• Error message during boot

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    B

    I updated my Alix 2d13 to 8.3-RELEASE-p5 FreeBSD 8.3-RELEASE-p5 #0: Sat Jan  5 17:51:54 EST 2013 and noticed the following errors during boot:

    The session_start() errors should be fixed in a snapshot 1.

  • Pfsense startup problem

    Locked
    19
    0 Votes
    19 Posts
    5k Views
    stephenw10S

    Well it could be a number of things causing this you have to gather as much info as possible when it doesn't come up correctly to narrow it down. For example it could be:
    1. The NIC is not attaching to the driver correctly. Seems unlikely since you said earlier you could see it had a 192.168.1.1 address. If you provide the output of ifconfig that will confirm that.

    2. The firewall is blocking traffic. That should never happen if you are running a DHCP server but sometimes things get weird. You would see that in the firewall log however.

    3. The DHCP has stopped. If the DHCP server crashed out you should see something in the system log.

    4. Something else on your LAN is running a DHCP server that is grabbing requests. This happens quite often.

    Steve

  • Testers needed: LSI MegaRAID controllers

    Locked
    13
    0 Votes
    13 Posts
    8k Views
    M

    Crap, yes this seems to be one of those "shabby" Intel Chipset-integrated things that can run in a Intel or with LSI or even Adaptec firmware mode depending on the OEM.
    SuperMicro also makes a couple of boards that have this C606 PCH-integrated - somehow "FakeRAID" stuff IMMV. More expensive boards from them  actually have dedicated LSI chip instead of the onboard PCH SAS.

    Anyhow, you're not alone also FreeNAS people have been hurt by this: http://forums.freenas.org/archive/index.php/t-8488.html

    Since you have the RAID 300 thing, this one definitely is onboard (according to Lenovo RD430 manuals)

    Now I'm pretty sure that the RAID 500 would have been the the card you would be looking for and is considered the 9240 card from Lenovo.
    This kind of cards are quite affordable, actually the IBM M1015 is quite popular among in DYI ZFS (FreeNAS) builds.  Maybe you want to give it a
    try, either via the official RAID 500 board or the IBM one. The original LSI cards often are more expensive - but in case of the 9240 come with RAID5 mode unlocked.

    The question actually yet is if you want to fight with the PCH-integrated SAS - actually a vanilla FreeBSD 8.3 or better 9.1 could be worth a try to compare - maybe you can
    kldload isci over there. OR you go the route and shell out some money for a more "proper" SAS RAID card. Actually I'd even prefer a plain HBA in some situations, but some
    server makers like IBM and Lenovo only support and sell you SAS Hardware RAID cards.

    Edit: See http://svnweb.freebsd.org/base/release/8.3.0/sys/dev/isci/isci.c?revision=234063&view=markup , the 0x1d68 device should be handled by iscsi, thus trying with a plain FreeBSD 8.3 could be interesting, but YMMV if you want to spend the time with this card or get a true MegaRAID card :-)

  • Snort problem if WAN=pppoe0

    Locked
    2
    0 Votes
    2 Posts
    1k Views
    J

    Just wondering if there has been any solutions to snort when the WAN is pppoe. See below for suggestion.

  • miniupnpd: Can't find in which sub network the client is

    Locked
    4
    0 Votes
    4 Posts
    2k Views
    J

    Thanks much. Will save me the trouble of reapplying the patch with each update.

  • Cellular stats for MC760?

    Locked
    4
    0 Votes
    4 Posts
    1k Views
    Z

    @wallabybob:

    Just to clarify, what form of support are you looking for? You haven't said you actually have a working connection to the mobile network

    I thought "works great, and setup was painless" would be relatively unambiguous. Apparently not.

    I have a fully functional internet connection over the MC760. I'm using it in a failover group, and everything works as expected. (well, see my other post about OpenVPN)

    I would like the graphs to work, and I'm willing to help. I'm a sysadmin, so I'm both interested in monitoring and not completely clueless, but the last time I dealt with PPP and AT commands it was talking to a Courier. :D

    So, where should I be looking to add support for graphing the cellular stats, and what information about this modem can I contribute to the cause?

  • Kernel: too many stray irq 7's: not logging anymore

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    N

    Yup, just now took the time to look it up.

    http://forums.freebsd.org/showthread.php?t=22766
    http://www.linuxmisc.com/8-freebsd/d5e96cd035cb7726.htm

    So on a system without a printer would disabling or enabling the printer port in BIOS prevent the stray irq 7?

