Re: [pfSense Support] 1.2.3-Release - minor user protection improvement suggestion?

2010-10-15 Thread Tortise
- Original Message - 
From: "Tortise" 

To: 
Sent: Saturday, October 16, 2010 3:56 PM
Subject: [pfSense Support] 1.2.3-Release - minor user protection improvement 
suggestion?


I had a network problem, turns out I had assigned 2 devices to the same IP using the DHCP server.  Usually pfSense checks most 
things and tells me when I stuff up, but on this occasion it did not.  I'm pretty sure it checks for duplicate MAC addresses, 
should it check for duplicate IP's also?  Yeah I should have noticed, but for some reason I didn't see it.  I can edit an entry to 
use a duplicate IP and it accepts it.




OK found the reason for this:  "Relax the ip address check and allow duplicate ip address entries which allows fr example a wireless 
card and a ethernet card on a laptop to share the same ip address" as posted at http://blog.pfsense.org/?author=2&paged=3




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] 1.2.3-Release - minor user protection improvement suggestion?

2010-10-15 Thread Tortise
I had a network problem, turns out I had assigned 2 devices to the same IP using the DHCP server.  Usually pfSense checks most 
things and tells me when I stuff up, but on this occasion it did not.  I'm pretty sure it checks for duplicate MAC addresses, should 
it check for duplicate IP's also?  Yeah I should have noticed, but for some reason I didn't see it.  I can edit an entry to use a 
duplicate IP and it accepts it.



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Re: multi-wan, multi-lan security

2010-08-06 Thread Tortise
- Original Message - 
From: "Dave Warren" 

To: 
Sent: Saturday, August 07, 2010 5:58 PM
Subject: [pfSense Support] Re: multi-wan, multi-lan security



In message  Tortise
 was claimed to have
wrote:



- Original Message - 
From: "Dave Warren" 

To: 
Sent: Saturday, August 07, 2010 4:51 PM
Subject: [pfSense Support] Re: multi-wan, multi-lan security



In message <24b7224eff7c4e19b1a43fd4df416...@dp2000xp> Tortise
 was claimed to have
wrote:


My ISP advised us not use common private LAN addresses for this
(common problem) reason.  (I now use randomly generated addresses)


I do hope you never need to contact the legitimate owner of whatever IPs
you're using...

Personally, if my provider gave me such advice (not just a single rep,
but the provider's official policy) I'd find competent provider.


Woops - sorry for being misleading.  I meant (and use) random numbers taken
from within the private address ranges.  (10.x.x.x etc)


In that case, excellent advice and one I would absolutely agree with.

I'm possibly overly sensitive on this particular issue just because I'm
tired of dealing with it professionally, one of $DAYJOB's partners used
to give out advice like this and we spent untold hours cleaning up.

I hope no offense was taken, certainly none was intended on my part and
if I came across to harshly, I do apologize.



Hey no worries, I accept I could have been a little less ambiguous, dangerous 
to assume anything when communicating...!

An interesting discussion.  I was using random numbers to minimise the risk of arp poisoning, a dead connection is best avoided! 
The comments about minimal increased security from using random nos (within private network ranges!) was not on my mind however its 
food for thought. 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Re: multi-wan, multi-lan security

2010-08-06 Thread Tortise


- Original Message - 
From: "Dave Warren" 

To: 
Sent: Saturday, August 07, 2010 4:51 PM
Subject: [pfSense Support] Re: multi-wan, multi-lan security



In message <24b7224eff7c4e19b1a43fd4df416...@dp2000xp> Tortise
 was claimed to have
wrote:


My ISP advised us not use common private LAN addresses for this
(common problem) reason.  (I now use randomly generated addresses)


I do hope you never need to contact the legitimate owner of whatever IPs
you're using...

Personally, if my provider gave me such advice (not just a single rep,
but the provider's official policy) I'd find competent provider.


Woops - sorry for being misleading.  I meant (and use) random numbers taken from within the private address ranges.  (10.x.x.x etc) 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] multi-wan, multi-lan security

2010-08-06 Thread Tortise


- Original Message - 
From: "Chris Buechler" 

To: 
Sent: Saturday, August 07, 2010 2:09 PM
Subject: Re: [pfSense Support] multi-wan, multi-lan security


On Fri, Aug 6, 2010 at 9:37 PM, Tortise  wrote:


- Original Message - From: "Nathan Eisenberg"

To: 
Sent: Saturday, August 07, 2010 12:50 PM
Subject: RE: [pfSense Support] multi-wan, multi-lan security



Say I'm not being routed a /24. Say I'm on Comcast and I have a
192.168.0.0/24 LAN. The problem is now even bigger: your carrier, their
carrier, and Comcast won't route 192.168.0.0/24.


I think that is the theory however in practice I'm not so sure. It doesn't
take much to, for example, accidentally connect a LAN to the net and
suddenly...with some else doing the same...I think the private LAN becomes
public and pretty sick pretty quickly also... Maybe Comcast can control for
this but I doubt all ISP's do? My ISP advised us not use common private LAN
addresses for this (common problem) reason. (I now use randomly generated
addresses)



There are good reasons to use uncommon subnets, primarily because it

eases connecting with other networks without hacks like NAT, but
that's not among them. What subnet you use internally has no relevance
to your ISP. The risk isn't in the private subnet leaking out to WAN
unless you're talking about the ARP poisoning possibility, or the fact
if you do that on a medium like cable any of the thousands on your
segment could easily join your LAN (even inadvertently if that also
brings your internal DHCP server onto the ISP network, but that is
likely to either be blocked by the ISP or get you cut off very quickly
once it happens). An obscure subnet wouldn't matter in that scenario,
everyone on the segment would see what your subnet is.

-
Yes I was referring to ARP poisoning and my cable connection experience which is the reason for the random (obscure) LAN subnet 
range selection...  It just seemed an example of a situation that was outside the example posed where it was suggested there was no 
risk, when there may be? 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] multi-wan, multi-lan security

2010-08-06 Thread Tortise


- Original Message - 
From: "Nathan Eisenberg" 

To: 
Sent: Saturday, August 07, 2010 12:50 PM
Subject: RE: [pfSense Support] multi-wan, multi-lan security


Say I'm not being routed a /24.  Say I'm on Comcast and I have a 192.168.0.0/24 LAN.  The problem is now even bigger: your 
carrier, their carrier, and Comcast won't route 192.168.0.0/24.


I think that is the theory however in practice I'm not so sure. It doesn't take much to, for example, accidentally connect a LAN to 
the net and suddenly...with some else doing the same...I think the private LAN becomes public and pretty sick pretty quickly also... 
Maybe Comcast can control for this but I doubt all ISP's do?  My ISP advised us not use common private LAN addresses for this 
(common problem) reason.  (I now use randomly generated addresses) 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] multi-wan, multi-lan security

2010-08-04 Thread Tortise
- Original Message - 
From: "Chris Buechler" 

To: 
Sent: Thursday, August 05, 2010 6:01 PM
Subject: Re: [pfSense Support] multi-wan, multi-lan security



Doing VLANs properly all on one switch is probably pretty safe if done
right (biggest risk in those kind of setups is accidental
misconfiguration). I wouldn't do it though, managed switches are too
cheap to not physically segment your internal and external networks.



Hi Chris,

Do you mind if I ask you re-express the last sentence please, ("I wouldn't do it though, managed switches are too cheap to not 
physically segment your internal and external networks. ") I am having trouble gleaning what I think is your intended meaning.  Too 
cheap doesn't seem an adequate justification in itself, if that is what you intend? 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] VPN LAN TO LAN

2010-04-02 Thread Tortise
- Original Message - 
From: Tim Dickson 
To: support@pfsense.com 
Sent: Saturday, April 03, 2010 5:36 PM

Subject: RE: [pfSense Support] VPN LAN TO LAN



Errr.. After all that - forgot to change the TO: . sorry list!


Well I for one appreciate your comments and advice cause this is where probably 
many of us advance our learning  so thank you!

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] PPTP Connected?

2010-03-31 Thread Tortise
- Original Message - 
From: "Chris Buechler" 

To: 
Sent: Tuesday, March 30, 2010 10:41 PM
Subject: Re: [pfSense Support] PPTP Connected?


On Tue, Mar 30, 2010 at 5:39 AM, Tortise  wrote:

Hi
Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can
connect remotely however I still cannot "connect" with anything on the LAN.
I think the issue is the IP assigned to remote connections is remotely said
to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address

assigned seems OK.



That's normal. You're probably missing a firewall rule on the PPTP tab.


With a bit of list help it seems not so much a missing rule, but rather a rule 
that was too tight.

The rule says "Hint: in most cases, you should specify TCP  here."

It seems somewhat more than the TCP rule is required in my case.  I'll do some more testing to clarify which is required, however 
"*" works well of course!  If anyone wants to know more of what I find works then let me know.


Btw it makes me wonder if the rules tightened up in a recent version here, as this used to work with the TCP rule on its own in the 
past? 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] PPTP Connected?

2010-03-30 Thread Tortise


- Original Message - 
From: "Chris Buechler" 

To: 
Sent: Tuesday, March 30, 2010 10:41 PM
Subject: Re: [pfSense Support] PPTP Connected?


On Tue, Mar 30, 2010 at 5:39 AM, Tortise  wrote:

Hi
Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can
connect remotely however I still cannot "connect" with anything on the LAN.
I think the issue is the IP assigned to remote connections is remotely said
to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address
assigned seems OK.


That's normal. You're probably missing a firewall rule on the PPTP tab.

There is a pass * rule under the PPTP VPN firewall tab for TCP, perhaps it should be "all"?  I'd have thought TCP would allow 
browsing on the LAN web servers though, which fails. 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] PPTP Connected?

2010-03-30 Thread Tortise

Hi
Using  1.2.3-RELEASE (embedded) I have a PPTP server configured and I can connect remotely however I still cannot "connect" with 
anything on the LAN.  I think the issue is the IP assigned to remote connections is remotely said to be 255.255.255.255 while the 
LAN is using 255.255.255.0, the IP address assigned seems OK.  Can someone guide me from here?  No Radius or WINS server is 
involved. 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Bottleneck for some reason?

2010-02-05 Thread Tortise
- Original Message - 
From: "Robert Mortimer" 

To: 
Sent: Friday, February 05, 2010 10:20 PM
Subject: Re: [pfSense Support] Bottleneck for some reason?


=Traffic shaping enabled?

Yes!  OK now disabled, that's doubled it to 8Mbps.  As its evening
here it might be high traffic cutting it down from 10 to 8, I'll
try again during a lower demand time.
Thanks Chris.   Out of interest wouldn't a larger CPU increase the
shapers limits?  (there was little difference in the 400 and 500,
I would have expected some difference?)
Last test from http://www.nzdsl.co.nz/ was 9.5Mbps, so I guess that's
the answer.  (Looks to read book's traffic shaper section)



From my memory you tell the shaper the bandwidth of your connection it order for it to work. As a result the value set here is you 
upper limit regardless of CPU


qwanroot  0  No 2000 Kb   qwanRoot
qlanroot  0  No 4000 Kb   qlanRoot

Now that seems significant.  It is such a long time ago since I ran that wizard 
I'd forgotten that bit!

Thanks guys. 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Bottleneck for some reason?

2010-02-05 Thread Tortise
- Original Message - 
From: "Chris Buechler" 

To: 
Sent: Friday, February 05, 2010 10:02 PM
Subject: Re: [pfSense Support] Bottleneck for some reason?


On Fri, Feb 5, 2010 at 3:52 AM, Tortise  wrote:

I had a P 500 III CPU with 1G of RAM and now a P 400II with 756M RAM running
embedded (512M CF) 1.2.3 and three Intel 1000GT's. One WAN, Two LAN. LAN
2 is LAN1 10.a.b+1.c.d. (/24), both performed much the same.

The cable download speed has just been upgraded from 4MBps to 10Mbps however
downloads on pfSense are still limited to 4Mbps, despite several modem power
cycles. A notebook direct connected to the cable modem does indeed get
10Mbps suggesting pfsense is the bottleneck.

The book and http://doc.pfsense.org/index.php/Hardware_requirements suggest
to me I should be getting 20-40Mbps throughput.

Can anyone suggest how I can investigate from here?



=Traffic shaping enabled?

Yes!  OK now disabled, that's doubled it to 8Mbps.  As its evening here it might be high traffic cutting it down from 10 to 8, I'll 
try again during a lower demand time.
Thanks Chris.   Out of interest wouldn't a larger CPU increase the shapers limits?  (there was little difference in the 400 and 500, 
I would have expected some difference?)
Last test from http://www.nzdsl.co.nz/ was 9.5Mbps, so I guess that's the answer.  (Looks to read book's traffic shaper section) 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] Bottleneck for some reason?

2010-02-05 Thread Tortise
I had a P 500 III CPU with 1G of RAM and now a P 400II with 756M RAM running embedded (512M CF) 1.2.3 and three Intel 1000GT's.  One 
WAN, Two LAN.LAN 2 is LAN1 10.a.b+1.c.d.  (/24), both performed much the same.


The cable download speed has just been upgraded from 4MBps to 10Mbps however downloads on pfSense are still limited to 4Mbps, 
despite several modem power cycles.  A notebook direct connected to the cable modem does indeed get 10Mbps suggesting pfsense is the 
bottleneck.


The book and http://doc.pfsense.org/index.php/Hardware_requirements suggest to 
me I should be getting 20-40Mbps throughput.

Can anyone suggest how I can investigate from here? 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] VLAN Setup

2010-01-09 Thread Tortise
- Original Message - 
From: "Fabian Abplanalp" 

To: 
Sent: Sunday, January 10, 2010 1:50 PM
Subject: [pfSense Support] VLAN Setup



Sawadeekap

Question... I have currently a LAN with 2 VLANs (default and VLAN99 for a guest WLAN). Default uses pfSense with portforwarding 
etc., the VLAN99 uses a separate pfSense ALIX with its own LAN Subnet and WAN address. Would it be possible to run all this on the 
same pfSense box?


Setup:

VLAN1 (default) 172.22.0.0/16 -> LAN Interface pfSense Box1 -> WAN x.y.z.34
VLAN99 (guests) 192.168.x.0/24 -> LAN Interface with VLAN99 pfSense Box2 -> WAN 
x.y.z.35

Of course I want the VLAN99 to use another (VirtualIP?) for outgoing, because I don't want guests to make the public IP of VLAN1 
"dirty"...


Thanks for any suggestions.

Fabian

-


I don't see a managed switch in here - is there one?

I thought a managed switch was a pre-requisite for VLAN's, as is one pfSense 
box (or equivalent).

The very helpful definitive guide to pfSense details VLAN setup, which to my reading would help you.  To my mind it is really 
essential reading for most pfSense users, unless they have vast FreeBSD experience...



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Wake On LAN - Now Works on 1.2.3 Embedded!

2009-12-18 Thread Tortise
- Original Message - 
From: "Chris Weakland" 

To: 
Sent: Sunday, December 13, 2009 4:40 AM
Subject: Re: [pfSense Support] Wake On LAN - Now Works on 1.2.3 Embedded!



Also if ur nic is a pci or pcie nic the wol cable must be connected to
the motherboard header for it to work with wol.

Chris


I just tried WOL using an Intel 1000GT PCI NIC, (using no wol cable between the NIC and the motherboard) and it works fine.  


The tested motherboard is a GA-EP31-DS3L, which (sadly) does not have WOL in 
the BIOS.

Certainly many NIC's and motherboards will need those cables, clearly not always.  



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Wake On LAN - Now Works on 1.2.3 Embedded!

2009-12-11 Thread Tortise
- Original Message - 
From: "Chris Buechler" 

To: 
Sent: Tuesday, December 01, 2009 8:57 PM
Subject: Re: [pfSense Support] Wake On LAN


On Tue, Dec 1, 2009 at 2:53 AM, Tortise  wrote:

Somehow I cannot get magic packets to awaken any PC on a pfSense LAN. I
don't get it.

Some motherboard BIOS seem to have WOL and others don't. Even the ones I
have that are said to have it cannot be awoken as best I can tell! I have
tried an Intel GT1000 with WOL functionality. I can get Boot on LAN to work
OK, WOL seems a mystery!

It is not clear to me the state that a PC to be awoken in is, I expected
that the ATX power supplies would allow the PC to awaken when the right
packets are sent however I am wondering if what is needed is a PC in a
suspended state - or something else?



Just need a WOL-enabled NIC, and to have WOL turned on in the BIOS. If
you have an onboard NIC, it should be as simple as enabling it in the
BIOS. As long as the machine is plugged in, it'll wake. With add-in
NICs you need a WOL cable from the NIC to the motherboard, that can
complicate things.

