Re: [pfSense Support] 1.2.3-Release - minor user protection improvement suggestion?
- Original Message - From: "Tortise" To: Sent: Saturday, October 16, 2010 3:56 PM Subject: [pfSense Support] 1.2.3-Release - minor user protection improvement suggestion? I had a network problem, turns out I had assigned 2 devices to the same IP using the DHCP server. Usually pfSense checks most things and tells me when I stuff up, but on this occasion it did not. I'm pretty sure it checks for duplicate MAC addresses, should it check for duplicate IP's also? Yeah I should have noticed, but for some reason I didn't see it. I can edit an entry to use a duplicate IP and it accepts it. OK found the reason for this: "Relax the ip address check and allow duplicate ip address entries which allows fr example a wireless card and a ethernet card on a laptop to share the same ip address" as posted at http://blog.pfsense.org/?author=2&paged=3 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 1.2.3-Release - minor user protection improvement suggestion?
I had a network problem, turns out I had assigned 2 devices to the same IP using the DHCP server. Usually pfSense checks most things and tells me when I stuff up, but on this occasion it did not. I'm pretty sure it checks for duplicate MAC addresses, should it check for duplicate IP's also? Yeah I should have noticed, but for some reason I didn't see it. I can edit an entry to use a duplicate IP and it accepts it. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: multi-wan, multi-lan security
- Original Message - From: "Dave Warren" To: Sent: Saturday, August 07, 2010 5:58 PM Subject: [pfSense Support] Re: multi-wan, multi-lan security In message Tortise was claimed to have wrote: - Original Message - From: "Dave Warren" To: Sent: Saturday, August 07, 2010 4:51 PM Subject: [pfSense Support] Re: multi-wan, multi-lan security In message <24b7224eff7c4e19b1a43fd4df416...@dp2000xp> Tortise was claimed to have wrote: My ISP advised us not use common private LAN addresses for this (common problem) reason. (I now use randomly generated addresses) I do hope you never need to contact the legitimate owner of whatever IPs you're using... Personally, if my provider gave me such advice (not just a single rep, but the provider's official policy) I'd find competent provider. Woops - sorry for being misleading. I meant (and use) random numbers taken from within the private address ranges. (10.x.x.x etc) In that case, excellent advice and one I would absolutely agree with. I'm possibly overly sensitive on this particular issue just because I'm tired of dealing with it professionally, one of $DAYJOB's partners used to give out advice like this and we spent untold hours cleaning up. I hope no offense was taken, certainly none was intended on my part and if I came across to harshly, I do apologize. Hey no worries, I accept I could have been a little less ambiguous, dangerous to assume anything when communicating...! An interesting discussion. I was using random numbers to minimise the risk of arp poisoning, a dead connection is best avoided! The comments about minimal increased security from using random nos (within private network ranges!) was not on my mind however its food for thought. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Re: multi-wan, multi-lan security
- Original Message - From: "Dave Warren" To: Sent: Saturday, August 07, 2010 4:51 PM Subject: [pfSense Support] Re: multi-wan, multi-lan security In message <24b7224eff7c4e19b1a43fd4df416...@dp2000xp> Tortise was claimed to have wrote: My ISP advised us not use common private LAN addresses for this (common problem) reason. (I now use randomly generated addresses) I do hope you never need to contact the legitimate owner of whatever IPs you're using... Personally, if my provider gave me such advice (not just a single rep, but the provider's official policy) I'd find competent provider. Woops - sorry for being misleading. I meant (and use) random numbers taken from within the private address ranges. (10.x.x.x etc) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] multi-wan, multi-lan security
- Original Message - From: "Chris Buechler" To: Sent: Saturday, August 07, 2010 2:09 PM Subject: Re: [pfSense Support] multi-wan, multi-lan security On Fri, Aug 6, 2010 at 9:37 PM, Tortise wrote: - Original Message - From: "Nathan Eisenberg" To: Sent: Saturday, August 07, 2010 12:50 PM Subject: RE: [pfSense Support] multi-wan, multi-lan security Say I'm not being routed a /24. Say I'm on Comcast and I have a 192.168.0.0/24 LAN. The problem is now even bigger: your carrier, their carrier, and Comcast won't route 192.168.0.0/24. I think that is the theory however in practice I'm not so sure. It doesn't take much to, for example, accidentally connect a LAN to the net and suddenly...with some else doing the same...I think the private LAN becomes public and pretty sick pretty quickly also... Maybe Comcast can control for this but I doubt all ISP's do? My ISP advised us not use common private LAN addresses for this (common problem) reason. (I now use randomly generated addresses) There are good reasons to use uncommon subnets, primarily because it eases connecting with other networks without hacks like NAT, but that's not among them. What subnet you use internally has no relevance to your ISP. The risk isn't in the private subnet leaking out to WAN unless you're talking about the ARP poisoning possibility, or the fact if you do that on a medium like cable any of the thousands on your segment could easily join your LAN (even inadvertently if that also brings your internal DHCP server onto the ISP network, but that is likely to either be blocked by the ISP or get you cut off very quickly once it happens). An obscure subnet wouldn't matter in that scenario, everyone on the segment would see what your subnet is. - Yes I was referring to ARP poisoning and my cable connection experience which is the reason for the random (obscure) LAN subnet range selection... It just seemed an example of a situation that was outside the example posed where it was suggested there was no risk, when there may be? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] multi-wan, multi-lan security
- Original Message - From: "Nathan Eisenberg" To: Sent: Saturday, August 07, 2010 12:50 PM Subject: RE: [pfSense Support] multi-wan, multi-lan security Say I'm not being routed a /24. Say I'm on Comcast and I have a 192.168.0.0/24 LAN. The problem is now even bigger: your carrier, their carrier, and Comcast won't route 192.168.0.0/24. I think that is the theory however in practice I'm not so sure. It doesn't take much to, for example, accidentally connect a LAN to the net and suddenly...with some else doing the same...I think the private LAN becomes public and pretty sick pretty quickly also... Maybe Comcast can control for this but I doubt all ISP's do? My ISP advised us not use common private LAN addresses for this (common problem) reason. (I now use randomly generated addresses) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] multi-wan, multi-lan security
- Original Message -
From: "Chris Buechler"
To:
Sent: Thursday, August 05, 2010 6:01 PM
Subject: Re: [pfSense Support] multi-wan, multi-lan security
Doing VLANs properly all on one switch is probably pretty safe if done
right (biggest risk in those kind of setups is accidental
misconfiguration). I wouldn't do it though, managed switches are too
cheap to not physically segment your internal and external networks.
Hi Chris,
Do you mind if I ask you re-express the last sentence please, ("I wouldn't do it though, managed switches are too cheap to not
physically segment your internal and external networks. ") I am having trouble gleaning what I think is your intended meaning. Too
cheap doesn't seem an adequate justification in itself, if that is what you intend?
-
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VPN LAN TO LAN
- Original Message - From: Tim Dickson To: support@pfsense.com Sent: Saturday, April 03, 2010 5:36 PM Subject: RE: [pfSense Support] VPN LAN TO LAN Errr.. After all that - forgot to change the TO: . sorry list! Well I for one appreciate your comments and advice cause this is where probably many of us advance our learning so thank you! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PPTP Connected?
- Original Message - From: "Chris Buechler" To: Sent: Tuesday, March 30, 2010 10:41 PM Subject: Re: [pfSense Support] PPTP Connected? On Tue, Mar 30, 2010 at 5:39 AM, Tortise wrote: Hi Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can connect remotely however I still cannot "connect" with anything on the LAN. I think the issue is the IP assigned to remote connections is remotely said to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address assigned seems OK. That's normal. You're probably missing a firewall rule on the PPTP tab. With a bit of list help it seems not so much a missing rule, but rather a rule that was too tight. The rule says "Hint: in most cases, you should specify TCP here." It seems somewhat more than the TCP rule is required in my case. I'll do some more testing to clarify which is required, however "*" works well of course! If anyone wants to know more of what I find works then let me know. Btw it makes me wonder if the rules tightened up in a recent version here, as this used to work with the TCP rule on its own in the past? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PPTP Connected?
- Original Message - From: "Chris Buechler" To: Sent: Tuesday, March 30, 2010 10:41 PM Subject: Re: [pfSense Support] PPTP Connected? On Tue, Mar 30, 2010 at 5:39 AM, Tortise wrote: Hi Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can connect remotely however I still cannot "connect" with anything on the LAN. I think the issue is the IP assigned to remote connections is remotely said to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address assigned seems OK. That's normal. You're probably missing a firewall rule on the PPTP tab. There is a pass * rule under the PPTP VPN firewall tab for TCP, perhaps it should be "all"? I'd have thought TCP would allow browsing on the LAN web servers though, which fails. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] PPTP Connected?
Hi Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can connect remotely however I still cannot "connect" with anything on the LAN. I think the issue is the IP assigned to remote connections is remotely said to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address assigned seems OK. Can someone guide me from here? No Radius or WINS server is involved. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Bottleneck for some reason?
- Original Message - From: "Robert Mortimer" To: Sent: Friday, February 05, 2010 10:20 PM Subject: Re: [pfSense Support] Bottleneck for some reason? =Traffic shaping enabled? Yes! OK now disabled, that's doubled it to 8Mbps. As its evening here it might be high traffic cutting it down from 10 to 8, I'll try again during a lower demand time. Thanks Chris. Out of interest wouldn't a larger CPU increase the shapers limits? (there was little difference in the 400 and 500, I would have expected some difference?) Last test from http://www.nzdsl.co.nz/ was 9.5Mbps, so I guess that's the answer. (Looks to read book's traffic shaper section) From my memory you tell the shaper the bandwidth of your connection it order for it to work. As a result the value set here is you upper limit regardless of CPU qwanroot 0 No 2000 Kb qwanRoot qlanroot 0 No 4000 Kb qlanRoot Now that seems significant. It is such a long time ago since I ran that wizard I'd forgotten that bit! Thanks guys. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Bottleneck for some reason?
- Original Message - From: "Chris Buechler" To: Sent: Friday, February 05, 2010 10:02 PM Subject: Re: [pfSense Support] Bottleneck for some reason? On Fri, Feb 5, 2010 at 3:52 AM, Tortise wrote: I had a P 500 III CPU with 1G of RAM and now a P 400II with 756M RAM running embedded (512M CF) 1.2.3 and three Intel 1000GT's. One WAN, Two LAN. LAN 2 is LAN1 10.a.b+1.c.d. (/24), both performed much the same. The cable download speed has just been upgraded from 4MBps to 10Mbps however downloads on pfSense are still limited to 4Mbps, despite several modem power cycles. A notebook direct connected to the cable modem does indeed get 10Mbps suggesting pfsense is the bottleneck. The book and http://doc.pfsense.org/index.php/Hardware_requirements suggest to me I should be getting 20-40Mbps throughput. Can anyone suggest how I can investigate from here? =Traffic shaping enabled? Yes! OK now disabled, that's doubled it to 8Mbps. As its evening here it might be high traffic cutting it down from 10 to 8, I'll try again during a lower demand time. Thanks Chris. Out of interest wouldn't a larger CPU increase the shapers limits? (there was little difference in the 400 and 500, I would have expected some difference?) Last test from http://www.nzdsl.co.nz/ was 9.5Mbps, so I guess that's the answer. (Looks to read book's traffic shaper section) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Bottleneck for some reason?
I had a P 500 III CPU with 1G of RAM and now a P 400II with 756M RAM running embedded (512M CF) 1.2.3 and three Intel 1000GT's. One WAN, Two LAN.LAN 2 is LAN1 10.a.b+1.c.d. (/24), both performed much the same. The cable download speed has just been upgraded from 4MBps to 10Mbps however downloads on pfSense are still limited to 4Mbps, despite several modem power cycles. A notebook direct connected to the cable modem does indeed get 10Mbps suggesting pfsense is the bottleneck. The book and http://doc.pfsense.org/index.php/Hardware_requirements suggest to me I should be getting 20-40Mbps throughput. Can anyone suggest how I can investigate from here? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] VLAN Setup
- Original Message - From: "Fabian Abplanalp" To: Sent: Sunday, January 10, 2010 1:50 PM Subject: [pfSense Support] VLAN Setup Sawadeekap Question... I have currently a LAN with 2 VLANs (default and VLAN99 for a guest WLAN). Default uses pfSense with portforwarding etc., the VLAN99 uses a separate pfSense ALIX with its own LAN Subnet and WAN address. Would it be possible to run all this on the same pfSense box? Setup: VLAN1 (default) 172.22.0.0/16 -> LAN Interface pfSense Box1 -> WAN x.y.z.34 VLAN99 (guests) 192.168.x.0/24 -> LAN Interface with VLAN99 pfSense Box2 -> WAN x.y.z.35 Of course I want the VLAN99 to use another (VirtualIP?) for outgoing, because I don't want guests to make the public IP of VLAN1 "dirty"... Thanks for any suggestions. Fabian - I don't see a managed switch in here - is there one? I thought a managed switch was a pre-requisite for VLAN's, as is one pfSense box (or equivalent). The very helpful definitive guide to pfSense details VLAN setup, which to my reading would help you. To my mind it is really essential reading for most pfSense users, unless they have vast FreeBSD experience... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Wake On LAN - Now Works on 1.2.3 Embedded!
- Original Message - From: "Chris Weakland" To: Sent: Sunday, December 13, 2009 4:40 AM Subject: Re: [pfSense Support] Wake On LAN - Now Works on 1.2.3 Embedded! Also if ur nic is a pci or pcie nic the wol cable must be connected to the motherboard header for it to work with wol. Chris I just tried WOL using an Intel 1000GT PCI NIC, (using no wol cable between the NIC and the motherboard) and it works fine. The tested motherboard is a GA-EP31-DS3L, which (sadly) does not have WOL in the BIOS. Certainly many NIC's and motherboards will need those cables, clearly not always. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Wake On LAN - Now Works on 1.2.3 Embedded!