    Thanks

  • Dynamic View Firewall Log Sort Order

    Locked
    1
    0 Votes
    1 Posts
    824 Views
    No one has replied
  • Updated today to latest snap - very slow

    Locked
    108
    0 Votes
    108 Posts
    37k Views
    G

    A little late to the party.  So happy this is fixed.  Just sent a donation!

    Thanks guys!!!

  • Limiter diagnostics don't update

    Locked
    1
    0 Votes
    1 Posts
    1k Views
    No one has replied
  • Truncated /etc/gettytab

    Locked
    4
    0 Votes
    4 Posts
    7k Views
    P

    OK, no trouble - I have a 2.0.2 system at home. Will fire that up tonight, merge the changes into the 2.0.2 version of pfsense-utils.inc, test and submit a pull request.
    Edit: pfsense-utils.inc version done and tested for 2.0.2 - pull request is in GitHub.

  • Please help How I do block ISP send me TCPflag rst connection reset

    Locked
    17
    0 Votes
    17 Posts
    6k Views
    Y

    find some news about this.  I hope PF Increased encryption capabilities within the network.

    https://www.schneier.com/blog/archives/2012/12/china_now_block.html

  • SQUID3 not caching any content

    Locked
    5
    0 Votes
    5 Posts
    10k Views
    P

    Dude! I owe you a beer!

    Taking out the Windows Update bits and turning off cachign of dynamic content did the trick! Check it out!

    1357092130.999    553 10.0.0.12 TCP_MEM_HIT/200 1130 GET http://forum.pfsense.org/Themes/slickprographite/images/rss.gif - NONE/- image/gif
    1357092131.729  1110 10.0.0.12 TCP_MEM_HIT/200 1549 GET http://forum.pfsense.org/Themes/slickprographite/images/topic/normal_post.gif - NONE/- image/gif
    1357092131.729  1110 10.0.0.12 TCP_MEM_HIT/200 769 GET http://forum.pfsense.org/Themes/slickprographite/images/filter.gif - NONE/- image/gif
    1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 814 GET http://forum.pfsense.org/Themes/slickprographite/images/email_sm.gif - NONE/- image/gif
    1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 1007 GET http://forum.pfsense.org/Themes/slickprographite/images/icons/profile_sm.gif - NONE/- image/gif
    1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 498 GET http://forum.pfsense.org/Themes/slickprographite/images/useron.gif - NONE/- image/gif
    1357092132.460  1461 10.0.0.12 TCP_MEM_HIT/200 1013 GET http://forum.pfsense.org/Themes/slickprographite/images/star.gif - NONE/- image/gif
    1357092132.461    732 10.0.0.12 TCP_MEM_HIT/200 772 GET http://forum.pfsense.org/Themes/slickprographite/images/post/exclamation.gif - NONE/- image/gif
    1357092133.189  1086 10.0.0.12 TCP_IMS_HIT/304 285 GET http://forum.pfsense.org/Themes/slickprographite/images/ip.gif - NONE/- image/gif
    1357092133.189  1086 10.0.0.12 TCP_MEM_HIT/200 1114 GET http://forum.pfsense.org/Themes/slickprographite/images/buttons/quote.gif - NONE/- image/gif
    1357092133.189  1460 10.0.0.12 TCP_MEM_HIT/200 1054 GET http://forum.pfsense.org/Themes/slickprographite/images/im_on.gif - NONE/- image/gif
    1357092133.909  1447 10.0.0.12 TCP_IMS_HIT/304 285 GET http://forum.pfsense.org/Themes/slickprographite/images/useroff.gif - NONE/- image/gif

    Thanks, man!

    @Nachtfalke:

    If you have problems with squid3 - did you try with squid2 ?

    Further you have two times an entry for caching windows updates. Are you sure that this is correct. I assume it is wrong.
    Further try to disable "cache dynamic content" on GUI. This could cause problems if I remember correct some forum posts.

    But in general squid3 is working on pfsense 2.1 and is caching. Probably something worng with your config or you use a website which does not allow caching.

  • Static ARP entries do not stay

    Locked
    2
    0 Votes
    2 Posts
    2k Views
    N

    Refer to the FreeBSD ARP (arp) manual page.  Particularly the -S option.  I think the answer is there.

    Capability for creating static ARP table entries from DHCP static mappings is available in Services: DHCP Server.

