Re: [pfSense Support] Bandwdith usage since start of month?
On Tue, Jul 13, 2010 at 4:24 PM, Jim Pingle li...@pingle.org wrote: Updated again, but I didn't bump the version this time. Try it in about 5 minutes. Hm. I tried the reinstall button but now the package is in limbo. pfsense thinks it's installed, but there's no longer a menu for it. Attempting to remove it just produces and xml error, even after a reboot. I'm updating the snapshot (2.0) now. July 23: Same thing, package will neither function nor delete. I see this at the bottom of the page when trying to remove the package, even after doing a /etc/rc.conf_mount_rw on the command line: Warning: copy(/cf/conf/backup/config-1279090322.xml): failed to open stream: Read-only file system in /etc/inc/config.lib.inc on line 1247 Warning: fopen(/cf/conf/backup/backup.cache): failed to open stream: Read-only file system in /etc/inc/config.lib.inc on line 1254 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/config.lib.inc on line 1255 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/config.lib.inc on line 1256 Warning: fopen(/cf/conf/config.xml.23702): failed to open stream: Read-only file system in /etc/inc/config.lib.inc on line 424 Warning: copy(/cf/conf/backup/config-1279091042.xml): failed to open stream: Read-only file system in /etc/inc/config.lib.inc on line 1247 Warning: fopen(/cf/conf/backup/backup.cache): failed to open stream: Read-only file system in /etc/inc/config.lib.inc on line 1254 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/config.lib.inc on line 1255 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/config.lib.inc on line 1256 Warning: fopen(/cf/conf/config.xml.23702): failed to open stream: Read-only file system in /etc/inc/config.lib.inc on line 424 XML error: not object found! db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] trap 12 : page fault while in kernel mode
Hi, we get issues with pfsense2.0 in LiveCD mode : Environment: Tested in prod Dell T3400 4Go RAM 2 additionnal gigabit linksys RT gigabit ethernet card Tested as spare Dell Optiplex 620 4Go RAM 2 additionnal Netgear GAxxx gigabit ethernet card Either external Wan link and internal LAN is Gigabit to ExtremeNetwork Router Bandwidth is from 30Megabit average and 120 Mega peak Description: trap 12 : page fault while in kernel mode cpuid=1 (or cpuid=0) add0x420 code supervisor read , page note present mst pointer 0x20 :0xc0511e49 stack pointer 0x28 0xc71df878 frame pointer 0x28 0xc71df890 code segment base 0x0, limit 0x, type 0x1b processor efalgs: interrupt enabled, resume, iopl=0 current process: 12(swi5: +) thread pid 12 tid 64027 topped at pfr-update-stats+0x19 testb $0x4,0x420(%ebx) How-To-Repeat: pfsense 2.0 livecd on Dell T3400 4Go RAM 2 additionnal gigabit linksys RT card or Dell Optiplex 620 4Go RAM 2 additionnal Netgear GAxxx gigabit card Firewall hang responding about random time Load stay low Ping stop respondingsuddenly Cacti (from SNMP) curves show that Swap is about 3Go and Free memory is about 230Mo and drecrease slowly by the time and then aroung 100Mo FW hang We have noticed also sometimes that Users connected have been around 6 users since there was nobody connected to the FW. So we have some doubt about the Web interface heaviness and compatibility (FF, IE8) We use hundreds rules and logged ones, dozen Aliases and NAT 1:1, setting are saved on USB1 identical keys, and that's it We have replace RAM and RAM supplier, hardware is different, additionnal network cards are different by peer Some ideas Kind regards Serge PS: We already have ask FreeBSD : http://www.freebsd.org/cgi/query-pr.cgi?pr=148483
Re: [pfSense Support] trap 12 : page fault while in kernel mode
On Wed, Jul 14, 2010 at 3:18 AM, Serge FACCHIN sergefacc...@free.fr wrote: Hi, we get issues with pfsense2.0 in LiveCD mode : Environment: Tested in prod Dell T3400 4Go RAM 2 additionnal gigabit linksys RT gigabit ethernet card Tested as spare Dell Optiplex 620 4Go RAM 2 additionnal Netgear GAxxx gigabit ethernet card Either external Wan link and internal LAN is Gigabit to ExtremeNetwork Router Bandwidth is from 30Megabit average and 120 Mega peak Description: trap 12 : page fault while in kernel mode cpuid=1 (or cpuid=0) add0x420 code supervisor read , page note present mst pointer 0x20 :0xc0511e49 stack pointer 0x28 0xc71df878 frame pointer 0x28 0xc71df890 code segment base 0x0, limit 0x, type 0x1b processor efalgs: interrupt enabled, resume, iopl=0 current process: 12(swi5: +) thread pid 12 tid 64027 topped at pfr-update-stats+0x19 testb $0x4,0x420(%ebx) Install the developer kernel and get a back trace. PS: We already have ask FreeBSD : http://www.freebsd.org/cgi/query-pr.cgi?pr=148483 Never open FreeBSD PRs unless you can replicate the problem with a stock version of FreeBSD. There are considerable differences.