-

Well I had already done all that and it still didn't work, that was using 1.2.3 RC1 embedded.  (3 NIC's, one WAN, two LAN)  I 
now wish I had set up a sniffer to see if magic packets were actually going out


I just upgraded to 1.2.3 and thought I'd fire off a few magic packets for funand just as well I was sitting on my chair, the 
other PC's had fired into life!


Only thing that had really changed was the pfSense version!  (That means the motherboard BIOS was already enabled for each on board 
NIC on the couple of Pentium 3000 class boxes I had tried)


Curious that I couldn't find any updates about this, anyway others might find 
it works now?

Thank you for the posters on this topic, it seems it may have proved a useful 
thread for some...

In addition to what Chris said above I understand that some NIC's do not need an additional WOL cable for WOL, e.g. Intel 1000GT 
which are WOL capable and have no cable connection!


I hate having to get some more 512M plus CF cards but accept there are 
excellent reasons for this!

Looking forward to checking out some more embedded stuff.

I'd suggested the other half give me the pfsense book for Christmas in the hope I might learn some useful stuff about VLAN's etc, 
even if I don't learn anything I am pleased the other half is contributing to support pfSense!


Happy Christmas all! 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] Wake On LAN

2009-11-30 Thread Tortise

Somehow I cannot get magic packets to awaken any PC on a pfSense LAN.  I don't 
get it.

Some motherboard BIOS seem to have WOL and others don't.  Even the ones I have that are said to have it cannot be awoken as best I 
can tell!  I have tried an Intel GT1000 with WOL functionality.  I can get Boot on LAN to work OK, WOL seems a mystery!


It is not clear to me the state that a PC to be awoken in is, I expected that the ATX power supplies would allow the PC to awaken 
when the right packets are sent however I am wondering if what is needed is a PC in a suspended state - or something else?


Any guidance or links would be appreciated please! 



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Multiple Filenames for Diskless Boot On LAN

2009-10-27 Thread Tortise
- Original Message - 
From: "Seth Mos" 

To: 
Sent: Tuesday, October 27, 2009 8:08 PM
Subject: Re: [pfSense Support] Multiple Filenames for Diskless Boot On LAN



tort...@paradise.net.nz schreef:

Hi
 
Can multiple file names be specified for diskless boot on LAN 
functionality in pfSense on the same LAN?  (e.g. thin clients and fat 
clients from same or different servers on same LAN)


No, this is not possible.

Regards,

Seth



Thanks Seth

Mmm well one can still do it one per LAN.  I wonder if using VLANs might give 
more scope?

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] Multiple Filenames for Diskless Boot On LAN

2009-10-26 Thread tortise
Hi

Can multiple file names be specified for diskless boot on LAN functionality in 
pfSense on the same LAN?  (e.g. thin clients and fat clients from same or 
different servers on same LAN)

Re: [pfSense Support] 440BX Chipset

2009-04-26 Thread Tortise
Thanks Pete
Maybe its not the chipset that's the problem.
Which image are you running?  HHD? Embedded?
Kind regards
David 

- Original Message - 
From: "Pete Boyd" 
To: 
Sent: Monday, April 27, 2009 6:03 AM
Subject: Re: [pfSense Support] 440BX Chipset


> Is anyone using pfSense on a motherboard with the 440BX chipset?
>
> Does your CPU use drop to zero?  A bug is suspected with this chipset and
> FreeBSD.

This is with pfSense 1.2.2:

# dmesg | grep BX
agp0:  on hostb0

# /sbin/sysctl -n kern.cp_time
17989 175578 582310 281810 55059119
# /sbin/sysctl -n kern.cp_time
17990 175603 582383 281815 55060304
# /sbin/sysctl -n kern.cp_time
17990 175603 582386 281815 55060473
# /sbin/sysctl -n kern.cp_time
17991 175603 582386 281815 55060609
# /sbin/sysctl -n kern.cp_time
17993 175603 582387 281815 55060729
# /sbin/sysctl -n kern.cp_time
17995 175603 582387 281815 55060862


-- 
Pete Boyd

Open Plan IT - http://openplanit.co.uk
The Golden Ear - http://thegoldenear.org



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] 440BX Chipset

2009-04-24 Thread Tortise
Interesting thanks Jim, 

I note for me it is 440 BX and not 440BX!:

pfSense:~#  dmesg | grep 440
pcib0:  pcibus 0 on motherboard

Kind regards
David

- Original Message - 
From: "Jim Pingle" 
To: 
Sent: Saturday, April 25, 2009 12:11 PM
Subject: Re: [pfSense Support] 440BX Chipset


Tortise wrote:
> Is anyone using pfSense on a motherboard with the 440BX chipset?  
> 
> Does your CPU use drop to zero?  A bug is suspected with this chipset and 
> FreeBSD.
> 
> The bug is evident when running 
> 
> /sbin/sysctl -n kern.cp_time
> 
> successively from the command prompt reports the same non-incrementing 
> numbers.
> 
> Positive and negative reports would be appreciated.

# dmesg | grep 440BX
ACPI APIC Table: 
# /sbin/sysctl -n kern.cp_time
29192 66135 337891 13623 44026017
# /sbin/sysctl -n kern.cp_time
29198 66135 337904 13624 44026271
# /sbin/sysctl -n kern.cp_time
29199 66135 337905 13624 44026491
# /sbin/sysctl -n kern.cp_time
29200 66135 337906 13624 44026705
# /sbin/sysctl -n kern.cp_time
29200 66135 337908 13624 44026913
# /sbin/sysctl -n kern.cp_time
29200 66137 337931 13625 44036089

NB: This is a dual CPU Intel LG440BX board with 2xPIII-800. The consumer
version may behave differently, but I don't believe I still have any of
those in place anywhere.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] 440BX Chipset

2009-04-24 Thread Tortise
Is anyone using pfSense on a motherboard with the 440BX chipset?  

Does your CPU use drop to zero?  A bug is suspected with this chipset and 
FreeBSD.

The bug is evident when running 

/sbin/sysctl -n kern.cp_time

successively from the command prompt reports the same non-incrementing numbers.

Positive and negative reports would be appreciated.

Kind regards
David

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Internet at the lake? Rogers MobileInternetStick (Rocket) with pfSense?

2009-03-27 Thread Tortise
"Actually the best 3G router option I've found is an Alix 6b2.  It has
a miniPCI Express slot you can use for the cellular connection (no
miniPCI solutions exist AFAIK) /"

Would the Dell 3G Mini PCI Express modules used in their notebooks work?  

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Internet at the lake? Rogers Mobile InternetStick (Rocket) with pfSense?

2009-03-27 Thread Tortise
Check out the Linksys wrt54g3g which I use with a 3G XU870, (cheap 2nd hand) 
works well for portable Internet connections for a 
battery of wireless notebooks.  It runs from 12V so car battery power is also 
an option.

The code is open source and published by Linksys, whether that makes the 
drivers accessible I am not sure.

Kind regards
David

- Original Message - 
From: "Chris Buechler" 
To: 
Sent: Friday, March 27, 2009 4:51 PM
Subject: Re: [pfSense Support] Internet at the lake? Rogers Mobile 
InternetStick (Rocket) with pfSense?


On Thu, Mar 26, 2009 at 10:09 AM, Vick Khera  wrote:
>
> When we were at BSDCon in DC last month, the local wifi provided was
> over a shared connection built this way by hand using an OpenBSD
> laptop as the gateway to the verizon network via usb stick. It worked
> quite well for the first day :-)
>

The "first day" part is key there.  :)  It fell apart after that.

pfSense doesn't support any 3G devices. The driver support on FreeBSD
in our experience is somewhere between poor and non-existent depending
on the card. The cards with driver support tend to be old ones you
can't get new anymore.

3G requires PPP support as it's functionally virtually identical to a
POTS dial up modem. PPP dial up support may appear in 2.0. 3G drivers
is a bigger problem.

There are some boxes that'll output 3G to Ethernet in some fashion
(router generally), but they aren't cheap.  $200-300 USD if I recall.
That may be the best bet. One caveat though - don't know how it is in
.ca but most providers here in the US will limit you to 5 GB and
charge an exorbitant amount per MB above that.

-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: SV: [pfSense Support] sip nat

2009-03-18 Thread Tortise
What is BADASS and what are you saying here?
It seems to be mixed messages and not consistent to me.
I'd like to understand what it is that you understand please.
Kind regards
David

- Original Message - 
From: Chris Flugstad
To: support@pfsense.com
Sent: Thursday, March 19, 2009 7:43 AM
Subject: Re: SV: [pfSense Support] sip nat


I use Linksys SPA 921 which do a BADASS job of going over NAT.  They have a 
good "keep alive" function that keeps them nice and cozy 
behind a nat. We use them for our hosted pbx product and havent had any 
problems.


Chris Flugstad
Cascadelink
900 1st ave s, suite 201a
seattle, wa 98134
p: 206.774.3660 | f: 206.577.5066
ch...@cascadelink.com


and...@fiberby.dk wrote:
Hi Chris

Thanks for the quick response. I already tested it, and that solved my
problem.
But your probably also right when you say that it won't fix the actual
problem: SIP does not like NAT.

Keep up the good work...

Kind regards Anders

-Oprindelig meddelelse-
Fra: cbuech...@gmail.com [mailto:cbuech...@gmail.com] På vegne af Chris
Buechler
Sendt: 18. marts 2009 16:03
Til: support@pfsense.com
Emne: Re: [pfSense Support] sip nat

Nearly always, rewriting source port on SIP breaks it so it's not done
by default. Enable AON and it will be.


On Wed, Mar 18, 2009 at 6:11 AM,   wrote:

Hi

I know this issue have been raised before, but I haven't really found a
satisfying answer, so here I go again...

My problem is related to sip-nat.

I'm running a network with approximately 2000 home users.
I have choosen pfsense back in the 1.0.1 days, and is still very satisfied
with it's performance and stability.
At the moment I have four machines running pfsense.
One working as router only (disabled the firewall under advanced). -

pfsense

v. 1.2
Two working as nat-routers for Internet-access. - pfsense v. 1.2
One working as a nat-router for Audiocodes MP124 sip boxes. - pfsense v.
1.0.1

When pfsense 1.2 came out, I upgraded every machine. But quickly I had to
roll the "sip-router" back to 1.0.1, since it
stopped rewriting the source port for the MP124 boxes.

My problem is that many costumers choose to set up there own sip-boxes on
the internet-connection, and therefore get connected with one of the

routers

thats running pfsense 1.2. And it just does not rewrite the source port,

and

as a result of that only one sip-box per provider gets connected. As soon

as

I throw them on another vlan, so they get connected to the machine running
pfsense 1.0.1, it rewrites the ports just fine, and I can have as many

boxes

from the same provider behind one single public ip.

Does anyone have an explanation to this behavior, or even better, a
solution!?

Kind regards

Anders Dahl



-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org




-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org


- To 
unsubscribe, e-mail: support-unsubscr...@pfsense.com For 
additional commands, e-mail: support-h...@pfsense.com Commercial support 
available - https://portal.pfsense.org 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



[pfSense Support] Minor text change suggestion - OpenNTPD

2009-03-03 Thread Tortise
Hi

On the OpenNTPD page I suggest the text be changed from

"Select the interface the NTP server will listen on."

"Select the interface(s) the NTP server will listen on."

I assume this minor change more accurately describes that pfsense seems to be 
able to serve NTP on multiple LAN interfaces.  (And I 
guess is a veiled question that my assumption is correct?!)

Kind regards
David 


-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com

Commercial support available - https://portal.pfsense.org



Re: [pfSense Support] Possible to boot pfSense with WAN interface down?

2009-01-28 Thread Tortise
Hi Marty

There will be a boot file that you can append the ifconfig command to, to take 
the WAN down on reboot.  This file would need to be watched for change if 
upgrading, for example if using a later CF image.

With alternative network dial in access you may be able to trigger pfsense to 
boot of there is WOL capability built in the pfsense PC BIOS and LAN.

Have you also considered using a VPN in and keeping pfsense otherwise closed?

Kind regards
David



- Original Message - 
  From: Marty Nelson 
  To: support@pfsense.com 
  Sent: Wednesday, January 28, 2009 10:06 AM
  Subject: [pfSense Support] Possible to boot pfSense with WAN interface down?


  Greetings all.

   

  I have a customer who's putting in a DSL line for us to be able to better 
support them (we're currently dialing in).  In doing so, they are somewhat 
breaking their corporate rules.  Even with their current dial in setup, we have 
to call them and tell them to plug it in when we want access.

   

  Well now with the DSL line going in, even though I'm throwing pfSense in, 
they are now even more concerned with security.  What I was wondering was if it 
was possible to have pfSense start with the WAN interface down so that we could 
then call them -> dial in -> connect to pfSense and manually fire up the WAN 
interface.  As far as I can tell, I can issue an ifconfig fxp1 down command 
from the web interface (or by sshing in), but should the machine be rebooted 
the interface starts up automatically.

   

  Is what I'm looking for do-able?

   

  Thanks!  

   

  -Marty

   


[pfSense Support] Dell XPS R400 Pentium 400 II and IDE / CF Read error

2009-01-13 Thread Tortise
Hi

I was given a couple of the above boxes, the 8G HDD's are noisy yet run pfSense 
fine.  The rest of the boxes are quiet with largish CPU heatsinks instead of 
typically noisy CPU fans.

I was hoping they would become nice quiet boxes running pfSense on IDE / CF 
drives.  I connected up some IDE CF adapters expecting these to simply run, and 
find they boot straight into a read error.  

I tried pfSense 1.01 and 1.20.2.  FreeNAS also has the same read error shown.  
They have the latest Dell A13 BIOS and both behave the same, two quite 
different CF / IDE adapters also give same result.  The Linux DD-WRT boots fine 
using CF / IDE.

Googling did not find me anything of any help on this.

Anyone know anything about this, I suppose this is a BIOS incompatibility with 
FreeBSD and they are not going to work as I had hoped?

Kind regards
David Hingston

Re: [pfSense Support] WinSCP and Port 223 - SFTP

2008-08-02 Thread Tortise
Thanks Chris

Yes I had got that far thanks, it was more detailing the symptoms.  I'll check 
the WAN side access again, when I can, from a couple 
of locations, which are the ones of concern to me.  My recollection was that it 
did the same, will get back to you if I confirm 
this.

Kind regards
David

- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Sunday, August 03, 2008 1:12 PM
Subject: Re: [pfSense Support] WinSCP and Port 223 - SFTP


On Sat, Aug 2, 2008 at 9:06 PM, Tortise <[EMAIL PROTECTED]> wrote:
> Chris
>
> I am not sure what you are getting at, I think so. (how else?)
>

Meaning you're connecting to a port forward using the outside IP from
your LAN interface. NAT reflection is a kludge, I would suggest just
directly connecting, not relying on bouncing through the firewall.
It's probably caused by something to do with NAT reflection. 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] WinSCP and Port 223 - SFTP

2008-08-02 Thread Tortise
Chris

I am not sure what you are getting at, I think so. (how else?)

David

- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Sunday, August 03, 2008 12:43 PM
Subject: Re: [pfSense Support] WinSCP and Port 223 - SFTP


On Sat, Aug 2, 2008 at 7:15 PM, Tortise <[EMAIL PROTECTED]> wrote:
> Re: Any chance your rule is doing OS detection?
>
> Gosh I thought you were joking, however wise to first check the rule, bearing 
> in mind your responses are invariably well founded,
> sure enough the ability to limit the OS is there(!), however its set to 
> "any".   The rule is a standard TCP pass Port 223, nothing
> special otherwise.
>
> The connection is also made, just loses it again within seconds.  If one sets 
> up a file transfer before it disconnects the 
> transfer
> completes.

You relying on NAT reflection?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] WinSCP and Port 223 - SFTP

2008-08-02 Thread Tortise
Re: Any chance your rule is doing OS detection?

Gosh I thought you were joking, however wise to first check the rule, bearing 
in mind your responses are invariably well founded, 
sure enough the ability to limit the OS is there(!), however its set to "any".  
 The rule is a standard TCP pass Port 223, nothing 
special otherwise.

The connection is also made, just loses it again within seconds.  If one sets 
up a file transfer before it disconnects the transfer 
completes.

