[pfSense Support] Pfsense and Pyramid Server
Hello Does anyone have experience with Pyramid Server and pfsense?
[pfSense Support] pfSense 2.0: L7 container and floating rules
I'm trying to understand better these two new features: L7 layer I cannot see where these container can be created, and if they apply only to shaping or if they can be used for rules. Apart the entry in Rules - Advanced features, I do not see any other menu where create/modify/delete L7 containers. Is it possible to have a better understanding of this feature? Floating rules. As far as I understand, potentially this is very useful, but with a lot of limits. From my point of view, having more public sublans on different interfaces, this is the place where to place rules for permitting POP. SMTP, HTTP, etc, going to a single sublan, permitting WAN and all other public sublan to access those services (and writing each rule once only, instead of one time for each interface). But, in this way, I cannot give customers control of floating IP, as these rules are not binded to a specific interface. Am I missing something? Thinking loud... Would have been better to have a different way to implement such feature? For each interface (from the FW point of view): * zone for outgoing rules (what it is permitted from the rest of the world) * zone for incoming rules (what is permitted from this sublan) All outgoing zones should be evaluated before incoming zones. For a total control, before the outgoing zone, there could be another deny zone, where to deny only incoming packets, despite of other interfaces permissions. Thanks for any help/consideration. Tonino -- in...@zioniInterazioni di Antonio Nati http://www.interazioni.it to...@interazioni.it
Re: [pfSense Support] Benchmark tool
On 07/09/10 20:24, bsd wrote: Here are the results of the test you have asked : great, thanks for that, useful to know that linux and freebsd give similar performance as a basic router. I'd imagine using a kernel customised for the specific processor you could get a performance boost with both FreeBSD and linux; on my atom based server and linux UMPC it was definitely worth while but I didn't try to quantify it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense and Pyramid Server
- Rajeevan Rabeendran rajeevan.rabeend...@pps-ag.ch wrote: Hello Does anyone have experience with Pyramid Server and pfsense? This is your second request for help on this with no response the first time... Maybe if you provide more details someone can provide suggestions? What exactly is the problem, what ports/protocols do your application use, etc. Googling 'pyramid server' brings nothing entirely definitive except maybe a game of some sort? --Tim
[pfSense Support] power-out and Alix-boards
Hi, I never installed an UPS on a firewall device before (eg. dlink, linksys, netgear)... but it seems to me that when using an Alix + CF card solution, together with pfSense... you better install an UPS in between. I myself have pulled the DC-plug multiple times at home, without any issue whatsoever... But now I had two Alix boards being cut from the power (and failed to boot afterwards). Connecting the serial, shows me that there is no boot-device... Reformatting the CFcard, putting pfsense and config file, repairs the situation... What could be the cause here ? Should I install an UPS... or should I buy better CF-cards ? Kind regards, Michel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
Do you remember what BIOS version you have on the Alix boards? Brand/Type of CF? Rev version of the Alix board? I am running Alix boards too. Bob G On Thu, 2010-09-09 at 16:18 +0200, Michel Servaes wrote: Hi, I never installed an UPS on a firewall device before (eg. dlink, linksys, netgear)... but it seems to me that when using an Alix + CF card solution, together with pfSense... you better install an UPS in between. I myself have pulled the DC-plug multiple times at home, without any issue whatsoever... But now I had two Alix boards being cut from the power (and failed to boot afterwards). Connecting the serial, shows me that there is no boot-device... Reformatting the CFcard, putting pfsense and config file, repairs the situation... What could be the cause here ? Should I install an UPS... or should I buy better CF-cards ? Kind regards, Michel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
On 09.09.10 16:18, Michel Servaes wrote: What could be the cause here ? Should I install an UPS... or should I buy better CF-cards ? As long You use the CF read-only I am pretty shure there is another problem... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
On Thu, Sep 9, 2010 at 6:02 PM, Beat Siegenthaler bsi...@gmail.com wrote: On 09.09.10 16:18, Michel Servaes wrote: What could be the cause here ? Should I install an UPS... or should I buy better CF-cards ? As long You use the CF read-only I am pretty shure there is another problem... PC Engines ALIX.2 v0.99h 640 KB Base Memory 261120 KB Extended Memory No boot device available, press Enter to continue. I am using the embedded version on a 4GB Kingston CF card... (it's not an industrial one...). But when using embedded - I guess I am using read-only, no ? For as long as the bios firmware, I guess 0.99h was the latest one... This is the second time, and the second Alixboard that gave me this after a power outage (in a very short time : last week I had another one)... Thank you already for the responses here... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
