For safety reasons (IPMIs have awful security track records), I'd disable the NIC sharing where you have a dedicated IPMI port on the hardware. We do that on the systems we sell where that's applicable. If it's hardware that only has a shared port IPMI, use that port for your LAN rather than WAN as OP did.

It's a new device so one can try it on the bench while the old one is in service. ezpz.

;) ;)Thanks man , but sorry for late reply it worked

i did check my hard drive and no bad sectors or nothing wrong with it as per the attached so please would you clarify in more details what i can i do to solve this bug and avoided totally  

Hi John, thank you for your reply. For the WAN: right now there is no WAN on these servers. they aren't allowed to go to Internet. Right now the default gateway of these servers is the core switch were all the vlans are pointing as default gateways. Should I still use this as Default gateway on pfsense? by doing this I don't have any WAN but only a LAN with a default gateway, correct? thank you a lot best regards Nick

[2.2.6-RELEASE][admin@pfsense.bhf.net]/root: ps ax | grep 'url' 42622  -  Is      0:00.00 /usr/local/bin/minicron 86400 /var/run/update_alias_url_data.pid /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data 42800  -  I        0:00.00 minicron: helper /usr/local/sbin/fcgicli -f /etc/rc.update_alias_url_data  (minicron) 85776  0  S+      0:00.00 grep url 86400 = one a day for me. It's set up from config.xml - and put here /etc/crontab …... (I guess).

thats possible. i'm not experienced enough to debug a packetcapture & find out if it's a DoS attack. some of the members or developers here might be able to help you out

Encountering a similar error. I have a blank VM that can find PXE server but TFTP sends errors: PXE-T01: File not found PXE-E3B: TFTP error - File not found PXE-M0F: Exiting Intel PXE ROM pfsense is configured as shown in attachment. [image: pxe.JPG] [image: pxe.JPG_thumb]

@nicholas1520: Thanks for the replies everyone. Once the device is placed in it's bridge mode, there's no way to enter a username and password. It seems that the PPPoE session needs to be initiated by the pfSense then communicate it to the ONT. Oh ok this was not clear to me. Then you could perhaps ask at your ISP what is the best way to connect you custom firewall to their Network or plain the Internet. I am pretty sure they know a way to go for you.

Thank you KOM I will take a look at using ee or clog it seems like that will allow me to do the searches I need. I'm thinking "time" might not be the best way to express the log file limits because that will change depending on the amount of traffic. 1 day of traffic for you might be 2 or 3 days for someone else or vice versa. I have the email reports package and I had it send me what it had which should be a full day but not in this case because I reset the logs yesterday evening. The email size will be larger than the actual file because it also includes an RRD image of the traffic but probably not by too much. The email is 16megs, spans "Mar 10 20:39:32" to "Mar 11 14:10:55" and is almost exactly 100,000 lines (that's one line per entry at 160 bytes per entry). That's just over 17 hours or approximately (less than) 1 meg per hour. At that rate I should be able to get somewhere around 700 hours of logging or almost a month which will do nicely now that I know how to search it.  :) Obviously, on a busy or slow month that could change considerably. Anyway, I just included all that stuff to help anyone that comes along later that wants to try calculating things. Lots of rounding and estimating going on so try to use your own numbers if you can. Note, I saved all the lines into a text file and that's only 15.7 megs. Thanks for your help everyone. Joe

Hi, When i check "Hardware Checksum Offloading" I have significant performance improvement, but is not égal to -C I'M in 2.2.6 version. G