- Original Message - From: "Chris Buechler" To: Sent: Tuesday, December 01, 2009 8:57 PM Subject: Re: [pfSense Support] Wake On LAN On Tue, Dec 1, 2009 at 2:53 AM, Tortise wrote: Somehow I cannot get magic packets to awaken any PC on a pfSense LAN. I don't get it. Some motherboard BIOS seem to have WOL and others don't. Even the ones I have that are said to have it cannot be awoken as best I can tell! I have tried an Intel GT1000 with WOL functionality. I can get Boot on LAN to work OK, WOL seems a mystery! It is not clear to me the state that a PC to be awoken in is, I expected that the ATX power supplies would allow the PC to awaken when the right packets are sent however I am wondering if what is needed is a PC in a suspended state - or something else? Just need a WOL-enabled NIC, and to have WOL turned on in the BIOS. If you have an onboard NIC, it should be as simple as enabling it in the BIOS. As long as the machine is plugged in, it'll wake. With add-in NICs you need a WOL cable from the NIC to the motherboard, that can complicate things. - Well I had already done all that and it still didn't work, that was using 1.2.3 RC1 embedded. (3 NIC's, one WAN, two LAN) I now wish I had set up a sniffer to see if magic packets were actually going out I just upgraded to 1.2.3 and thought I'd fire off a few magic packets for funand just as well I was sitting on my chair, the other PC's had fired into life! Only thing that had really changed was the pfSense version! (That means the motherboard BIOS was already enabled for each on board NIC on the couple of Pentium 3000 class boxes I had tried) Curious that I couldn't find any updates about this, anyway others might find it works now? Thank you for the posters on this topic, it seems it may have proved a useful thread for some... In addition to what Chris said above I understand that some NIC's do not need an additional WOL cable for WOL, e.g. Intel 1000GT which are WOL capable and have no cable connection! I hate having to get some more 512M plus CF cards but accept there are excellent reasons for this! Looking forward to checking out some more embedded stuff. I'd suggested the other half give me the pfsense book for Christmas in the hope I might learn some useful stuff about VLAN's etc, even if I don't learn anything I am pleased the other half is contributing to support pfSense! Happy Christmas all! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Wake On LAN
Somehow I cannot get magic packets to awaken any PC on a pfSense LAN. I don't get it. Some motherboard BIOS seem to have WOL and others don't. Even the ones I have that are said to have it cannot be awoken as best I can tell! I have tried an Intel GT1000 with WOL functionality. I can get Boot on LAN to work OK, WOL seems a mystery! It is not clear to me the state that a PC to be awoken in is, I expected that the ATX power supplies would allow the PC to awaken when the right packets are sent however I am wondering if what is needed is a PC in a suspended state - or something else? Any guidance or links would be appreciated please! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Multiple Filenames for Diskless Boot On LAN
- Original Message - From: "Seth Mos" To: Sent: Tuesday, October 27, 2009 8:08 PM Subject: Re: [pfSense Support] Multiple Filenames for Diskless Boot On LAN tort...@paradise.net.nz schreef: Hi Can multiple file names be specified for diskless boot on LAN functionality in pfSense on the same LAN? (e.g. thin clients and fat clients from same or different servers on same LAN) No, this is not possible. Regards, Seth Thanks Seth Mmm well one can still do it one per LAN. I wonder if using VLANs might give more scope? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Multiple Filenames for Diskless Boot On LAN
Hi Can multiple file names be specified for diskless boot on LAN functionality in pfSense on the same LAN? (e.g. thin clients and fat clients from same or different servers on same LAN)
Re: [pfSense Support] 440BX Chipset
Thanks Pete Maybe its not the chipset that's the problem. Which image are you running? HHD? Embedded? Kind regards David - Original Message - From: "Pete Boyd" To: Sent: Monday, April 27, 2009 6:03 AM Subject: Re: [pfSense Support] 440BX Chipset > Is anyone using pfSense on a motherboard with the 440BX chipset? > > Does your CPU use drop to zero? A bug is suspected with this chipset and > FreeBSD. This is with pfSense 1.2.2: # dmesg | grep BX agp0: on hostb0 # /sbin/sysctl -n kern.cp_time 17989 175578 582310 281810 55059119 # /sbin/sysctl -n kern.cp_time 17990 175603 582383 281815 55060304 # /sbin/sysctl -n kern.cp_time 17990 175603 582386 281815 55060473 # /sbin/sysctl -n kern.cp_time 17991 175603 582386 281815 55060609 # /sbin/sysctl -n kern.cp_time 17993 175603 582387 281815 55060729 # /sbin/sysctl -n kern.cp_time 17995 175603 582387 281815 55060862 -- Pete Boyd Open Plan IT - http://openplanit.co.uk The Golden Ear - http://thegoldenear.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] 440BX Chipset
Interesting thanks Jim, I note for me it is 440 BX and not 440BX!: pfSense:~# dmesg | grep 440 pcib0: pcibus 0 on motherboard Kind regards David - Original Message - From: "Jim Pingle" To: Sent: Saturday, April 25, 2009 12:11 PM Subject: Re: [pfSense Support] 440BX Chipset Tortise wrote: > Is anyone using pfSense on a motherboard with the 440BX chipset? > > Does your CPU use drop to zero? A bug is suspected with this chipset and > FreeBSD. > > The bug is evident when running > > /sbin/sysctl -n kern.cp_time > > successively from the command prompt reports the same non-incrementing > numbers. > > Positive and negative reports would be appreciated. # dmesg | grep 440BX ACPI APIC Table: # /sbin/sysctl -n kern.cp_time 29192 66135 337891 13623 44026017 # /sbin/sysctl -n kern.cp_time 29198 66135 337904 13624 44026271 # /sbin/sysctl -n kern.cp_time 29199 66135 337905 13624 44026491 # /sbin/sysctl -n kern.cp_time 29200 66135 337906 13624 44026705 # /sbin/sysctl -n kern.cp_time 29200 66135 337908 13624 44026913 # /sbin/sysctl -n kern.cp_time 29200 66137 337931 13625 44036089 NB: This is a dual CPU Intel LG440BX board with 2xPIII-800. The consumer version may behave differently, but I don't believe I still have any of those in place anywhere. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 440BX Chipset
Is anyone using pfSense on a motherboard with the 440BX chipset? Does your CPU use drop to zero? A bug is suspected with this chipset and FreeBSD. The bug is evident when running /sbin/sysctl -n kern.cp_time successively from the command prompt reports the same non-incrementing numbers. Positive and negative reports would be appreciated. Kind regards David - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Internet at the lake? Rogers MobileInternetStick (Rocket) with pfSense?
"Actually the best 3G router option I've found is an Alix 6b2. It has a miniPCI Express slot you can use for the cellular connection (no miniPCI solutions exist AFAIK) /" Would the Dell 3G Mini PCI Express modules used in their notebooks work? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Internet at the lake? Rogers Mobile InternetStick (Rocket) with pfSense?
Check out the Linksys wrt54g3g which I use with a 3G XU870, (cheap 2nd hand) works well for portable Internet connections for a battery of wireless notebooks. It runs from 12V so car battery power is also an option. The code is open source and published by Linksys, whether that makes the drivers accessible I am not sure. Kind regards David - Original Message - From: "Chris Buechler" To: Sent: Friday, March 27, 2009 4:51 PM Subject: Re: [pfSense Support] Internet at the lake? Rogers Mobile InternetStick (Rocket) with pfSense? On Thu, Mar 26, 2009 at 10:09 AM, Vick Khera wrote: > > When we were at BSDCon in DC last month, the local wifi provided was > over a shared connection built this way by hand using an OpenBSD > laptop as the gateway to the verizon network via usb stick. It worked > quite well for the first day :-) > The "first day" part is key there. :) It fell apart after that. pfSense doesn't support any 3G devices. The driver support on FreeBSD in our experience is somewhere between poor and non-existent depending on the card. The cards with driver support tend to be old ones you can't get new anymore. 3G requires PPP support as it's functionally virtually identical to a POTS dial up modem. PPP dial up support may appear in 2.0. 3G drivers is a bigger problem. There are some boxes that'll output 3G to Ethernet in some fashion (router generally), but they aren't cheap. $200-300 USD if I recall. That may be the best bet. One caveat though - don't know how it is in .ca but most providers here in the US will limit you to 5 GB and charge an exorbitant amount per MB above that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: SV: [pfSense Support] sip nat
What is BADASS and what are you saying here? It seems to be mixed messages and not consistent to me. I'd like to understand what it is that you understand please. Kind regards David - Original Message - From: Chris Flugstad To: support@pfsense.com Sent: Thursday, March 19, 2009 7:43 AM Subject: Re: SV: [pfSense Support] sip nat I use Linksys SPA 921 which do a BADASS job of going over NAT. They have a good "keep alive" function that keeps them nice and cozy behind a nat. We use them for our hosted pbx product and havent had any problems. Chris Flugstad Cascadelink 900 1st ave s, suite 201a seattle, wa 98134 p: 206.774.3660 | f: 206.577.5066 ch...@cascadelink.com and...@fiberby.dk wrote: Hi Chris Thanks for the quick response. I already tested it, and that solved my problem. But your probably also right when you say that it won't fix the actual problem: SIP does not like NAT. Keep up the good work... Kind regards Anders -Oprindelig meddelelse- Fra: cbuech...@gmail.com [mailto:cbuech...@gmail.com] På vegne af Chris Buechler Sendt: 18. marts 2009 16:03 Til: support@pfsense.com Emne: Re: [pfSense Support] sip nat Nearly always, rewriting source port on SIP breaks it so it's not done by default. Enable AON and it will be. On Wed, Mar 18, 2009 at 6:11 AM, wrote: Hi I know this issue have been raised before, but I haven't really found a satisfying answer, so here I go again... My problem is related to sip-nat. I'm running a network with approximately 2000 home users. I have choosen pfsense back in the 1.0.1 days, and is still very satisfied with it's performance and stability. At the moment I have four machines running pfsense. One working as router only (disabled the firewall under advanced). - pfsense v. 1.2 Two working as nat-routers for Internet-access. - pfsense v. 1.2 One working as a nat-router for Audiocodes MP124 sip boxes. - pfsense v. 1.0.1 When pfsense 1.2 came out, I upgraded every machine. But quickly I had to roll the "sip-router" back to 1.0.1, since it stopped rewriting the source port for the MP124 boxes. My problem is that many costumers choose to set up there own sip-boxes on the internet-connection, and therefore get connected with one of the routers thats running pfsense 1.2. And it just does not rewrite the source port, and as a result of that only one sip-box per provider gets connected. As soon as I throw them on another vlan, so they get connected to the machine running pfsense 1.0.1, it rewrites the ports just fine, and I can have as many boxes from the same provider behind one single public ip. Does anyone have an explanation to this behavior, or even better, a solution!? Kind regards Anders Dahl - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Minor text change suggestion - OpenNTPD
Hi On the OpenNTPD page I suggest the text be changed from "Select the interface the NTP server will listen on." "Select the interface(s) the NTP server will listen on." I assume this minor change more accurately describes that pfsense seems to be able to serve NTP on multiple LAN interfaces. (And I guess is a veiled question that my assumption is correct?!) Kind regards David - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Possible to boot pfSense with WAN interface down?
Hi Marty There will be a boot file that you can append the ifconfig command to, to take the WAN down on reboot. This file would need to be watched for change if upgrading, for example if using a later CF image. With alternative network dial in access you may be able to trigger pfsense to boot of there is WOL capability built in the pfsense PC BIOS and LAN. Have you also considered using a VPN in and keeping pfsense otherwise closed? Kind regards David - Original Message - From: Marty Nelson To: support@pfsense.com Sent: Wednesday, January 28, 2009 10:06 AM Subject: [pfSense Support] Possible to boot pfSense with WAN interface down? Greetings all. I have a customer who's putting in a DSL line for us to be able to better support them (we're currently dialing in). In doing so, they are somewhat breaking their corporate rules. Even with their current dial in setup, we have to call them and tell them to plug it in when we want access. Well now with the DSL line going in, even though I'm throwing pfSense in, they are now even more concerned with security. What I was wondering was if it was possible to have pfSense start with the WAN interface down so that we could then call them -> dial in -> connect to pfSense and manually fire up the WAN interface. As far as I can tell, I can issue an ifconfig fxp1 down command from the web interface (or by sshing in), but should the machine be rebooted the interface starts up automatically. Is what I'm looking for do-able? Thanks! -Marty
[pfSense Support] Dell XPS R400 Pentium 400 II and IDE / CF Read error
Hi I was given a couple of the above boxes, the 8G HDD's are noisy yet run pfSense fine. The rest of the boxes are quiet with largish CPU heatsinks instead of typically noisy CPU fans. I was hoping they would become nice quiet boxes running pfSense on IDE / CF drives. I connected up some IDE CF adapters expecting these to simply run, and find they boot straight into a read error. I tried pfSense 1.01 and 1.20.2. FreeNAS also has the same read error shown. They have the latest Dell A13 BIOS and both behave the same, two quite different CF / IDE adapters also give same result. The Linux DD-WRT boots fine using CF / IDE. Googling did not find me anything of any help on this. Anyone know anything about this, I suppose this is a BIOS incompatibility with FreeBSD and they are not going to work as I had hoped? Kind regards David Hingston
Re: [pfSense Support] WinSCP and Port 223 - SFTP
Thanks Chris Yes I had got that far thanks, it was more detailing the symptoms. I'll check the WAN side access again, when I can, from a couple of locations, which are the ones of concern to me. My recollection was that it did the same, will get back to you if I confirm this. Kind regards David - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Sunday, August 03, 2008 1:12 PM Subject: Re: [pfSense Support] WinSCP and Port 223 - SFTP On Sat, Aug 2, 2008 at 9:06 PM, Tortise <[EMAIL PROTECTED]> wrote: > Chris > > I am not sure what you are getting at, I think so. (how else?) > Meaning you're connecting to a port forward using the outside IP from your LAN interface. NAT reflection is a kludge, I would suggest just directly connecting, not relying on bouncing through the firewall. It's probably caused by something to do with NAT reflection. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] WinSCP and Port 223 - SFTP
Chris I am not sure what you are getting at, I think so. (how else?) David - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Sunday, August 03, 2008 12:43 PM Subject: Re: [pfSense Support] WinSCP and Port 223 - SFTP On Sat, Aug 2, 2008 at 7:15 PM, Tortise <[EMAIL PROTECTED]> wrote: > Re: Any chance your rule is doing OS detection? > > Gosh I thought you were joking, however wise to first check the rule, bearing > in mind your responses are invariably well founded, > sure enough the ability to limit the OS is there(!), however its set to > "any". The rule is a standard TCP pass Port 223, nothing > special otherwise. > > The connection is also made, just loses it again within seconds. If one sets > up a file transfer before it disconnects the > transfer > completes. You relying on NAT reflection? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] WinSCP and Port 223 - SFTP
Re: Any chance your rule is doing OS detection? Gosh I thought you were joking, however wise to first check the rule, bearing in mind your responses are invariably well founded, sure enough the ability to limit the OS is there(!), however its set to "any". The rule is a standard TCP pass Port 223, nothing special otherwise. The connection is also made, just loses it again within seconds. If one sets up a file transfer before it disconnects the transfer completes. Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] WinSCP and Port 223 - SFTP
Thanks Bill
WAN side for me meant a Path of:
Client WinSCP ("WAN side") => Internet => pfSense / NAT => LAN Server
LAN side was indirect, however to me should still work and has done in the past
Client WinSCP on LAN directed to pfSense WAN IP => NAT => LAN Server
Kind regards
David Hingston
- Original Message -
From: "Bill Marquette" <[EMAIL PROTECTED]>
To:
Sent: Sunday, August 03, 2008 10:00 AM
Subject: Re: [pfSense Support] WinSCP and Port 223 - SFTP
On Sat, Aug 2, 2008 at 5:28 AM, Tortise <[EMAIL PROTECTED]> wrote:
> Hi
>
> When I run a connection thru pfSense (1.2 CF) almost immediately following
> successful connection WinSCP loses the connection with an "Server
> unexpectedly closed network connection" error message. Happens with client
> LAN side and WAN side.
