[pfSense Support] Re: unknown cause of limited throughput

[David Burgess]

2.0-RC3 (amd64)
built on Tue Jul 12 21:23:55 EDT 2011

On Tue, Jul 5, 2011 at 11:52 PM, David Burgess  wrote:

> I hope that's not too confusing. To summarize, any two machines, real
> or virtual, get iperf results near wire speed when on the same L2
> network. Any two machines on different (routed) networks see iperf
> speeds between 320 and 550, which is expected due to the limitations
> of the router. The exception is rip. Of my three virtual hosts, which
> all live on the same ESXi server, only rip is seeing very slow iperf
> speeds (and similar nfs speeds) when acting as server to routed hosts.

I did some more testing and was surprised by the results. I created a
new virtual server "chunk" running Ubuntu Server 10.10 and expected
that because it was now the same version OS as my other servers, it
would now exhibit normal routed network speeds. But I was wrong. Chunk
consistently serves iperf at 12.8 Mbps to a routed client.

Intrigued, I moved chunk to a different local vlan/network and tested
again. The result:

iperf client   vlanserver  vlan   result
renreal85chunk virtual250  380 Mbps  routed
renreal85chunk virtual240  12.8 Mbps  routed
mule real85chunk virtual250  380 Mbps  routed
mule real85chunk virtual240  12.8 Mbps  routed
ren   real85 mule   real  240   16.8 Mbps  routed

So it's not the server, it's the vlan or something related to it.
vlan85 is my LAN, and the only firewall rule on that interface is a
PASS all rule. There is no floating rule that should touch any of this
as far as I can tell.

The only thing that distinguishes vlan 240 from the other vlans I'm
testing (besides being slower) is that the hosts on this vlan have
publicly routable IP addresses, while the hosts on every other vlan
are 192.168.x.x addresses. There is no NAT occurring between local
networks.

I've now ruled out virtualization and OS as being the cause of this,
and that leaves pfsense and the switch. The switch is not slow where
the router is not involved, so unless I've misjudged, this is a
pfsense problem.

Any ideas?

db

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

RE: [pfSense Support] Incorrect System Log Order/Logging Bug?

[Dimitri Rodis]

>2011/7/13 Jim Pingle mailto:li...@pingle.org>>
>On 7/9/2011 9:17 PM, Dimitri Rodis wrote:
>> The system is and has been set to -8 (I am Pacific Daylight Time, USA), and 
>> hasn't been re/booted since the first boot on that build--and I >have 
>> reported this issue back in RC1 and it still appears to be an issue. It 
>> almost looks as if the check_reload_status (among a couple of others >that 
>> haven't shown up in the log yet) specifically always logs with the wrong 
>> timestamp.
>Are you actually using the GMT +/- zone or a named zone such as
>America/Los_Angeles?
>
>
>http://www.timeanddate.com/worldclock/
>
>;-)

See screen snip below.

 [cid:image001.png@01CC4162.4D0586B0]
<>

Re: [pfSense Support] virtualbox ova fails to import

[Volker Kuhlmann]

On Thu 14 Jul 2011 01:12:13 NZST +1200, e...@tm-k.com wrote:

> $ md5 pfSense.ova
> MD5 (pfSense.ova) = ff549e509339e8e8316770bc4a47958f

Thanks! Loads fine into virtualbox now.

Turns out I had to turn off the transparent proxy in squid to make the
download error disappear. Otherwise each 220MB of pfSense.ova differed
by about 6 bytes from the previous. Disk has no pending or reallocated
sectors. Not my understanding of "transparent cache"... :-((

Thanks,

Volker

-- 
Volker Kuhlmann is list0570 with the domain in header.
http://volker.dnsalias.net/ Please do not CC list postings to me.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] best way to set up extra blacklist only on certain computers

[Vick Khera]

On Wed, Jul 13, 2011 at 3:38 PM, Luke Jaeger  wrote:
>
> docs.pvpa.org redirects to www.google.com/a/pvpa.org
>

Not directly.  It goes like this:


docs.pvpa.org is an alias for ghs.google.com.
ghs.google.com is an alias for ghs.l.google.com.
ghs.l.google.com has address 72.14.204.121

So you have to be able to hit ghs.l.google.com in order to get the
HTTP redirect to www.google.com/a/pvpa.org.  This is how the chain
looks:

% lwp-request -m HEAD -S http://docs.pvpa.org/
HEAD http://docs.pvpa.org/ --> 302 Found
HEAD http://docs.google.com/a/pvpa.org --> 302 Moved Temporarily
HEAD http://docs.google.com/a/pvpa.org/ --> 302 Moved Temporarily
HEAD 
https://www.google.com/a/pvpa.org/ServiceLogin?service=writely&passive=1209600&continue=http://docs.google.com/a/pvpa.org/&followup=http://docs.google.com/a/pvpa.org/ 200 OK

