Re: [pfSense Support] 2.0-RC1 installation problem
Hello, I've faced the same issue with all recent builds till today. It seems like some global regression. On 28.04.2011 20:45, Lupel wrote: Hi there, I'm trying to install the pfsense-2.0-RC1 cd iso for amd64 on a Dell PowerEdge R210 and installation hangs right after the ncurses interface starts at waiting for backend message. The image I've downloaded is pfSense-2.0-RC1-amd64-20110226-1807.iso Does anyone know what can I do to solve this? I've been digging into list archives but no one reported this issue for the 2.0-RC1 version. Thanks in advance. Lupel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] [CARP issue] can someone to reproduce it?
Hello, I've posted a bug (http://redmine.pfsense.org/issues/1226) but could, please anyone check if it is reproduceable on your boxes? Thank you, st41ker - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] unable to see the slave status ... both are showing master
Hi, I think you've misconfiguration in interfaces section. All interfaces MUST be in the same order on both firewalls in cluster. For example 'opt2' on the master MUST have ip from the same network as 'opt2' on the slave. That is because XMLRPC syncronization is operating with this internal interface names only (not labels like WAN, LAN or whatever you've named your interfaces). Internal interface names you can view in /cf/conf/config.xml For example: FW1: opt2 descr![CDATA[LAN2]]/descr ifre0_vlan10/if enable/ ipaddr192.168.199.254/ipaddr subnet24/subnet spoofmac/ /opt2 FW2: opt2 descr![CDATA[LAN2]]/descr ifre0_vlan10/if enable/ ipaddr192.168.199.253/ipaddr subnet24/subnet spoofmac/ /opt2 And a CARP ip 192.168.199.1 on both firewalls. Happy new year. 30.12.2010 17:22, Agnello George wrote: Hi we have been trying to set up a master/slave set up of pfsense , we tried every thing as per documentation in http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP2) http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP2%29 we have almost the same set up as in the link above , however we are are not able to see the the slave status on backup firewall , we can see the master status in primary firewall . We can see both servers showing master status I am compleatly new to freebsd and espically new to pfsense . Thank if you can guide me through. -- Regards Agnello D'souza -- Thanks, St41ker. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] CARP support broken in kernel?
): 227.234.177.249,120.162.118.78,152.171.173.48,92.93.224.15,236.101.105.252,83.24.68.20,227.104.66.63 Overall picture is the same as it was before the upgrade, except that each machine now ignores the carp packets. Did someone make changes in FreeBSD carp subsystem? -- Thanks, St41ker. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] CARP support broken in kernel?
I've updated bug 1072 (http://redmine.pfsense.org/issues/1072) According to packet dump carp vhid=1 192.168.252.254 224.0.0.18: VRRPv2, Advertisement, vrid 1, prio 0, authtype #128, intvl 1s, length 36, addrs(7): 107.95.16.142,89.11.4.1,28.106.118.248,149.43.12.212,148.195.215.246,252.189.185.117,56.253.61.5 0x: 0100 5e00 0012 5e00 0101 0800 4510 0x0010: 0038 d66a 4000 ff70 c0a8 fcfe e000 0x0020: 0012 2101 0007 8001 b7a9 6b5f 108e 590b 0x0030: 0401 1c6a 76f8 952b 0cd4 94c3 d7f6 fcbd 0x0040: b975 38fd 3d05 carp vhid=256 192.168.253.254 224.0.0.18: VRRPv2, Advertisement, vrid 0, prio 0, authtype simple, intvl 1s, length 36, addrs(7): 137.7.31.146,238.223.10.81,90.241.214.208,59.45.154.124,64.216.227.11,117.38.205.9,26.19.86.208[|vrrp] 0x: 0100 5e00 0012 5e00 0100 0800 4510 0x0010: 0038 8271 4000 ff70 c0a8 fdfe e000 0x0020: 0012 2100 0007 0101 5dc9 8907 1f92 eedf 0x0030: 0a51 5af1 d6d0 3b2d 9a7c 40d8 e30b 7526 0x0040: cd09 1a13 56d0 seems like there is something wrong with bit shifting for vhidx field (previously it was known as carp_pad1 field). When interface's vhid=255 - it's allways 1000b (0x80) and only when interface's vhid=255 everything works as expected. 