WAN side...as in, pfSense isn't in the path of the traffic anymore?
{Deleted}
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] WinSCP and Port 223 - SFTP
Hi When I run a connection thru pfSense (1.2 CF) almost immediately following successful connection WinSCP loses the connection with an "Server unexpectedly closed network connection" error message. Happens with client LAN side and WAN side. Logs add little that I can see. Running the same directly over the LAN is exempt this problem. Trying "FTP RFC 959 data port violation workaround" makes no difference. Does this make any sense to someone? Is pfSense causing this? Kind regards David Hingston
Re: [pfSense Support] alix (any verison) on a CF harddisk - full version ?
re: I know there are a number of end users running full installs on CF and I haven't heard of any of them killing a CF either. Theoretically the card should die in less than a year To me the card is not so likely as to die wholesale as it is to have sectors die here and there. These deaths may be much less obvious, especially with most of the OS running in RAM. How much disk handling of errors does FreeBSD cope with? It seems to me it may be prudent to have some sort of automated CF scan should be done checking its memory spaces. Should we CF users add a cron job for something to proactively pick up errors? Kind regards David Hingston - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Friday, July 25, 2008 4:05 AM Subject: Re: [pfSense Support] alix (any verison) on a CF harddisk - full version ? On Thu, Jul 24, 2008 at 7:53 AM, Eugen Leitl <[EMAIL PROTECTED]> wrote: > On Thu, Jul 24, 2008 at 09:31:29PM +1000, digger wrote: > >> The end result is I can confirm that the full version does happily run >> on a CF card and ALIX board. > > If this is a consumer flash device mounted r/w probability of failure > will go up considerably after half a year, or so. > This is technically correct, but we have several developers who run full installs on run of the mill CF cards and have yet to kill a single one. but I know of installs running much longer than that with no problems. Just be aware that this is a possibility. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] How to deal with this?
What cable modems are these? (Brand and model) Why not use static IP's? There is custom code on the list associated with pings failing, giving an opportunity to run some code Kind regards David Hingston - Original Message - From: "B. Cook" <[EMAIL PROTECTED]> To: Sent: Friday, July 04, 2008 1:29 AM Subject: [pfSense Support] How to deal with this? Hello All, I have a few PfSense boxes around connected to cable modems. There have been quite a few storms in our area the past few days, and while UPSs have kept networking equipment alive and working, the cable companies modems have lost cable sync for a few hours. The dhcp lease expired and left us with no remote ip. After the cable came back up the pfsense boxes had no IP still. Since the fxp0 interface attached to the cable never lost connectivity with the modem we had to send people out and issue commands (killall -9 dhclient && dhclient fxp0) and then all was well. Short of rebooting the box, or having someone 'technical' on hand.. Is this an issue that anyone might want to think about? thanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPTP User Error 1.2 CF
Maybe spoke too soon, This is also logged following adding and taking away a new PPTP user: May 25 20:23:24 last message repeated 2 times May 25 20:23:39 php: /sajax/index.sajax.php: [DEBUG] Lock recursion detected. Kind regards David Hingston > I got the following when adding a PPTP user: > > Fatal error: Cannot create references to/from string offsets nor overloaded > objects in /etc/inc/xmlparse.inc on line 57 > > It then reloaded a backup of the XML, and it seems the user was added, yet > to be confirmed. > > Is this any help to know? Is it something you can replicate? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPTP User Error 1.2 CF
Mmmm Haven't managed it so far, will keep an eye out for it. Log entries appended, if that is any help? Also is there a minimum no of characters for the password, a 5 digit one was input. Kind regards David Hingston > I got the following when adding a PPTP user: > > Fatal error: Cannot create references to/from string offsets nor overloaded > objects in /etc/inc/xmlparse.inc on line 57 > > It then reloaded a backup of the XML, and it seems the user was added, yet > to be confirmed. > > Is this any help to know? Is it something you can replicate? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] May 22 21:07:42 mpd: [pt15] using interface ng16 May 22 21:07:42 mpd: [pt15] ppp node is "mpd14078-pt15" May 22 21:07:42 mpd: [pt14] using interface ng15 May 22 21:07:42 mpd: [pt14] ppp node is "mpd14078-pt14" May 22 21:07:42 mpd: [pt13] using interface ng14 May 22 21:07:42 mpd: [pt13] ppp node is "mpd14078-pt13" May 22 21:07:42 mpd: [pt12] using interface ng13 May 22 21:07:42 mpd: [pt12] ppp node is "mpd14078-pt12" May 22 21:07:42 mpd: [pt11] using interface ng12 May 22 21:07:42 mpd: [pt11] ppp node is "mpd14078-pt11" May 22 21:07:42 mpd: [pt10] using interface ng11 May 22 21:07:42 mpd: [pt10] ppp node is "mpd14078-pt10" May 22 21:07:42 mpd: [pt9] using interface ng10 May 22 21:07:42 mpd: [pt9] ppp node is "mpd14078-pt9" May 22 21:07:42 mpd: [pt8] using interface ng9 May 22 21:07:42 mpd: [pt8] ppp node is "mpd14078-pt8" May 22 21:07:42 mpd: [pt7] using interface ng8 May 22 21:07:42 mpd: [pt7] ppp node is "mpd14078-pt7" May 22 21:07:42 mpd: [pt6] using interface ng7 May 22 21:07:42 mpd: [pt6] ppp node is "mpd14078-pt6" May 22 21:07:42 mpd: [pt5] using interface ng6 May 22 21:07:42 mpd: [pt5] ppp node is "mpd14078-pt5" May 22 21:07:42 mpd: [pt4] using interface ng5 May 22 21:07:42 mpd: [pt4] ppp node is "mpd14078-pt4" May 22 21:07:42 mpd: [pt3] using interface ng4 May 22 21:07:42 mpd: [pt3] ppp node is "mpd14078-pt3" May 22 21:07:42 mpd: [pt2] using interface ng3 May 22 21:07:42 mpd: [pt2] ppp node is "mpd14078-pt2" May 22 21:07:42 mpd: [pt1] using interface ng2 May 22 21:07:42 mpd: [pt1] ppp node is "mpd14078-pt1" May 22 21:07:41 mpd: [pt0] using interface ng1 May 22 21:07:41 mpd: mpd: local IP address for PPTP is 0.0.0.0 May 22 21:07:41 mpd: [pt0] ppp node is "mpd14078-pt0" May 22 21:07:41 mpd: mpd: pid 14078, version 3.18 ([EMAIL PROTECTED] 12:32 6-Jan-2008) May 22 21:07:40 mpd: mpd: process 577 terminated May 22 21:07:38 mpd: [pt15] IFACE: Close event May 22 21:07:38 mpd: [pt15] IPCP: Down event May 22 21:07:38 mpd: [pt14] IFACE: Close event May 22 21:07:38 mpd: [pt14] IPCP: Down event May 22 21:07:38 mpd: [pt13] IFACE: Close event May 22 21:07:38 mpd: [pt13] IPCP: Down event May 22 21:07:38 mpd: [pt12] IFACE: Close event May 22 21:07:38 mpd: [pt12] IPCP: Down event May 22 21:07:38 mpd: [pt11] IFACE: Close event May 22 21:07:38 mpd: [pt11] IPCP: Down event May 22 21:07:38 mpd: [pt10] IFACE: Close event May 22 21:07:38 mpd: [pt10] IPCP: Down event May 22 21:07:38 mpd: [pt9] IFACE: Close event May 22 21:07:38 mpd: [pt9] IPCP: Down event May 22 21:07:38 mpd: [pt8] IFACE: Close event May 22 21:07:38 mpd: [pt8] IPCP: Down event May 22 21:07:38 mpd: [pt7] IFACE: Close event May 22 21:07:38 mpd: [pt7] IPCP: Down event May 22 21:07:38 mpd: [pt6] IFACE: Close event May 22 21:07:38 mpd: [pt6] IPCP: Down event May 22 21:07:38 mpd: [pt5] IFACE: Close event May 22 21:07:38 mpd: [pt5] IPCP: Down event May 22 21:07:38 mpd: [pt4] IFACE: Close event May 22 21:07:38 mpd: [pt4] IPCP: Down event May 22 21:07:38 mpd: [pt3] IFACE: Close event May 22 21:07:38 mpd: [pt3] IPCP: Down event May 22 21:07:38 mpd: [pt2] IFACE: Close event May 22 21:07:38 mpd: [pt2] IPCP: Down event May 22 21:07:38 mpd: [pt1] IFACE: Close event May 22 21:07:38 mpd: [pt1] IPCP: Down event May 22 21:07:38 mpd: [pt0] IFACE: Close event May 22 21:07:38 mpd: [pt0] IPCP: Down event May 22 21:07:38 mpd: mpd: caught fatal signal term May 22 21:05:17 php: /sajax/index.sajax.php: New alert found: pfSense is restoring the configuration /conf/backup/config-1209343754.xml May 22 21:05:17 php: /sajax/index.sajax.php: pfSense is restoring the configuration /conf/backup/config-1209343754.xml May 22 21:05:14 php: /sajax/index.sajax.php: New alert found: No config.xml found, attempting last known config restore. May 22 21:05:14 php: /sajax/index.sajax.php: No config.xml found, attempting last known config restore. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] PPTP User Error 1.2 CF
Hi I got the following when adding a PPTP user: Fatal error: Cannot create references to/from string offsets nor overloaded objects in /etc/inc/xmlparse.inc on line 57 It then reloaded a backup of the XML, and it seems the user was added, yet to be confirmed. Is this any help to know? Kind regards David Hingston
Re: [pfSense Support] PFsense wan hangs up after 10min
When down, what happens if you successively issue following commands from
{ipaddress}/exec.php
ifconfig em0 down
ifconfig em0 up
where em0 is your WAN NIC assignment
Kind regards
David Hingston
- Original Message -
From: "Arvydas Brazenas" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, May 20, 2008 6:48 PM
Subject: Re: [pfSense Support] PFsense wan hangs up after 10min
Hi,
1) Static 77.xxx.xxx.74 /30
2) nothing logs
3) UP, everything is fine
4) Intel both (lan and wan)
Everything is working working... and boom suddenly internet is down, wan
interface is working. Cant ping from it anything. There are no errors...
(dns 192 internal. could it be of this? i guess not, but who knows maybe
somehow...)
Sincerely,
Arvydas
- Original Message -
From: "Chris Buechler" <[EMAIL PROTECTED]>
To:
Sent: Monday, May 19, 2008 9:10 PM
Subject: Re: [pfSense Support] PFsense wan hangs up after 10min
> Arvydas Brazenas wrote:
>> 1.2 stable.
>> isp bridge= (comtrend shdsl router working as bridge)
>> |lanport---router(now=smc router, future=pfsense)
>> isdnbridge |lanport
>> |lanport
>>
>
> Still not enough info to provide any useful suggestions.
>
> 1) What is your WAN config? Static, DHCP, PPPoE?
> 2) Anything in the system log at time of failure?
> 3) What does Status -> Interfaces show when it fails and is that different
> from what it shows before it fails?