So you need to allow the IP addresses of each of the named hosts in the chain.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] best way to set up extra blacklist only on certain computers

[Luke Jaeger]

On Jul 11, 2011, at 1:08 PM, Andrew Cotter wrote:

Did you change the web address for docs in the management portal on  
Google Docs under settings, docs, general?  My guess is yes since  
you are using that.


yes I did


We did not modify this in our Google Apps deployment so the URL for  
us is docs.google.com/a/domain.com.  I am not sure if the user is  
really accessing the docs from yourdocs.pvpa.org domain or if that  
is more for vanity and a redirect is happening.  What shows as a URL  
after you pull up a doc?




docs.pvpa.org redirects to www.google.com/a/pvpa.org


Did you try and add the IP for docs.google.com to your allowedSites  
list?




I did, but I couldn't make this work no matter what I tried.
I also tried doing this thru IPSEC settings on the workstations (XP)  
but no luck - it either blocks everything or passes everything.


Luke Jaeger | Technology Coordinator
Pioneer Valley Performing Arts Charter Public School
www.pvpa.org

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] Incorrect System Log Order/Logging Bug?

[Michael Schuh]

2011/7/13 Jim Pingle 

> On 7/9/2011 9:17 PM, Dimitri Rodis wrote:
> > The system is and has been set to -8 (I am Pacific Daylight Time, USA),
> and hasn't been re/booted since the first boot on that build--and I have
> reported this issue back in RC1 and it still appears to be an issue. It
> almost looks as if the check_reload_status (among a couple of others that
> haven't shown up in the log yet) specifically always logs with the wrong
> timestamp.
>
> Are you actually using the GMT +/- zone or a named zone such as
> America/Los_Angeles?
>
>
http://www.timeanddate.com/worldclock/

;-)


> The GMT+/- zones are often sources of such weirdness, the named Zones
> usually work best.
>
> Jim
>
> -
> To unsubscribe, e-mail: support-unsubscr...@pfsense.com
> For additional commands, e-mail: support-h...@pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>
>


-- 
= = =  http://michael-schuh.net/  = = =
Projektmanagement - IT-Consulting - Professional Services IT
Michael Schuh
Postfach 10 21 52
66021 Saarbrücken
phone: 0681/8319664
mobil:  0175/5616453
@: m i c h a e l . s c h u h @ g m a i l . c o m

= = =  Ust-ID:  DE251072318  = = =

Re: [pfSense Support] Incorrect System Log Order/Logging Bug?

[Jim Pingle]

On 7/9/2011 9:17 PM, Dimitri Rodis wrote:
> The system is and has been set to -8 (I am Pacific Daylight Time, USA), and 
> hasn't been re/booted since the first boot on that build--and I have reported 
> this issue back in RC1 and it still appears to be an issue. It almost looks 
> as if the check_reload_status (among a couple of others that haven't shown up 
> in the log yet) specifically always logs with the wrong timestamp.

Are you actually using the GMT +/- zone or a named zone such as
America/Los_Angeles?

The GMT+/- zones are often sources of such weirdness, the named Zones
usually work best.

Jim

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] virtualbox ova fails to import

[ey]

> On Wed 13 Jul 2011 01:28:11 NZST +1200, e...@tm-k.com wrote:
>
>> > http://cvs.pfsense.org/~sullrich/pfSenseDevBuilder/pfSense.ova
>> > fails to import into virtualbox.
>
>> Just tried, works well on VirtualBox for Mac.
>
> Thanks. There are suggestions of potential problems depending on VB
> capabilities. What version of virtualbox is this appliance for? Open
> source or the binary one? Which number?
>
> I downloaded the file 3 times and got 3 different ones.
> Could someone please post MD5 sums for all those ova files?
> Thanks.
>
> Then I downloaded the RC3 release ISO for the sole purpose of it having
> an MD5 sum published, and that didn't match. So some network segment is
> seriously screwy here.
>
> Volker
$ md5 pfSense.ova
MD5 (pfSense.ova) = ff549e509339e8e8316770bc4a47958f



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

Re: [pfSense Support] if possible to use radius and vouchers together?

[Chris Buechler]

2011/7/11 梁富宏 :
> my network has 300 users and some guests.guests need to temperary access
> internet.
>
> now i want to use pfsense's captiveportal to control the users and guests to
> access internet:
>
> 1. users use account to login captiveportal
> 2. guests use voucher to login captiveportal
>
>
> because of  has 300 users ,so i want to use radius to storage the accounts.
>
> but in pfsense, the captive portal auth options is  " Local User Manager /
> Vouchers"
>

Should work with RADIUS just the same as the local user manager, that
description is confusing though. I'll check that and change the
description.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org