Kind regards
David Hingston



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] WinSCP and Port 223 - SFTP

2008-08-02 Thread Tortise
Thanks Bill

WAN side for me meant a Path of:

Client WinSCP ("WAN side") => Internet => pfSense / NAT => LAN Server

LAN side was indirect, however to me should still work and has done in the past

Client WinSCP on LAN  directed to pfSense WAN IP => NAT => LAN Server

Kind regards
David Hingston 


- Original Message - 
From: "Bill Marquette" <[EMAIL PROTECTED]>
To: 
Sent: Sunday, August 03, 2008 10:00 AM
Subject: Re: [pfSense Support] WinSCP and Port 223 - SFTP


On Sat, Aug 2, 2008 at 5:28 AM, Tortise <[EMAIL PROTECTED]> wrote:
> Hi
>
> When I run a connection thru pfSense (1.2 CF) almost immediately following
> successful connection WinSCP loses the connection with an "Server
> unexpectedly closed network connection" error message.  Happens with client
> LAN side and WAN side.

WAN side...as in, pfSense isn't in the path of the traffic anymore?
{Deleted}

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] WinSCP and Port 223 - SFTP

2008-08-02 Thread Tortise
Hi

When I run a connection thru pfSense (1.2 CF) almost immediately following 
successful connection WinSCP loses the connection with an "Server unexpectedly 
closed network connection" error message.  Happens with client LAN side and WAN 
side.  

Logs add little that I can see.  

Running the same directly over the LAN is exempt this problem.  

Trying "FTP RFC 959 data port violation workaround" makes no difference.

Does this make any sense to someone?  

Is pfSense causing this?

Kind regards
David Hingston

Re: [pfSense Support] alix (any verison) on a CF harddisk - full version ?

2008-07-24 Thread Tortise
re: I know there are a number of end users running full installs on CF and I 
haven't heard of any of them killing a CF either. 
Theoretically the card should die in less than a year

To me the card is not so likely as to die wholesale as it is to have sectors 
die here and there.  These deaths may be much less 
obvious, especially with most of the OS running in RAM.

How much disk handling of errors does FreeBSD cope with?

It seems to me it may be prudent to have some sort of automated CF scan should 
be done checking its memory spaces.  Should we CF 
users add a cron job for something to proactively pick up errors?

Kind regards
David Hingston

- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Friday, July 25, 2008 4:05 AM
Subject: Re: [pfSense Support] alix (any verison) on a CF harddisk - full 
version ?


On Thu, Jul 24, 2008 at 7:53 AM, Eugen Leitl <[EMAIL PROTECTED]> wrote:
> On Thu, Jul 24, 2008 at 09:31:29PM +1000, digger wrote:
>
>> The end result is I can confirm that the full version does happily run
>> on a CF card and ALIX board.
>
> If this is a consumer flash device mounted r/w probability of failure
> will go up considerably after half a year, or so.
>

This is technically correct, but we have several developers who run
full installs on run of the mill CF cards and have yet to kill a
single one. but I know of
installs running much longer than that with no problems. Just be aware
that this is a possibility.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] How to deal with this?

2008-07-05 Thread Tortise
What cable modems are these?  (Brand and model)
Why not use static IP's?
There is custom code on the list associated with pings failing, giving an 
opportunity to run some code
Kind regards
David Hingston 


- Original Message - 
From: "B. Cook" <[EMAIL PROTECTED]>
To: 
Sent: Friday, July 04, 2008 1:29 AM
Subject: [pfSense Support] How to deal with this?


Hello All,

I have a few PfSense boxes around connected to cable modems.

There have been quite a few storms in our area the past few days, and  
while UPSs have kept networking equipment alive and working, the cable  
companies modems have lost cable sync for a few hours.

The dhcp lease expired and left us with no remote ip.  After the cable  
came back up the pfsense boxes had no IP still.

Since the fxp0 interface attached to the cable never lost connectivity  
with the modem we had to send people out and issue commands (killall  
-9 dhclient && dhclient fxp0) and then all was well.

Short of rebooting the box, or having someone 'technical' on hand..

Is this an issue that anyone might want to think about?

thanks in advance.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] PPTP User Error 1.2 CF

2008-05-25 Thread Tortise
Maybe spoke too soon,
This is also logged following adding and taking away a new PPTP user:

May 25 20:23:24 last message repeated 2 times 
May 25 20:23:39 php: /sajax/index.sajax.php: [DEBUG] Lock recursion detected.

Kind regards
David Hingston 

> I got the following when adding a PPTP user:
>
> Fatal error: Cannot create references to/from string offsets nor overloaded
> objects in /etc/inc/xmlparse.inc on line 57
>
> It then reloaded a backup of the XML, and it seems the user was added, yet
> to be confirmed.
>
> Is this any help to know?

Is it something you can replicate?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] PPTP User Error 1.2 CF

2008-05-25 Thread Tortise
Mmmm
Haven't managed it so far, will keep an eye out for it.
Log entries appended, if that is any help?
Also is there a minimum no of characters for the password, a 5 digit one was 
input.
Kind regards
David Hingston

> I got the following when adding a PPTP user:
>
> Fatal error: Cannot create references to/from string offsets nor overloaded
> objects in /etc/inc/xmlparse.inc on line 57
>
> It then reloaded a backup of the XML, and it seems the user was added, yet
> to be confirmed.
>
> Is this any help to know?

Is it something you can replicate?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


May 22 21:07:42  mpd: [pt15] using interface ng16
May 22 21:07:42  mpd: [pt15] ppp node is "mpd14078-pt15"
May 22 21:07:42  mpd: [pt14] using interface ng15
May 22 21:07:42  mpd: [pt14] ppp node is "mpd14078-pt14"
May 22 21:07:42  mpd: [pt13] using interface ng14
May 22 21:07:42  mpd: [pt13] ppp node is "mpd14078-pt13"
May 22 21:07:42  mpd: [pt12] using interface ng13
May 22 21:07:42  mpd: [pt12] ppp node is "mpd14078-pt12"
May 22 21:07:42  mpd: [pt11] using interface ng12
May 22 21:07:42  mpd: [pt11] ppp node is "mpd14078-pt11"
May 22 21:07:42  mpd: [pt10] using interface ng11
May 22 21:07:42  mpd: [pt10] ppp node is "mpd14078-pt10"
May 22 21:07:42  mpd: [pt9] using interface ng10
May 22 21:07:42  mpd: [pt9] ppp node is "mpd14078-pt9"
May 22 21:07:42  mpd: [pt8] using interface ng9
May 22 21:07:42  mpd: [pt8] ppp node is "mpd14078-pt8"
May 22 21:07:42  mpd: [pt7] using interface ng8
May 22 21:07:42  mpd: [pt7] ppp node is "mpd14078-pt7"
May 22 21:07:42  mpd: [pt6] using interface ng7
May 22 21:07:42  mpd: [pt6] ppp node is "mpd14078-pt6"
May 22 21:07:42  mpd: [pt5] using interface ng6
May 22 21:07:42  mpd: [pt5] ppp node is "mpd14078-pt5"
May 22 21:07:42  mpd: [pt4] using interface ng5
May 22 21:07:42  mpd: [pt4] ppp node is "mpd14078-pt4"
May 22 21:07:42  mpd: [pt3] using interface ng4
May 22 21:07:42  mpd: [pt3] ppp node is "mpd14078-pt3"
May 22 21:07:42  mpd: [pt2] using interface ng3
May 22 21:07:42  mpd: [pt2] ppp node is "mpd14078-pt2"
May 22 21:07:42  mpd: [pt1] using interface ng2
May 22 21:07:42  mpd: [pt1] ppp node is "mpd14078-pt1"
May 22 21:07:41  mpd: [pt0] using interface ng1
May 22 21:07:41  mpd: mpd: local IP address for PPTP is 0.0.0.0
May 22 21:07:41  mpd: [pt0] ppp node is "mpd14078-pt0"
May 22 21:07:41  mpd: mpd: pid 14078, version 3.18 ([EMAIL PROTECTED] 12:32 
6-Jan-2008)
May 22 21:07:40  mpd: mpd: process 577 terminated
May 22 21:07:38  mpd: [pt15] IFACE: Close event
May 22 21:07:38  mpd: [pt15] IPCP: Down event
May 22 21:07:38  mpd: [pt14] IFACE: Close event
May 22 21:07:38  mpd: [pt14] IPCP: Down event
May 22 21:07:38  mpd: [pt13] IFACE: Close event
May 22 21:07:38  mpd: [pt13] IPCP: Down event
May 22 21:07:38  mpd: [pt12] IFACE: Close event
May 22 21:07:38  mpd: [pt12] IPCP: Down event
May 22 21:07:38  mpd: [pt11] IFACE: Close event
May 22 21:07:38  mpd: [pt11] IPCP: Down event
May 22 21:07:38  mpd: [pt10] IFACE: Close event
May 22 21:07:38  mpd: [pt10] IPCP: Down event
May 22 21:07:38  mpd: [pt9] IFACE: Close event
May 22 21:07:38  mpd: [pt9] IPCP: Down event
May 22 21:07:38  mpd: [pt8] IFACE: Close event
May 22 21:07:38  mpd: [pt8] IPCP: Down event
May 22 21:07:38  mpd: [pt7] IFACE: Close event
May 22 21:07:38  mpd: [pt7] IPCP: Down event
May 22 21:07:38  mpd: [pt6] IFACE: Close event
May 22 21:07:38  mpd: [pt6] IPCP: Down event
May 22 21:07:38  mpd: [pt5] IFACE: Close event
May 22 21:07:38  mpd: [pt5] IPCP: Down event
May 22 21:07:38  mpd: [pt4] IFACE: Close event
May 22 21:07:38  mpd: [pt4] IPCP: Down event
May 22 21:07:38  mpd: [pt3] IFACE: Close event
May 22 21:07:38  mpd: [pt3] IPCP: Down event
May 22 21:07:38  mpd: [pt2] IFACE: Close event
May 22 21:07:38  mpd: [pt2] IPCP: Down event
May 22 21:07:38  mpd: [pt1] IFACE: Close event
May 22 21:07:38  mpd: [pt1] IPCP: Down event
May 22 21:07:38  mpd: [pt0] IFACE: Close event
May 22 21:07:38  mpd: [pt0] IPCP: Down event
May 22 21:07:38  mpd: mpd: caught fatal signal term
May 22 21:05:17  php: /sajax/index.sajax.php: New alert found: pfSense is 
restoring the configuration 
/conf/backup/config-1209343754.xml
May 22 21:05:17  php: /sajax/index.sajax.php: pfSense is restoring the 
configuration /conf/backup/config-1209343754.xml
May 22 21:05:14  php: /sajax/index.sajax.php: New alert found: No config.xml 
found, attempting last known config restore.
May 22 21:05:14  php: /sajax/index.sajax.php: No config.xml found, attempting 
last known config restore. 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] PPTP User Error 1.2 CF

2008-05-22 Thread Tortise
Hi

I got the following when adding a PPTP user:

Fatal error: Cannot create references to/from string offsets nor overloaded 
objects in /etc/inc/xmlparse.inc on line 57

It then reloaded a backup of the XML, and it seems the user was added, yet to 
be confirmed.

Is this any help to know?

Kind regards
David Hingston

Re: [pfSense Support] PFsense wan hangs up after 10min

2008-05-20 Thread Tortise
When down, what happens if you successively issue following commands from 
{ipaddress}/exec.php

ifconfig em0 down
ifconfig em0 up

where em0 is your WAN NIC assignment

Kind regards
David Hingston 

- Original Message - 
From: "Arvydas Brazenas" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, May 20, 2008 6:48 PM
Subject: Re: [pfSense Support] PFsense wan hangs up after 10min


Hi,

1) Static 77.xxx.xxx.74 /30
2) nothing logs
3) UP, everything is fine
4) Intel both (lan and wan)

Everything is working working... and boom suddenly internet is down, wan 
interface is working. Cant ping from it anything. There are no errors...
(dns 192 internal. could it be of this? i guess not, but who knows maybe 
somehow...)

Sincerely,
Arvydas

- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Monday, May 19, 2008 9:10 PM
Subject: Re: [pfSense Support] PFsense wan hangs up after 10min


> Arvydas Brazenas wrote:
>> 1.2 stable.
>> isp bridge= (comtrend shdsl router working as bridge)
>>  |lanport---router(now=smc router, future=pfsense)
>> isdnbridge |lanport
>> |lanport
>> 
>
> Still not enough info to provide any useful suggestions.
>
> 1) What is your WAN config?  Static, DHCP, PPPoE?
> 2) Anything in the system log at time of failure?
> 3) What does Status -> Interfaces show when it fails and is that different 
> from what it shows before it fails?
> 4) Hardware details (type of NICs primarily of interest)
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] PFsense wan hangs up after 10min

2008-05-19 Thread Tortise
Yes, which version are you running?  What is the "ISP Bridge" exactly?
Kind regards
David Hingston 
  - Original Message - 
  From: Arvydas Brazenas 
  To: support@pfsense.com 
  Sent: Monday, May 19, 2008 7:46 PM
  Subject: [pfSense Support] PFsense wan hangs up after 10min



  Hi,

  ISP bridge  pfsense(router) switch.pc.pc.pc..

  Nothing extraordinary i guess... 
  After 10min of work i cant ping anything from wan interface. 
  Has anyone had similiar problem?

  Sincerely,
  Arvydas

Re: [pfSense Support] setting time

2008-05-14 Thread Tortise
Not sure if this is resolved, I was reminded today of the BIOS reports of the 
system status - especially the voltages, a failing 
power supply might also cause this problem, check the voltages from the boot 
BIOS.
Do let us know the outcome.
Kind regards
David Hingston

- Original Message - 
From: "Vivek Khera" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, May 13, 2008 2:47 AM
Subject: Re: [pfSense Support] setting time



You likely have faulty hardware.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Re: SOLVED [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2008-05-12 Thread Tortise
Dear List and especially pfSense maintainers, Bill, Chris, Scott et al.

I upgraded to 1.2 over a month ago.

The above issue (and the earlier "pfSense hanging...") have not recurred since 
the upgrade.

I was not aware of a particular fix that might have addressed this, however 
looking around it is clear zillions of code changes are noted, it seems very 
likely the issue was addressed.  (since 1.2 RC2 clearly exhibited the problem)

Another possibility is the ISP made a change that eliminated the issue.

I feel the former is more likely an explanation.  I suppose if I was keen I 
could put back in the old CF card with the previous 1.2 RC2 installation and I 
guess that might prove it either way.  If that would help someone do let me 
know.

I also note PPTP seems to connect much faster and reliably.

It gives me great pleasure to express my gratitude to the people involved.  Now 
that I have learned my away around it, (at a certain level that is!) I think 
pfSense is pretty cool.

Kindest regards
David Hingston

Re: [pfSense Support] setting time

2008-05-10 Thread Tortise
Dean, have you checked the motherboard battery?  (I think in theory this should 
only be relevant on powering off, but I wouldn't be 
sure in practice)
Kind regards
David Hingston





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] boot usb wothout bios support

2008-05-06 Thread Tortise
The older FreeBSD installations had a floppy boot disc, whether this could be 
adapted I have wondered?
Kind regards
David Hingston 

- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, May 07, 2008 1:45 PM
Subject: Re: [pfSense Support] boot usb wothout bios support


On Tue, May 6, 2008 at 9:26 PM, Tortise <[EMAIL PROTECTED]> wrote:
>
> It seems to me that a floppy could boot, load a USB driver and hand over to
> the USB device on these old machines?  Any reason not?  (Floppy disk
> required!)
>

I was thinking of that - I seem to recall some kind of boot loader
that can load from a floppy or CD and then boot from a USB device.
Don't remember any details whatsoever, and I might be dreaming that up
but I'm pretty sure I've seen it at some point. Not helpful at all,
but it's worth Googling for someone that's interested.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] boot usb wothout bios support

2008-05-06 Thread Tortise
Re: If BIOS does not support booting from USB then no operating system can help 
because the BIOS is the first intelligence to the processor which directs the 
computer to devices.

A Compact flash with IDE interface works very well.

It seems to me that a floppy could boot, load a USB driver and hand over to the 
USB device on these old machines?  Any reason not?  (Floppy disk required!)

Kind regards
David Hingston 



Re: [pfSense Support] [DEBUG] Lock recursion detected

2008-04-23 Thread Tortise
As always thank you again Bill

Now I think the penny has dropped and I now understand that message "Not 
installing nat reflection rules for a port range >500"

The default Trixbox incoming audio port range is closer to 10001 to 2, I've 
cut mine down!  

One of the main reasons for using pfSense here is the NAT reflection works.  

To my knowledge there is, however, no need for NAT reflection to work on the 
incoming VOIP ports? 

Perhaps others know otherwise?

