > not getting any traffic flowing. It's incredibly bizarre. > > What am I missing? what are you seeing using tcpdump? anything in arp tables? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RE: [SPAM] [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] RE: [pfSense Support] RE: [SPAM] Re: [pfSense Support] RE: [SPAM] Re: [pfSense Support] website browsin
On Thu, Apr 16, 2009 at 7:50 AM, Juan Rivera wrote: > hey this is getting worse we can't even get to the home page now we have > to hit refresh over and over so we can get to the home page its running > really slow I think just like dial up lol well I don't know what else to > do I called our provider and they said everything seems to be good I > connected a lap straight on the router and it loaded in 17 milliseconds > any setting on the fire wall could be wrong or you think the computer > where pfsence is installed it's not good enough the specs are 700 mhz > 512 of ram and 100 mb/s nick cards let me know what you guys think > That's adequate unless you have a 50+ Mb Internet connection. (depends on the NICs, with good NICs you can push 100 Mb wire speed through a box of that spec). Your state table exhausted? With that much RAM you can easily bump it to 10 (under System ->Advanced) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Reboot on virtual IP
Hi folks, We've been playing around at work with binding multiple IP's to the WAN interface so that we can port forward the same ports from different IP's to different services on the LAN side. Has anyone ever seen when you add a second virtual IP, and then create the NAT on the second (also creating the rule at the same time) for PFSense to hard crash and reboot? When it comes back up the second virtual IP NAT does not work. This on a P4 class IBM thinkcenter with two intel pro 100's. Going to try different hardware tomorrow, but was wondering if anyone has either seen this, or could point me to where an error log that might exist to troubleshoot it further. Cheers, - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