No boot device usually means the first 512 bytes of the CF disk have been disturbed. If you have the failed CF, try the following commands: (on Linux or Mac) put the CF disk into a reader and do df From the resulting output, try to figure out your device name. It will probably be the last one in the list: /dev/sda(hard disk) /dev/sdb(hard disk - raid clone of sda ??) /dev/sdc(cdrom drive..) /dev/sdd Using the CF disk name (/dev/sdd assumed below), give the following command: dd if=/dev/sdd bs=512 count=1 | od -c You should see a bunch of lines - with each byte decoded as an ascii character and an octal number Save this output and paste it into a document. As I recall, the first octal number should be a 353 if you have a good boot segment. --- When you rewrite the CF disk, again check the boot block using the same command above. Save the output and paste it into your debug document and compare the first few lines. If the first few lines are different, it might indicate that something whacked that segment. It could have been an errant log entry, a reconfig that went wrong, or just a glitch. You would not notice that this data had been disturbed until the next reboot - which does seem to fit your symptoms. If your system now is fixed, eyeball the original 512 char output to see if any of the ascii characters seem to be part of a log message or config line. This would give a clue as to what might have happened. Hope this helps Bob G On Sep 9, 2010, at 12:28, Michel Servaes wrote: On Thu, Sep 9, 2010 at 6:02 PM, Beat Siegenthaler bsi...@gmail.com wrote: On 09.09.10 16:18, Michel Servaes wrote: What could be the cause here ? Should I install an UPS... or should I buy better CF-cards ? As long You use the CF read-only I am pretty shure there is another problem... PC Engines ALIX.2 v0.99h 640 KB Base Memory 261120 KB Extended Memory No boot device available, press Enter to continue. I am using the embedded version on a 4GB Kingston CF card... (it's not an industrial one...). But when using embedded - I guess I am using read-only, no ? For as long as the bios firmware, I guess 0.99h was the latest one... This is the second time, and the second Alixboard that gave me this after a power outage (in a very short time : last week I had another one)... Thank you already for the responses here... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
As long You use the CF read-only I am pretty shure there is another problem... --- I am a bit worried about the fact that the CF card should be set read-only. To my knowledge, when we install the embedded image, isn't the CF card mounted read-only by default (only when changing configuration, it would write to the CF card - no ?) And if I am correct, it also only writes RRD graphs to the CF card when rebooting the firewall - unless a power failure ofcourse :) I've been searching the webgui, to check if I could find a parameter to set the CF read only... but I am almost positive that this isn't needed to modify anywhere in case of an embedded nanobsd installation. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
Wow, thanks for this one... I replaced the Alix board, and took the broken one with me... I'll dive into the CF-card tomorrow to see what went wrong... The thing that disturbs me a bit, is that I had two different locations - with a week interval, with exactly the same issue after a power failure... I didn't bother last week, just reflashed the CF-card, and restored the configuration. Anyway, I hope your info here will shed some light on this... I'm not really willing into driving to each and every location every two weeks :) Op 9/09/2010 21:22, Bob Gustafson schreef: No boot device usually means the first 512 bytes of the CF disk have been disturbed. If you have the failed CF, try the following commands: (on Linux or Mac) put the CF disk into a reader and do df From the resulting output, try to figure out your device name. It will probably be the last one in the list: /dev/sda(hard disk) /dev/sdb(hard disk - raid clone of sda ??) /dev/sdc(cdrom drive..) /dev/sdd Using the CF disk name (/dev/sdd assumed below), give the following command: dd if=/dev/sdd bs=512 count=1 | od -c You should see a bunch of lines - with each byte decoded as an ascii character and an octal number Save this output and paste it into a document. As I recall, the first octal number should be a 353 if you have a good boot segment. --- When you rewrite the CF disk, again check the boot block using the same command above. Save the output and paste it into your debug document and compare the first few lines. If the first few lines are different, it might indicate that something whacked that segment. It could have been an errant log entry, a reconfig that went wrong, or just a glitch. You would not notice that this data had been disturbed until the next reboot - which does seem to fit your symptoms. If your system now is fixed, eyeball the original 512 char output to see if any of the ascii characters seem to be part of a log message or config line. This would give a clue as to what might have happened. Hope this helps Bob G On Sep 9, 2010, at 12:28, Michel Servaes wrote: On Thu, Sep 9, 2010 at 6:02 PM, Beat Siegenthaler bsi...@gmail.com wrote: On 09.09.10 16:18, Michel Servaes wrote: What could be the cause here ? Should I install an UPS... or should I buy better CF-cards ? As long You use the CF read-only I am pretty shure there is another problem... PC Engines ALIX.2 v0.99h 640 KB Base Memory 261120 KB Extended Memory No boot device available, press Enter to continue. I am using the embedded version on a 4GB Kingston CF card... (it's not an industrial one...). But when using embedded - I guess I am using read-only, no ? For as long as the bios firmware, I guess 0.99h was the latest one... This is the second time, and the second Alixboard that gave me this after a power outage (in a very short time : last week I had another one)... Thank you already for the responses here... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