Kind regards
David Hingston 

- Original Message - 
From: "Bill Marquette" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, April 24, 2008 12:00 PM
Subject: Re: [pfSense Support] [DEBUG] Lock recursion detected


On Wed, Apr 23, 2008 at 6:31 PM, Tortise <[EMAIL PROTECTED]> wrote:
>
>
> Hi
>
> I have been testing NAT with UDP and a port range of  10001 - 16383.   This
> is on 1.2 final, embedded on i386.

You might want to disable NAT reflection (System->Advanced if my
memory serves) if you need to redirect that large of a range.  Of
course, you'll need to have a properly architected split-DNS to
achieve this :)

> OK revert to original wide range the following is logged:
> Apr 24 11:20:02  php: : Not installing nat reflection rules for a port range
> > 500
> Apr 24 11:19:53  login: login on console as root
> Apr 24 11:19:51  php: /ifstats.php: [DEBUG] Lock recursion detected.
>
> Seems the DEBUG message is a bug that you might wish to know about?

Thanks, not sure, but we'll look into it.

> Of course I can enter 13 NAT blocks of ~ 500 ports each to achieve the
> required range of 6382 ports, is that intended by design in these days of
> VOIP?

Not sure - all VOIP I've done the connections are all outbound from my
network to the phone system.  I wouldn't have expected such a large
range to be forwarded inbound.  Maybe someone with more VOIP
experience can comment.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] [DEBUG] Lock recursion detected

2008-04-23 Thread Tortise
Hi 

I have been testing NAT with UDP and a port range of  10001 - 16383.   This is 
on 1.2 final, embedded on i386.

When loading the log reports:
Not installing nat reflection rules for a port range > 500

When I change the range to 500 ( 10001 - 10500) the report (not surprisingly) 
disappears, but VOIP does not work properly either it seems.

OK revert to original wide range the following is logged:
Apr 24 11:20:02  php: : Not installing nat reflection rules for a port range > 
500
Apr 24 11:19:53  login: login on console as root
Apr 24 11:19:51  php: /ifstats.php: [DEBUG] Lock recursion detected.

Seems the DEBUG message is a bug that you might wish to know about?  

Of course I can enter 13 NAT blocks of ~ 500 ports each to achieve the required 
range of 6382 ports, is that intended by design in these days of VOIP?

Kind regards
David Hingston

Re: [pfSense Support] check_reload_status.log

2008-04-16 Thread Tortise
What is check_reload_status intended to do and achieve?
Why does it get triggered? (Frequently as it does in one of my boxes)
Kind regards
David Hingston 



Florian,

The larger question is why you haven't upgraded to 1.2-RELEASE since its 
been out for several months now?

-Gary
@pfsense.com

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] PPPoE gets disconnected on WAN port

2008-04-16 Thread Tortise
Also what are you guys respective NIC's brand, model and chip?
Kind regards
David Hingston 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] PPPoE gets disconnected on WAN port

2008-04-16 Thread Tortise
Olivier

Have you tried successively issuing the commands 

ifconfig em0 down
ifconfig em0 up

from http://[LANIP]/exec.php where em0 is your WAN interface

Give that a try and see what happens and do let us know please.

Kind regards
David Hingston 

- Original Message - 
From: "Olivier Mueller" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, April 17, 2008 1:46 AM
Subject: Re: [pfSense Support] PPPoE gets disconnected on WAN port


Hello... 

Since the situation has not improved, I'm re-posting this :-(   
If you have any idea what I could/should try, it would be very nice... 
At the moment I have about 3-4 disconnects per day, and according to the
ISP everything is fine (line, etc.) 

thanks & regards,
Olivier


On Mon, 2008-04-07 at 11:46 +0200, Olivier Mueller wrote:
> On Tue, 2008-04-01 at 09:14 +0200, Olivier Mueller wrote:
> > On Tue, 2008-04-01 at 08:46 +0200, Olivier Mueller wrote:
> > > pfSense Version: 1.2-Release. Still looking for a solution too... :)  
> > > Activated syslog to a remote pc to be able to debug this problem if 
> > > it occurs again today.
> > 
> > Et voila, it just happened again:
> 
> And about 2-3 times this weekend and 2 times this morning...
> 
> Apr  7 09:20:28 gw mpd: [pppoe] PPPoE connection closed
> Apr  7 09:20:28 gw mpd: [pppoe] device: DOWN event in state UP
> Apr  7 09:20:28 gw mpd: [pppoe] device is now in state DOWN
> Apr  7 09:20:28 gw mpd: [pppoe] link: DOWN event
> Apr  7 09:20:28 gw mpd: [pppoe] LCP: Down event
> Apr  7 09:20:28 gw mpd: [pppoe] LCP: state change Opened --> Starting
> Apr  7 09:20:28 gw mpd: [pppoe] LCP: phase shift NETWORK --> DEAD
> Apr  7 09:20:28 gw mpd: [pppoe] setting interface ng0 MTU to 1500 bytes
> Apr  7 09:20:28 gw mpd: [pppoe] up: 0 links, total bandwidth 9600 bps
> Apr  7 09:20:28 gw mpd: [pppoe] IPCP: Down event
> Apr  7 09:20:28 gw mpd: [pppoe] IPCP: state change Opened --> Starting
> Apr  7 09:20:28 gw mpd: [pppoe] IPCP: LayerDown
> Apr  7 09:20:28 gw mpd: [pppoe] IFACE: Down event
> 
> According to the Zyxel VDSL router, the dsl link was always up...  Is
> there any way to debug that a bit deeper?  Without the pfsense box it
> worked fine, without pppoE disconnects, so I guess it's pfsense-related.
> 
> thanks & regards,
> Olivier
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] kernel: arp: unknown hardware address format (0x0000)

2008-04-12 Thread Tortise
Hi

I am trying to track down the source of these relatively frequently logged 
events.  

I also note other formats: (0x4500) (0x6fe7) and (0xdd1f)

Can I syslog the packets from pfSense, it seems I can only syslog logged 
messages?

Is there a better way to proceed than bulk tcpdumping the interface traffic 
looking for this unpredictable data?

Can anyone explain what this is or give me some direction to proceed please?

Kind regards
David Hingston 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] System Time

2008-04-10 Thread Tortise
Hey I know the answer to this one!
Go to Command menu under Diagnostics and type date, bingo!
http://[pfsenseIP]/status.php also gives it!
Kewl eh!
Kind regards
David Hingston 


- Original Message - 
From: "Paul M" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, April 10, 2008 9:33 PM
Subject: Re: [pfSense Support] System Time


Curtis LaMasters wrote:
> status.php probably has it somewhere.  If not you could issue a command
> via the GUI in the diagnostic menu.

it does.  it would probably be useful to have the system time on the
index.php system summary page?

how would you browse to status.php, there doesn't seem to be a link to
it on from the menus?


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Cable with Load Balancing Failover to ADSL

2007-11-12 Thread Tortise

Hi

I am looking at implementing the subject.  As some list members may know I 
have to ping the ISP to catch occasional loss of connectivity between the 
NIC and the Modem, and issue successive ifconfig down; ifconfig up commands. 
This is working well, however the cable connection also goes down for ISP 
networks issues, being "out of balance", upgraded etc etc.  I'd like to fix 
this too!


If I have ADSL failover it seems to me this cable-NIC rescue as I have 
configured it will no longer work, as the ping will presumably continue to 
work through the ADSL modem and not trigger the fix.


As I read the failover it depends on pinging the appropriate external 
reference ("Monitor IP") for each WAN interface to trigger the failover.  Is 
there some way of adding my fix into this code?  (Where is it!)  Any other 
comments / suggestions?


Kind regards
David 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] Custom startup scripts

2007-10-26 Thread Tortise
Can this be done via the xml to be truly portable?

Kind regards David 

- Original Message - 
From: "Joe Laffey" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, October 25, 2007 7:35 AM
Subject: Re: [pfSense Support] Custom startup scripts


On Wed, 24 Oct 2007, Scott Ullrich wrote:

> On 10/24/07, Joe Laffey <[EMAIL PROTECTED]> wrote:
>> Where is a safe place to put custom startup script that can be run at boot
>> time, and will not be wiped by future updates to pfsense?
>
> Create a script in /usr/local/etc/rc.d/
>
> Example:
>
> /usr/local/etc/rc.d/startup.sh
>
> Be sure the script is a+x and that it ends in .sh to run.

I shall give it a shot.

Thanks!

--
Joe Laffey|   Visual Effects for Film and Video
LAFFEY Computer Imaging   | -
St. Louis, MO |   Show Reel http://LAFFEY.tv/?e07514
USA   | -
. |-*- Digital Fusion Plugins -*-
--
Mail here will be rejected --> "Real Trap" <[EMAIL PROTECTED]>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN

2007-10-12 Thread Tortise
Thanks Bill and Espen
How can I find out what changes were made to fix this please?  (I am interested 
to know particularly at what level the fault 
existed, e.g. down in FreeBSD, Code common to monowall and pfSense, or just 
pfSense.)
Kind regards
David

- Original Message - 
From: "Bill Marquette" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, October 13, 2007 2:10 AM
Subject: Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN


On 10/12/07, Tortise <[EMAIL PROTECTED]> wrote:
> I am sorry for the usual question, where does one get 1.2RC-3 please?!
> Kind regards David

It's not yet released, but can be found on the snapshot server in the
location Espen pointed you at.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN

2007-10-12 Thread Tortise
I am sorry for the usual question, where does one get 1.2RC-3 please?!
Kind regards David

- Original Message - 
From: "Jan Hoevers" <[EMAIL PROTECTED]>
To: 
Sent: Friday, October 12, 2007 1:50 PM
Subject: Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN


Chris Buechler wrote on 26-9-2007 2:02:
> Definitely sounds like a bug. I opened a ticket. If you can, please hang 
> on with 1.2rc2 for the time being. None of the developers have a PPTP 
> WAN, so we'll need somebody to test the change with that specific setup.

hi Chris,

Perfect, the issue is fixed!

As you requested off list I've installed the embedded platform image 
labelled "1.2-RC3 built on Thu Oct 11 17:09:49 EDT 2007" and created 
some ethernet hotplug events as a test. Of course I still find them in 
the logs (check_reload_status: rc.linkup starting, etc.) but mpd doesn't 
get killed anymore and the PPTP-WAN link remains up.

I'm quite happy with this result, and with your fast reaction.

thanks a lot,
Jan Hoevers

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] Asterisk and PfSense

2007-10-10 Thread Tortise
Ugo
Which ports are you NATting?
Which ports are setup for RTP in asterisk?
Kind regards 
David

- Original Message - 
From: "Ugo Bellavance" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, October 10, 2007 6:28 PM
Subject: [pfSense Support] Asterisk and PfSense


Hi,

I have an asterisk server that is working mostly with SIP clients 
behind NAT.  I'd like to put this asterisk server behind the PfSense to 
benefit from QoS and added security, packages, etc.  However, I just 
tested and I can't make it work with more than 2 clients at the time 
(using 1-to-1 NAT).  I've tried disabling static port.  I've also tried 
to also disable scrubbing.  I've tried setting the firewall setting to 
'conservative'.  The problem I'm getting is that once a second SIP 
client registers, it kind of kicks out the first one and so on.

I've tried it without NAT, but I didn't really know how to do it, so I 
just gave the linux (asterisk) server the public IP address I wanted and 
made appropriate firewall rules.  I couldn't connect using ssh, so I 
stopped fiddling around and wrote this message.

What is recommended in my situation?

Regards,

Ugo Bellavance


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-10-05 Thread Tortise
Volker

re Who else would find a cron script useful which checks the connection
regularly and takes remedial action (e.g. ifconfig down/up) when
necessary?

See my earlier post where I have detailed one and Chris has pointed out to 
preserve the cron settings in the xml.

Perhaps you can suggest how to automatically pull through the WAN interface 
name, programmatically, to fully automate it for all?

I agree it does seem a bit of a conundrum, the kernel may be to blame, however 
the fault also exists in monowall's FreeBSD.

Kind regards
David Hingston.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] Saving Cron Tab /etc/crontab onto CF cards to maintain changes following rebooting

2007-10-03 Thread Tortise
I have done, thanks Chris.

It will be interesting to see what Marco's problem is.

I also wondered if the thread
[pfSense Support] hotplug event on LAN triggers problem on PPTP WAN

was related to the same problem I was having. Of course it continues, but the 
fault is now rapidly self fixed with the cron tab / 
ping file I wrote.

Btw is there a variable for the LAN and WAN interfaces?  ?#WAN

Kind regards
David Hingston

- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, October 04, 2007 4:46 AM
Subject: Re: [pfSense Support] Saving Cron Tab /etc/crontab onto CF cards to 
maintain changes following rebooting


Tortise wrote:
> Hi
>
> I have found that rebooting seems to restore the crontab file back to
> the default value.
>
> How can we commit changes of /etc/crontab to CF?

Put the entries into config.xml.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] Loosing connectivity

2007-10-03 Thread Tortise
Sorry, you did state the modem!

Kind regards
David Hingston 

- Original Message - 
  From: Marco Bianchi 
  To: support@pfsense.com 
  Sent: Tuesday, October 02, 2007 7:42 AM
  Subject: [pfSense Support] Loosing connectivity


  Hi,

  I've just installed pfSense 1.02RC2 to run the network in my house. It is in 
testing now...

  pfSense runs on an HP P4 2.0ghz with 256MB or RAM using an Adaptec 4 10/100 
NIC card. Internet connection is done through a DLINK DSL302 ADSL2 Etherne 
Modem connected via a crossover cable to the RED Interface. 



Re: [pfSense Support] Loosing connectivity

2007-10-03 Thread Tortise
Interesting Marco

Look into the thread I started
[pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel 
Pro/1000GT NICs with 370M RAM

Let us know if that solves it.  BTW what is your ADSL modem model and brand, 
for the record?

Kind regards
David Hingston 


- Original Message - 
  From: Marco Bianchi 
  To: support@pfsense.com 
  Sent: Tuesday, October 02, 2007 7:42 AM
  Subject: [pfSense Support] Loosing connectivity


  Hi,

  I've just installed pfSense 1.02RC2 to run the network in my house. It is in 
testing now...

  pfSense runs on an HP P4 2.0ghz with 256MB or RAM using an Adaptec 4 10/100 
NIC card. Internet connection is done through a DLINK DSL302 ADSL2 Etherne 
Modem connected via a crossover cable to the RED Interface. 

  As now, just two interfaces are active, the GREEN and the RED.

  Everything is running fine, the modem stays connected but, every now and 
then, I cannot connect the internet from the GREEN interface.

  The modem is OK, the ADSL COnnection is OK. The only thing the solve the 
problem is to restart the pfSense "server" 

  pfSense configuration is standard, no packages loaded, and no changes from 
the default wizard.

  Any idea on where I've to look to understand where the problem is?

  Or, better, do you know why this is happening? 

  The Carrier is TelecomItalia with the Alice ADSL 4Mb offer.

  Thanks for who will provide support.

  MB


[pfSense Support] Saving Cron Tab /etc/crontab onto CF cards to maintain changes following rebooting

2007-10-03 Thread Tortise
Hi

I have found that rebooting seems to restore the crontab file back to the 
default value.

How can we commit changes of /etc/crontab to CF?

Kind regards
David Hingston

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

2007-09-03 Thread Tortise
Sean

I guess you saw we've gone down that road, the cards I am currently using are 
in the subject line and would seem to be of the type you advocate, however 
perhaps you were inquiring the NIC types used by Lance?  Are you also behind a 
Motorola SB 51xx cable modem?  

The fix I posted has now proven to perform the necessary rescue several times.  
It is such a refreshing change to be off site running a terminal session, to be 
cut out, and to know it will come back within a minute!  (Assuming the issue is 
the one that is the subject of this thread!)  Its not perfect but it is a 
significant advance!

If I knew how to reference and extract the WAN driver type (e.g. em0) I could 
have the script fully cross machine, so it might then be considered for the 
image. So I don't have to add it in manually with every upgrade!  Even if it is 
there so that the appropriate CRON line would only remain to be added or 
commented in.

Kind regards
David Hingston 

- Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Tuesday, September 04, 2007 8:11 AM
  Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M RAM


  considering smoothwall is based on linux whereas pfSense is based on FreeBSD, 
I lean towards it being a driver issue with your setup. using cheapo cards like 
the linksys or Netgear ones can cause this. try and get a higher level card 
like a 3com 3c905c or intel card. I personally run the gigabit Netgear card 
with hardware offloading internally and a 3com WAN side and it runs with zero 
issue.