    See attached document for additional WoL configuration details.  (remove the .jpg extension)

    [Wake on LAN.docx.jpg](/public/imported_attachments/1/Wake on LAN.docx.jpg)

  • Location of crash report?

    Locked
    5
    0 Votes
    5 Posts
    1k Views
    ?

    ok, thanks.

  • 2.1 uPnP + rules not working

    Locked
    22
    0 Votes
    22 Posts
    9k Views
    R

    Any thoughts?

  • MOVED: IPv6 is Off But Still Get Gateway Issue Log Entries

    Locked
    1
    0 Votes
    1 Posts
    722 Views
    No one has replied
  • Multiple DHCP Pools for bridged interfaces?

    Locked
    4
    0 Votes
    4 Posts
    986 Views
    jimpJ

    Not the way you're implying, it can't. It allows/denies access to the individual pools by mac address (or they can be open for all to use), but there isn't a way for the DHCP daemon to distinguish which interface the queries enter in a bridged setup that I recall. Or if there is, it's not supported by this.

    What you're suggesting is a fundamentally flawed design. If you want different interfaces in different subnets, don't bridge them. You're just asking for trouble trying to craft something odd like that. And it's far, far off topic for the original thread (I split it off into a new thread).

  • PFSync and startup

    Locked
    3
    0 Votes
    3 Posts
    1k Views
    D

    OK I will try the snapshot wednesday. Thanks a lot !

  • IPsec mobile and transport vs tunnel mode

    Locked
    3
    0 Votes
    3 Posts
    2k Views
    B

    Sniffing the tunnel (enc0) traffic seems to be one way only (IPsec network is 192.168.79.0/24, 10.13.10.0/24 is an internal unfiltered subnet routed via LAN interface)

    10:02:46.705864 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54824 > 10.13.10.12.80: Flags [s], seq 451508624, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 105133164 ecr 0,sackOK,eol], length 0 10:02:47.777839 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54824 > 10.13.10.12.80: Flags [s], seq 451508624, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 105134164 ecr 0,sackOK,eol], length 0 10:02:48.890064 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54824 > 10.13.10.12.80: Flags [s], seq 451508624, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 105135264 ecr 0,sackOK,eol], length 0 10:02:49.985846 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54824 > 10.13.10.12.80: Flags [s], seq 451508624, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 105136345 ecr 0,sackOK,eol], length 0 this is a trace to an external network (google.com) still leaving enc0 and actually it does work [code]10:04:11.980610 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54829 > 173.194.35.24.80: Flags [F.], seq 762, ack 174239, win 8192, options [nop,nop,TS val 105218435 ecr 887816610], length 0 10:04:11.984472 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54828 > 173.194.35.24.80: Flags [F.], seq 555, ack 110578, win 8192, options [nop,nop,TS val 105218501 ecr 887816582], length 0 10:04:12.137217 (authentic,confidential): SPI 0x0e8b475d: IP 173.194.35.24.80 > 192.168.79.1.54829: Flags [F.], seq 174239, ack 763, win 999, options [nop,nop,TS val 887823607 ecr 105218435], length 0 10:04:12.137705 (authentic,confidential): SPI 0x0e8b475d: IP 173.194.35.24.80 > 192.168.79.1.54828: Flags [F.], seq 110578, ack 556, win 993, options [nop,nop,TS val 887823608 ecr 105218501], length 0 10:04:12.432361 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54829 > 173.194.35.24.80: Flags [.], ack 174240, win 8192, options [nop,nop,TS val 105218947 ecr 887823607], length 0 10:04:12.433974 (authentic,confidential): SPI 0x0d737aff: IP 192.168.79.1.54828 > 173.194.35.24.80: Flags [.], ack 110579, win 8192, options [nop,nop,TS val 105218947 ecr 887823608], length 0 [/code] now sniffing LAN interface (igb0) and LAN to IPSEC traffic passes, but again one way only [code] 10:17:02.289600 IP 10.13.10.18 > 192.168.79.1: ICMP echo request, id 1, seq 6889, length 40 10:17:07.167121 IP 10.13.10.18 > 192.168.79.1: ICMP echo request, id 1, seq 6890, length 40 [/code] pf rules are IPv4* any/any on both IPsec and LAN tabs and IPsec VPN network is not overlapping any other existing subnet. thanks [/s][/s][/s][/s]
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.