[pfSense Support] Writing a 4gb version from windows.
I have try to write on a dvd the last version of the pfSense from a PC whit Windows 7. I recive an error:The image file is invalid Can some one send me a link to an image file whit the last full version of the PFsense and instruction to write it on a DVD.
Re: [pfSense Support] Writing a 4gb version from windows.
On 7/14/2010 9:51 AM, Laurentiu STEFAN wrote: I have try to write on a dvd the last version of the pfSense from a PC whit Windows 7. I recive an error:The image file is invalid Can some one send me a link to an image file whit the last full version of the PFsense and instruction to write it on a DVD. The 4GB version is a disk image, not an ISO image. It is intended to be used with a CF or other media directly, it does not contain an installer. You want the LiveCD/Installer ISO image. It will work on CD or DVD. You can boot from it, then install on the target hardware. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Re: FTP Server or samba server for PFSense
Can some one help me whit this problem too? 2010/7/14 Laurentiu STEFAN laurentiu.ste...@gmail.com I have an IBM Inellystation whith 2 Pentium 2 - 350Mhz processor, 512 RAM and 150 GB Hdd. I want to install the PF Sense and I want to use the rest of the HDD space for a FTP server or a SAMBA server. It is posible? -
Re: [pfSense Support] Re: FTP Server or samba server for PFSense
On 7/14/2010 11:18 AM, Laurentiu STEFAN wrote: Can some one help me whit this problem too? 2010/7/14 Laurentiu STEFAN laurentiu.ste...@gmail.com mailto:laurentiu.ste...@gmail.com I have an IBM Inellystation whith 2 Pentium 2 - 350Mhz processor, 512 RAM and 150 GB Hdd. I want to install the PF Sense and I want to use the rest of the HDD space for a FTP server or a SAMBA server. It is posible? There is not currently any kind of file server package for pfSense. It's not a task that most people want to do on their firewall, as it represents a considerable security risk. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: FTP Server or samba server for PFSense
I`m agree with Jim El 14/07/10 17:21, Jim Pingle escribió: On 7/14/2010 11:18 AM, Laurentiu STEFAN wrote: Can some one help me whit this problem too? 2010/7/14 Laurentiu STEFANlaurentiu.ste...@gmail.com mailto:laurentiu.ste...@gmail.com I have an IBM Inellystation whith 2 Pentium 2 - 350Mhz processor, 512 RAM and 150 GB Hdd. I want to install the PF Sense and I want to use the rest of the HDD space for a FTP server or a SAMBA server. It is posible? There is not currently any kind of file server package for pfSense. It's not a task that most people want to do on their firewall, as it represents a considerable security risk. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FTP Server or samba server for PFSense
On Tue, Jul 13, 2010 at 6:06 PM, Laurentiu STEFAN laurentiu.ste...@gmail.com wrote: I want to install the PF Sense and I want to use the rest of the HDD space for a FTP server or a SAMBA server. I think the closest you're going to come to this is through virtual machines, and obviously you aren't going to get hardware virtualisation support with that hardware. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1:1 multi-homed NAT broken?
On Tue, Jul 13, 2010 at 1:19 PM, Adam Thompson athom...@c3a.ca wrote: -Original Message- From: Bill Marquette [mailto:bill.marque...@gmail.com] Sent: Monday, July 12, 2010 8:30 PM To: support@pfsense.com Subject: Re: [pfSense Support] 1:1 multi-homed NAT broken? This sounds like a missing reply-to, but I'm not entirely sure why. The inbound SMTP rule should be overriding the routing and sending the traffic out the right path. Take a look at /tmp/rules.debug and see if the inbound SMTP rule has a reply-to on it. Looks right to me: binat on em1 from 192.168.232.201/32 to any - 67.226.137.178/32 pass in quick on $wan proto tcp from any to SBS port = 25 keep state queue (qwandef, qwanacks) label USER_RULE: NAT forward inbound mail pass in quick on $OPT1 reply-to (em0 192.139.69.161) proto tcp from any to SBS port = 25 keep state label USER_RULE: NAT forward public web sites Yes, the comment about web sites is misleading - actually it's flat-out wrong, I probably cloned the rule from the HTTP rule and forgot to edit the comment. I'm not sure that the binat combined with reply-to actually works - as I said, I realize this is a corner case that probably isn't (ever?) often tested. Is there a way to limit binat to only affecting one public interface? hmmm, actually, that looks wrong. You're missing a reply-to on the $wan rule, so the reply traffic that should go out $wan is taking your static route out $OPT1. Not sure what the fix is, I haven't been in the code in way too long, hopefully one of the other devs can take a look. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 1:1 multi-homed NAT broken?