2ALL: Temporary workaround for this situation is to use VHID greater than 255. On 15.12.2010 1:23, st41ker wrote: Hello, Is there is any update on the issue? On 11.12.2010 12:30, st41...@st41ker.net wrote: Hello, Understood. The requested changes has been made and the result is the same. Please, clarify, what exactly statistics do you need? Here is complete output of netstat -ss #uptime; netstat -ss 12:28PM up 33 mins, 2 users, load averages: 0.23, 0.23, 0.11 tcp: 14643 packets sent 6316 data packets (2478656 bytes) 433 data packets (375832 bytes) retransmitted 25 data packets unnecessarily retransmitted 7266 ack-only packets (0 delayed) 85 window update packets 552 control packets 12769 packets received 6093 acks (for 2483590 bytes) 255 duplicate acks packets (2405848 bytes) received in-sequence 1 out-of-order packet (0 bytes) 11 window update packets 193 connection requests 205 connection accepts 4 ignored RSTs in the windows 396 connections established (including accepts) 388 connections closed (including 17 drops) 119 connections updated cached RTT on close 128 connections updated cached RTT variance on close 41 connections updated cached ssthresh on close 2 embryonic connections dropped 5376 segments updated rtt (of 5566 attempts) 638 retransmit timeouts 12 connections dropped by rexmit timeout 2 keepalive timeouts 2 connections dropped by keepalive 1986 correct data packet header predictions 205 syncache entries added 5 retransmitted 3 dropped 205 completed 208 cookies sent 130 SACK options (SACK blocks) received udp: 2200 datagrams received 173 dropped due to no socket 589 broadcast/multicast datagrams undelivered 1438 delivered 11169 datagrams output sctp: Packet drop statistics: Timeouts: ip: 68772 total packets received 125 bad header checksums 56439 packets for this host 6 packets for unknown/unsupported protocol 7670 packets forwarded 150 packets not forwardable 29848 packets sent from this host 1182 output packets discarded due to no route icmp: 1544 calls to icmp_error Output histogram: echo reply: 56 destination unreachable: 148 Input histogram: echo reply: 1900 echo: 56 56 message responses generated ICMP address mask responses are disabled igmp: 509 messages received 506 membership reports received 503 membership reports received with invalid field(s) 15 membership reports sent ipsec: ah: esp: ipcomp: pim: carp: 17235 packets received (IPv4) 17225 discarded for bad vhid 12296 packets sent (IPv4) pfsync: 21776 packets received (IPv4) 21768 packets discarded for bad interface 12898 packets sent (IPv4) arp: 2381 ARP requests sent 61 ARP replies sent 3735 ARP requests received 27 ARP replies received 3762 ARP packets received 2317 total packets dropped due to no ARP entry 26 ARP entrys timed out ip6: 51 total packets received 51 packets sent from this host Input histogram: ICMP6: 51 Mbuf statistics: 0 one mbuf 51 one ext mbuf 0 two or more ext mbuf Source addresses selection rule applied: icmp6: Output histogram: neighbor solicitation: 12 MLDv2 listener report: 37 Histogram of error messages to be generated: ipsec6: rip6: pfkey: 2 requests sent from userland 32 bytes sent from userland histogram by message type: flush: 1 x_spdflush: 1 2 requests sent to userland 32 bytes sent to userland histogram by message type: flush: 1 x_spdflush: 1 According to ip_carp.c this counter (discarded for bad vhid) incremented each time when phys. interface on which carp packet was received does not contains any carp interface assosiated or if VHID of assotiated CARP interfaces does not contains the VHID got in the received packet. IMHO the problem could be in binaries. Anyway I've double checked each VLAN interface on router for CARP packets that could get on the wrong one due
Re: HA: Re: HA: Re: [pfSense Support] 2.0 - don't work Ipsec!