  -Sean
- Original Message - 
From: Lance Peterson 
To: support@pfsense.com 
Sent: Monday, September 03, 2007 2:28 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M RAM


I'm a home user with a cable modem connected to a small firewall computer 
built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense 
installed.  I started experiencing connection problems with computers attached 
to this small network within 24 hours.  I reloaded, reconfigured, started and 
stopped services, etc. and nothing permanently fixed my connection issues.  
Then I formatted and installed Smoothwall Express using all the same hardware 
-- problem solved -- no more lost connections.   Definately seems like a 
PFSense problem, in my opinion. 

Sorry if this is a little off topic or already discussed, I just scanned 
though these replies and wanted to post my experience with lost connections.

 
On 9/3/07, Bill Marquette <[EMAIL PROTECTED]> wrote: 
      On 9/2/07, Tortise <[EMAIL PROTECTED]> wrote:
  > Thanks Bill
  >
  > They are static IP's, so I assume (you may know better?) DHCP lease 
times are (or should be?) irrelevant.
  >
  > Not sure if this what you mean but this might answer?

  No worries, if it's static assigned and not a dhcp static assignment 
  then you won't have the files I was looking for.  Honestly not sure
  what else to look at here.  This doesn't appear to be due to traffic
  inactivity.  I'm not sure how any other system would work any better 
  :-/

  --Bill

  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]





Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

2007-09-02 Thread Tortise
Thanks Bill

They are static IP's, so I assume (you may know better?) DHCP lease times are 
(or should be?) irrelevant.

Not sure if this what you mean but this might answer?

$ ls /var/db/
entropy
ipsecpinghosts
pingmsstatus
pingstatus
pkg
rrd

Kind regards 
David Hingston 

- Original Message - 
From: "Bill Marquette" <[EMAIL PROTECTED]>
To: 
Sent: Monday, September 03, 2007 3:58 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M RAM


On 9/2/07, tester <[EMAIL PROTECTED]> wrote:
> Few ISPs (especially home users offers) reset their
> connection every 24h. I don't live in New Zealand, so
> I don't know Telstraclear Network, but are you really
> sure is it an equipment issue or a line problem (e.g.
> interferences, etc...)?
> If you can, try another cable modem.

I think you missed the first half dozen messages in this thread.  The
cable modem has been replaced (and others on Telstraclear have had the
same issue apparently).  Most likely it's some wierd dhcp lease
expiration or MAC expiration.  Although, unlikely to be MAC expiration
if the icmp polling isn't keeping the mac tables fresh.

This is DHCP right?  Check out /var/db/dhclient.leases.*
lease {
  interface "sis0";
  fixed-address 24.1.x.x;
  option subnet-mask 255.255.254.0;
  option routers 24.1.66.1;
  option domain-name-servers 68.87.72.130,68.87.77.130;
  option host-name "topell";
  option domain-name "hsd1.il.comcast.net.";
  option broadcast-address 255.255.255.255;
  option dhcp-lease-time 345600;
  option dhcp-message-type 5;
  option dhcp-server-identifier 68.87.72.44;
  renew 2 2007/9/4 06:43:38;
  rebind 3 2007/9/5 18:43:38;
  expire 4 2007/9/6 06:43:38;
}

It'd be interesting to see what the lease times are.

--Bill

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

2007-09-01 Thread Tortise
I was not surprised that the Motorola 5100 cable modem on the Telstraclear 
Network in New Zealand also lost connectivity within the 
first 24 hours of operation. For pfSense the 5100 seems no more compatible than 
the 5101.  Given there seem to be no reports of 
people having problems on other networks with these modems, what is it about 
the Telstraclear cable network?
Kind regards
David Hingston 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

2007-08-31 Thread Tortise
I think we may have got this fixed, (all be it as a Kludge?)

Essentially the fix is to ping the static IP's first hop, if this is down then 
flick the WAN NIC state down and up, this restores 
the lost connection where the motorola 5101 has stopped sending packets 
(presumably for some incompatibility reason)  The motorola 
5101 has today been replaced with a 5100, the ISP tell me most commercial lines 
are running the 5100 as they say it is more router 
compatible than the newer 5101.  I'll advise if the 5100 exhibits the same 
behaviour(!) however if it does the following should 
address it within a minute.  If you are copying it be sure to copy it exactly 
as spaces in the wrong place stuff it upetc!!

For both the lists and my record it is done by:

=> in /etc/crontab add
*/1 * * * * root /usr/bin/pinger.sh

=> from edit.php create / write into new file /usr/bin/pinger.sh
#!/bin/sh

ping -c1 Insert_1st_Gateway_Hop_Here_commonly_Static_IP_a.b.c.1
if [ $? -eq 2 ]; then
ifconfig em0 down
ifconfig em0 up
echo 'Gateway Down'
else
echo 'Gateway Up'
fi

=> from exec.php run chmod u+x /usr/bin/pinger.sh

=> from exec.php run ls -l /usr/bin/pinger.sh
and check there is an x in the file permissions (for executable)

It will have run when you see a log series of commands starting with
Sep 1 11:32:13 kernel: em0: link state changed to UP
Sep 1 11:32:11 kernel: em0: link state changed to DOWN

The only problem I see with this approach is that whenever the Internet is down 
for whatever reason the WAN interface is going to be 
disconnected and reconnected every minute, as well as filling the logs with 
this info, but that seems only of concern from the 
perspective of filling the log with rubbish.  I might tinker with it to send me 
an email to advise me when the code has also run .

Whilst we could have changed to a different router (non freebsd) I really like 
the pfsense and its monowall heritage, and wanted to 
give back something by solving this problem in some sort of gratitude and small 
contribution, I hope this helps someone and goes in 
some small way to contribute to what is a great piece of software - and the 
leaders and community behind it.

Thanks to Vivek, Sean, Bill, Raj, Paul and others also!

Kind regards
David Hingston 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

2007-08-29 Thread Tortise
Dear List

Until we find a permanent solution it seems I may be able to do a temporary fix.

Firstly I note that during a download I can run

ifconfig em0 down; ifconfig em0 up

without apparently interrupting the download!  This fixes the problem - until 
it occurs again.  Looking around (using Google and 
Diagnostics: Edit File ) it seems I may be able to edit this file /etc/crontab 
thus:

{start}
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hourmdaymonth   wdaywho  command
#
#
# pfSense specific crontab entries
# Created: August 26, 2007, 7:50 am
#

0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 * 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 
sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 
virusprot
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
*/5 * * * * root /usr/local/bin/checkreload.sh
*/5 * * * * root /etc/ping_hosts.sh
*/300 * * * * root /usr/local/sbin/reset_slbd.sh

#DH Addition Start
# Hopefully his will run every minunte
#ping returns 1 when successful
#run ping to the first hop gateway (a.b.c.1) , if it fails run the fix...
*/1 * * * * root if (ping -c1 a.b.c.1 != 1) then ifconfig em0 down; ifconfig 
em0 up endif
#DH Addition End

#
# If possible do not add items to this file manually.
# If you do so, this file must be terminated with a blank line (e.g. new line)
#

{end}

Is this correct syntax?  Can I just paste it into the window and save it?  
Anything else needed?

The immediate goal here is to be able to continue remote terminal sessions and 
keep the site up!  (Or be able to log back in within 
a minute, instead of having to wait maybe hours until someone is on site to fix 
it...)

Any guidance would be greatly appreciated.

Kind regards
David Hingston 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

2007-08-29 Thread Tortise
Thank you Paul

We are awaiting the ISP replacing the cable modem.

I think your suggestion is interesting but probably not the explanation in our 
case.

A number of people have tried multiple NIC's on different hardware (myself 
included) and still experienced the same problem.

If the replaced modem does not fix the problem I will however try anything!

Kind regards
David Hingston

- Original Message - 
From: "Paul M" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, August 28, 2007 10:28 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M RAM


Tortise wrote:
>>> Buy hardware that's not faulty.  pfsense is *way* more robust than what it 
>>> seems to be for you.  what network interfaces do you
>>> have?   if other than broadcom or Intel, switch to Intel.
>
> In frustration I have purchased 2 new Intel Pro/1000GT NIC's.  They have 
> lasted almost 48 hours before the internal disconnection
> between the LAN and WAN recurred yet again. The state table is reported 
> as having showed 56 entries on index.php. Fixed by
> rebooting.  Nothing else.  (Cheaper cards have lasted longer!)

we had a lot of problems with linux drivers and the intel giga nics
onboard our tyans; we turned off power management in the intel's eeprom.
maybe the same problem affects freebsd?

the script to fix it is here:
http://e1000.sourceforge.net/wiki/index.php/Issues#82573.28V.2FL.2FE.29_TX_Unit_Hang_messages

to use this fix on our pfsense box, I booted a linux rescue disk (suse
10.2 cd 1 as it happened) and downloaded and ran the script mentioned here:

this might or might not help... good luck!


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-27 Thread Tortise
Vivek

Interesting.

That restores the connection.  (I initially did it on the LAN, but reconnected 
the LAN and did the same with the WAN, as soon as "ifconfig XXX up" was run it 
was up again.)

What does that tell us?

For the record I am now running RC2 on two sites, the other remains stable (as 
it has been for years...) curiously it is on a different ISP and ~50M wireless 
tunnel.

Kind regards
David Hingston 


- Original Message - 
  From: Vivek Khera 
  To: support@pfsense.com 
  Sent: Saturday, August 25, 2007 7:22 AM
  Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M




  On Aug 23, 2007, at 3:15 PM, Tortise wrote:


Why would rebooting pfsense fix that?  Perhaps cause the modem to 
re-negotiate its connection?  Cause the ISP end to wake up?




  what if you just force pfsense to bring down and back up your WAN port?


  ifconfig XXX down; ifconfig XXX up


  where XXX is your wan ethernet device name, such as em1 or fxp1.



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-23 Thread Tortise
Dear List

Initial analysis of Non ARP traffic shows packets presumably going both ways 
from and to my static IP.  Suddenly the "to my static IP" packets just stop.

The From packets continue, suggesting to me pfsense remains functional and a 
block is occurring at the modem, as if it has lost the plot.  

Why would rebooting pfsense fix that?  Perhaps cause the modem to re-negotiate 
its connection?  Cause the ISP end to wake up?

Why would rebooting the modem on its own not fix it?

Does this help at all?

Kind regards
David Hingston 

- Original Message - 
  From: Tortise 
  To: support@pfsense.com 
  Sent: Wednesday, August 22, 2007 11:34 PM
  Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M


  Thanks Vivek

  This hub was placed between the cable modem and the WAN for data capture 
purposes only, prior was just a direct patch cable connection, no apparent need 
for a switch/hub intermediary as the Motorola seems to accept direct and 
crossover cables, at least I have not tried a cross over cableseemed no 
need, as (I assumed) either it will work completely or not at all...at that 
level...but any assumption is dangerous I guess...  I also expected a direct 
link took away one potential source of problems.

  Since my last post it has now misbehaved, with the hub in place, I have 
caught it all into a 1G (!) file, however I need to figure out how to split it 
up to inspect now   At least it won't all load up into wireshark, even with 
4G of RAM It crashes when the RAM is consumed - at about halfway through 
the file!  When I have some more time I'll see if it will load up without the 
ARP data.

  I am hoping the times coincide well enough, I know the stop and reboot 
times

  Interestingly it commonly occurs when a remote terminal session is running, 
but not always.

  Kind regards
  David Hingston 

  - Original Message - 
From: Vivek Khera 
To: support@pfsense.com 
Sent: Wednesday, August 22, 2007 10:30 AM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M




On Aug 21, 2007, at 7:31 AM, Tortise wrote:


  I am running wireshark - however the connection has yet to misbehave 
whilst doing so.  (Now I know why I kept those old 100M hubs!) 




Well, perhaps your switch and your NIC don't agree with each other?  I've 
had that problem before...



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-22 Thread Tortise
Thanks Vivek

This hub was placed between the cable modem and the WAN for data capture 
purposes only, prior was just a direct patch cable connection, no apparent need 
for a switch/hub intermediary as the Motorola seems to accept direct and 
crossover cables, at least I have not tried a cross over cableseemed no 
need, as (I assumed) either it will work completely or not at all...at that 
level...but any assumption is dangerous I guess...  I also expected a direct 
link took away one potential source of problems.

Since my last post it has now misbehaved, with the hub in place, I have caught 
it all into a 1G (!) file, however I need to figure out how to split it up to 
inspect now   At least it won't all load up into wireshark, even with 4G of 
RAM It crashes when the RAM is consumed - at about halfway through the 
file!  When I have some more time I'll see if it will load up without the ARP 
data.

I am hoping the times coincide well enough, I know the stop and reboot times

Interestingly it commonly occurs when a remote terminal session is running, but 
not always.

Kind regards
David Hingston 

- Original Message - 
  From: Vivek Khera 
  To: support@pfsense.com 
  Sent: Wednesday, August 22, 2007 10:30 AM
  Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M




  On Aug 21, 2007, at 7:31 AM, Tortise wrote:


I am running wireshark - however the connection has yet to misbehave whilst 
doing so.  (Now I know why I kept those old 100M hubs!) 




  Well, perhaps your switch and your NIC don't agree with each other?  I've had 
that problem before...



Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-21 Thread Tortise
e.com 
  Sent: Friday, August 17, 2007 11:07 PM
  Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M




  -Sean
 - Original Message - 
From: Tortise 
To: support@pfsense.com 
Sent: Friday, August 17, 2007 4:07 AM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M


Hi Sean et al

Problem has recurred, I have done the following ping tests during the 
problem condition:

I can ping from both LAN and WAN the WAN Static IP  (a.b.c.123)
I can ping from both LAN and WAN the webserver on the Cable modem 
(192.168.100.1)
I can not ping from both LAN and WAN the server on the first hop to the 
gateway (a.b.c.1)

Following reboot all the above pings work and traceroute confirms 
a.b.c.1 is the first hop.

When I have rung the ISP during this condition they say there is no 
problem with the cable modem as they can "see it".  They back this up by 
insisting that I can connect a PC direct to the Cable modem and browse the web, 
which has always been the case.  Repowering the cable modem does not fix the 
problem.  Rebooting pfSense does.

This doesn't make much sense to me, why can I ping the cable modem, 
which is notionally the first (all be it bridged) hop yet can't ping the ISP 
gateway?  It suggests pfsense is OK from WAN to the cable modem, however the 
fix is to reboot pfsense and not the modem!

Could the problem be something to do with the ISP's gateway losing the 
connection, that is re-established by rebooting pfsense?

Kind regards
David Hingston 


 



  - Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Thursday, August 16, 2007 11:32 PM
  Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M


  is it an actual disconnect between the LAN and WAN interface or is it 
that the WAN interface becomes unresponsive? if its an internal disconnect you 
should still be able to ping an outside source from the firewall even if 
systems on the LAN cant. if its the WAN interface itself, nothing would 
respond. 
  are you sure you are running the correct MTU settings on the 
interface? I can def see why you would want to run TCPDump on the box now.



--

  > Date: Thu, 16 Aug 2007 19:32:25 +1200
  > From: [EMAIL PROTECTED]
  > To: support@pfsense.com
  > Subject: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
  > 
  > >>Buy hardware that's not faulty. pfsense is *way* more robust than 
what it seems to be for you. what network interfaces do you
  > >>have? if other than broadcom or Intel, switch to Intel.
  > 
  > In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They 
have lasted almost 48 hours before the internal disconnection 
  > between the LAN and WAN recurred yet again. The state table is 
reported as having showed 56 entries on index.php. Fixed by 
  > rebooting. Nothing else. (Cheaper cards have lasted longer!)
  > 
  > Surely we can now conclusively say this is not a NIC or hardware 
issue? This happens for me on completely different machines with 
  > >= 256M RAM.
  > 
  > I have most recently been running 1.2-RC1, pretty much since it was 
released. it teased me by running fine for 2 weeks, before 
  > reproducing the same problems.
  > 
  > One of my colleagues has now abandoned pfSense, as it has proven to 
be unreliable for him.
  > 
  > I do not want to, however the current reliability is also 
unsustainable for me.
      > 
  > Is there any way I can assist to fix this problem?
  > 
  > Kind regards
  > David Hingston
  > 
  > 
  > 
  > 
  > - Original Message - 
  > From: "Tortise" <[EMAIL PROTECTED]>
  > To: 
  > Sent: Saturday, July 21, 2007 10:23 AM
  > Subject: Re: [pfSense Support] Programming pfSense to Reboot and 
Dump LAN / WAN traffic
  > 
  > 
  > Thank you Vivek
  > 
  > >> connect both systems to a hub and run tcpdump on the other 
machine logging all traffic some place.
  > 
  > Yes they are already on a LAN with a switch. I didn't realise 
TCPDump could be run from another machine other than the one bei

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-17 Thread Tortise
Thanks Sean, 

Having googled a bit I am running up Kubuntu on an old box with wireshark.  I 
assume it will run without an IP assignment from the hub, using the NIC's 
"promiscous mode"?  (Probably no DHCP running and can't use my static IP!)

