Hi Guys

I finally got a resolution to my horrendous webgui speeds and web traffic through my pfsense router. It turns out our WAN was connected to a dodgy piece of Cisco hardware (Line Card) and it was causing all sorts of problems foe specific traffic from Windows machines only! Here is the explanation I got form our provider.

_We believe we have hit a bug with the particular hardware revision that card is. It drops packets of certain sizes which matches up with that we were seeing with duplicate acks and retransmits that looked like they weren't being acknowledged. I am going to have to look further into why Windows appeared to be affect but other operating systems we tested weren't.

The second line card in our colo router is a newer revision which doesn't suffer from the bug._

This report came just before I was about to do a full reinstall of our router thinking there was some major problem with pfsense. Pheeeew bullet dodged.

I would think your best bet would be to buy some support
https://portal.pfsense.org/index.php/support-subscription

They should be able to provide you the information and guidance you need without having to come on site to be honest.

Thanks Steve for all of your help.

I have a 2.5'' IDE drive I'm going to pull from a laptop. I need to secure a NULL serial cable (I believe I have one in my shop.) I'll begin this project over the weekend.

@Jason:

@repa:

Can a

Intel Xeon 2-Core E3-1220LV2 2,3GHz 3MB 5GT/s with 8 GB RAM handle this ?

or better take a Intel Xeon 4-Core E3-1265LV2 2,5GHz 8MB 5GT/s

Unless you're using Squid, Snort, etc., the dual-core is likely to be the better choice as many of the components of pfSense are single-threaded.  8GB of RAM is also overkill unless, again, you're using snort or squid, or unless you've got hundreds of thousands of states.

To do HA you're going to need two boxes.  They don't need to be identical, but it will probably help you out in the long run if they are.  Make sure you plan for a dedicated NIC for traffic between them.

Also some systems will let you limit active cores and therefore run in turbo mode which can gain you a bit, as well as disabling HT as it typically wont help you on pfSense.

We use E3-1280V2's and they work just fine, with HT disabled as 4 cores is plenty.

It should be very simple. I recommend that you backup the configuration file first. If you wan to be paranoid, get another disk, CF, etc and install the new version on it, that way if anything goes wrong you can just put back the old disk.

So I am curious is this "Zyxel modem" really just a modem or is it already a gateway doing nat?  What is the model number of this zyxel modem.

@wallabybob:

@genhed:

It seems that there is no driver for this device. Any ideas if it'll ever be supported?

It might be worth trying a pfSense 2.1 snapshot build because that includes more up to date device drivers than the 2.0.x builds.

2.1 produced the same results. I even tried FreeBSD 9.1 and it gives the same messages for the SD host controller. I'll just use the USB pen drive. Thanks for the help though! :)

These sorts of problems can be really difficult to solve. It could be fault with the power supply, perhaps dropping voltage when it heats up.

Many thanks.
It works.

matteo

Thanks to all your help I'm now an "expert" at installing pfSense 2.1.

In short, I can get a good basic working system.

I did get several hangs on reboot while trying to set up a WLAN. Now I've got about 10 config backups after taking wallabybob's advice and quite a few of them have been used. Had to reimage a few times I got so stuck. But now I'm on a good config and it all seems good.

I followed this method to set a WLAN on my Atheros AR9280. Config looks like this:

I could also "sort of" get it working in 802.11ng mode, except when I do it reverts to channel 1 (no matter what I set it to in the webGUI) and I run out of patience waiting for my Windows box to connect again. That is, pfSense boots fine and I can mess around on its shell and ifconfig tells me that the WLAN is in 802.11ng mode, but I can't connect via the LAN with my Windows box (and I didn't try with a wifi device). Rebooted pfSense, Windows, reconnected cables, after about 10 minutes of stuffing around I gave up. So I'll stick with 802.11g for now (good enough for my needs) and revisit the topic later on.

802.11n isn't an option on the drop-down box in the webGUI, just ng (amongst others).

I added these lines to loader.conf.local, not sure if I need them:

I'm happy to post any specifics if you want to know more about my config.

Thanks again.

Figured it out.

The output from both was identical.
Turns out the cable modedm needed to be power cycled.  Once i did that traffic started flowing. Thanks for pointing me in the proper direction.

Hi,

Thanks for the replies.

I'm using a Netgate FW-7535 with a hard drive instead of the compact flash. The serial terminal console port is ok. I can finish the configuration by connecting a monitor and keyboard but this is a big pain to do… Once I can access the GUI I can then enable the console port via the serial terminal config in the advanced config and access is returned. It looks like the serial terminal is being disabled during the install and after the reboot locks you out.

I haven't tried the embedded kernel. I have been using the SMP kernel. Would this make a difference since it looks as though the install is disabling the serial terminal?

Thanks,
Paul

@Ns7:

the driver does not find AR 8151.

Please post the pfSense build ID (from the Version field of the home page of your pfSense box) and the output of the pfSense shell commands:```
dmesg ; pciconf -l

Thanks for your answers
It's clear for me now)

One way (wich may/may not be acceptable) is to build a virtualization host with support for your nics and then put the Pfsense box as a VM on that server.

The problem is you can't have an alias name that's the same as an interface name. You had both an interface "DMZ" and an alias "DMZ" and can't have both. Input validation prevents that from happening on 2.x versions, but there was no such restriction on old versions.

Yes, it can run live just like the CD.

It is the CD. Just in a memstick format.