I'm not sure what you've tried to say. Anyway, you should contact a lawyer first. But I think that everything will be as it allways is in Russia. No one cares about the law and the law cares about no one. On 13.12.2010 9:14, drova...@kaluga-gov.ru wrote: Hi, Thanks for this is informations. Please prompt the certificated decisions! To regrets ipsec WHILE, does not use (ГОСТ 28147-89), (ГОСТ Р 34.11-94) enciphering, but we hope it will be soon included in ipsec! Now ipsec does not work! As the certification theme, a question is lifted: When Pfsense, ipsec it will be compiled with support of these cripto algorithms? st41...@st41ker.net написано 11.12.2010 22:39:35: От: st41...@st41ker.net Кому: support@pfsense.com Дата: 11.12.2010 22:39 Тема: Re: HA: Re: [pfSense Support] 2.0 - don't work Ipsec! Sure it can. Only government and business enterprises have to follow this rules. For more information you should contact a lawyer. I'm sorry for off-topic here. 11.12.2010 19:04, Evgeny Yurchenko пишет: On 10-12-11 06:46 AM, st41...@st41ker.net wrote: Hi, JFYI: you must use only those cryptographic services\alrorithms which has been sertified by ФСБ and\or ФСТЭК (I'm not sure how it sounds in English). It seems like blowfish is under question in your case. Hi, just curious, can private company or a person use something that is not certified by FSB? Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Thanks, St41ker. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] CARP support broken in kernel?
that each machine now ignores the carp packets. Did someone make changes in FreeBSD carp subsystem? -- Thanks, St41ker. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: HA: Re: [pfSense Support] 2.0 - don't work Ipsec!
Hi, JFYI: you must use only those cryptographic services\alrorithms which has been sertified by ФСБ and\or ФСТЭК (I'm not sure how it sounds in English). It seems like blowfish is under question in your case. On Sat, 11 Dec 2010 14:28:26 +0300, drova...@kaluga-gov.ru wrote: Hi, pfsense not send and recived ipsec message to remote gateway! Network topology: 192.168.8.0/24(LAN)-Pfsense 2.0 -(WAN)192.168.180.1192.168.180.13(WAN)-monowall -(LAN)172.20.34.0/24 1.) If inicial coonections from remote net to local net (172.20.34.0/24 - 192.168.8.0/24), --remote monowall racoon.conf-- path pre_shared_key /var/etc/psk.txt; path certificate /var/etc; remote 192.186.180.1 { exchange_mode aggressive; my_identifier user_fqdn k...@kaluga-gov.ru; peers_identifier address 192.186.180.1; initial_contact on; support_proxy on; proposal_check obey; proposal { encryption_algorithm 3des; hash_algorithm sha1; authentication_method pre_shared_key; dh_group 2; lifetime time 3600 secs; } lifetime time 3600 secs; } sainfo address 172.20.34.0/24 any address 192.168.8.0/24 any { encryption_algorithm blowfish; authentication_algorithm hmac_sha1; compression_algorithm deflate; pfs_group 1; lifetime time 3600 secs; } --END monowall racoon.conf-- - pfsense racoon.conf--- # This file is automatically generated. Do not edit path pre_shared_key /var/etc/psk.txt; path certificate /var/etc; listen { adminsock /var/db/racoon/racoon.sock root wheel 0660; isakmp 192.168.180.1 [500]; isakmp_natt 192.168.180.1 [4500]; } remote 192.186.180.13 { ph1id 6; exchange_mode aggressive; my_identifier address 192.168.180.1; peers_identifier user_fqdn k...