On Mar 18, 2011, at 7:05 PM, Chris Buechler wrote: > On Fri, Mar 18, 2011 at 2:19 PM, Jim Riggs > <freebsd-li...@christianserving.org> wrote: >> >> I had wondered if it was just a promiscuous mode thing, but just setting >> promiscuous on the IF doesn't seem to do it. (Let me do some more testing, >> though.) If it does work, what's the best way to make that persistent >> across reboots and/or upgrades? I could write an rc script, but is there a >> more "pfSense way"? I know there's an xml config file, but how persistent >> is it? >> > > You can add <shellcmd> tag such as > <shellcmd>ifconfig bce0 promisc</shellcmd> > > above the </system> line. > > Running tcpdump does nothing other than putting the NIC in promiscuous > mode to impact the network stack, pretty much impossible that promisc > does something diff than running tcpdump does.
I'm reviving this thread again after a couple of weeks. Indeed, setting my LAN IF (bce0) to promiscuous mode does work. Of course, my shellcmd keeps getting removed with every snapshot. :-\ Does anyone else have any ideas why this interface would have to be in promiscuous mode to keep pfSense (web ui, ssh, etc.) from hanging? The only other thing I have noticed when poking around is that there are lots of mbuf request denials, and these show up right after a fresh boot: 24914/2099/27013 mbufs in use (current/cache/total) 24908/692/25600/25600 mbuf clusters in use (current/cache/total/max) 24908/692 mbuf+clusters out of packet secondary zone in use (current/cache) 0/640726/302089 requests for mbufs denied (mbufs/clusters/mbuf+clusters) More context below: > On Mar 18, 2011, at 2:29 AM, Chris Buechler wrote: > >> On Thu, Mar 17, 2011 at 11:44 AM, Jim Riggs >> <freebsd-li...@christianserving.org> wrote: >>> I have been having an issue with 2.0 for a few months (beta snapshots and >>> RC1) that is driving me mad. I'm hoping someone can shed some light on >>> this. >>> >>> The server is a Dell PowerEdge R610 with bce0-bce3. It is a repurposed >>> server, so it is built and configured as a server and for performance. In >>> the simplest setup, I only have a LAN (bce0) and WAN (bce1). This is a >>> test server for evaluating 2.0, so it doesn't really have much traffic. >>> There are only a couple of us using it as a gateway. >>> >>> A few minutes after booting, the Web UI will become unusably slow or >>> completely unresponsive. Sometimes we will be greeted with a 503 response. >>> Other times the browser just spins forever. SSH access is similarly >>> flaky. We have found that if we force some traffic through the gateway >>> (e.g. http request from LAN to WAN) right after requesting a page from the >>> Web UI or attempting an SSH session, it will respond to that request. >>> >>> I have dug through posts related to this in the forums and archives, but >>> haven't found too much that's relevant. I did find one post [1], though, >>> that was somewhat similar. Basically, the OP had to run tcpdump on the >>> pfSense box to get it to work. I tried that, and it works! So, now every >>> time I restart the pfSense box I have to log in on console or SSH (if I can >>> get in) and run a `nohup tcpdump -i bce0 >& /dev/null' to make it behave. >>> Note that unlike the referenced post, we do not have any trouble LAN->WAN >>> through the gateway. It just seems to be problematic accessing the gateway >>> itself from the LAN. >>> >> >> Odd, then it's only working when the NIC is in promiscuous mode. >> What's the exact chipset (run dmesg|grep bce0)? Some odd driver quirk, >> apparently specific to only certain particular chipsets as I know >> there are a number of systems running bce that don't have such issues. >> >> Running 'ifconfig bce0 promisc' would accomplish the same without >> having to run tcpdump. > > I had wondered if it was just a promiscuous mode thing, but just setting > promiscuous on the IF doesn't seem to do it. (Let me do some more testing, > though.) If it does work, what's the best way to make that persistent across > reboots and/or upgrades? I could write an rc script, but is there a more > "pfSense way"? I know there's an xml config file, but how persistent is it? > > I will see if there are any Dell updates available for the NIC. Here's the > dmesg info: > > bce0: <Broadcom NetXtreme II BCM5709 1000Base-T (C0)> mem > 0xd6000000-0xd7ffffff irq 36 at device 0.0 on pci1 > miibus0: <MII bus> on bce0 > bce0: [ITHREAD] > bce0: ASIC (0x57092003); Rev (C0); Bus (PCIe x4, 2.5Gbps); B/C (5.2.2); Flags > (MSI) > bce0: link state changed to UP > bce0_vlan254: link state changed to UP > bce0_vlan20: link state changed to UP > bce0: promiscuous mode enabled > bce0: permanently promiscuous mode enabled --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org