I have a HPE Proliant DL120 G9 server, that I want to use as a pfsense router. I have installed ESXi 6.0, and am using pfSense 2.2.6. I have a few questions and I'd be grateful if you helped me with them. Is this the HP custom version of ESXi or the regular version? I have two NICs installed on this server. One is a 2-port embedded LOM, and the other is a 4-port add-on NIC (known to the server as Flexible LOM). Is there a real and hardware IPMI port? I mean a dedicated one, only for the ILO usage? Or is this a shared port that can act as the IPMI (ILO) Port or for anything else also? And what 4 Port NIC is this exactly please? 40+ views and not one reply! To say the least, interesting. I managed to solve Q2 and Q3. Most important to me right now is Q4 and Q5, someone please at least drop a line about either one. One tread with one big question or one thread with many smaller questions would be the best I think! And like it looks here I am not alone, perhaps this is owed to that circumstance? So in my eyes you could use the quad port NIC for the following parts; LAN Port 1 > WAN 1 LAN Port 2 > WAN 2 LAN Port 3 > LAN LAN Port 4 > WLAN with CP Then you can be easily use the both onBoard LAN Ports as your IPMI (ILO) Port and the other for the APC USP to secure the entire server. This would be not harming anything or build a security hole in. 2. Does it make any difference which NIC is used as em0 for WAN and which for em1 for LAN? I want to use the two ports on the embedded 2-port NICs for my two WANs (so em0 and em1 are WANs, and em2 is LAN). But when I do this, I cannot get em2 to act as DHCP server - or again I do not know how to. In normal you would be able to use all kind of LAN Ports for all things you want, only if some problems occurring and can´t solved out, only in this situations it can be wise to use the em driver as the WAN interface instead of the igb(4) driver, but not at the start more if something goes wrong and can´t be solved out. But why creating problems and then try out fiddling them out? 3. When I get to set up my two WANs within pfSense (to do load-balancing, fail-over, and whatnot) the second WAN doesn't give me the option to configure a gateway for it - or I don't know how to. So, the second gateway always shows as "offline." In one video on Youtube, I saw a setup where the guy had set its DSL modem to assign an IP to WAN 2 in pfSense. So, basically, the modem establishes the PPPoE connection, and assigns a local IP address to WAN 2 configured in pfSense. Then, you can set WAN 2 as DHCP client, and assign the second gateway. But, what bothers me about this scenario is that now your connection to the outside world goes through two NATs. Once at the pfSense level, and the second at modem. For example, a 4.2.2.4 packet from outside gets to the modem, retagged to 192.x.x.x, subsequently is delivered to pfSesnse, and finally the packet is delivered from pfSense to my PC to IP of 10.x.x.x. This is not the proper setup, is it? What is the proper setup? Hmm, how to start here right? If you want to do a load balancing you need a minimum of two WAN interfaces and there fore you should create also two WAN groups each sorted right with a gateway, so called gateway groups. And in normal you will be connect one modem at each WAN port. A pure modem is not doing SPI & NAT!!!!! It is a bride device and don´t do any routing, DHCP and SPI/NAT. Only a real router with an internal modem will do SPI & NAT, but often this routers will be able to set up in the so called "bridge mode" and then this routers are also acting as a pure modem without doing any kind of NAT or SPI in front the pfSense firewall. Only if you are placing a real router in front of the pfSense that will be not able to set up on the bridge mode it will be a so called double NAT, but then you will loose only 3% - 5% of the full throughput and this would be not really urgent in normal, if you don´t want to terminate VPN connections at the pfSense firewall. 4. If and when the the load-balancing is setup, I am told that accessing banks and other sites that monitor IP connection (this is how it is where I live), midway if the connection switches IP from WAN1 to WAN2 then the bank drops the connection. How can I configure a firewall rule that all SSH or 443 connection to go through only one WAN? You will be able to load balance the entire traffic by using more then one method. session based routing (this is more for server traffic balancing) policy based routing (this could be taken also to direct the SSH traffic through one WAN Port) service based routing (this would be right for the SSH traffice to go through one WAN port) 5. I also I have a em3 port, that I want to set on a different subnet (or inside a VLAN) as to act as my hotspot for visitors. What is the best way to go about doing this? Routing is the goal and way to go with in my eyes. Please don´t bridge ports together and ask then why the; ports are flapping packet loss is growing latencies are even gain or high up packet drops and connectivity is lost Or something else. I would  suggest to go with routing instead of bridging ports together. 7. One of my ISPs requires MAC address registration (so every time I connect a new router to modem –when in bridge mode-- I have to call them up to release the MAC address so that their system acquires the new MAC address - a true pain in the neck). Should I clone the MAC address at the ESXi level when I am building the pfSense VM, or should I spoof it inside pfSense? Would it make any difference at all? buy a real modem that fits your needs and Internet connection like the Draytek Vigor 130, as an example this could be truly and real turned into the bridge mode and will be only one time registered with its MAC address by your ISP. And then you could install behind of them all you need and want. Either pfSense or any other kind of router or firewall. So why spoofing a MAC address?

@jpsil: I feel like an idiot…The problem was the cable.  It was a cat6 cable that had been in use for a while.  I swapped out the cables and now I am running like 120 down and 12 up.  Still not perfect, but much better.  Sorry for the oversight. Ok pending on the numbers of 120 down and 12 up it would be more owed to some other things inside of pfSense or perhaps the point of running in a VM. You could try out the following; high up the mbuf size enabling PowerD (hi adaptive) On top of the 120 down you must count the TCP/IP overheat and the passing through of NAT and firewall rules what can narrow down the entire throughput also really hard, oending on the system tech. specs. likes CPU horse power and amount and speed of the RAM.