@kaluga-gov.ru; ike_frag on; generate_policy = off; initial_contact = on; nat_traversal = off; dpd_delay = 10; dpd_maxfail = 5; support_proxy on; proposal_check obey; proposal { authentication_method pre_shared_key; encryption_algorithm 3des; hash_algorithm sha1; dh_group 2; lifetime time 3600 secs; } } sainfo subnet 192.168.8.0/24 any subnet 172.20.34.0/24 any { remoteid 6; encryption_algorithm blowfish 256, blowfish 248, blowfish 240, blowfish 232, blowfish 224, blowfish 216, blowfish 208, blowfish 200, blowfish 192, blowfish 184, blowfish 176, blowfish 168, blowfish 160, blowfish 152, blowfish 144, blowfish 136, blowfish 128; authentication_algorithm hmac_sha1; pfs_group 2; lifetime time 3600 secs; compression_algorithm deflate; } END pfsense racoon.conf - a.) remote monowall racoon.log Dec 11 16:38:20 racoon: DEBUG: get pfkey ACQUIRE message Dec 11 16:38:20 racoon: DEBUG: suitable outbound SP found: 172.20.34.0/24 [0] 192.168.8.0/24[0] proto=any dir=out. Dec 11 16:38:20 racoon: DEBUG: sub:0xbfbff460: 192.168.8.0/24[0] 172.20.34.0/24[0] proto=any dir=in Dec 11 16:38:20 racoon: DEBUG: db :0x80a5a08: 172.20.34.0/24[0] 172.20.34.1/32[0] proto=any dir=in Dec 11 16:38:20 racoon: DEBUG: sub:0xbfbff460: 192.168.8.0/24[0] 172.20.34.0/24[0] proto=any dir=in Dec 11 16:38:20 racoon: DEBUG: db :0x80a5c08: 192.168.8.0/24[0] 172.20.34.0/24[0] proto=any dir=in Dec 11 16:38:20 racoon: DEBUG: suitable inbound SP found: 192.168.8.0/24 [0] 172.20.34.0/24[0] proto=any dir=in. Dec 11 16:38:20 racoon: DEBUG: new acquire 172.20.34.0/24[0] 192.168.8.0/24[0] proto=any dir=out Dec 11 16:38:20 racoon: DEBUG: (proto_id=ESP spisize=4 spi= spi_p= encmode=Tunnel reqid=16426:16425) Dec 11 16:38:20 racoon: DEBUG: (trns_id=BLOWFISH encklen=128 authtype=hmac-sha) Dec 11 16:38:20 racoon: DEBUG: configuration found for 192.186.180.1. Dec 11 16:38:20 racoon: INFO: IPsec-SA request for 192.186.180.1 queued due to no phase1 found. Dec 11 16:38:20 racoon: DEBUG: === Dec 11 16:38:20 racoon: INFO: initiate new phase 1 negotiation: 192.168.180.13[500]=192.186.180.1[500] Dec 11 16:38:20 racoon: INFO: begin Aggressive mode. Dec 11 16:38:20 racoon: DEBUG: new cookie: bd8323a305dc6618 Dec 11 16:38:20 racoon: DEBUG: use ID type of User_FQDN Dec 11 16:38:20 racoon: DEBUG: compute DH's private. Dec 11 16:38:20 racoon: DEBUG: 50b121a0 b0639e68 c03f785c c5750692 9ef93e85 2ab97fe9 1524af19 578f99f4 c44f4a08 3af43dc7 6bd94b4f 3f48b220 03d7c270 ed5a7b76 2d054820 90bcef3f c893a102 ae6d2726 d7fedc3f eb5012c2 98163336 247a9e77 842b7b56 e3d89d32 71b7e676 a9a18b0e
[pfSense Support] CARP support broken in kernel?