On Thu, Sep 9, 2010 at 2:26 PM, Michel Servaes mic...@mcmc.be wrote: I am a bit worried about the fact that the CF card should be set read-only. If I may paraphrase Bob, I thought he was meaning that because/if you are using the embedded version, the problem you describe must be due to some other contributing factor. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
I don't know the significance of 'embedded' in the context of CF cards. If you can change configuration, this somehow means that the CF disk must be writable.. On Thu, 2010-09-09 at 14:30 -0600, David Burgess wrote: On Thu, Sep 9, 2010 at 2:26 PM, Michel Servaes mic...@mcmc.be wrote: I am a bit worried about the fact that the CF card should be set read-only. If I may paraphrase Bob, I thought he was meaning that because/if you are using the embedded version, the problem you describe must be due to some other contributing factor. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
On Thu, Sep 9, 2010 at 3:12 PM, Bob Gustafson bob...@rcn.com wrote: I don't know the significance of 'embedded' in the context of CF cards. Sorry, I meant to say I was paraphrasing Beat, not Bob. The pfsense embedded version, which is recommended for CF installs, mounts the filesystem read-only, and remounts it read-write when making config changes or committing RRD graphs to the CF. My point was that Michel need not worry about his mount options if he is running the embedded version, as it takes care of this. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Broadcom opens Linux wireless drivers
So will this benefit the FreeBSD crowd any time soon? http://www.osnews.com/story/23786/BREAKING_BROADCOM_OPEN_SOURCES_WIRELESS_DRIVERS db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] power-out and Alix-boards
I would look at the brand of CF card. Early on when we started using pfSense and m0n0wall we had problems with several brands of cards and I remember Kingston being one of them. I use only SanDisk Ultra and Ultra II cards and have had zero problems on ALIX and Soekris boards for several years. --Original Message-- From: David Burgess To: support@pfsense.com ReplyTo: support@pfsense.com Subject: Re: [pfSense Support] power-out and Alix-boards Sent: Sep 9, 2010 5:15 PM On Thu, Sep 9, 2010 at 3:12 PM, Bob Gustafson bob...@rcn.com wrote: I don't know the significance of 'embedded' in the context of CF cards. Sorry, I meant to say I was paraphrasing Beat, not Bob. The pfsense embedded version, which is recommended for CF installs, mounts the filesystem read-only, and remounts it read-write when making config changes or committing RRD graphs to the CF. My point was that Michel need not worry about his mount options if he is running the embedded version, as it takes care of this. db - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Kevin Tollison Sent from my Blackberry
Re: [pfSense Support] power-out and Alix-boards
On Thu, Sep 9, 2010 at 1:28 PM, Michel Servaes mic...@mcmc.be wrote: PC Engines ALIX.2 v0.99h 640 KB Base Memory 261120 KB Extended Memory No boot device available, press Enter to continue. That's a new one. The very few scenarios I've heard of in the past were filesystem corruption that it fails to repair with fsck, leaving the system unbootable, but it gets well past that, and that's far different since it's the boot sector. I can't think of anything but hardware problems that could possibly cause that. That makes me wonder if you have bad blocks on the CF that hosed your previous boot sector, and when you rewrite it, the wear leveling writes to unaffected blocks. I really doubt if that's anything other than the CF, maybe a few bad cards in the batch you got. With at least tens of thousands of ALIX systems out there running pfSense, to be the first to run into something is highly unusual. I am using the embedded version on a 4GB Kingston CF card... (it's not an industrial one...). That sounds like the same CF cards we use (and seriously abuse) quite a bit, we've never had a problem with those. Personally, I wouldn't trust either of the cards this happened to, for running in remote locations at least. Most of my systems in production in the field have SanDisk cards in them, and most of our resellers ship with SanDisk. My testing and development systems get infinitely more abuse than any production system though, and they almost all run Kingston cards. There are a few different Kingston models though, maybe you have something different from the ones we have. But when using embedded - I guess I am using read-only, no ? Unless you got in under the hood and changed how things work, yes, you're read only. Besides, the boot sector has nothing to do with how your partitions are mounted. It could result in partition corruption, but that's not what you're seeing. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org