On Wed, Jul 14, 2010 at 1:06 PM, Bill Marquette bill.marque...@gmail.com wrote: On Tue, Jul 13, 2010 at 1:19 PM, Adam Thompson athom...@c3a.ca wrote: -Original Message- From: Bill Marquette [mailto:bill.marque...@gmail.com] Sent: Monday, July 12, 2010 8:30 PM To: support@pfsense.com Subject: Re: [pfSense Support] 1:1 multi-homed NAT broken? This sounds like a missing reply-to, but I'm not entirely sure why. The inbound SMTP rule should be overriding the routing and sending the traffic out the right path. Take a look at /tmp/rules.debug and see if the inbound SMTP rule has a reply-to on it. Looks right to me: binat on em1 from 192.168.232.201/32 to any - 67.226.137.178/32 pass in quick on $wan proto tcp from any to SBS port = 25 keep state queue (qwandef, qwanacks) label USER_RULE: NAT forward inbound mail pass in quick on $OPT1 reply-to (em0 192.139.69.161) proto tcp from any to SBS port = 25 keep state label USER_RULE: NAT forward public web sites Yes, the comment about web sites is misleading - actually it's flat-out wrong, I probably cloned the rule from the HTTP rule and forgot to edit the comment. I'm not sure that the binat combined with reply-to actually works - as I said, I realize this is a corner case that probably isn't (ever?) often tested. Is there a way to limit binat to only affecting one public interface? hmmm, actually, that looks wrong. You're missing a reply-to on the $wan rule, so the reply traffic that should go out $wan is taking your static route out $OPT1. Not sure what the fix is, I haven't been in the code in way too long, hopefully one of the other devs can take a look. Yeah WAN rules in 1.2.x don't have reply-to. They do in 2.0. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] 1:1 multi-homed NAT broken?
So... does that mean I can't accomplish this with 1.2.x at all? I tried 2.0 on a spare server, but OpenBGPd didn't seem to inject routes into the kernel at all so I didn't pursue it very far. -Adam Thompson Chief Technical Architect, C3A Inc. athom...@c3a.ca (204) 272-9628 / fax: (204) 272-8291 -Original Message- From: Chris Buechler [mailto:cbuech...@gmail.com] Sent: Wednesday, July 14, 2010 12:10 PM To: support@pfsense.com Subject: Re: [pfSense Support] 1:1 multi-homed NAT broken? [...] Yeah WAN rules in 1.2.x don't have reply-to. They do in 2.0.
Re: [pfSense Support] 1:1 multi-homed NAT broken?
On Wed, Jul 14, 2010 at 2:32 PM, Adam Thompson athom...@c3a.ca wrote: So... does that mean I can't accomplish this with 1.2.x at all? You can change filter.inc to add reply-to to WAN rules. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] FTP Server or samba server for PFSense
It would be a better ideea to use a separate machine with FreeNAS ( http://sourceforge.net/projects/freenas/) On Wed, Jul 14, 2010 at 6:33 PM, David Burgess apt@gmail.com wrote: On Tue, Jul 13, 2010 at 6:06 PM, Laurentiu STEFAN laurentiu.ste...@gmail.com wrote: I want to install the PF Sense and I want to use the rest of the HDD space for a FTP server or a SAMBA server. I think the closest you're going to come to this is through virtual machines, and obviously you aren't going to get hardware virtualisation support with that hardware. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Minimal configuration for pfSense.
It's OKa to use an IBM Pentium MMX 200MHZ, 64MB Ram, 3GB SCSI, 3X LAN for pfSense (Mask, firewall load balancing whith 10 PC behind)?
Re: [pfSense Support] Minimal configuration for pfSense.
On Wed, Jul 14, 2010 at 1:17 PM, Laurentiu STEFAN laurentiu.ste...@gmail.com wrote: It's OKa to use an IBM Pentium MMX 200MHZ, 64MB Ram, 3GB SCSI, 3X LAN for pfSense (Mask, firewall load balancing whith 10 PC behind)? That CPU should be good for ~15mbps throughput if you're not loading it with vpn and such. You will have to double the RAM though. Have you checked http://www.pfsense.org/index.php?option=com_contenttask=viewid=45Itemid=48 for minimum requirements? Also look at http://www.pfsense.org/index.php?option=com_contenttask=viewid=52Itemid=49 for a better idea of how far your hardware will go. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Minimal configuration for pfSense.
On 7/14/2010 3:17 PM, Laurentiu STEFAN wrote: It's OKa to use an IBM Pentium MMX 200MHZ, 64MB Ram, 3GB SCSI, 3X LAN for pfSense (Mask, firewall load balancing whith 10 PC behind)? That's not very much RAM. If it doesn't use any packages, and no VPNs, it might work. Barely. But it will probably waste more money in power costs in a year than a newer, more efficient (and faster) unit. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Minimal configuration for pfSense.
OKa. I have seen I have 2 connextion 30-100mbps so I need no less than 1.0 GHz CPU 2010/7/14 Jim Pingle li...@pingle.org On 7/14/2010 3:17 PM, Laurentiu STEFAN wrote: It's OKa to use an IBM Pentium MMX 200MHZ, 64MB Ram, 3GB SCSI, 3X LAN for pfSense (Mask, firewall load balancing whith 10 PC behind)? That's not very much RAM. If it doesn't use any packages, and no VPNs, it might work. Barely. But it will probably waste more money in power costs in a year than a newer, more efficient (and faster) unit. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