> 4) Hardware details (type of NICs primarily of interest)
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PFsense wan hangs up after 10min
Yes, which version are you running? What is the "ISP Bridge" exactly? Kind regards David Hingston - Original Message - From: Arvydas Brazenas To: support@pfsense.com Sent: Monday, May 19, 2008 7:46 PM Subject: [pfSense Support] PFsense wan hangs up after 10min Hi, ISP bridge pfsense(router) switch.pc.pc.pc.. Nothing extraordinary i guess... After 10min of work i cant ping anything from wan interface. Has anyone had similiar problem? Sincerely, Arvydas
Re: [pfSense Support] setting time
Not sure if this is resolved, I was reminded today of the BIOS reports of the system status - especially the voltages, a failing power supply might also cause this problem, check the voltages from the boot BIOS. Do let us know the outcome. Kind regards David Hingston - Original Message - From: "Vivek Khera" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 13, 2008 2:47 AM Subject: Re: [pfSense Support] setting time You likely have faulty hardware. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: SOLVED [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Dear List and especially pfSense maintainers, Bill, Chris, Scott et al. I upgraded to 1.2 over a month ago. The above issue (and the earlier "pfSense hanging...") have not recurred since the upgrade. I was not aware of a particular fix that might have addressed this, however looking around it is clear zillions of code changes are noted, it seems very likely the issue was addressed. (since 1.2 RC2 clearly exhibited the problem) Another possibility is the ISP made a change that eliminated the issue. I feel the former is more likely an explanation. I suppose if I was keen I could put back in the old CF card with the previous 1.2 RC2 installation and I guess that might prove it either way. If that would help someone do let me know. I also note PPTP seems to connect much faster and reliably. It gives me great pleasure to express my gratitude to the people involved. Now that I have learned my away around it, (at a certain level that is!) I think pfSense is pretty cool. Kindest regards David Hingston
Re: [pfSense Support] setting time
Dean, have you checked the motherboard battery? (I think in theory this should only be relevant on powering off, but I wouldn't be sure in practice) Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] boot usb wothout bios support
The older FreeBSD installations had a floppy boot disc, whether this could be adapted I have wondered? Kind regards David Hingston - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Wednesday, May 07, 2008 1:45 PM Subject: Re: [pfSense Support] boot usb wothout bios support On Tue, May 6, 2008 at 9:26 PM, Tortise <[EMAIL PROTECTED]> wrote: > > It seems to me that a floppy could boot, load a USB driver and hand over to > the USB device on these old machines? Any reason not? (Floppy disk > required!) > I was thinking of that - I seem to recall some kind of boot loader that can load from a floppy or CD and then boot from a USB device. Don't remember any details whatsoever, and I might be dreaming that up but I'm pretty sure I've seen it at some point. Not helpful at all, but it's worth Googling for someone that's interested. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] boot usb wothout bios support
Re: If BIOS does not support booting from USB then no operating system can help because the BIOS is the first intelligence to the processor which directs the computer to devices. A Compact flash with IDE interface works very well. It seems to me that a floppy could boot, load a USB driver and hand over to the USB device on these old machines? Any reason not? (Floppy disk required!) Kind regards David Hingston
Re: [pfSense Support] [DEBUG] Lock recursion detected
As always thank you again Bill Now I think the penny has dropped and I now understand that message "Not installing nat reflection rules for a port range >500" The default Trixbox incoming audio port range is closer to 10001 to 2, I've cut mine down! One of the main reasons for using pfSense here is the NAT reflection works. To my knowledge there is, however, no need for NAT reflection to work on the incoming VOIP ports? Perhaps others know otherwise? Kind regards David Hingston - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Thursday, April 24, 2008 12:00 PM Subject: Re: [pfSense Support] [DEBUG] Lock recursion detected On Wed, Apr 23, 2008 at 6:31 PM, Tortise <[EMAIL PROTECTED]> wrote: > > > Hi > > I have been testing NAT with UDP and a port range of 10001 - 16383. This > is on 1.2 final, embedded on i386. You might want to disable NAT reflection (System->Advanced if my memory serves) if you need to redirect that large of a range. Of course, you'll need to have a properly architected split-DNS to achieve this :) > OK revert to original wide range the following is logged: > Apr 24 11:20:02 php: : Not installing nat reflection rules for a port range > > 500 > Apr 24 11:19:53 login: login on console as root > Apr 24 11:19:51 php: /ifstats.php: [DEBUG] Lock recursion detected. > > Seems the DEBUG message is a bug that you might wish to know about? Thanks, not sure, but we'll look into it. > Of course I can enter 13 NAT blocks of ~ 500 ports each to achieve the > required range of 6382 ports, is that intended by design in these days of > VOIP? Not sure - all VOIP I've done the connections are all outbound from my network to the phone system. I wouldn't have expected such a large range to be forwarded inbound. Maybe someone with more VOIP experience can comment. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] [DEBUG] Lock recursion detected
Hi I have been testing NAT with UDP and a port range of 10001 - 16383. This is on 1.2 final, embedded on i386. When loading the log reports: Not installing nat reflection rules for a port range > 500 When I change the range to 500 ( 10001 - 10500) the report (not surprisingly) disappears, but VOIP does not work properly either it seems. OK revert to original wide range the following is logged: Apr 24 11:20:02 php: : Not installing nat reflection rules for a port range > 500 Apr 24 11:19:53 login: login on console as root Apr 24 11:19:51 php: /ifstats.php: [DEBUG] Lock recursion detected. Seems the DEBUG message is a bug that you might wish to know about? Of course I can enter 13 NAT blocks of ~ 500 ports each to achieve the required range of 6382 ports, is that intended by design in these days of VOIP? Kind regards David Hingston
Re: [pfSense Support] check_reload_status.log
What is check_reload_status intended to do and achieve? Why does it get triggered? (Frequently as it does in one of my boxes) Kind regards David Hingston Florian, The larger question is why you haven't upgraded to 1.2-RELEASE since its been out for several months now? -Gary @pfsense.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPPoE gets disconnected on WAN port
Also what are you guys respective NIC's brand, model and chip? Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] PPPoE gets disconnected on WAN port
Olivier Have you tried successively issuing the commands ifconfig em0 down ifconfig em0 up from http://[LANIP]/exec.php where em0 is your WAN interface Give that a try and see what happens and do let us know please. Kind regards David Hingston - Original Message - From: "Olivier Mueller" <[EMAIL PROTECTED]> To: Sent: Thursday, April 17, 2008 1:46 AM Subject: Re: [pfSense Support] PPPoE gets disconnected on WAN port Hello... Since the situation has not improved, I'm re-posting this :-( If you have any idea what I could/should try, it would be very nice... At the moment I have about 3-4 disconnects per day, and according to the ISP everything is fine (line, etc.) thanks & regards, Olivier On Mon, 2008-04-07 at 11:46 +0200, Olivier Mueller wrote: > On Tue, 2008-04-01 at 09:14 +0200, Olivier Mueller wrote: > > On Tue, 2008-04-01 at 08:46 +0200, Olivier Mueller wrote: > > > pfSense Version: 1.2-Release. Still looking for a solution too... :) > > > Activated syslog to a remote pc to be able to debug this problem if > > > it occurs again today. > > > > Et voila, it just happened again: > > And about 2-3 times this weekend and 2 times this morning... > > Apr 7 09:20:28 gw mpd: [pppoe] PPPoE connection closed > Apr 7 09:20:28 gw mpd: [pppoe] device: DOWN event in state UP > Apr 7 09:20:28 gw mpd: [pppoe] device is now in state DOWN > Apr 7 09:20:28 gw mpd: [pppoe] link: DOWN event > Apr 7 09:20:28 gw mpd: [pppoe] LCP: Down event > Apr 7 09:20:28 gw mpd: [pppoe] LCP: state change Opened --> Starting > Apr 7 09:20:28 gw mpd: [pppoe] LCP: phase shift NETWORK --> DEAD > Apr 7 09:20:28 gw mpd: [pppoe] setting interface ng0 MTU to 1500 bytes > Apr 7 09:20:28 gw mpd: [pppoe] up: 0 links, total bandwidth 9600 bps > Apr 7 09:20:28 gw mpd: [pppoe] IPCP: Down event > Apr 7 09:20:28 gw mpd: [pppoe] IPCP: state change Opened --> Starting > Apr 7 09:20:28 gw mpd: [pppoe] IPCP: LayerDown > Apr 7 09:20:28 gw mpd: [pppoe] IFACE: Down event > > According to the Zyxel VDSL router, the dsl link was always up... Is > there any way to debug that a bit deeper? Without the pfsense box it > worked fine, without pppoE disconnects, so I guess it's pfsense-related. > > thanks & regards, > Olivier > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] kernel: arp: unknown hardware address format (0x0000)
Hi I am trying to track down the source of these relatively frequently logged events. I also note other formats: (0x4500) (0x6fe7) and (0xdd1f) Can I syslog the packets from pfSense, it seems I can only syslog logged messages? Is there a better way to proceed than bulk tcpdumping the interface traffic looking for this unpredictable data? Can anyone explain what this is or give me some direction to proceed please? Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] System Time
Hey I know the answer to this one! Go to Command menu under Diagnostics and type date, bingo! http://[pfsenseIP]/status.php also gives it! Kewl eh! Kind regards David Hingston - Original Message - From: "Paul M" <[EMAIL PROTECTED]> To: Sent: Thursday, April 10, 2008 9:33 PM Subject: Re: [pfSense Support] System Time Curtis LaMasters wrote: > status.php probably has it somewhere. If not you could issue a command > via the GUI in the diagnostic menu. it does. it would probably be useful to have the system time on the index.php system summary page? how would you browse to status.php, there doesn't seem to be a link to it on from the menus? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Cable with Load Balancing Failover to ADSL
Hi
I am looking at implementing the subject. As some list members may know I
have to ping the ISP to catch occasional loss of connectivity between the
NIC and the Modem, and issue successive ifconfig down; ifconfig up commands.
This is working well, however the cable connection also goes down for ISP
networks issues, being "out of balance", upgraded etc etc. I'd like to fix
this too!
If I have ADSL failover it seems to me this cable-NIC rescue as I have
configured it will no longer work, as the ping will presumably continue to
work through the ADSL modem and not trigger the fix.
As I read the failover it depends on pinging the appropriate external
reference ("Monitor IP") for each WAN interface to trigger the failover. Is
there some way of adding my fix into this code? (Where is it!) Any other
comments / suggestions?
Kind regards
David
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Custom startup scripts
Can this be done via the xml to be truly portable? Kind regards David - Original Message - From: "Joe Laffey" <[EMAIL PROTECTED]> To: Sent: Thursday, October 25, 2007 7:35 AM Subject: Re: [pfSense Support] Custom startup scripts On Wed, 24 Oct 2007, Scott Ullrich wrote: > On 10/24/07, Joe Laffey <[EMAIL PROTECTED]> wrote: >> Where is a safe place to put custom startup script that can be run at boot >> time, and will not be wiped by future updates to pfsense? > > Create a script in /usr/local/etc/rc.d/ > > Example: > > /usr/local/etc/rc.d/startup.sh > > Be sure the script is a+x and that it ends in .sh to run. I shall give it a shot. Thanks! -- Joe Laffey| Visual Effects for Film and Video LAFFEY Computer Imaging | - St. Louis, MO | Show Reel http://LAFFEY.tv/?e07514 USA | - . |-*- Digital Fusion Plugins -*- -- Mail here will be rejected --> "Real Trap" <[EMAIL PROTECTED]> - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN
Thanks Bill and Espen How can I find out what changes were made to fix this please? (I am interested to know particularly at what level the fault existed, e.g. down in FreeBSD, Code common to monowall and pfSense, or just pfSense.) Kind regards David - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Saturday, October 13, 2007 2:10 AM Subject: Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN On 10/12/07, Tortise <[EMAIL PROTECTED]> wrote: > I am sorry for the usual question, where does one get 1.2RC-3 please?! > Kind regards David It's not yet released, but can be found on the snapshot server in the location Espen pointed you at. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN
I am sorry for the usual question, where does one get 1.2RC-3 please?! Kind regards David - Original Message - From: "Jan Hoevers" <[EMAIL PROTECTED]> To: Sent: Friday, October 12, 2007 1:50 PM Subject: Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN Chris Buechler wrote on 26-9-2007 2:02: > Definitely sounds like a bug. I opened a ticket. If you can, please hang > on with 1.2rc2 for the time being. None of the developers have a PPTP > WAN, so we'll need somebody to test the change with that specific setup. hi Chris, Perfect, the issue is fixed! As you requested off list I've installed the embedded platform image labelled "1.2-RC3 built on Thu Oct 11 17:09:49 EDT 2007" and created some ethernet hotplug events as a test. Of course I still find them in the logs (check_reload_status: rc.linkup starting, etc.) but mpd doesn't get killed anymore and the PPTP-WAN link remains up. I'm quite happy with this result, and with your fast reaction. thanks a lot, Jan Hoevers - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Asterisk and PfSense
Ugo Which ports are you NATting? Which ports are setup for RTP in asterisk? Kind regards David - Original Message - From: "Ugo Bellavance" <[EMAIL PROTECTED]> To: Sent: Wednesday, October 10, 2007 6:28 PM Subject: [pfSense Support] Asterisk and PfSense Hi, I have an asterisk server that is working mostly with SIP clients behind NAT. I'd like to put this asterisk server behind the PfSense to benefit from QoS and added security, packages, etc. However, I just tested and I can't make it work with more than 2 clients at the time (using 1-to-1 NAT). I've tried disabling static port. I've also tried to also disable scrubbing. I've tried setting the firewall setting to 'conservative'. The problem I'm getting is that once a second SIP client registers, it kind of kicks out the first one and so on. I've tried it without NAT, but I didn't really know how to do it, so I just gave the linux (asterisk) server the public IP address I wanted and made appropriate firewall rules. I couldn't connect using ssh, so I stopped fiddling around and wrote this message. What is recommended in my situation? Regards, Ugo Bellavance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Volker re Who else would find a cron script useful which checks the connection regularly and takes remedial action (e.g. ifconfig down/up) when necessary? See my earlier post where I have detailed one and Chris has pointed out to preserve the cron settings in the xml. Perhaps you can suggest how to automatically pull through the WAN interface name, programmatically, to fully automate it for all? I agree it does seem a bit of a conundrum, the kernel may be to blame, however the fault also exists in monowall's FreeBSD. Kind regards David Hingston. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Saving Cron Tab /etc/crontab onto CF cards to maintain changes following rebooting
I have done, thanks Chris. It will be interesting to see what Marco's problem is. I also wondered if the thread [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN was related to the same problem I was having. Of course it continues, but the fault is now rapidly self fixed with the cron tab / ping file I wrote. Btw is there a variable for the LAN and WAN interfaces? ?#WAN Kind regards David Hingston - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Thursday, October 04, 2007 4:46 AM Subject: Re: [pfSense Support] Saving Cron Tab /etc/crontab onto CF cards to maintain changes following rebooting Tortise wrote: > Hi > > I have found that rebooting seems to restore the crontab file back to > the default value. > > How can we commit changes of /etc/crontab to CF? Put the entries into config.xml. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Loosing connectivity
Sorry, you did state the modem! Kind regards David Hingston - Original Message - From: Marco Bianchi To: support@pfsense.com Sent: Tuesday, October 02, 2007 7:42 AM Subject: [pfSense Support] Loosing connectivity Hi, I've just installed pfSense 1.02RC2 to run the network in my house. It is in testing now... pfSense runs on an HP P4 2.0ghz with 256MB or RAM using an Adaptec 4 10/100 NIC card. Internet connection is done through a DLINK DSL302 ADSL2 Etherne Modem connected via a crossover cable to the RED Interface.