I was not logged in as the 'admin' user. I was logged in as an admin user, but not the admin user. Solved.

I recently heard that Intel ditched QuickAssist in Atoms chips in favor of the Xeon D chips. Both is a absolutely failing information, either from where you get your info´s out. Intel Atom C2x58 (Rangeley) SoCs came with Intel QuickAssist support but not the other Intel Atom C2x50 (Avoton) series that comes there for with TurboBoost instead of QuickAssist, not more and not less. The Intel Xeon D-1500 SoCs are existing since the Q1/2015 and now Intel is only upgrading them till Q1/2016 with new SKUs (boards), so that now not one board must be fitting all needs and there are more then only the Intel Xeon D platform, the Intel Pentium D platform comes on top of this or beside it. There are 3 main fields this platforms are acting in now: Link1 Link 2 Link 3 Cloud Storage Edge Network (D-1518, D-1528 & D-1548) And the networking accelerated Intel Xeon Boards from SuperMicro (D-15x8) are for 4 main fields, Switches & Routers, Security Appliances and Wireless access and Wireless base stations as you will be able to read here under this links Link 1 Link 2 Link 3 They all comes with the following things enabled: (D-1518, D-1528 & D-1548) AES-NI cryptographic speed up Intel QuickAssist cryptographic and compression/decompression speed up DPDK (enabled software) massive Layer3 packet forwarding speed up Intel Turbo Boost Technology 2.0 At workload peaks the CPU frequency will be pushed scaled up Intel (HT) Hyper-Threading (vers. 9) Real CPU cores would be double being existing virtually This are the core or edge points from the new network accelerated SKUs SuperMicro will launching in the Q1/2016. And the Intel QuickAssist will be one of the core features on both SoCs, Intel C2x58 and D-15x8 platforms. And that the pfSense team is actual working on netmap until the other Intel D-15x8 SKUs from SuperMicro will be launched in Q1/2016 might be only tend to the point that netmap matches now all platforms and when the other D-15x8 SKUs are launched the QAT will also fit to all on the market being boards and SoC´s. In former days Intel was promoting the Intel QuickAssist technology for speeding up the following tasks DPI (canceled) IDS/IPS (canceled) cryptographic operations (actual able to use) decompression & compression (actual able to use) And from this all features only the last two points are actual in the game, could it be that you perhaps mean this with your thread? That they (Intel) were canceling only some features here? That being said, I haven't heard of any progress being made in pfsense towards adding support. You can´t they are still working on this, and not code was entering in pfSense code that will be able to use by Intel QuickAssist. This will be perhaps owed to the circumstance that many devices are coming together with Intel QuickAssist technology as Intel Core i3, i5 i7 CPUs, Intel C2x58 SoC and D-1500 SoCs and on top of this some accelerator cards like shown under this links in the next line from ADI and Netgate. Intel QAT accelerator card without LAN ports (Netgate) Intel QAT accelerator cards with 4 GB LAN ports (ADI Engineering) Would they offer those cards if QAT was canceled or will be canceled in the near future? Are they still working on adding QuickAssist, or is it vaporware at this point? If they are still working on it, has there been an established timeline? No timeline but I would guess the SG-xx units from the pfSense store and the Netgate RCC-VE units could be the first ones that get their hands on this feature, as a goody and supporting the project as I would imagine it. I ask because I'm trying to figure out whether its worth even getting any of the Atom chips since they seem to be getting phased out by Xeon D. It is more to see likes an add on or gain and not as a phase out in my eyes. So pfSense, Netgate and ADI are able to enrich there product line for us or there customers. Intel Atom C2x58 based products as entry level product line for home and SOHO Intel Xeon D-1500 based pro product line Intel Xeon E3-1200v3 & Intel QAT card enterprise line Intel single or dual Xeon E5-2600v3 & Intel QAT card enterprise line Would it make sense to go with a c2750 over the c2758? The big difference is that you get MUCH better performance on the c2750 because turbo can push each core an additional 200MHz (2.4GHz -> 2.6GHz). The con is that it doesnt support QuickAssist, which isnt really a con if nothing is utilizing it. The Rangeley platform is more for network devices such as a firewall, a router or an another network appliance pending on the AES-NI and QuickAssist and the Avoton platform is more for servers likes Samba or Apache or any kind of file server, building a SAN or a NAS whatever more in this direction, where a peak can be easily wiped away by TuboBoost, to be future proof related to pfSense I would prefer to go with the Rangeley C2x58 platform or SoC that is also used by the pfSense store, Netgate store and ADI Engineering.