Hello, It seems like this question should be addressed to the pfSense kernel maintainer(s). I've two firewalls on 2.0-BETA4 with CARP enabled. Until the recent upgrade everything worked almost perfect. Now both routers got all CARP devices in MASTER state. Firewall 1: vip6: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 192.168.199.1 netmask 0xff00 carp: MASTER vhid 6 advbase 2 advskew 100 vip10: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 192.168.0.51 netmask 0xff00 carp: MASTER vhid 10 advbase 2 advskew 100 vip12: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 192.168.253.252 netmask 0xff00 carp: MASTER vhid 12 advbase 2 advskew 100 #netstat -ssp carp carp: 92555 packets received (IPv4) 14 discarded for bad authentication 9 discarded for bad vhid 39869 packets sent (IPv4) Firewall 2: vip6: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 192.168.199.1 netmask 0xff00 carp: MASTER vhid 6 advbase 1 advskew 0 vip10: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 192.168.0.51 netmask 0xff00 carp: MASTER vhid 10 advbase 1 advskew 0 vip12: flags=49UP,LOOPBACK,RUNNING metric 0 mtu 1500 inet 192.168.253.252 netmask 0xff00 carp: MASTER vhid 12 advbase 1 advskew 0 #netstat -ssp carp carp: 39184 packets received (IPv4) 1 discarded for bad authentication 39074 discarded for bad vhid 93005 packets sent (IPv4) Here is a packet dump: #tcpdump -nvei re0_vlan5 not tcp and not udp tcpdump: listening on re0_vlan5, link-type EN10MB (Ethernet), capture size 96 bytes 20:28:26.227652 00:00:5e:00:01:0a 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 70: (tos 0x10, ttl 255, id 13532, offset 0, flags [DF], proto VRRP (112), length 56, bad cksum 0 (-a57a)!) 192.168.0.52 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype #128, intvl 1s, length 36, addrs(7): 227.234.177.249,120.162.118.75,40.102.130.17,242.232.0.66,58.203.185.41,64.96.187.4,114.121.226.49 20:28:26.723778 00:00:5e:00:01:0a 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 70: (tos 0x10, ttl 255, id 13772, offset 0, flags [DF], proto VRRP (112), length 56) 192.168.0.53 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype #128, intvl 2s, length 36, addrs(7): 227.234.177.249,120.162.117.92,228.194.169.203,197.128.149.181,204.97.168.247,234.48.188.234,14.68.23.250 20:28:27.223192 00:00:5e:00:01:0a 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 70: (tos 0x10, ttl 255, id 57411, offset 0, flags [DF], proto VRRP (112), length 56, bad cksum 0 (-fa12)!) 192.168.0.52 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype #128, intvl 1s, length 36, addrs(7): 227.234.177.249,120.162.118.76,5.159.71.110,98.90.217.70,117.200.253.191,117.207.179.185,132.131.241.197 20:28:28.218741 00:00:5e:00:01:0a 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 70: (tos 0x10, ttl 255, id 26425, offset 0, flags [DF], proto VRRP (112), length 56, bad cksum 0 (-731d)!) 192.168.0.52 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype #128, intvl 1s, length 36, addrs(7): 227.234.177.249,120.162.118.77,156.42.80.119,212.10.43.254,52.127.252.175,13.193.236.116,250.186.146.126 20:28:29.115843 00:00:5e:00:01:0a 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 70: (tos 0x10, ttl 255, id 17830, offset 0, flags [DF], proto VRRP (112), length 56) 192.168.0.53 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 100, authtype #128, intvl 2s, length 36, addrs(7): 227.234.177.249,120.162.117.93,134.208.204.108,14.90.209.13,71.169.61.99,222.84.234.186,206.168.118.252 20:28:29.214280 00:00:5e:00:01:0a 01:00:5e:00:00:12, ethertype IPv4 (0x0800), length 70: (tos 0x10, ttl 255, id 20580, offset 0, flags [DF], proto VRRP (112), length 56, bad cksum 0 (-89f2)!) 192.168.0.52 224.0.0.18: VRRPv2, Advertisement, vrid 10, prio 0, authtype #128, intvl 1s, length 36, addrs(7): 227.234.177.249,120.162.118.78,152.171.173.48,92.93.224.15,236.101.105.252,83.24.68.20,227.104.66.63 Overall picture is the same as it was before the upgrade, except that each machine now ignores the carp packets. Did someone make changes in FreeBSD carp subsystem? -- Thanks, St41ker. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Cron r...@node2 /usr/bin/nice -n20 newsyslog