Re: [pfSense Support] Loosing connectivity
Interesting Marco Look into the thread I started [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Let us know if that solves it. BTW what is your ADSL modem model and brand, for the record? Kind regards David Hingston - Original Message - From: Marco Bianchi To: support@pfsense.com Sent: Tuesday, October 02, 2007 7:42 AM Subject: [pfSense Support] Loosing connectivity Hi, I've just installed pfSense 1.02RC2 to run the network in my house. It is in testing now... pfSense runs on an HP P4 2.0ghz with 256MB or RAM using an Adaptec 4 10/100 NIC card. Internet connection is done through a DLINK DSL302 ADSL2 Etherne Modem connected via a crossover cable to the RED Interface. As now, just two interfaces are active, the GREEN and the RED. Everything is running fine, the modem stays connected but, every now and then, I cannot connect the internet from the GREEN interface. The modem is OK, the ADSL COnnection is OK. The only thing the solve the problem is to restart the pfSense "server" pfSense configuration is standard, no packages loaded, and no changes from the default wizard. Any idea on where I've to look to understand where the problem is? Or, better, do you know why this is happening? The Carrier is TelecomItalia with the Alice ADSL 4Mb offer. Thanks for who will provide support. MB
[pfSense Support] Saving Cron Tab /etc/crontab onto CF cards to maintain changes following rebooting
Hi I have found that rebooting seems to restore the crontab file back to the default value. How can we commit changes of /etc/crontab to CF? Kind regards David Hingston
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Sean
I guess you saw we've gone down that road, the cards I am currently using are
in the subject line and would seem to be of the type you advocate, however
perhaps you were inquiring the NIC types used by Lance? Are you also behind a
Motorola SB 51xx cable modem?
The fix I posted has now proven to perform the necessary rescue several times.
It is such a refreshing change to be off site running a terminal session, to be
cut out, and to know it will come back within a minute! (Assuming the issue is
the one that is the subject of this thread!) Its not perfect but it is a
significant advance!
If I knew how to reference and extract the WAN driver type (e.g. em0) I could
have the script fully cross machine, so it might then be considered for the
image. So I don't have to add it in manually with every upgrade! Even if it is
there so that the appropriate CRON line would only remain to be added or
commented in.
Kind regards
David Hingston
- Original Message -
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Tuesday, September 04, 2007 8:11 AM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1,
Intel Pro/1000GT NICs with 370M RAM
considering smoothwall is based on linux whereas pfSense is based on FreeBSD,
I lean towards it being a driver issue with your setup. using cheapo cards like
the linksys or Netgear ones can cause this. try and get a higher level card
like a 3com 3c905c or intel card. I personally run the gigabit Netgear card
with hardware offloading internally and a 3com WAN side and it runs with zero
issue.
-Sean
- Original Message -
From: Lance Peterson
To: support@pfsense.com
Sent: Monday, September 03, 2007 2:28 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I'm a home user with a cable modem connected to a small firewall computer
built up with one Linksys 10/100 card, one Netgear 10/100 card, and PFSense
installed. I started experiencing connection problems with computers attached
to this small network within 24 hours. I reloaded, reconfigured, started and
stopped services, etc. and nothing permanently fixed my connection issues.
Then I formatted and installed Smoothwall Express using all the same hardware
-- problem solved -- no more lost connections. Definately seems like a
PFSense problem, in my opinion.
Sorry if this is a little off topic or already discussed, I just scanned
though these replies and wanted to post my experience with lost connections.
On 9/3/07, Bill Marquette <[EMAIL PROTECTED]> wrote:
On 9/2/07, Tortise <[EMAIL PROTECTED]> wrote:
> Thanks Bill
>
> They are static IP's, so I assume (you may know better?) DHCP lease
times are (or should be?) irrelevant.
>
> Not sure if this what you mean but this might answer?
No worries, if it's static assigned and not a dhcp static assignment
then you won't have the files I was looking for. Honestly not sure
what else to look at here. This doesn't appear to be due to traffic
inactivity. I'm not sure how any other system would work any better
:-/
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Thanks Bill
They are static IP's, so I assume (you may know better?) DHCP lease times are
(or should be?) irrelevant.
Not sure if this what you mean but this might answer?
$ ls /var/db/
entropy
ipsecpinghosts
pingmsstatus
pingstatus
pkg
rrd
Kind regards
David Hingston
- Original Message -
From: "Bill Marquette" <[EMAIL PROTECTED]>
To:
Sent: Monday, September 03, 2007 3:58 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1,
Intel Pro/1000GT NICs with 370M RAM
On 9/2/07, tester <[EMAIL PROTECTED]> wrote:
> Few ISPs (especially home users offers) reset their
> connection every 24h. I don't live in New Zealand, so
> I don't know Telstraclear Network, but are you really
> sure is it an equipment issue or a line problem (e.g.
> interferences, etc...)?
> If you can, try another cable modem.
I think you missed the first half dozen messages in this thread. The
cable modem has been replaced (and others on Telstraclear have had the
same issue apparently). Most likely it's some wierd dhcp lease
expiration or MAC expiration. Although, unlikely to be MAC expiration
if the icmp polling isn't keeping the mac tables fresh.
This is DHCP right? Check out /var/db/dhclient.leases.*
lease {
interface "sis0";
fixed-address 24.1.x.x;
option subnet-mask 255.255.254.0;
option routers 24.1.66.1;
option domain-name-servers 68.87.72.130,68.87.77.130;
option host-name "topell";
option domain-name "hsd1.il.comcast.net.";
option broadcast-address 255.255.255.255;
option dhcp-lease-time 345600;
option dhcp-message-type 5;
option dhcp-server-identifier 68.87.72.44;
renew 2 2007/9/4 06:43:38;
rebind 3 2007/9/5 18:43:38;
expire 4 2007/9/6 06:43:38;
}
It'd be interesting to see what the lease times are.
--Bill
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I was not surprised that the Motorola 5100 cable modem on the Telstraclear Network in New Zealand also lost connectivity within the first 24 hours of operation. For pfSense the 5100 seems no more compatible than the 5101. Given there seem to be no reports of people having problems on other networks with these modems, what is it about the Telstraclear cable network? Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
I think we may have got this fixed, (all be it as a Kludge?) Essentially the fix is to ping the static IP's first hop, if this is down then flick the WAN NIC state down and up, this restores the lost connection where the motorola 5101 has stopped sending packets (presumably for some incompatibility reason) The motorola 5101 has today been replaced with a 5100, the ISP tell me most commercial lines are running the 5100 as they say it is more router compatible than the newer 5101. I'll advise if the 5100 exhibits the same behaviour(!) however if it does the following should address it within a minute. If you are copying it be sure to copy it exactly as spaces in the wrong place stuff it upetc!! For both the lists and my record it is done by: => in /etc/crontab add */1 * * * * root /usr/bin/pinger.sh => from edit.php create / write into new file /usr/bin/pinger.sh #!/bin/sh ping -c1 Insert_1st_Gateway_Hop_Here_commonly_Static_IP_a.b.c.1 if [ $? -eq 2 ]; then ifconfig em0 down ifconfig em0 up echo 'Gateway Down' else echo 'Gateway Up' fi => from exec.php run chmod u+x /usr/bin/pinger.sh => from exec.php run ls -l /usr/bin/pinger.sh and check there is an x in the file permissions (for executable) It will have run when you see a log series of commands starting with Sep 1 11:32:13 kernel: em0: link state changed to UP Sep 1 11:32:11 kernel: em0: link state changed to DOWN The only problem I see with this approach is that whenever the Internet is down for whatever reason the WAN interface is going to be disconnected and reconnected every minute, as well as filling the logs with this info, but that seems only of concern from the perspective of filling the log with rubbish. I might tinker with it to send me an email to advise me when the code has also run . Whilst we could have changed to a different router (non freebsd) I really like the pfsense and its monowall heritage, and wanted to give back something by solving this problem in some sort of gratitude and small contribution, I hope this helps someone and goes in some small way to contribute to what is a great piece of software - and the leaders and community behind it. Thanks to Vivek, Sean, Bill, Raj, Paul and others also! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Dear List
Until we find a permanent solution it seems I may be able to do a temporary fix.
Firstly I note that during a download I can run
ifconfig em0 down; ifconfig em0 up
without apparently interrupting the download! This fixes the problem - until
it occurs again. Looking around (using Google and
Diagnostics: Edit File ) it seems I may be able to edit this file /etc/crontab
thus:
{start}
SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
#minute hourmdaymonth wdaywho command
#
#
# pfSense specific crontab entries
# Created: August 26, 2007, 7:50 am
#
0 * * * * root /usr/bin/nice -n20 newsyslog
1,31 0-5 * * * root /usr/bin/nice -n20 adjkerntz -a
1 * 1 * * root /usr/bin/nice -n20 /etc/rc.update_bogons.sh
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600
sshlockout
1 1 * * * root /usr/bin/nice -n20 /etc/rc.dyndns.update
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600
virusprot
*/60 * * * * root /usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
*/5 * * * * root /usr/local/bin/checkreload.sh
*/5 * * * * root /etc/ping_hosts.sh
*/300 * * * * root /usr/local/sbin/reset_slbd.sh
#DH Addition Start
# Hopefully his will run every minunte
#ping returns 1 when successful
#run ping to the first hop gateway (a.b.c.1) , if it fails run the fix...
*/1 * * * * root if (ping -c1 a.b.c.1 != 1) then ifconfig em0 down; ifconfig
em0 up endif
#DH Addition End
#
# If possible do not add items to this file manually.
# If you do so, this file must be terminated with a blank line (e.g. new line)
#
{end}
Is this correct syntax? Can I just paste it into the window and save it?
Anything else needed?
The immediate goal here is to be able to continue remote terminal sessions and
keep the site up! (Or be able to log back in within
a minute, instead of having to wait maybe hours until someone is on site to fix
it...)
Any guidance would be greatly appreciated.
Kind regards
David Hingston
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
Thank you Paul We are awaiting the ISP replacing the cable modem. I think your suggestion is interesting but probably not the explanation in our case. A number of people have tried multiple NIC's on different hardware (myself included) and still experienced the same problem. If the replaced modem does not fix the problem I will however try anything! Kind regards David Hingston - Original Message - From: "Paul M" <[EMAIL PROTECTED]> To: Sent: Tuesday, August 28, 2007 10:28 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM Tortise wrote: >>> Buy hardware that's not faulty. pfsense is *way* more robust than what it >>> seems to be for you. what network interfaces do you >>> have? if other than broadcom or Intel, switch to Intel. > > In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have > lasted almost 48 hours before the internal disconnection > between the LAN and WAN recurred yet again. The state table is reported > as having showed 56 entries on index.php. Fixed by > rebooting. Nothing else. (Cheaper cards have lasted longer!) we had a lot of problems with linux drivers and the intel giga nics onboard our tyans; we turned off power management in the intel's eeprom. maybe the same problem affects freebsd? the script to fix it is here: http://e1000.sourceforge.net/wiki/index.php/Issues#82573.28V.2FL.2FE.29_TX_Unit_Hang_messages to use this fix on our pfsense box, I booted a linux rescue disk (suse 10.2 cd 1 as it happened) and downloaded and ran the script mentioned here: this might or might not help... good luck! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Vivek Interesting. That restores the connection. (I initially did it on the LAN, but reconnected the LAN and did the same with the WAN, as soon as "ifconfig XXX up" was run it was up again.) What does that tell us? For the record I am now running RC2 on two sites, the other remains stable (as it has been for years...) curiously it is on a different ISP and ~50M wireless tunnel. Kind regards David Hingston - Original Message - From: Vivek Khera To: support@pfsense.com Sent: Saturday, August 25, 2007 7:22 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M On Aug 23, 2007, at 3:15 PM, Tortise wrote: Why would rebooting pfsense fix that? Perhaps cause the modem to re-negotiate its connection? Cause the ISP end to wake up? what if you just force pfsense to bring down and back up your WAN port? ifconfig XXX down; ifconfig XXX up where XXX is your wan ethernet device name, such as em1 or fxp1.
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Dear List Initial analysis of Non ARP traffic shows packets presumably going both ways from and to my static IP. Suddenly the "to my static IP" packets just stop. The From packets continue, suggesting to me pfsense remains functional and a block is occurring at the modem, as if it has lost the plot. Why would rebooting pfsense fix that? Perhaps cause the modem to re-negotiate its connection? Cause the ISP end to wake up? Why would rebooting the modem on its own not fix it? Does this help at all? Kind regards David Hingston - Original Message - From: Tortise To: support@pfsense.com Sent: Wednesday, August 22, 2007 11:34 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Thanks Vivek This hub was placed between the cable modem and the WAN for data capture purposes only, prior was just a direct patch cable connection, no apparent need for a switch/hub intermediary as the Motorola seems to accept direct and crossover cables, at least I have not tried a cross over cableseemed no need, as (I assumed) either it will work completely or not at all...at that level...but any assumption is dangerous I guess... I also expected a direct link took away one potential source of problems. Since my last post it has now misbehaved, with the hub in place, I have caught it all into a 1G (!) file, however I need to figure out how to split it up to inspect now At least it won't all load up into wireshark, even with 4G of RAM It crashes when the RAM is consumed - at about halfway through the file! When I have some more time I'll see if it will load up without the ARP data. I am hoping the times coincide well enough, I know the stop and reboot times Interestingly it commonly occurs when a remote terminal session is running, but not always. Kind regards David Hingston - Original Message - From: Vivek Khera To: support@pfsense.com Sent: Wednesday, August 22, 2007 10:30 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M On Aug 21, 2007, at 7:31 AM, Tortise wrote: I am running wireshark - however the connection has yet to misbehave whilst doing so. (Now I know why I kept those old 100M hubs!) Well, perhaps your switch and your NIC don't agree with each other? I've had that problem before...
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Thanks Vivek This hub was placed between the cable modem and the WAN for data capture purposes only, prior was just a direct patch cable connection, no apparent need for a switch/hub intermediary as the Motorola seems to accept direct and crossover cables, at least I have not tried a cross over cableseemed no need, as (I assumed) either it will work completely or not at all...at that level...but any assumption is dangerous I guess... I also expected a direct link took away one potential source of problems. Since my last post it has now misbehaved, with the hub in place, I have caught it all into a 1G (!) file, however I need to figure out how to split it up to inspect now At least it won't all load up into wireshark, even with 4G of RAM It crashes when the RAM is consumed - at about halfway through the file! When I have some more time I'll see if it will load up without the ARP data. I am hoping the times coincide well enough, I know the stop and reboot times Interestingly it commonly occurs when a remote terminal session is running, but not always. Kind regards David Hingston - Original Message - From: Vivek Khera To: support@pfsense.com Sent: Wednesday, August 22, 2007 10:30 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M On Aug 21, 2007, at 7:31 AM, Tortise wrote: I am running wireshark - however the connection has yet to misbehave whilst doing so. (Now I know why I kept those old 100M hubs!) Well, perhaps your switch and your NIC don't agree with each other? I've had that problem before...