I appreciate the your directional overview, I will let you know what transpires 
in due course.

Kind regards
David Hingston 


- Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Saturday, August 18, 2007 1:35 AM
  Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M


  I actually turned the "block private networks" off on mine because my ISP 
passes a 192.168.x.x address when i initially apply for a DHCP, but if you get 
a static IP, then its a non-issue. realistically, to truly find the absolute 
reason, you would have to tcpdump on the modem and pfsense at the same time to 
see what its doing/not doing, and I don't see that happening. 
   
  only other thing I can think of is run a hub between the modem and pfsense 
and throw another computer with a packet capture/wireshark on it to see if 
there are any reasons in the packets ("route not found","incorrect MTU", "Need 
fragmentation set", etc.) why its not getting past the modem.
   
  -Sean




Date: Fri, 17 Aug 2007 23:38:58 +1200
From: [EMAIL PROTECTED]
To: support@pfsense.com
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M


Hi Sean

>> im really thinking it’s a modem problem or something with the IP that is 
assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config 
page even if internet access is unavailable kind of confirms it. 
It does tend to suggest that maybe pfsense is not the problem, butwhy 
the need to reboot pfsense?   It is almost like a keep alive situation has 
failed...  Incidentally VOIP and a webserver, amongst other things, run behind 
pfsense, it is getting ample traffic to keep alive! 

>>conecting another computer to the modem, I'm taking it, would get a DHCP 
address that is different from pfsense.
No, it is a static address situation, the windows PC's NIC is configured 
with the same static IP, DNS and gateway to connect up, and it does...

>>playing devils advocate. I know that you have reinstalled pfsense freshly 
on the box to try and resolve that. did you rebuild the config from scratch or 
just import it back in. 
Yes have run up multiple versions, using both CD and also embedded version 
on CF media.  Makes it easy to swap scenarios!  I am currently running the 
latest 1.2 RC-1.  Ran up a completely new XML from pfSense (for 1.2 RC1) and 
even did a compare with the previous XML using Winmerge.  There were many 
differences, but none of them seemed like they might be significant, XML is XML 
when its compliantbut...anyway it didn't seem to make any difference.  Same 
problems occurred in the last stable version and 1.00 as well I recall.

>>also is your internet IP static or DHCP.
As above, static!

>>and do you have the "Block private networks" option turned on for the WAN 
interface on your box
Yes, is a default setting I think, not been played with.   Bogons is 
unchecked, I suppose this might be better checked?

I talked with the ISP tonight.  They couldn't confirm what the MTU should 
be, (I was not surprised) so I have to assume default.  The party line is we 
support Windows Hook ups and that's about all.  I have opened a (nother) ticket 
and requested a call from their network engineer, apparently a "senior 
technician" is going to call me.

Many thanks for continuing to work with me on this conundrum!

Kind regards
David Hingston 

- Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Friday, August 17, 2007 11:07 PM
  Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M




  -Sean
 - Original Message - 
From: Tortise 
To: support@pfsense.com 
Sent: Friday, August 17, 2007 4:07 AM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M


Hi Sean et al

Problem has recurred, I have done the following ping tests during the 
problem condition:

I can ping from both LAN and WAN the WAN Static IP  (a.b.c.123)
I can ping from both LAN and WAN the webserver on the Cable modem 
(192.168.100.1)
I can not ping from both LAN and WAN the server on the first hop to the 
gateway (a.b.c.1)

Following reboot all the above pings work and traceroute confi

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-17 Thread Tortise
Hi Sean

>> im really thinking it's a modem problem or something with the IP that is 
>> assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config 
>> page even if internet access is unavailable kind of confirms it. 
It does tend to suggest that maybe pfsense is not the problem, butwhy the 
need to reboot pfsense?   It is almost like a keep alive situation has 
failed...  Incidentally VOIP and a webserver, amongst other things, run behind 
pfsense, it is getting ample traffic to keep alive! 

>>conecting another computer to the modem, I'm taking it, would get a DHCP 
>>address that is different from pfsense.
No, it is a static address situation, the windows PC's NIC is configured with 
the same static IP, DNS and gateway to connect up, and it does...

>>playing devils advocate. I know that you have reinstalled pfsense freshly on 
>>the box to try and resolve that. did you rebuild the config from scratch or 
>>just import it back in. 
Yes have run up multiple versions, using both CD and also embedded version on 
CF media.  Makes it easy to swap scenarios!  I am currently running the latest 
1.2 RC-1.  Ran up a completely new XML from pfSense (for 1.2 RC1) and even did 
a compare with the previous XML using Winmerge.  There were many differences, 
but none of them seemed like they might be significant, XML is XML when its 
compliantbut...anyway it didn't seem to make any difference.  Same problems 
occurred in the last stable version and 1.00 as well I recall.

>>also is your internet IP static or DHCP.
As above, static!

>>and do you have the "Block private networks" option turned on for the WAN 
>>interface on your box
Yes, is a default setting I think, not been played with.   Bogons is unchecked, 
I suppose this might be better checked?

I talked with the ISP tonight.  They couldn't confirm what the MTU should be, 
(I was not surprised) so I have to assume default.  The party line is we 
support Windows Hook ups and that's about all.  I have opened a (nother) ticket 
and requested a call from their network engineer, apparently a "senior 
technician" is going to call me.

Many thanks for continuing to work with me on this conundrum!

Kind regards
David Hingston 

- Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Friday, August 17, 2007 11:07 PM
  Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M




  -Sean
 - Original Message - 
From: Tortise 
To: support@pfsense.com 
Sent: Friday, August 17, 2007 4:07 AM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M


Hi Sean et al

Problem has recurred, I have done the following ping tests during the 
problem condition:

I can ping from both LAN and WAN the WAN Static IP  (a.b.c.123)
I can ping from both LAN and WAN the webserver on the Cable modem 
(192.168.100.1)
I can not ping from both LAN and WAN the server on the first hop to the 
gateway (a.b.c.1)

Following reboot all the above pings work and traceroute confirms a.b.c.1 
is the first hop.

When I have rung the ISP during this condition they say there is no problem 
with the cable modem as they can "see it".  They back this up by insisting that 
I can connect a PC direct to the Cable modem and browse the web, which has 
always been the case.  Repowering the cable modem does not fix the problem.  
Rebooting pfSense does.

This doesn't make much sense to me, why can I ping the cable modem, which 
is notionally the first (all be it bridged) hop yet can't ping the ISP gateway? 
 It suggests pfsense is OK from WAN to the cable modem, however the fix is to 
reboot pfsense and not the modem!

Could the problem be something to do with the ISP's gateway losing the 
connection, that is re-established by rebooting pfsense?

Kind regards
David Hingston 


 


  - Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Thursday, August 16, 2007 11:32 PM
  Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M


  is it an actual disconnect between the LAN and WAN interface or is it 
that the WAN interface becomes unresponsive? if its an internal disconnect you 
should still be able to ping an outside source from the firewall even if 
systems on the LAN cant. if its the WAN interface itself, nothing would 
respond. 
  are you sure you are running the correct MTU settings on the interface? I 
can def see why you would want to run TCPDump on the box now.



--

  > Date: Thu, 16 Aug 2007 19:32:25 +1200
  > From: [EMAIL PROTECTED]
  

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-17 Thread Tortise
Hi Sean et al

Problem has recurred, I have done the following ping tests during the problem 
condition:

I can ping from both LAN and WAN the WAN Static IP  (a.b.c.123)
I can ping from both LAN and WAN the webserver on the Cable modem 
(192.168.100.1)
I can not ping from both LAN and WAN the server on the first hop to the gateway 
(a.b.c.1)

Following reboot all the above pings work and traceroute confirms a.b.c.1 is 
the first hop.

When I have rung the ISP during this condition they say there is no problem 
with the cable modem as they can "see it".  They back this up by insisting that 
I can connect a PC direct to the Cable modem and browse the web, which has 
always been the case.  Repowering the cable modem does not fix the problem.  
Rebooting pfSense does.

This doesn't make much sense to me, why can I ping the cable modem, which is 
notionally the first (all be it bridged) hop yet can't ping the ISP gateway?  
It suggests pfsense is OK from WAN to the cable modem, however the fix is to 
reboot pfsense and not the modem!

Could the problem be something to do with the ISP's gateway losing the 
connection, that is re-established by rebooting pfsense?

Kind regards
David Hingston 





  - Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Thursday, August 16, 2007 11:32 PM
  Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M


  is it an actual disconnect between the LAN and WAN interface or is it that 
the WAN interface becomes unresponsive? if its an internal disconnect you 
should still be able to ping an outside source from the firewall even if 
systems on the LAN cant. if its the WAN interface itself, nothing would 
respond. 
  are you sure you are running the correct MTU settings on the interface? I can 
def see why you would want to run TCPDump on the box now.



--

  > Date: Thu, 16 Aug 2007 19:32:25 +1200
  > From: [EMAIL PROTECTED]
  > To: support@pfsense.com
  > Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M RAM
  > 
  > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it 
seems to be for you. what network interfaces do you
  > >>have? if other than broadcom or Intel, switch to Intel.
  > 
  > In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have 
lasted almost 48 hours before the internal disconnection 
  > between the LAN and WAN recurred yet again. The state table is reported 
as having showed 56 entries on index.php. Fixed by 
  > rebooting. Nothing else. (Cheaper cards have lasted longer!)
  > 
  > Surely we can now conclusively say this is not a NIC or hardware issue? 
This happens for me on completely different machines with 
  > >= 256M RAM.
  > 
  > I have most recently been running 1.2-RC1, pretty much since it was 
released. it teased me by running fine for 2 weeks, before 
  > reproducing the same problems.
  > 
  > One of my colleagues has now abandoned pfSense, as it has proven to be 
unreliable for him.
  > 
  > I do not want to, however the current reliability is also unsustainable for 
me.
  > 
  > Is there any way I can assist to fix this problem?
  > 
  > Kind regards
  > David Hingston
  > 
  > 
  > 
  > 
  > - Original Message - 
  > From: "Tortise" <[EMAIL PROTECTED]>
  > To: 
  > Sent: Saturday, July 21, 2007 10:23 AM
  > Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / 
WAN traffic
  > 
  > 
  > Thank you Vivek
  > 
  > >> connect both systems to a hub and run tcpdump on the other machine 
logging all traffic some place.
  > 
  > Yes they are already on a LAN with a switch. I didn't realise TCPDump could 
be run from another machine other than the one being
  > dumped from. From what you suggest it can. I'll study it up and see if I 
can get it to! (Unless someone here knows the syntax for
  > this well and can just roll it off?)
  > 
  > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it 
seems to be for you. what network interfaces do you
  > >>have? if other than broadcom or intel, switch to intel.
  > 
  > We (3 of us) believe this is not a hardware issue. 3 of us are on the same 
ISP here in NZ, and experiencing the same issues for
  > many months. The ISP uses much the same Motorola Cable modem to interface 
into our static IP's. The same fault occurs using
  > completely different hardware here also. I have another pfSense box running 
at alternative premises connected to quite a different
  > ISP and that box just goes, in line with what we believe we should be 
e

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-16 Thread Tortise
nue in 
1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
  > 
  > >>Buy hardware that's not faulty. pfsense is *way* more robust than 
what it seems to be for you. what network interfaces do you
  > >>have? if other than broadcom or Intel, switch to Intel.
  > 
  > In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have 
lasted almost 48 hours before the internal disconnection 
  > between the LAN and WAN recurred yet again. The state table is 
reported as having showed 56 entries on index.php. Fixed by 
  > rebooting. Nothing else. (Cheaper cards have lasted longer!)
  > 
  > Surely we can now conclusively say this is not a NIC or hardware issue? 
This happens for me on completely different machines with 
  > >= 256M RAM.
  > 
  > I have most recently been running 1.2-RC1, pretty much since it was 
released. it teased me by running fine for 2 weeks, before 
  > reproducing the same problems.
  > 
  > One of my colleagues has now abandoned pfSense, as it has proven to be 
unreliable for him.
  > 
  > I do not want to, however the current reliability is also unsustainable 
for me.
  > 
  > Is there any way I can assist to fix this problem?
  > 
  > Kind regards
  > David Hingston
  > 
  > 
  > 
  > 
  > - Original Message - 
  > From: "Tortise" <[EMAIL PROTECTED]>
  > To: 
  > Sent: Saturday, July 21, 2007 10:23 AM
  > Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump 
LAN / WAN traffic
  > 
  > 
  > Thank you Vivek
  > 
  > >> connect both systems to a hub and run tcpdump on the other machine 
logging all traffic some place.
  > 
  > Yes they are already on a LAN with a switch. I didn't realise TCPDump 
could be run from another machine other than the one being
  > dumped from. From what you suggest it can. I'll study it up and see if 
I can get it to! (Unless someone here knows the syntax for
  > this well and can just roll it off?)
  > 
  > >>Buy hardware that's not faulty. pfsense is *way* more robust than 
what it seems to be for you. what network interfaces do you
  > >>have? if other than broadcom or intel, switch to intel.
  > 
  > We (3 of us) believe this is not a hardware issue. 3 of us are on the 
same ISP here in NZ, and experiencing the same issues for
  > many months. The ISP uses much the same Motorola Cable modem to 
interface into our static IP's. The same fault occurs using
  > completely different hardware here also. I have another pfSense box 
running at alternative premises connected to quite a different
  > ISP and that box just goes, in line with what we believe we should be 
expecting. Swapping the boxes also suggests it is not a
  > hardware problem as they all work at the alternative ISP / venue.
  > 
  > I find running Monowall also has the same experience here, - the same 
Monowall box is stable for months off site. I have been
  > tempted to post to the monowall list also, cross posts are considered 
bad etiquette and I presume the monowall folks are also on
  > both lists, I have refrained. (Is this correct?)
  > 
  > It suggests to me there is something about our ISP which is a problem, 
perhaps their hardware or perhaps something about their
  > traffic. Clearly this should not be the case, but the onus falls on us 
(rightly or wrongly) to prove this.
  > 
  > It also suggests to me there is a vulnerability in FreeBSD as the 
problem occurs in both Monowall and pfSense with this cable ISP.
  > 
  > I'd prefer my firewall not need random rebooting. We'd all like to help 
within our power and ability to move this forwards as
  > FreeBSD and its children (pfSense and Monowall) are largely fantastic!
  > 
  > Kind regards
  > David Hingston
  > 
  > 
  > 
  > 
  > -
  > To unsubscribe, e-mail: [EMAIL PROTECTED]
  > For additional commands, e-mail: [EMAIL PROTECTED]
  > 
  > 
  > 
  > -
  > To unsubscribe, e-mail: [EMAIL PROTECTED]
  > For additional commands, e-mail: [EMAIL PROTECTED]
  > 



--
  Recharge--play some free games. Win cool prizes too! Play It! 


--
  Find a local pizza place, movie theater, and more….then map the best route! 
Find it! 

Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M

2007-08-16 Thread Tortise
is it an actual disconnect between the LAN and WAN interface or is it that the 
WAN interface becomes unresponsive? if its an internal disconnect you should 
still be able to ping an outside source from the firewall even if systems on 
the LAN cant. if its the WAN interface itself, nothing would respond. 

>From memory I can ping the cable modem from the LAN and still view its page, 
>but that is as far as it will go.  I'll check these again next time it happens 
>sometime in the next two weeks!  Pretty sure I can no longer ping the WAN's 
>static IP from the Net (Having created an allow ping rule) and the pfSense 
>ping page does not get responses from anything on the net beyond the cable 
>modem.Is that internal?

are you sure you are running the correct MTU settings on the interface?  
Using default setting here.  Not aware they are not standard, but will check 
with the ISP.

I suspect the ISP is doing something funny, but even if so pfSense should 
remain immune to it?

I can def see why you would want to run TCPDump on the box now.
Thanks Sean!

Kind regards
David Hingston 

- Original Message - 
  From: Sean Cavanaugh 
  To: support@pfsense.com 
  Sent: Thursday, August 16, 2007 11:32 PM
  Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M


  is it an actual disconnect between the LAN and WAN interface or is it that 
the WAN interface becomes unresponsive? if its an internal disconnect you 
should still be able to ping an outside source from the firewall even if 
systems on the LAN cant. if its the WAN interface itself, nothing would 
respond. 
  are you sure you are running the correct MTU settings on the interface? I can 
def see why you would want to run TCPDump on the box now.



