@andy58 said in 2100 running 24.11 low on disk space:

seeing high CPU usage for no apparent reason

If you're seeing that while viewing the dashboard there is a patch for that. Install the System Patches package and apply patches.

@Gertjan

Before using pfSense I used CentOS (iptables and squid) for yearssss.. But proxy is pain, no more that for me.. lol.

Im thinking to change the local host file of that machine. The user of that machine, barely knows how to send a email, so i think this should work. I was trying doing this on firewall, to learn if i need this in the future for more machines on my lan.

I can change the host file OR the unbound view method.

By having the casting server act as a separate router between the two subnets you are creating an asymmetric route at both ends. I would expect TCP traffic to fail and see blocks in the firewall log?

Unless you have added workaround rules to allow it.
https://docs.netgate.com/pfsense/en/latest/troubleshooting/asymmetric-routing.html

That would happen with any type of routing.

Thank you
Have a good evening / night

@provels I thought 512 should be plenty enough but who knew???

@stephenw10 ok.when using the pfSsh.php, it is working. Ok Thanks. let me try to update the script check_pf_services.

[2.8.0-RELEASE][santheerdas@XXX]/home/santheerdas: sudo pfSsh.php playback svc status openvpn server 1 Password: Service openvpn is running. [2.8.0-RELEASE][santheerdas@XXX]/home/santheerdas: sudo pfSsh.php playback svc status nrpe Service nrpe is running. [2.8.0-RELEASE][santheerdas@XXX]/home/santheerdas:

@patient0 Thank you very very much. Cheers

Well there have been numerous beta builds since then.

There are a lot of key changes in the 25.03(7) backend and we need to make it as close to bug free as possible.

I expect to see the next release in July. But that still depends on new bugs etc. There's no point releasing anything before it's ready. 😉

@stephenw10 who knows... thanks again! I was going crazy for two weeks now until I decided to reach out to this forum! i was asking coworkers and people on mastodon but all i needed to do in the end was arp-scan and see that there was a conflict with two macs on the same IP. Saddly I cannot upvote you because of my low reputation.

For future readers please give stephenw10 an upvote for me <3

Hmm, first I've heard of it. Though it's unlikely to be overwritten since it's a custom directory, no update tries to write there.

I usually out custom scripts like that in /root.

Add to what is said above,
The "swap off" will disable swap usage, see it as a flag information to the kernel.
Not like "Windows", FreeBSD (the nix systems) use a dedicated swap partition, so you cant' see it, use it , or do something else with it.
The "swap off" command just tells the kernel to start OOM processes as soon as there is not enough free RAM anymore, A process is elected to be 'terminated', using a selection criteria somewhat better as 'Russian roulette', but the result will be the same as nearly all processes are essential to the system : things will go downhill fast.
On pfSense, the process with loads of RAM (the DNS cache) is often unbound, so unbound is asked to leave, leaving you without DNS (and unbound gets yelled at again ...).

If "swap" gets used on a pfSense system, you can interpret this as a pretty solid confirmation that your system is 'to small' for the tasks you asked it to do. The solution has been identified, it's " add more RAM " .....

"swapon -a" is actually that little extra safely net, that can do the little extra more for you when needed, and its warns you that you'll need to buy more DIMMs

Urgh, yeah that's not good. It's difficult to break ZFS just by removing the power. So, yes, could be a bad drive.

Interesting. I suspect that might have been a coincidence. But, as I say, adding static ARP can make troubleshooting more difficult. If a MAC is typo'd things just fail silently.

Yeah I'd guess it's random errors in the link occasionally corrupting a UDP packet. It depends what rate you're actually seeing but I probably wouldn't be worried if it's not continuous.

@stephenw10 ok I got to solve the problem changing my source of the route table URD from 0.0.0.0/0 to my subnet from my spoke subscription 10.20.0.0 from that is working the test vm with internet. now I will test performance to connect a cluster ks8 from each spoke. thanks for the support .
9cae0646-7797-4c9f-bf54-d0af9349fbdb-image.png

@phloggu said in pfSense 2.8: WebGUI unusable (due to cat and tail many logfiles in the background):

The widget shows 10 lines, I had 99 logfiles at a size of 80MB each, non-compressed,

The log files are 'PHP' parsed ... PHP is a 'one-core' process, great for building web pages, extremely bad when it has to deal with 'huge' text files. It will takes 'ages' - and / or usage all PHP memory (512 Mbytes max).

If you really want to store/keep/use big log files : use a remote syslogger. Then you can go wild wild huge files with your firewall being impacted because you clicked 'one something' or just logged in.

@stephenw10 doh

Thanks again mate - try this asap.

@stephenw10 I will give it a try, and give a feedback after.

It seems this was partially fixed with 2.8.0 in that current speed does change and reports some real-looking values. The max frequency is still wrong though.