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
e.com
Sent: Friday, August 17, 2007 11:07 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
-Sean
- Original Message -
From: Tortise
To: support@pfsense.com
Sent: Friday, August 17, 2007 4:07 AM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean et al
Problem has recurred, I have done the following ping tests during the
problem condition:
I can ping from both LAN and WAN the WAN Static IP (a.b.c.123)
I can ping from both LAN and WAN the webserver on the Cable modem
(192.168.100.1)
I can not ping from both LAN and WAN the server on the first hop to the
gateway (a.b.c.1)
Following reboot all the above pings work and traceroute confirms
a.b.c.1 is the first hop.
When I have rung the ISP during this condition they say there is no
problem with the cable modem as they can "see it". They back this up by
insisting that I can connect a PC direct to the Cable modem and browse the web,
which has always been the case. Repowering the cable modem does not fix the
problem. Rebooting pfSense does.
This doesn't make much sense to me, why can I ping the cable modem,
which is notionally the first (all be it bridged) hop yet can't ping the ISP
gateway? It suggests pfsense is OK from WAN to the cable modem, however the
fix is to reboot pfsense and not the modem!
Could the problem be something to do with the ISP's gateway losing the
connection, that is re-established by rebooting pfsense?
Kind regards
David Hingston
- Original Message -
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Thursday, August 16, 2007 11:32 PM
Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
is it an actual disconnect between the LAN and WAN interface or is it
that the WAN interface becomes unresponsive? if its an internal disconnect you
should still be able to ping an outside source from the firewall even if
systems on the LAN cant. if its the WAN interface itself, nothing would
respond.
are you sure you are running the correct MTU settings on the
interface? I can def see why you would want to run TCPDump on the box now.
--
> Date: Thu, 16 Aug 2007 19:32:25 +1200
> From: [EMAIL PROTECTED]
> To: support@pfsense.com
> Subject: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
>
> >>Buy hardware that's not faulty. pfsense is *way* more robust than
what it seems to be for you. what network interfaces do you
> >>have? if other than broadcom or Intel, switch to Intel.
>
> In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They
have lasted almost 48 hours before the internal disconnection
> between the LAN and WAN recurred yet again. The state table is
reported as having showed 56 entries on index.php. Fixed by
> rebooting. Nothing else. (Cheaper cards have lasted longer!)
>
> Surely we can now conclusively say this is not a NIC or hardware
issue? This happens for me on completely different machines with
> >= 256M RAM.
>
> I have most recently been running 1.2-RC1, pretty much since it was
released. it teased me by running fine for 2 weeks, before
> reproducing the same problems.
>
> One of my colleagues has now abandoned pfSense, as it has proven to
be unreliable for him.
>
> I do not want to, however the current reliability is also
unsustainable for me.
>
> Is there any way I can assist to fix this problem?
>
> Kind regards
> David Hingston
>
>
>
>
> - Original Message -
> From: "Tortise" <[EMAIL PROTECTED]>
> To:
> Sent: Saturday, July 21, 2007 10:23 AM
> Subject: Re: [pfSense Support] Programming pfSense to Reboot and
Dump LAN / WAN traffic
>
>
> Thank you Vivek
>
> >> connect both systems to a hub and run tcpdump on the other
machine logging all traffic some place.
>
> Yes they are already on a LAN with a switch. I didn't realise
TCPDump could be run from another machine other than the one bei
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Thanks Sean,
Having googled a bit I am running up Kubuntu on an old box with wireshark. I
assume it will run without an IP assignment from the hub, using the NIC's
"promiscous mode"? (Probably no DHCP running and can't use my static IP!)
I appreciate the your directional overview, I will let you know what transpires
in due course.
Kind regards
David Hingston
- Original Message -
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Saturday, August 18, 2007 1:35 AM
Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1,
Intel Pro/1000GT NICs with 370M
I actually turned the "block private networks" off on mine because my ISP
passes a 192.168.x.x address when i initially apply for a DHCP, but if you get
a static IP, then its a non-issue. realistically, to truly find the absolute
reason, you would have to tcpdump on the modem and pfsense at the same time to
see what its doing/not doing, and I don't see that happening.
only other thing I can think of is run a hub between the modem and pfsense
and throw another computer with a packet capture/wireshark on it to see if
there are any reasons in the packets ("route not found","incorrect MTU", "Need
fragmentation set", etc.) why its not getting past the modem.
-Sean
Date: Fri, 17 Aug 2007 23:38:58 +1200
From: [EMAIL PROTECTED]
To: support@pfsense.com
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean
>> im really thinking it’s a modem problem or something with the IP that is
assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config
page even if internet access is unavailable kind of confirms it.
It does tend to suggest that maybe pfsense is not the problem, butwhy
the need to reboot pfsense? It is almost like a keep alive situation has
failed... Incidentally VOIP and a webserver, amongst other things, run behind
pfsense, it is getting ample traffic to keep alive!
>>conecting another computer to the modem, I'm taking it, would get a DHCP
address that is different from pfsense.
No, it is a static address situation, the windows PC's NIC is configured
with the same static IP, DNS and gateway to connect up, and it does...
>>playing devils advocate. I know that you have reinstalled pfsense freshly
on the box to try and resolve that. did you rebuild the config from scratch or
just import it back in.
Yes have run up multiple versions, using both CD and also embedded version
on CF media. Makes it easy to swap scenarios! I am currently running the
latest 1.2 RC-1. Ran up a completely new XML from pfSense (for 1.2 RC1) and
even did a compare with the previous XML using Winmerge. There were many
differences, but none of them seemed like they might be significant, XML is XML
when its compliantbut...anyway it didn't seem to make any difference. Same
problems occurred in the last stable version and 1.00 as well I recall.
>>also is your internet IP static or DHCP.
As above, static!
>>and do you have the "Block private networks" option turned on for the WAN
interface on your box
Yes, is a default setting I think, not been played with. Bogons is
unchecked, I suppose this might be better checked?
I talked with the ISP tonight. They couldn't confirm what the MTU should
be, (I was not surprised) so I have to assume default. The party line is we
support Windows Hook ups and that's about all. I have opened a (nother) ticket
and requested a call from their network engineer, apparently a "senior
technician" is going to call me.
Many thanks for continuing to work with me on this conundrum!
Kind regards
David Hingston
- Original Message -
From: Sean Cavanaugh
To: support@pfsense.com
Sent: Friday, August 17, 2007 11:07 PM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
-Sean
- Original Message -
From: Tortise
To: support@pfsense.com
Sent: Friday, August 17, 2007 4:07 AM
Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in
1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean et al
Problem has recurred, I have done the following ping tests during the
problem condition:
I can ping from both LAN and WAN the WAN Static IP (a.b.c.123)
I can ping from both LAN and WAN the webserver on the Cable modem
(192.168.100.1)
I can not ping from both LAN and WAN the server on the first hop to the
gateway (a.b.c.1)
Following reboot all the above pings work and traceroute confi
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean >> im really thinking it's a modem problem or something with the IP that is >> assigned for pfsense WAN. the fact that you can ALWAYS hit the modems config >> page even if internet access is unavailable kind of confirms it. It does tend to suggest that maybe pfsense is not the problem, butwhy the need to reboot pfsense? It is almost like a keep alive situation has failed... Incidentally VOIP and a webserver, amongst other things, run behind pfsense, it is getting ample traffic to keep alive! >>conecting another computer to the modem, I'm taking it, would get a DHCP >>address that is different from pfsense. No, it is a static address situation, the windows PC's NIC is configured with the same static IP, DNS and gateway to connect up, and it does... >>playing devils advocate. I know that you have reinstalled pfsense freshly on >>the box to try and resolve that. did you rebuild the config from scratch or >>just import it back in. Yes have run up multiple versions, using both CD and also embedded version on CF media. Makes it easy to swap scenarios! I am currently running the latest 1.2 RC-1. Ran up a completely new XML from pfSense (for 1.2 RC1) and even did a compare with the previous XML using Winmerge. There were many differences, but none of them seemed like they might be significant, XML is XML when its compliantbut...anyway it didn't seem to make any difference. Same problems occurred in the last stable version and 1.00 as well I recall. >>also is your internet IP static or DHCP. As above, static! >>and do you have the "Block private networks" option turned on for the WAN >>interface on your box Yes, is a default setting I think, not been played with. Bogons is unchecked, I suppose this might be better checked? I talked with the ISP tonight. They couldn't confirm what the MTU should be, (I was not surprised) so I have to assume default. The party line is we support Windows Hook ups and that's about all. I have opened a (nother) ticket and requested a call from their network engineer, apparently a "senior technician" is going to call me. Many thanks for continuing to work with me on this conundrum! Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Friday, August 17, 2007 11:07 PM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M -Sean - Original Message - From: Tortise To: support@pfsense.com Sent: Friday, August 17, 2007 4:07 AM Subject: Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M Hi Sean et al Problem has recurred, I have done the following ping tests during the problem condition: I can ping from both LAN and WAN the WAN Static IP (a.b.c.123) I can ping from both LAN and WAN the webserver on the Cable modem (192.168.100.1) I can not ping from both LAN and WAN the server on the first hop to the gateway (a.b.c.1) Following reboot all the above pings work and traceroute confirms a.b.c.1 is the first hop. When I have rung the ISP during this condition they say there is no problem with the cable modem as they can "see it". They back this up by insisting that I can connect a PC direct to the Cable modem and browse the web, which has always been the case. Repowering the cable modem does not fix the problem. Rebooting pfSense does. This doesn't make much sense to me, why can I ping the cable modem, which is notionally the first (all be it bridged) hop yet can't ping the ISP gateway? It suggests pfsense is OK from WAN to the cable modem, however the fix is to reboot pfsense and not the modem! Could the problem be something to do with the ISP's gateway losing the connection, that is re-established by rebooting pfsense? Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. -- > Date: Thu, 16 Aug 2007 19:32:25 +1200 > From: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
Hi Sean et al Problem has recurred, I have done the following ping tests during the problem condition: I can ping from both LAN and WAN the WAN Static IP (a.b.c.123) I can ping from both LAN and WAN the webserver on the Cable modem (192.168.100.1) I can not ping from both LAN and WAN the server on the first hop to the gateway (a.b.c.1) Following reboot all the above pings work and traceroute confirms a.b.c.1 is the first hop. When I have rung the ISP during this condition they say there is no problem with the cable modem as they can "see it". They back this up by insisting that I can connect a PC direct to the Cable modem and browse the web, which has always been the case. Repowering the cable modem does not fix the problem. Rebooting pfSense does. This doesn't make much sense to me, why can I ping the cable modem, which is notionally the first (all be it bridged) hop yet can't ping the ISP gateway? It suggests pfsense is OK from WAN to the cable modem, however the fix is to reboot pfsense and not the modem! Could the problem be something to do with the ISP's gateway losing the connection, that is re-established by rebooting pfsense? Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. -- > Date: Thu, 16 Aug 2007 19:32:25 +1200 > From: [EMAIL PROTECTED] > To: support@pfsense.com > Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM > > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you > >>have? if other than broadcom or Intel, switch to Intel. > > In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection > between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by > rebooting. Nothing else. (Cheaper cards have lasted longer!) > > Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with > >= 256M RAM. > > I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before > reproducing the same problems. > > One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. > > I do not want to, however the current reliability is also unsustainable for me. > > Is there any way I can assist to fix this problem? > > Kind regards > David Hingston > > > > > - Original Message - > From: "Tortise" <[EMAIL PROTECTED]> > To: > Sent: Saturday, July 21, 2007 10:23 AM > Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic > > > Thank you Vivek > > >> connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. > > Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being > dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for > this well and can just roll it off?) > > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you > >>have? if other than broadcom or intel, switch to intel. > > We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for > many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using > completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different > ISP and that box just goes, in line with what we believe we should be e
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
nue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM > > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you > >>have? if other than broadcom or Intel, switch to Intel. > > In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection > between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by > rebooting. Nothing else. (Cheaper cards have lasted longer!) > > Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with > >= 256M RAM. > > I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before > reproducing the same problems. > > One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. > > I do not want to, however the current reliability is also unsustainable for me. > > Is there any way I can assist to fix this problem? > > Kind regards > David Hingston > > > > > - Original Message - > From: "Tortise" <[EMAIL PROTECTED]> > To: > Sent: Saturday, July 21, 2007 10:23 AM > Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic > > > Thank you Vivek > > >> connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. > > Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being > dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for > this well and can just roll it off?) > > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you > >>have? if other than broadcom or intel, switch to intel. > > We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for > many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using > completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different > ISP and that box just goes, in line with what we believe we should be expecting. Swapping the boxes also suggests it is not a > hardware problem as they all work at the alternative ISP / venue. > > I find running Monowall also has the same experience here, - the same Monowall box is stable for months off site. I have been > tempted to post to the monowall list also, cross posts are considered bad etiquette and I presume the monowall folks are also on > both lists, I have refrained. (Is this correct?) > > It suggests to me there is something about our ISP which is a problem, perhaps their hardware or perhaps something about their > traffic. Clearly this should not be the case, but the onus falls on us (rightly or wrongly) to prove this. > > It also suggests to me there is a vulnerability in FreeBSD as the problem occurs in both Monowall and pfSense with this cable ISP. > > I'd prefer my firewall not need random rebooting. We'd all like to help within our power and ability to move this forwards as > FreeBSD and its children (pfSense and Monowall) are largely fantastic! > > Kind regards > David Hingston > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > -- Recharge--play some free games. Win cool prizes too! Play It! -- Find a local pizza place, movie theater, and more….then map the best route! Find it!