--

  > Date: Thu, 16 Aug 2007 19:32:25 +1200
  > From: [EMAIL PROTECTED]
  > To: support@pfsense.com
  > Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, 
Intel Pro/1000GT NICs with 370M RAM
  > 
  > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it 
seems to be for you. what network interfaces do you
  > >>have? if other than broadcom or Intel, switch to Intel.
  > 
  > In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have 
lasted almost 48 hours before the internal disconnection 
  > between the LAN and WAN recurred yet again. The state table is reported 
as having showed 56 entries on index.php. Fixed by 
  > rebooting. Nothing else. (Cheaper cards have lasted longer!)
  > 
  > Surely we can now conclusively say this is not a NIC or hardware issue? 
This happens for me on completely different machines with 
  > >= 256M RAM.
  > 
  > I have most recently been running 1.2-RC1, pretty much since it was 
released. it teased me by running fine for 2 weeks, before 
  > reproducing the same problems.
  > 
  > One of my colleagues has now abandoned pfSense, as it has proven to be 
unreliable for him.
  > 
  > I do not want to, however the current reliability is also unsustainable for 
me.
  > 
  > Is there any way I can assist to fix this problem?
  > 
  > Kind regards
  > David Hingston
  > 
  > 
  > 
  > 
  > - Original Message - 
  > From: "Tortise" <[EMAIL PROTECTED]>
  > To: 
  > Sent: Saturday, July 21, 2007 10:23 AM
  > Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / 
WAN traffic
  > 
  > 
  > Thank you Vivek
  > 
  > >> connect both systems to a hub and run tcpdump on the other machine 
logging all traffic some place.
  > 
  > Yes they are already on a LAN with a switch. I didn't realise TCPDump could 
be run from another machine other than the one being
  > dumped from. From what you suggest it can. I'll study it up and see if I 
can get it to! (Unless someone here knows the syntax for
  > this well and can just roll it off?)
  > 
  > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it 
seems to be for you. what network interfaces do you
  > >>have? if other than broadcom or intel, switch to intel.
  > 
  > We (3 of us) believe this is not a hardware issue. 3 of us are on the same 
ISP here in NZ, and experiencing the same issues for
  > many months. The ISP uses much the same Motorola Cable modem to interface 
into our static IP's. The same fault occurs using
  > completely different hardware here also. I have another pfSense box running 
at alternative premises connected to quite a different
  > ISP and that box just goes, in line with what we believe we should be 
expecting. Swapping the boxes also suggests it is not a
  > hardware problem as they all work at the alternativ

[pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM

2007-08-16 Thread Tortise
>>Buy hardware that's not faulty.  pfsense is *way* more robust than what it 
>>seems to be for you.  what network interfaces do you
>>have?   if other than broadcom or Intel, switch to Intel.

In frustration I have purchased 2 new Intel Pro/1000GT NIC's.  They have lasted 
almost 48 hours before the internal disconnection 
between the LAN and WAN recurred yet again. The state table is reported as 
having showed 56 entries on index.php. Fixed by 
rebooting.  Nothing else.  (Cheaper cards have lasted longer!)

Surely we can now conclusively say this is not a NIC or hardware issue?  This 
happens for me on completely different machines with 
 >= 256M RAM.

I have most recently been running 1.2-RC1, pretty much since it was released.  
it teased me by running fine for 2 weeks, before 
reproducing the same problems.

One of my colleagues has now abandoned pfSense, as it has proven to be 
unreliable for him.

I do not want to, however the current reliability is also unsustainable for me.

Is there any way I can assist to fix this problem?

Kind regards
David Hingston




- Original Message - 
From: "Tortise" <[EMAIL PROTECTED]>
To: 
Sent: Saturday, July 21, 2007 10:23 AM
Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN 
traffic


Thank you Vivek

>> connect both systems to a hub and run tcpdump on the other machine logging 
>> all traffic some place.

Yes they are already on a LAN with a switch.  I didn't realise TCPDump could be 
run from another machine other than the one being
dumped from.  From what you suggest it can.  I'll study it up and see if I can 
get it to!  (Unless someone here knows the syntax for
this well and can just roll it off?)

>>Buy hardware that's not faulty.  pfsense is *way* more robust than what it 
>>seems to be for you.  what network interfaces do you
>>have?   if other than broadcom or intel, switch to intel.

We (3 of us) believe this is not a hardware issue.  3 of us are on the same ISP 
here in NZ, and experiencing the same issues for
many months.  The ISP uses much the same Motorola Cable modem to interface into 
our static IP's.  The same fault occurs using
completely different hardware here also.  I have another pfSense box running at 
alternative premises connected to quite a different
ISP and that box just goes, in line with what we believe we should be 
expecting.  Swapping the boxes also suggests it is not a
hardware problem as they all work at the alternative ISP / venue.

I find running Monowall also has the same experience here, - the same Monowall 
box is stable for months off site.  I have been
tempted to post to the monowall list also, cross posts are considered bad 
etiquette and I presume the monowall folks are also on
both lists, I have refrained.  (Is this correct?)

It suggests to me there is something about our ISP which is a problem, perhaps 
their hardware or perhaps something about their
traffic.  Clearly this should not be the case, but the onus falls on us 
(rightly or wrongly) to prove this.

It also suggests to me there is a vulnerability in FreeBSD as the problem 
occurs in both Monowall and pfSense with this cable ISP.

I'd prefer my firewall not need random rebooting.  We'd all like to help within 
our power and ability to move this forwards as
FreeBSD and its children (pfSense and Monowall) are largely fantastic!

Kind regards
David Hingston




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic

2007-07-20 Thread Tortise
Thank you Vivek

>> connect both systems to a hub and run tcpdump on the other machine logging 
>> all traffic some place.

Yes they are already on a LAN with a switch.  I didn't realise TCPDump could be 
run from another machine other than the one being 
dumped from.  From what you suggest it can.  I'll study it up and see if I can 
get it to!  (Unless someone here knows the syntax for 
this well and can just roll it off?)

>>Buy hardware that's not faulty.  pfsense is *way* more robust than what it 
>>seems to be for you.  what network interfaces do you 
>>have?   if other than broadcom or intel, switch to intel.

We (3 of us) believe this is not a hardware issue.  3 of us are on the same ISP 
here in NZ, and experiencing the same issues for 
many months.  The ISP uses much the same Motorola Cable modem to interface into 
our static IP's.  The same fault occurs using 
completely different hardware here also.  I have another pfSense box running at 
alternative premises connected to quite a different 
ISP and that box just goes, in line with what we believe we should be 
expecting.  Swapping the boxes also suggests it is not a 
hardware problem as they all work at the alternative ISP / venue.

I find running Monowall also has the same experience here, - the same Monowall 
box is stable for months off site.  I have been 
tempted to post to the monowall list also, cross posts are considered bad 
etiquette and I presume the monowall folks are also on 
both lists, I have refrained.  (Is this correct?)

It suggests to me there is something about our ISP which is a problem, perhaps 
their hardware or perhaps something about their 
traffic.  Clearly this should not be the case, but the onus falls on us 
(rightly or wrongly) to prove this.

It also suggests to me there is a vulnerability in FreeBSD as the problem 
occurs in both Monowall and pfSense with this cable ISP.

I'd prefer my firewall not need random rebooting.  We'd all like to help within 
our power and ability to move this forwards as 
FreeBSD and its children (pfSense and Monowall) are largely fantastic!

Kind regards
David Hingston




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic

2007-07-19 Thread Tortise
Hi

Can someone start me off or point me in the right direction to program:

1) LAN and WAN traffic dumps to a Centos HDD on the LAN, in an attempt to catch 
the traffic that may be causing pf Sense to 
intermittently hang and require rebooting.

2) Somehow setup a cron job to ping the ISP every minute - and reboot pfSense 
if the pings fail for 20 mins.

Much obliged for any assistance or pointers / URL's etc.

Kind regards
David Hingston 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] Reduce WAN NIC to 10Mbps?

2007-06-15 Thread Tortise
Thank you kindly Holger.

Kind regards
David Hingston.

- Original Message - 
From: "Holger Bauer" <[EMAIL PROTECTED]>
To: 
Sent: Friday, June 15, 2007 12:14 AM
Subject: RE: [pfSense Support] Reduce WAN NIC to 10Mbps?


Have a look at http://doc.m0n0.ch/handbook-single/#FAQ.hiddenopts .
These options apply to pfSense as well. You can hardcode the speed and
duplex by adding the appropriate flag to your downloaded config.xml and
reupload it again.

# interfaces/(if)/media and interfaces/(if)/mediaopt

If you need to force your NIC to a specific media type (e.g. 10Base-T
half duplex), you can use these two options. Refer to the appropriate
FreeBSD manpage for the driver you're using to see which options are
available (or run ifconfig -m).

Holger

> -Original Message-
> From: Tortise [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 14, 2007 1:00 PM
> To: support@pfsense.com
> Subject: [pfSense Support] Reduce WAN NIC to 10Mbps?
> 
> Hi
> 
> My ISP researching a problem with packet loss advises me to: "Set your
> firewall for 10mbps full-duplex, auto negotiation off, and
> then run your tests again."  This is presumably to match their 10M
> Wireless Gateway.
> 
> Can we do this somehow?  I am running dc class NIC's.
> 
> Kind regards
> David Hingston
> 
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Reduce WAN NIC to 10Mbps?

2007-06-14 Thread Tortise
Hi

My ISP researching a problem with packet loss advises me to: "Set your firewall 
for 10mbps full-duplex, auto negotiation off, and 
then run your tests again."  This is presumably to match their 10M Wireless 
Gateway.

Can we do this somehow?  I am running dc class NIC's.

Kind regards
David Hingston 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] pfSense Hanging...

2007-06-04 Thread Tortise
Thank you indeed Chris

I understand the modem is largely bridging, as I think you are suggesting, 
given the Internet IP address appears on the pfSense WAN 
NIC.

This is the sort of approach I was looking for.

Given my ISP is declared on my email address here I won't comment about New 
Zealand ISP's here.

I might however point out that I have not disagreed with you in any way.

My presumption is that it is either coming from pfSense or indeed, as you 
suggest, the ISP.  There are some TiVo's on the LAN here 
that also are intermittently having issues downloading data for no apparent 
reason when everything is connected, also using a proxy. 
(VOIP and Skype also running)

I'll install 1.2b1 on another CF card and see what transpires.

I am pretty sure the unplug / plug in has been tried in the past, without 
success, will try again to be sure.

Kind regards
David Hingston.


- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, June 05, 2007 2:10 PM
Subject: Re: [pfSense Support] pfSense Hanging...




First, if you're not running 1.2b1, you should try it.

I'm going to assume cable service in .nz works the same as it does
in .us, though that could be a wildly incorrect assumption. If it does,
your modem does nothing but bridge between your cable provider's network
and whatever you have plugged into the Ethernet port. There is no
connection like PPPoE, no username or password, etc. As long as you have
sync, it's good.  If your cable Internet service uses the DOCSIS
standard, it's the same as here, and as I describe.

Next time this happens, SSH in and run 'tcpdump -i fxp0 -s 1500 -w
capture.pcap' replacing fxp0 with whatever your WAN NIC is. Then run a
constant ping to your WAN gateway from your LAN, try to access websites,
etc. Wait about 5 minutes and ctrl-c to break out of the tcpdump. Then
you can use the webGUI to download that 'capture.pcap' file, or scp it
off to another host. Send it to me via email and I should be able to see
what's happening on the wire. At this point, without that, it's
anybody's guess as to what's happening.

If your cable company is twice as competent as our local cable company
here, they'd still be completely inept. In other words, I wouldn't rule
out a weird network issue on their end. Scott and I spent countless
hours tracking down a really screwy issue that turned out to be
something they screwed up on their network, when they claimed repeatedly
they hadn't changed anything and it was a firewall problem.

One other thing to try after getting the tcpdump - if you unplug the WAN
NIC from the cable modem and plug it back in, without rebooting, does
that bring it up?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] pfSense Hanging...

2007-06-04 Thread Tortise
It occurred again this morning.

>From the LAN and the Serial pfSense Console I can ping the LAN NIC, as well as 
>the Motorola Modem on 192.168.100.1

>From the LAN and Console I can also ping the static IP on the WAN in form of 
>a.b.c.x but I cannot ping the ISP or a.b.c.1.

Rebooting pfSense fixes all this, restores Internet access and allows pings to 
a.b.c.1 and the ISP again.

The modem lights remain on and I do nothing else to fix it.

I do not think it is PPPoE, but will check it out, there is no dialling 
involved with password that I am aware of, unless this is 
ISP configured in the setup they send the modem, in any event the modem is 
still functioning with all lights up.  There is a web 
server which has varying low volume activity and I am also recording pings 
every 30s to the ISP, to keep a record when it all goes 
down.  I don't think the modem is timing out due inactivity.  Also it occurs 
during terminal sessions, which is infuriating, as one 
might imagine!  Sometimes outages are ISP caused and they have extensively 
looked at the setup, recut cable ends etc. and they also 
suspect my firewall.

Kind regards

David Hingston

- Original Message - 
From: "Tortise" <[EMAIL PROTECTED]>
To: 
Sent: Monday, June 04, 2007 3:59 PM
Subject: Re: [pfSense Support] pfSense Hanging...


Thanks Chris

The answers to your questions are:

Strictly it is not a hang as the system does not freeze, it largely functions 
normally, just loses Internet transparency.

LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions 
normally, can read logs, reboot from this etc.  Reloading
the filters functions as one would expect, however the connection is not 
established.

The System Overview readings appear normal, states is now currently 110.

The LAN and WAN graphs appear the same as when it is functioning normally.

If there was a worm sending out screeds I would hope I'd be aware if it.

WAN is statically assigned an Internet address.

Modem links lights remain up and the modem continues to function normally.  One 
can replace pfSense and connect a notebook PC Card
NIC, configured with the Static IP and resume Internet access, proving the 
modem has not failed.

I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when 
I reboot and it is again normally functioning.

Essentially it appears to be functioning normally, except the connection 
through stops / disappears!  Everyone on the LAN loses
Internet connectivity.

Anything else I can advise I'll be delighted to do so, although it might be 
when it next happens.

Kind regards

David Hingston
- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Monday, June 04, 2007 3:13 PM
Subject: Re: [pfSense Support] pfSense Hanging...


On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote:
> Thanks Bill
>
> Gosh, thats got to presumably use more than the default of 10,000!
>
> Currently there are 116 there.

Easier than you might think. If you have a worm infected laptop plugged
into your network only periodically it can cause state table exhaustion
and the type of symptoms you describe. It wouldn't be (even close to)
the first time I've seen that.

When it "hangs", what exactly do you mean? There are tons of
possibilities for "hangs". Does it become completely non-responsive,
console dead and all? Does the console work but it falls off the network
completely? Is the LAN still up and the webGUI functional but Internet
just doesn't work? If that's the case, you said cable modem, I presume
that's DHCP, do you have a valid WAN IP when it happens? Do you have
link light on WAN? Are all the lights on your cable modem normal? Can
you ping your default gateway? etc. etc. etc.

Be as specific as you can be, the details you gave lead to a lot of
questions and not a lot of specific recommendations.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] pfSense Hanging...

2007-06-03 Thread Tortise
Thanks Chris

The answers to your questions are:

Strictly it is not a hang as the system does not freeze, it largely functions 
normally, just loses Internet transparency.

LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions 
normally, can read logs, reboot from this etc.  Reloading 
the filters functions as one would expect, however the connection is not 
established.

The System Overview readings appear normal, states is now currently 110.

The LAN and WAN graphs appear the same as when it is functioning normally.

If there was a worm sending out screeds I would hope I'd be aware if it.

WAN is statically assigned an Internet address.

Modem links lights remain up and the modem continues to function normally.  One 
can replace pfSense and connect a notebook PC Card 
NIC, configured with the Static IP and resume Internet access, proving the 
modem has not failed.

I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when 
I reboot and it is again normally functioning.

Essentially it appears to be functioning normally, except the connection 
through stops / disappears!  Everyone on the LAN loses 
Internet connectivity.

Anything else I can advise I'll be delighted to do so, although it might be 
when it next happens.

Kind regards

David Hingston
- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Monday, June 04, 2007 3:13 PM
Subject: Re: [pfSense Support] pfSense Hanging...


On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote:
> Thanks Bill
>
> Gosh, thats got to presumably use more than the default of 10,000!
>
> Currently there are 116 there.