Hello, I'm getting: nice: newsyslog: No such file or directory Cron r...@node2 /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout Table sshlockout is empty. It seems like there is something useless\broken in cron config (config version 7.x) for 2.0 Beta4 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Swap
Oh, you should listen to the Adam's advise anyway. echo /dev/ad1s1noneswapsw00 /etc/fstab; rm -f /usr/local/etc/rc.d/startup.sh; shutdown -r now On 11.11.2010 11:49, James Bensley wrote: On 10 November 2010 17:24, st41kerst41...@st41ker.net wrote: Hello again, Little fix just add '/sbin' path to binary just to make sure that init subsystem will run it: echo /sbin/swapon /dev/ad1s1 /usr/local/etc/rc.d/startup.sh ; chmod +x /usr/local/etc/rc.d/startup.sh; reboot Thank you, this seems to have worked. I have rebooted the box and ssh'd back in, swapinfo shows the swap partition as active . On 10 November 2010 18:12, Adam Thompsonathom...@athompso.net wrote: Ah, I had interpreted it as he installed a box without swap and was now trying to add it. That is correct. Originally I set the box up with no swap. I haven't deployed the box into production yet and whilst testing and tinkering I keep getting close to my physical memory limits so I wanted to add some swap space temporarily and when its comes to deployment, if needs be I can chuck some more RAM in. Thanks to all, this is now sorted :D - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Swap
Hello, echo swapon /dev/ad1s1 /usr/local/etc/rc.d/startup.sh ; chmod +x /usr/local/etc/rc.d/startup.sh; reboot On 10.11.2010 13:30, James Bensley wrote: Hey Listee's I am trying to add a swap drive to my pfSense box but I'm failing to keep it after a reboot. I zero out a spare 512MB partition with dd and chmod'd it as per the this freeBSD doc [0] but then I get stuck. /etc/rc.conf doesn't exist? I can execute 'swapon /dev/ad1s1' and then under swapinfo my new swap drive appears, also in the web interface it shows on the front page. As soon as I reboot it is no longer there and I have to execute 'swapon' again. So how to I complete this process under pfSense? [0] http://www.freebsd.org/doc/handbook/adding-swap-space.html - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Swap
Because native /etc/rc.d scripts are ignored and replaced by *.php under /etc/rc.* It's a monowall thing. On 10.11.2010 18:23, Moshe Katz wrote: Oh In /etc/rc (around line 310), it deletes /etc/rc.conf. I'd be interested to know why if any of the developers is reading this... Moshe -- Moshe Katz -- mo...@ymkatz.net mailto:mo...@ymkatz.net -- +1(301)867-3732 On Wed, Nov 10, 2010 at 11:16 AM, James Bensley jwbens...@gmail.com mailto:jwbens...@gmail.com wrote: On 10 November 2010 16:13, Moshe Katz mo...@ymkatz.net mailto:mo...@ymkatz.net wrote: Did you try creating a new rc.conf file and seeing if it reads it? Moshe After a restart it was gone :( -- Regards, James. http://www.jamesbensley.co.cc/ There are 10 kinds of people in the world; Those who understand Vigesimal, and J others...? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Swap