Re: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M
is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. >From memory I can ping the cable modem from the LAN and still view its page, >but that is as far as it will go. I'll check these again next time it happens >sometime in the next two weeks! Pretty sure I can no longer ping the WAN's >static IP from the Net (Having created an allow ping rule) and the pfSense >ping page does not get responses from anything on the net beyond the cable >modem.Is that internal? are you sure you are running the correct MTU settings on the interface? Using default setting here. Not aware they are not standard, but will check with the ISP. I suspect the ISP is doing something funny, but even if so pfSense should remain immune to it? I can def see why you would want to run TCPDump on the box now. Thanks Sean! Kind regards David Hingston - Original Message - From: Sean Cavanaugh To: support@pfsense.com Sent: Thursday, August 16, 2007 11:32 PM Subject: RE: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M is it an actual disconnect between the LAN and WAN interface or is it that the WAN interface becomes unresponsive? if its an internal disconnect you should still be able to ping an outside source from the firewall even if systems on the LAN cant. if its the WAN interface itself, nothing would respond. are you sure you are running the correct MTU settings on the interface? I can def see why you would want to run TCPDump on the box now. -- > Date: Thu, 16 Aug 2007 19:32:25 +1200 > From: [EMAIL PROTECTED] > To: support@pfsense.com > Subject: [pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM > > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you > >>have? if other than broadcom or Intel, switch to Intel. > > In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection > between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by > rebooting. Nothing else. (Cheaper cards have lasted longer!) > > Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with > >= 256M RAM. > > I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before > reproducing the same problems. > > One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. > > I do not want to, however the current reliability is also unsustainable for me. > > Is there any way I can assist to fix this problem? > > Kind regards > David Hingston > > > > > - Original Message - > From: "Tortise" <[EMAIL PROTECTED]> > To: > Sent: Saturday, July 21, 2007 10:23 AM > Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic > > > Thank you Vivek > > >> connect both systems to a hub and run tcpdump on the other machine logging all traffic some place. > > Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being > dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for > this well and can just roll it off?) > > >>Buy hardware that's not faulty. pfsense is *way* more robust than what it seems to be for you. what network interfaces do you > >>have? if other than broadcom or intel, switch to intel. > > We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for > many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using > completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different > ISP and that box just goes, in line with what we believe we should be expecting. Swapping the boxes also suggests it is not a > hardware problem as they all work at the alternativ
[pfSense Support] LAN / WAN Disconnections continue in 1.2-RC1, Intel Pro/1000GT NICs with 370M RAM
>>Buy hardware that's not faulty. pfsense is *way* more robust than what it >>seems to be for you. what network interfaces do you >>have? if other than broadcom or Intel, switch to Intel. In frustration I have purchased 2 new Intel Pro/1000GT NIC's. They have lasted almost 48 hours before the internal disconnection between the LAN and WAN recurred yet again. The state table is reported as having showed 56 entries on index.php. Fixed by rebooting. Nothing else. (Cheaper cards have lasted longer!) Surely we can now conclusively say this is not a NIC or hardware issue? This happens for me on completely different machines with >= 256M RAM. I have most recently been running 1.2-RC1, pretty much since it was released. it teased me by running fine for 2 weeks, before reproducing the same problems. One of my colleagues has now abandoned pfSense, as it has proven to be unreliable for him. I do not want to, however the current reliability is also unsustainable for me. Is there any way I can assist to fix this problem? Kind regards David Hingston - Original Message - From: "Tortise" <[EMAIL PROTECTED]> To: Sent: Saturday, July 21, 2007 10:23 AM Subject: Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic Thank you Vivek >> connect both systems to a hub and run tcpdump on the other machine logging >> all traffic some place. Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for this well and can just roll it off?) >>Buy hardware that's not faulty. pfsense is *way* more robust than what it >>seems to be for you. what network interfaces do you >>have? if other than broadcom or intel, switch to intel. We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different ISP and that box just goes, in line with what we believe we should be expecting. Swapping the boxes also suggests it is not a hardware problem as they all work at the alternative ISP / venue. I find running Monowall also has the same experience here, - the same Monowall box is stable for months off site. I have been tempted to post to the monowall list also, cross posts are considered bad etiquette and I presume the monowall folks are also on both lists, I have refrained. (Is this correct?) It suggests to me there is something about our ISP which is a problem, perhaps their hardware or perhaps something about their traffic. Clearly this should not be the case, but the onus falls on us (rightly or wrongly) to prove this. It also suggests to me there is a vulnerability in FreeBSD as the problem occurs in both Monowall and pfSense with this cable ISP. I'd prefer my firewall not need random rebooting. We'd all like to help within our power and ability to move this forwards as FreeBSD and its children (pfSense and Monowall) are largely fantastic! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic
Thank you Vivek >> connect both systems to a hub and run tcpdump on the other machine logging >> all traffic some place. Yes they are already on a LAN with a switch. I didn't realise TCPDump could be run from another machine other than the one being dumped from. From what you suggest it can. I'll study it up and see if I can get it to! (Unless someone here knows the syntax for this well and can just roll it off?) >>Buy hardware that's not faulty. pfsense is *way* more robust than what it >>seems to be for you. what network interfaces do you >>have? if other than broadcom or intel, switch to intel. We (3 of us) believe this is not a hardware issue. 3 of us are on the same ISP here in NZ, and experiencing the same issues for many months. The ISP uses much the same Motorola Cable modem to interface into our static IP's. The same fault occurs using completely different hardware here also. I have another pfSense box running at alternative premises connected to quite a different ISP and that box just goes, in line with what we believe we should be expecting. Swapping the boxes also suggests it is not a hardware problem as they all work at the alternative ISP / venue. I find running Monowall also has the same experience here, - the same Monowall box is stable for months off site. I have been tempted to post to the monowall list also, cross posts are considered bad etiquette and I presume the monowall folks are also on both lists, I have refrained. (Is this correct?) It suggests to me there is something about our ISP which is a problem, perhaps their hardware or perhaps something about their traffic. Clearly this should not be the case, but the onus falls on us (rightly or wrongly) to prove this. It also suggests to me there is a vulnerability in FreeBSD as the problem occurs in both Monowall and pfSense with this cable ISP. I'd prefer my firewall not need random rebooting. We'd all like to help within our power and ability to move this forwards as FreeBSD and its children (pfSense and Monowall) are largely fantastic! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Programming pfSense to Reboot and Dump LAN / WAN traffic
Hi Can someone start me off or point me in the right direction to program: 1) LAN and WAN traffic dumps to a Centos HDD on the LAN, in an attempt to catch the traffic that may be causing pf Sense to intermittently hang and require rebooting. 2) Somehow setup a cron job to ping the ISP every minute - and reboot pfSense if the pings fail for 20 mins. Much obliged for any assistance or pointers / URL's etc. Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Reduce WAN NIC to 10Mbps?
Thank you kindly Holger. Kind regards David Hingston. - Original Message - From: "Holger Bauer" <[EMAIL PROTECTED]> To: Sent: Friday, June 15, 2007 12:14 AM Subject: RE: [pfSense Support] Reduce WAN NIC to 10Mbps? Have a look at http://doc.m0n0.ch/handbook-single/#FAQ.hiddenopts . These options apply to pfSense as well. You can hardcode the speed and duplex by adding the appropriate flag to your downloaded config.xml and reupload it again. # interfaces/(if)/media and interfaces/(if)/mediaopt If you need to force your NIC to a specific media type (e.g. 10Base-T half duplex), you can use these two options. Refer to the appropriate FreeBSD manpage for the driver you're using to see which options are available (or run ifconfig -m). Holger > -Original Message- > From: Tortise [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 14, 2007 1:00 PM > To: support@pfsense.com > Subject: [pfSense Support] Reduce WAN NIC to 10Mbps? > > Hi > > My ISP researching a problem with packet loss advises me to: "Set your > firewall for 10mbps full-duplex, auto negotiation off, and > then run your tests again." This is presumably to match their 10M > Wireless Gateway. > > Can we do this somehow? I am running dc class NIC's. > > Kind regards > David Hingston > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Reduce WAN NIC to 10Mbps?
Hi My ISP researching a problem with packet loss advises me to: "Set your firewall for 10mbps full-duplex, auto negotiation off, and then run your tests again." This is presumably to match their 10M Wireless Gateway. Can we do this somehow? I am running dc class NIC's. Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Thank you indeed Chris I understand the modem is largely bridging, as I think you are suggesting, given the Internet IP address appears on the pfSense WAN NIC. This is the sort of approach I was looking for. Given my ISP is declared on my email address here I won't comment about New Zealand ISP's here. I might however point out that I have not disagreed with you in any way. My presumption is that it is either coming from pfSense or indeed, as you suggest, the ISP. There are some TiVo's on the LAN here that also are intermittently having issues downloading data for no apparent reason when everything is connected, also using a proxy. (VOIP and Skype also running) I'll install 1.2b1 on another CF card and see what transpires. I am pretty sure the unplug / plug in has been tried in the past, without success, will try again to be sure. Kind regards David Hingston. - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Tuesday, June 05, 2007 2:10 PM Subject: Re: [pfSense Support] pfSense Hanging... First, if you're not running 1.2b1, you should try it. I'm going to assume cable service in .nz works the same as it does in .us, though that could be a wildly incorrect assumption. If it does, your modem does nothing but bridge between your cable provider's network and whatever you have plugged into the Ethernet port. There is no connection like PPPoE, no username or password, etc. As long as you have sync, it's good. If your cable Internet service uses the DOCSIS standard, it's the same as here, and as I describe. Next time this happens, SSH in and run 'tcpdump -i fxp0 -s 1500 -w capture.pcap' replacing fxp0 with whatever your WAN NIC is. Then run a constant ping to your WAN gateway from your LAN, try to access websites, etc. Wait about 5 minutes and ctrl-c to break out of the tcpdump. Then you can use the webGUI to download that 'capture.pcap' file, or scp it off to another host. Send it to me via email and I should be able to see what's happening on the wire. At this point, without that, it's anybody's guess as to what's happening. If your cable company is twice as competent as our local cable company here, they'd still be completely inept. In other words, I wouldn't rule out a weird network issue on their end. Scott and I spent countless hours tracking down a really screwy issue that turned out to be something they screwed up on their network, when they claimed repeatedly they hadn't changed anything and it was a firewall problem. One other thing to try after getting the tcpdump - if you unplug the WAN NIC from the cable modem and plug it back in, without rebooting, does that bring it up? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
It occurred again this morning. >From the LAN and the Serial pfSense Console I can ping the LAN NIC, as well as >the Motorola Modem on 192.168.100.1 >From the LAN and Console I can also ping the static IP on the WAN in form of >a.b.c.x but I cannot ping the ISP or a.b.c.1. Rebooting pfSense fixes all this, restores Internet access and allows pings to a.b.c.1 and the ISP again. The modem lights remain on and I do nothing else to fix it. I do not think it is PPPoE, but will check it out, there is no dialling involved with password that I am aware of, unless this is ISP configured in the setup they send the modem, in any event the modem is still functioning with all lights up. There is a web server which has varying low volume activity and I am also recording pings every 30s to the ISP, to keep a record when it all goes down. I don't think the modem is timing out due inactivity. Also it occurs during terminal sessions, which is infuriating, as one might imagine! Sometimes outages are ISP caused and they have extensively looked at the setup, recut cable ends etc. and they also suspect my firewall. Kind regards David Hingston - Original Message - From: "Tortise" <[EMAIL PROTECTED]> To: Sent: Monday, June 04, 2007 3:59 PM Subject: Re: [pfSense Support] pfSense Hanging... Thanks Chris The answers to your questions are: Strictly it is not a hang as the system does not freeze, it largely functions normally, just loses Internet transparency. LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions normally, can read logs, reboot from this etc. Reloading the filters functions as one would expect, however the connection is not established. The System Overview readings appear normal, states is now currently 110. The LAN and WAN graphs appear the same as when it is functioning normally. If there was a worm sending out screeds I would hope I'd be aware if it. WAN is statically assigned an Internet address. Modem links lights remain up and the modem continues to function normally. One can replace pfSense and connect a notebook PC Card NIC, configured with the Static IP and resume Internet access, proving the modem has not failed. I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when I reboot and it is again normally functioning. Essentially it appears to be functioning normally, except the connection through stops / disappears! Everyone on the LAN loses Internet connectivity. Anything else I can advise I'll be delighted to do so, although it might be when it next happens. Kind regards David Hingston - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Monday, June 04, 2007 3:13 PM Subject: Re: [pfSense Support] pfSense Hanging... On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote: > Thanks Bill > > Gosh, thats got to presumably use more than the default of 10,000! > > Currently there are 116 there. Easier than you might think. If you have a worm infected laptop plugged into your network only periodically it can cause state table exhaustion and the type of symptoms you describe. It wouldn't be (even close to) the first time I've seen that. When it "hangs", what exactly do you mean? There are tons of possibilities for "hangs". Does it become completely non-responsive, console dead and all? Does the console work but it falls off the network completely? Is the LAN still up and the webGUI functional but Internet just doesn't work? If that's the case, you said cable modem, I presume that's DHCP, do you have a valid WAN IP when it happens? Do you have link light on WAN? Are all the lights on your cable modem normal? Can you ping your default gateway? etc. etc. etc. Be as specific as you can be, the details you gave lead to a lot of questions and not a lot of specific recommendations. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Thanks Chris The answers to your questions are: Strictly it is not a hang as the system does not freeze, it largely functions normally, just loses Internet transparency. LAN functions normally, DHCP on the LAN, and the pfSense webGUI functions normally, can read logs, reboot from this etc. Reloading the filters functions as one would expect, however the connection is not established. The System Overview readings appear normal, states is now currently 110. The LAN and WAN graphs appear the same as when it is functioning normally. If there was a worm sending out screeds I would hope I'd be aware if it. WAN is statically assigned an Internet address. Modem links lights remain up and the modem continues to function normally. One can replace pfSense and connect a notebook PC Card NIC, configured with the Static IP and resume Internet access, proving the modem has not failed. I can ping the LAN nic but can't ping my ISP thru pfSense, although I can when I reboot and it is again normally functioning. Essentially it appears to be functioning normally, except the connection through stops / disappears! Everyone on the LAN loses Internet connectivity. Anything else I can advise I'll be delighted to do so, although it might be when it next happens. Kind regards David Hingston - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Monday, June 04, 2007 3:13 PM Subject: Re: [pfSense Support] pfSense Hanging... On Mon, 2007-06-04 at 12:27 +1200, Tortise wrote: > Thanks Bill > > Gosh, thats got to presumably use more than the default of 10,000! > > Currently there are 116 there. Easier than you might think. If you have a worm infected laptop plugged into your network only periodically it can cause state table exhaustion and the type of symptoms you describe. It wouldn't be (even close to) the first time I've seen that. When it "hangs", what exactly do you mean? There are tons of possibilities for "hangs". Does it become completely non-responsive, console dead and all? Does the console work but it falls off the network completely? Is the LAN still up and the webGUI functional but Internet just doesn't work? If that's the case, you said cable modem, I presume that's DHCP, do you have a valid WAN IP when it happens? Do you have link light on WAN? Are all the lights on your cable modem normal? Can you ping your default gateway? etc. etc. etc. Be as specific as you can be, the details you gave lead to a lot of questions and not a lot of specific recommendations. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfSense Hanging...