Easier than you might think. If you have a worm infected laptop plugged
into your network only periodically it can cause state table exhaustion
and the type of symptoms you describe. It wouldn't be (even close to)
the first time I've seen that.

When it "hangs", what exactly do you mean? There are tons of
possibilities for "hangs". Does it become completely non-responsive,
console dead and all? Does the console work but it falls off the network
completely? Is the LAN still up and the webGUI functional but Internet
just doesn't work? If that's the case, you said cable modem, I presume
that's DHCP, do you have a valid WAN IP when it happens? Do you have
link light on WAN? Are all the lights on your cable modem normal? Can
you ping your default gateway? etc. etc. etc.

Be as specific as you can be, the details you gave lead to a lot of
questions and not a lot of specific recommendations.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] pfSense Hanging...

2007-06-03 Thread Tortise
Thanks Bill

Gosh, thats got to presumably use more than the default of 10,000!

Currently there are 116 there.

I'll keep an eye on it, I doubt that is the issue.

Kind regards
David Hingston

- Original Message - 
From: "Bill Marquette" <[EMAIL PROTECTED]>
To: 
Sent: Monday, June 04, 2007 12:21 PM
Subject: Re: [pfSense Support] pfSense Hanging...


State table filling?  Try increasing it in System->Advanced.

--Bill

On 6/3/07, Tortise <[EMAIL PROTECTED]> wrote:
> Hi
>
> I am finding pfSense hangs in the sense that the connection between WAN and 
> LAN just vanishes and can only be fixed by rebooting.
>
> I suspected hardware, replaced a NIC and thought this was the problem, 
> however the problems persisted.
>
> I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM.  I 
> am using a CF / IDE interface which seems fine.
>
> System log has no errors recorded, yet this still hangs between 3 and 10 days.
>
> Traffic graph looks the same, the CPU usage remains in the 5 to 15% range.
>
> I suspected it could be something to do with the Motorola Cable Modem, 
> however others on this list have not had similar problems,
> although a local colleague using the same ISP and cable modem also has to 
> reboot in similar circumstances.
>
> I have another pfsense box on another site which it runs reliably, using a 
> different Internet / ISP connection.  (Wireless system)
>
> I would really appreciate knowing how to resolve the issue, as someone has to 
> be onsite to reboot, to re-establish the remote
> sessions!
>
> Kind regards
> David Hingston
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] pfSense Hanging...

2007-06-03 Thread Tortise
Hi

I am finding pfSense hangs in the sense that the connection between WAN and LAN 
just vanishes and can only be fixed by rebooting.

I suspected hardware, replaced a NIC and thought this was the problem, however 
the problems persisted.

I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM.  I 
am using a CF / IDE interface which seems fine.

System log has no errors recorded, yet this still hangs between 3 and 10 days.

Traffic graph looks the same, the CPU usage remains in the 5 to 15% range.

I suspected it could be something to do with the Motorola Cable Modem, however 
others on this list have not had similar problems, 
although a local colleague using the same ISP and cable modem also has to 
reboot in similar circumstances.

I have another pfsense box on another site which it runs reliably, using a 
different Internet / ISP connection.  (Wireless system)

I would really appreciate knowing how to resolve the issue, as someone has to 
be onsite to reboot, to re-establish the remote 
sessions!

Kind regards
David Hingston 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] FIXED? LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?

2007-05-21 Thread Tortise
Dear List 

I may have fixed this.

I replaced the pfSense NIC which was in hindsight intermittently faulty, that 
finally failed completely.

It has been stable since, with no logged messages other than the standard 
"dnsmasq[489]: reading /var/dhcpd/var/db/dhcpd.leases"

Clearly more time is required, however it is looking good so far, given a 
number of error messages were noted on a daily basis prior and now none at 
all...

Intermittent faults are the worst.!!!

Thanks for the assistance provided.

Kind regards David



Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?

2007-05-17 Thread Tortise
Thanks Raj

The modems web interface is, as you suggest, present at 192.168.100.1.

The modem is being used in a transparent mode (bridging?) as the static IP is 
assigned on rl1.  So far as I can tell it is not using 
0.0 on the WAN side, it is using 3 digit numbers for the a.b.c.d IP address.

Kind regards
David

- Original Message - 
From: "Rajkumar S" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, May 17, 2007 5:53 PM
Subject: Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard 
SB5101 Cable Modem?


On 5/17/07, Tortise <[EMAIL PROTECTED]> wrote:
> rl1 = WAN and Direct connected only to the Cable modem i.e. no switch sharing.
> rl2 = LAN and connected to LAN switches.

You have 192.168.0.4 on your lan, but for some reason your cable modem
also sends arp replies for that ip. One possible reson is that your
ISP might be using 192.168.0.0 network for the HFC side of cable
modem. Try browsing to 192.168.100.1 and check if you get the cable
modem web interface. From here you can check the ip address assigned
to your modem. (I am typing from my memory, so I might be wroing about
the cable modem web interface ip)

If your ISP is using that ip range for HFC network, you will have to
change your lan ip addressing.

raj

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?

2007-05-16 Thread Tortise
Hi Bill

for me 

rl1 = WAN and Direct connected only to the Cable modem i.e. no switch sharing.
rl2 = LAN and connected to LAN switches.

Can I presume that means you have checked and confirmed there are no similar 
messages in your System Logs?

David

- Original Message - 
From: "Bill Marquette" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, May 17, 2007 5:35 PM
Subject: Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard 
SB5101 Cable Modem?


Which interface is rl1..ditto for rl2.  Also, any chance that both
sides of the firewall are plugged into the same switch?  I've had the
same modem you mention running on pfsense without any problems, so
this smells of a different issue to me.

--Bill




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?

2007-05-16 Thread Tortise
Hi

I am finding one of my pfsense boxes is losing its internal connection between 
the LAN and WAN.  Happens maybe once a week or longer...

The WAN seems to be OK, as I recall I can ping the Internet still and ping / 
access the Motorola config page at 192.168.100.1

There are no error messages in the system log at the time of occurrence.

Running top in ssh or on the monitor looks much the same with no process 
dominating anything, although the web response may be longer.

The WAN is cable via a Motorola Surfboard SB5101.  A colleague of mine is also 
using the same pfSense and modem - and having the same issues.

We are both finding frequent logged messages of this ilk:

kernel: arp: 192.168.0.4 is on rl2 but got reply from 00:00:cd:1c:06:8c on 
rl1

In my case the cards are all of rl variety, his are xl.

Reloading the filters does not fix it.

Rebooting usually does although sometimes I seem to need to power cycle the 
modem also.  When tested the Modem has remained up as I can connect up an 
alternative NIC appropriately configured with the static IP.

It is a pain when offsite as one cannot remotely trigger a reboot to gain 
system access. 

How can I progress identifying the issue from here?  

Kind regards

David

Re: [pfSense Support] Diagnostic ARP Table

2007-04-11 Thread Tortise
Chris
Wow, that all?!
Thank you.
David

- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Thursday, April 05, 2007 2:26 AM
Subject: Re: [pfSense Support] Diagnostic ARP Table


Tortise wrote:
> Thanks Chris
>
> You are of course correct, pinging pfsense makes them appear.
>
> What is the timeout period?
>   

20 minutes.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] Diagnostic ARP Table

2007-04-04 Thread Tortise
Thanks Chris

You are of course correct, pinging pfsense makes them appear.

What is the timeout period?

Kind regards

David
- Original Message - 
From: "Chris Buechler" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, April 04, 2007 4:18 AM
Subject: Re: [pfSense Support] Diagnostic ARP Table


Tortise wrote:
> Hi
>
> I have three statically assigned TiVo's on the pfSense routed LAN with unique 
> ARP's soft defined on the Linux OS they run.
>
> The ARP entries appear intermittently in the pfSense Diagnostics ARP table, 
> typically one is shown and the other generally are 
> not,
> although occassionally 2 may be shown.
>

Depends on what they're talking to and when. Things only show up in the
ARP table when they have recently communicated to or through the
firewall (and at that only if they're on a broadcast domain directly
connected to the firewall, but yours obviously are). If you see one not
showing up, if you ping the LAN IP or something on the Internet from the
box that's not showing up and refresh the page, I'm sure it'll be there.
If you do that and it's still not showing up, there may be an issue.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED] 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Diagnostic ARP Table

2007-04-03 Thread Tortise
Hi

I have three statically assigned TiVo's on the pfSense routed LAN with unique 
ARP's soft defined on the Linux OS they run.

The ARP entries appear intermittently in the pfSense Diagnostics ARP table, 
typically one is shown and the other generally are not, 
although occassionally 2 may be shown.

Is this to be expected or is it indicative of an issue?

Kind regards

David 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] Dial Up Failover

2007-03-09 Thread Tortise

Would that mean one could configure dialup failover?

If so that would be really cool.

Kind regards

David

- Original Message - 
From: "Luca Lucchesi" <[EMAIL PROTECTED]>
To: 
Sent: Friday, March 09, 2007 9:08 AM
Subject: [pfSense Support] Can't connect to PPTP with dialup


Hi.

I setted up the PPTP server on a pfSense system.
The clients can connect to it from Windows XP with a natted ADSL Internet 
connection, but if I try with a dialup connection I get a 619 error.
I tried so setup the MTU value to 576, but I was not be able to solve the 
problem.

Could you help me, please?

Thank you very much and goodbye!
Luca.

_
Telefona con Messenger...Le chiamate ai PC sono Gratis! 
http://get.live.com/messenger/features


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] CF 1.0.1 APPARENT boot failure - RESOLVED - SUGGESTIONS

2006-11-09 Thread Tortise
Hi Holger et al

Yes, it proved to be the null modem cable - and some errant assumptions on my 
part!

May I suggest:

1) for the documentation - an addition that clarifies the differences in the CF 
card bootup sequence between Monowall and pfSense, 
as pfSense does not behave the same as Monowall (as one might have expected) - 
as the video and keyboard stop responding very early 
on, and the subsequent boot information is transferred and only available down 
the serial cable.

FreeBSD/i386 bootstrap loader, Revision 1.1
([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006)
Loading /boot/defaults/loader.conf
/



2) that just before pfSense transfers control to the serial cable that it also 
send a message to the video monitor, as suggested 
below.  (So that one might not be lead to believe the install has hung, as one 
might be tempted to believe)



FreeBSD/i386 bootstrap loader, Revision 1.1
([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006)
Loading /boot/defaults/loader.conf
/
Keyboard input and video display stopping and diverting to terminal, via COM1 
serial null modem link.
Connect to continue from there...




3) That one beep sounds when the default install comes to the first choice, so 
that the installer gets to know the boot sequence has 
completed correctly, even if they are not getting a serial output.

If it helps anyone the HyperTerminal Config (for a PC using a CF card - not an 
embedded device)  is 9600 bps.

I hope these help someone in the future!

Again, many thanks to the people involved, pfSense certainly is very good!

Kind regards David Hingston

- Original Message - 
From: "Holger Bauer" <[EMAIL PROTECTED]>
To: 
Sent: Wednesday, November 08, 2006 2:30 AM
Subject: RE: [pfSense Support] CF 1.0.1 boot failure


Maybe your nullmodemcable is not ok. You need to assign NICs first from
the console before you can use any of the interfaces (unless you are
using sis nics which are preconfigured for the embedded image). Check
your cable at another box to see if it actually is working.

Holger

> -Original Message-----
> From: Tortise [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 07, 2006 11:19 AM
> To: support@pfsense.com
> Subject: Re: [pfSense Support] CF 1.0.1 boot failure
>
> Perhaps I have a null modem connection problem as 5 beeps are
> eventually heard, suggesting it may be running up properly,
> however I can't ping any of the (3) NIC's at 192.168.1.1 as I
> presume I should be able to do on at least one?  (Using
> 192.168.1.2 255 255 255
> 0)
>
> I get no output to HyperTerminal or to Teraterm, tried
> various cables, definitely using COM1 form the motherboard
>
> H
>
>
> - Original Message -
> From: "Holger Bauer" <[EMAIL PROTECTED]>
> To: 
> Sent: Tuesday, November 07, 2006 10:48 PM
> Subject: RE: [pfSense Support] CF 1.0.1 boot failure
>
>
> The embedded images have output at com1. There won't be video output
> once it started. This is due to some embedded devices only
> having serial
> console and no video. Access your machine at com1, 9600baud using a
> terminalprogram.
>
> Holger
>
>
> 
>
> From: Tortise [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 07, 2006 8:37 AM
> To: support@pfsense.com
> Subject: [pfSense Support] CF 1.0.1 boot failure
>
>
> Hi
>
> I am trying to run pfSense from a CF card, have written images
> to various cards.  Monowall boots fine and runs from 16M CF card so it
> would seem the IDE CF reader is ok.  This is on a Pentium 166 system.
>
> With pfSense, trying a number of different CF cards 128M and
> 256M:
>
> The BTX loader seems to run OK.  Then I get:
>
> FreeBSD/i386 bootstrap loader, Revision 1.1
> ([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006)
> Loading /boot/defaults/loader.conf
> /
>
> The "/" does a couple of circles then stops...
>
> I have tried to get the serial output by connecting
> HyperTerminal to the serial port.  It seems it might be too
> early to get
> a serial output - as I do not get anything?
>
> Any guidance would be appreciated.
>
> David Hingston
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: [pfSense Support] CF 1.0.1 boot failure

2006-11-07 Thread Tortise
Perhaps I have a null modem connection problem as 5 beeps are eventually heard, 
suggesting it may be running up properly, however I 
can't ping any of the (3) NIC's at 192.168.1.1 as I presume I should be able to 
do on at least one?  (Using 192.168.1.2 255 255 255 
0)

I get no output to HyperTerminal or to Teraterm, tried various cables, 
definitely using COM1 form the motherboard

H


- Original Message - 
From: "Holger Bauer" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, November 07, 2006 10:48 PM
Subject: RE: [pfSense Support] CF 1.0.1 boot failure


The embedded images have output at com1. There won't be video output
once it started. This is due to some embedded devices only having serial
console and no video. Access your machine at com1, 9600baud using a
terminalprogram.

Holger


____

From: Tortise [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 07, 2006 8:37 AM
To: support@pfsense.com
Subject: [pfSense Support] CF 1.0.1 boot failure


Hi

I am trying to run pfSense from a CF card, have written images
to various cards.  Monowall boots fine and runs from 16M CF card so it
would seem the IDE CF reader is ok.  This is on a Pentium 166 system.

With pfSense, trying a number of different CF cards 128M and
256M:

The BTX loader seems to run OK.  Then I get:

FreeBSD/i386 bootstrap loader, Revision 1.1
([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006)
Loading /boot/defaults/loader.conf
/

The "/" does a couple of circles then stops...

I have tried to get the serial output by connecting
HyperTerminal to the serial port.  It seems it might be too early to get
a serial output - as I do not get anything?

Any guidance would be appreciated.

David Hingston



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[pfSense Support] CF 1.0.1 boot failure

2006-11-07 Thread Tortise



Hi 
 
I am trying to run pfSense from a CF card, have written images 
to various cards.  Monowall boots fine and runs from 16M CF card so it 
would seem the IDE CF reader is ok.  This is on a Pentium 166 
system.
 
With pfSense, trying a number of different CF cards 128M and 
256M:
 
The BTX loader seems to run OK.  Then I get:
 
FreeBSD/i386 bootstrap loader, Revision 1.1([EMAIL PROTECTED], 
Sunday Oct 29 01:30:00 UTC 2006)Loading 
/boot/defaults/loader.conf/
 
The "/" does a couple of circles then stops...
 
I have tried to get the serial output by connecting 
HyperTerminal to the serial port.  It seems it might be too early to get a 
serial output - as I do not get anything?
 
Any guidance would be appreciated.
 
David Hingston


[pfSense Support] Minimium Hardware 96 MRAM?

2006-11-04 Thread Tortise



Hi
 
I note the min RAM is said to be 128M
 
I've been running pfSense on a 
Pentium 133 with 96M of RAM for many months, including with one VPN 
interface.
 
The CPU runs at about 10-25% and 
the Memory about 50%.

This may be of 
interest!
 
Kind regardsDavid Hingston 
Chequers SoftwareNew Zealandhttp://www.cheqsoft.com/contact.htmlThe 
information in this email and in any attachment (s) is confidential and may be 
legally privileged. If you are not the named addressee's) or if you receive this 
email in error then any distribution, copying or use of this communication or 
the information in it is strictly prohibited. Please notify the sender 
immediately by return email and then delete the message from your computer. 
Thank you for your 
assistance.




  1   2   >