Hello again, Little fix just add '/sbin' path to binary just to make sure that init subsystem will run it: echo /sbin/swapon /dev/ad1s1 /usr/local/etc/rc.d/startup.sh ; chmod +x /usr/local/etc/rc.d/startup.sh; reboot On 10.11.2010 18:20, st41ker wrote: Hello, echo swapon /dev/ad1s1 /usr/local/etc/rc.d/startup.sh ; chmod +x /usr/local/etc/rc.d/startup.sh; reboot On 10.11.2010 13:30, James Bensley wrote: Hey Listee's I am trying to add a swap drive to my pfSense box but I'm failing to keep it after a reboot. I zero out a spare 512MB partition with dd and chmod'd it as per the this freeBSD doc [0] but then I get stuck. /etc/rc.conf doesn't exist? I can execute 'swapon /dev/ad1s1' and then under swapinfo my new swap drive appears, also in the web interface it shows on the front page. As soon as I reboot it is no longer there and I have to execute 'swapon' again. So how to I complete this process under pfSense? [0] http://www.freebsd.org/doc/handbook/adding-swap-space.html - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Swap
If I understood correctly James tried to expand existing swap and somehow he can not do it by merging existing and new partitions. On 10.11.2010 19:47, Adam Thompson wrote: Why not just add the necessary line to /etc/fstab, and let the boot-time rc scripts mount it like usual? (Note: I _am_ running 2.0, this might be a useless suggestion under 1.x, I don't know.) The discussion of adding swap in the FreeBSD docs mentioned only covers adding auxiliary swap *files*, not swap partitions. The shortest and clearest example I can find of adding swap to fstab(5) is at http://www.freebsd.org/doc/handbook/swap-encrypting.html or possibly http://www.freebsd.org/doc/handbook/geom-glabel.html, both of which contain extraneous detail - the Handbook assumes sysinstall(8) prepared swap space and adjusted /etc/fstab for you during install. You should be able to compare-and-contrast based on those two examples, though. AFAIK this isn't something pfSense/m0n0wall does differently than FreeBSD... the weirdness starts quite a bit later in the boot process. (I'm curious - why do you need/want more swap on a firewall?) -Adam -Original Message- From: st41ker [mailto:st41...@st41ker.net] Sent: Wednesday, November 10, 2010 11:25 To: support@pfsense.com Subject: Re: [pfSense Support] Swap Hello again, Little fix just add '/sbin' path to binary just to make sure that init subsystem will run it: echo /sbin/swapon /dev/ad1s1 /usr/local/etc/rc.d/startup.sh ; chmod +x /usr/local/etc/rc.d/startup.sh; reboot On 10.11.2010 18:20, st41ker wrote: Hello, echo swapon /dev/ad1s1 /usr/local/etc/rc.d/startup.sh ; chmod +x /usr/local/etc/rc.d/startup.sh; reboot On 10.11.2010 13:30, James Bensley wrote: Hey Listee's I am trying to add a swap drive to my pfSense box but I'm failing to keep it after a reboot. I zero out a spare 512MB partition with dd and chmod'd it as per the this freeBSD doc [0] but then I get stuck. /etc/rc.conf doesn't exist? I can execute 'swapon /dev/ad1s1' and then under swapinfo my new swap drive appears, also in the web interface it shows on the front page. As soon as I reboot it is no longer there and I have to execute 'swapon' again. So how to I complete this process under pfSense? [0] http://www.freebsd.org/doc/handbook/adding-swap-space.html - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org --- -- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] ssh and webConfigurator traffic shaping
Hello, I wondering is there is some convenient way to shape(prioritize) ssh webConfigurator's traffic in the pfSense 2.0? -- Thanks, St41ker. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] IAX trunk after isp lost connection
On 17/06/2010 20:18, belkhiria aymen wrote: Hi, I have asterisk under pfsense and IAX Trunk with another asterisk when connection lost with my isp the iax trunk is become UNREACHABLE and to actualize i reset connection in pfsense. any help? -- Belkhiria Aymen Ingénieur en Informatique Hello Belkhiria, Which pfSense version do you use? Do you mean that your internet connection does not auto reconnect or your pfSense * does not re-register on the remote * after the all mess?