Thanks Bill Gosh, thats got to presumably use more than the default of 10,000! Currently there are 116 there. I'll keep an eye on it, I doubt that is the issue. Kind regards David Hingston - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Monday, June 04, 2007 12:21 PM Subject: Re: [pfSense Support] pfSense Hanging... State table filling? Try increasing it in System->Advanced. --Bill On 6/3/07, Tortise <[EMAIL PROTECTED]> wrote: > Hi > > I am finding pfSense hangs in the sense that the connection between WAN and > LAN just vanishes and can only be fixed by rebooting. > > I suspected hardware, replaced a NIC and thought this was the problem, > however the problems persisted. > > I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM. I > am using a CF / IDE interface which seems fine. > > System log has no errors recorded, yet this still hangs between 3 and 10 days. > > Traffic graph looks the same, the CPU usage remains in the 5 to 15% range. > > I suspected it could be something to do with the Motorola Cable Modem, > however others on this list have not had similar problems, > although a local colleague using the same ISP and cable modem also has to > reboot in similar circumstances. > > I have another pfsense box on another site which it runs reliably, using a > different Internet / ISP connection. (Wireless system) > > I would really appreciate knowing how to resolve the issue, as someone has to > be onsite to reboot, to re-establish the remote > sessions! > > Kind regards > David Hingston > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pfSense Hanging...
Hi I am finding pfSense hangs in the sense that the connection between WAN and LAN just vanishes and can only be fixed by rebooting. I suspected hardware, replaced a NIC and thought this was the problem, however the problems persisted. I changed the PC and NIC's completely, to a Pentium 500 III with 256M RAM. I am using a CF / IDE interface which seems fine. System log has no errors recorded, yet this still hangs between 3 and 10 days. Traffic graph looks the same, the CPU usage remains in the 5 to 15% range. I suspected it could be something to do with the Motorola Cable Modem, however others on this list have not had similar problems, although a local colleague using the same ISP and cable modem also has to reboot in similar circumstances. I have another pfsense box on another site which it runs reliably, using a different Internet / ISP connection. (Wireless system) I would really appreciate knowing how to resolve the issue, as someone has to be onsite to reboot, to re-establish the remote sessions! Kind regards David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] FIXED? LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?
Dear List I may have fixed this. I replaced the pfSense NIC which was in hindsight intermittently faulty, that finally failed completely. It has been stable since, with no logged messages other than the standard "dnsmasq[489]: reading /var/dhcpd/var/db/dhcpd.leases" Clearly more time is required, however it is looking good so far, given a number of error messages were noted on a daily basis prior and now none at all... Intermittent faults are the worst.!!! Thanks for the assistance provided. Kind regards David
Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?
Thanks Raj The modems web interface is, as you suggest, present at 192.168.100.1. The modem is being used in a transparent mode (bridging?) as the static IP is assigned on rl1. So far as I can tell it is not using 0.0 on the WAN side, it is using 3 digit numbers for the a.b.c.d IP address. Kind regards David - Original Message - From: "Rajkumar S" <[EMAIL PROTECTED]> To: Sent: Thursday, May 17, 2007 5:53 PM Subject: Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem? On 5/17/07, Tortise <[EMAIL PROTECTED]> wrote: > rl1 = WAN and Direct connected only to the Cable modem i.e. no switch sharing. > rl2 = LAN and connected to LAN switches. You have 192.168.0.4 on your lan, but for some reason your cable modem also sends arp replies for that ip. One possible reson is that your ISP might be using 192.168.0.0 network for the HFC side of cable modem. Try browsing to 192.168.100.1 and check if you get the cable modem web interface. From here you can check the ip address assigned to your modem. (I am typing from my memory, so I might be wroing about the cable modem web interface ip) If your ISP is using that ip range for HFC network, you will have to change your lan ip addressing. raj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?
Hi Bill for me rl1 = WAN and Direct connected only to the Cable modem i.e. no switch sharing. rl2 = LAN and connected to LAN switches. Can I presume that means you have checked and confirmed there are no similar messages in your System Logs? David - Original Message - From: "Bill Marquette" <[EMAIL PROTECTED]> To: Sent: Thursday, May 17, 2007 5:35 PM Subject: Re: [pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem? Which interface is rl1..ditto for rl2. Also, any chance that both sides of the firewall are plugged into the same switch? I've had the same modem you mention running on pfsense without any problems, so this smells of a different issue to me. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] LAN / WAN disconnections - Motorola Surfboard SB5101 Cable Modem?
Hi I am finding one of my pfsense boxes is losing its internal connection between the LAN and WAN. Happens maybe once a week or longer... The WAN seems to be OK, as I recall I can ping the Internet still and ping / access the Motorola config page at 192.168.100.1 There are no error messages in the system log at the time of occurrence. Running top in ssh or on the monitor looks much the same with no process dominating anything, although the web response may be longer. The WAN is cable via a Motorola Surfboard SB5101. A colleague of mine is also using the same pfSense and modem - and having the same issues. We are both finding frequent logged messages of this ilk: kernel: arp: 192.168.0.4 is on rl2 but got reply from 00:00:cd:1c:06:8c on rl1 In my case the cards are all of rl variety, his are xl. Reloading the filters does not fix it. Rebooting usually does although sometimes I seem to need to power cycle the modem also. When tested the Modem has remained up as I can connect up an alternative NIC appropriately configured with the static IP. It is a pain when offsite as one cannot remotely trigger a reboot to gain system access. How can I progress identifying the issue from here? Kind regards David
Re: [pfSense Support] Diagnostic ARP Table
Chris Wow, that all?! Thank you. David - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Thursday, April 05, 2007 2:26 AM Subject: Re: [pfSense Support] Diagnostic ARP Table Tortise wrote: > Thanks Chris > > You are of course correct, pinging pfsense makes them appear. > > What is the timeout period? > 20 minutes. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Diagnostic ARP Table
Thanks Chris You are of course correct, pinging pfsense makes them appear. What is the timeout period? Kind regards David - Original Message - From: "Chris Buechler" <[EMAIL PROTECTED]> To: Sent: Wednesday, April 04, 2007 4:18 AM Subject: Re: [pfSense Support] Diagnostic ARP Table Tortise wrote: > Hi > > I have three statically assigned TiVo's on the pfSense routed LAN with unique > ARP's soft defined on the Linux OS they run. > > The ARP entries appear intermittently in the pfSense Diagnostics ARP table, > typically one is shown and the other generally are > not, > although occassionally 2 may be shown. > Depends on what they're talking to and when. Things only show up in the ARP table when they have recently communicated to or through the firewall (and at that only if they're on a broadcast domain directly connected to the firewall, but yours obviously are). If you see one not showing up, if you ping the LAN IP or something on the Internet from the box that's not showing up and refresh the page, I'm sure it'll be there. If you do that and it's still not showing up, there may be an issue. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Diagnostic ARP Table
Hi I have three statically assigned TiVo's on the pfSense routed LAN with unique ARP's soft defined on the Linux OS they run. The ARP entries appear intermittently in the pfSense Diagnostics ARP table, typically one is shown and the other generally are not, although occassionally 2 may be shown. Is this to be expected or is it indicative of an issue? Kind regards David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dial Up Failover
Would that mean one could configure dialup failover? If so that would be really cool. Kind regards David - Original Message - From: "Luca Lucchesi" <[EMAIL PROTECTED]> To: Sent: Friday, March 09, 2007 9:08 AM Subject: [pfSense Support] Can't connect to PPTP with dialup Hi. I setted up the PPTP server on a pfSense system. The clients can connect to it from Windows XP with a natted ADSL Internet connection, but if I try with a dialup connection I get a 619 error. I tried so setup the MTU value to 576, but I was not be able to solve the problem. Could you help me, please? Thank you very much and goodbye! Luca. _ Telefona con Messenger...Le chiamate ai PC sono Gratis! http://get.live.com/messenger/features - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] CF 1.0.1 APPARENT boot failure - RESOLVED - SUGGESTIONS
Hi Holger et al Yes, it proved to be the null modem cable - and some errant assumptions on my part! May I suggest: 1) for the documentation - an addition that clarifies the differences in the CF card bootup sequence between Monowall and pfSense, as pfSense does not behave the same as Monowall (as one might have expected) - as the video and keyboard stop responding very early on, and the subsequent boot information is transferred and only available down the serial cable. FreeBSD/i386 bootstrap loader, Revision 1.1 ([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006) Loading /boot/defaults/loader.conf / 2) that just before pfSense transfers control to the serial cable that it also send a message to the video monitor, as suggested below. (So that one might not be lead to believe the install has hung, as one might be tempted to believe) FreeBSD/i386 bootstrap loader, Revision 1.1 ([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006) Loading /boot/defaults/loader.conf / Keyboard input and video display stopping and diverting to terminal, via COM1 serial null modem link. Connect to continue from there... 3) That one beep sounds when the default install comes to the first choice, so that the installer gets to know the boot sequence has completed correctly, even if they are not getting a serial output. If it helps anyone the HyperTerminal Config (for a PC using a CF card - not an embedded device) is 9600 bps. I hope these help someone in the future! Again, many thanks to the people involved, pfSense certainly is very good! Kind regards David Hingston - Original Message - From: "Holger Bauer" <[EMAIL PROTECTED]> To: Sent: Wednesday, November 08, 2006 2:30 AM Subject: RE: [pfSense Support] CF 1.0.1 boot failure Maybe your nullmodemcable is not ok. You need to assign NICs first from the console before you can use any of the interfaces (unless you are using sis nics which are preconfigured for the embedded image). Check your cable at another box to see if it actually is working. Holger > -Original Message----- > From: Tortise [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 07, 2006 11:19 AM > To: support@pfsense.com > Subject: Re: [pfSense Support] CF 1.0.1 boot failure > > Perhaps I have a null modem connection problem as 5 beeps are > eventually heard, suggesting it may be running up properly, > however I can't ping any of the (3) NIC's at 192.168.1.1 as I > presume I should be able to do on at least one? (Using > 192.168.1.2 255 255 255 > 0) > > I get no output to HyperTerminal or to Teraterm, tried > various cables, definitely using COM1 form the motherboard > > H > > > - Original Message - > From: "Holger Bauer" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, November 07, 2006 10:48 PM > Subject: RE: [pfSense Support] CF 1.0.1 boot failure > > > The embedded images have output at com1. There won't be video output > once it started. This is due to some embedded devices only > having serial > console and no video. Access your machine at com1, 9600baud using a > terminalprogram. > > Holger > > > > > From: Tortise [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 07, 2006 8:37 AM > To: support@pfsense.com > Subject: [pfSense Support] CF 1.0.1 boot failure > > > Hi > > I am trying to run pfSense from a CF card, have written images > to various cards. Monowall boots fine and runs from 16M CF card so it > would seem the IDE CF reader is ok. This is on a Pentium 166 system. > > With pfSense, trying a number of different CF cards 128M and > 256M: > > The BTX loader seems to run OK. Then I get: > > FreeBSD/i386 bootstrap loader, Revision 1.1 > ([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006) > Loading /boot/defaults/loader.conf > / > > The "/" does a couple of circles then stops... > > I have tried to get the serial output by connecting > HyperTerminal to the serial port. It seems it might be too > early to get > a serial output - as I do not get anything? > > Any guidance would be appreciated. > > David Hingston > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] CF 1.0.1 boot failure
Perhaps I have a null modem connection problem as 5 beeps are eventually heard, suggesting it may be running up properly, however I can't ping any of the (3) NIC's at 192.168.1.1 as I presume I should be able to do on at least one? (Using 192.168.1.2 255 255 255 0) I get no output to HyperTerminal or to Teraterm, tried various cables, definitely using COM1 form the motherboard H - Original Message - From: "Holger Bauer" <[EMAIL PROTECTED]> To: Sent: Tuesday, November 07, 2006 10:48 PM Subject: RE: [pfSense Support] CF 1.0.1 boot failure The embedded images have output at com1. There won't be video output once it started. This is due to some embedded devices only having serial console and no video. Access your machine at com1, 9600baud using a terminalprogram. Holger ____ From: Tortise [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 07, 2006 8:37 AM To: support@pfsense.com Subject: [pfSense Support] CF 1.0.1 boot failure Hi I am trying to run pfSense from a CF card, have written images to various cards. Monowall boots fine and runs from 16M CF card so it would seem the IDE CF reader is ok. This is on a Pentium 166 system. With pfSense, trying a number of different CF cards 128M and 256M: The BTX loader seems to run OK. Then I get: FreeBSD/i386 bootstrap loader, Revision 1.1 ([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006) Loading /boot/defaults/loader.conf / The "/" does a couple of circles then stops... I have tried to get the serial output by connecting HyperTerminal to the serial port. It seems it might be too early to get a serial output - as I do not get anything? Any guidance would be appreciated. David Hingston - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] CF 1.0.1 boot failure
Hi I am trying to run pfSense from a CF card, have written images to various cards. Monowall boots fine and runs from 16M CF card so it would seem the IDE CF reader is ok. This is on a Pentium 166 system. With pfSense, trying a number of different CF cards 128M and 256M: The BTX loader seems to run OK. Then I get: FreeBSD/i386 bootstrap loader, Revision 1.1([EMAIL PROTECTED], Sunday Oct 29 01:30:00 UTC 2006)Loading /boot/defaults/loader.conf/ The "/" does a couple of circles then stops... I have tried to get the serial output by connecting HyperTerminal to the serial port. It seems it might be too early to get a serial output - as I do not get anything? Any guidance would be appreciated. David Hingston
[pfSense Support] Minimium Hardware 96 MRAM?
Hi I note the min RAM is said to be 128M I've been running pfSense on a Pentium 133 with 96M of RAM for many months, including with one VPN interface. The CPU runs at about 10-25% and the Memory about 50%. This may be of interest! Kind regardsDavid Hingston Chequers SoftwareNew Zealandhttp://www.cheqsoft.com/contact.htmlThe information in this email and in any attachment (s) is confidential and may be legally privileged. If you are not the named addressee's) or if you receive this email in error then any distribution, copying or use of this communication or the information in it is strictly prohibited. Please notify the sender immediately by return email and then delete the message from your computer. Thank you for your assistance.
