Bad route maybe?

Can pfSense itself access other sites directly? It's not showing a DNS error there.

Steve

@ProfessorManhattan said in Using NVME on pfSense Server that Does Not Support Booting from NVME:

Maybe I can at least /tmp on the NVME?

it makes no sense to speed up "temp" in particular

Even with hundreds of users, the storage needs of pfSense / FreeBSD OP system are very little (only logs)

it is one of the "unicums" of FresBSD, it has little storage space and works

many colleague run from SD card

speed at boot is significant if NVME, but if you can't "boot from NVME" it is not an advantage

+++edit (like):

07b524da-3a6b-4ace-958a-66ba698bea94-image.png

@Harold-cardozo

it's a strange logic, so you have to try both (I vote for enable)
if you use balenaE then both exist, if Rufus can be set this way

https://docs.netgate.com/pfsense/en/latest/book/install/perform-install.html

See https://redmine.pfsense.org/issues/10781

@viragomann I had disabled the firewalls

.... and let me guess : the LAN network of pfSense is also 192.168.1.0/24 . pfSense using 192.168.1.1 on it's LAN ?

So, your router sees 191.168.1.1 as it's getway on its WAN, and uses 192.168.1.1 on its LAN ....
You know it's a router, and yet you treat it as a switch (?!). You are breaking very rudimentary RFC rules here. The router can't route between identical networks.

The real issue is : you do want to use a router after a router (although it is possible - remap your TPLINK to 192.168.2.1/24 on it's LAN, use it's WAN interface to connect to a pfSense LAN, and thinks start somewhat to work).

What you probably want : that your TPLINK starts to have as a (simple) Access Point. In that case, hook it up to pfSense using one of it's LAN interfaces. Stop DHCP (you do not want to have tow DHCP servers on the same network !!) and stop the firewall, stop DNS services. Attribute an IP like 192.168.1.2 to your TPLINK (and set DNS to 192.168.1.1 and gateway == pfSense to 192.168.1.1 == pfSense).

@FreeMindedCH said in RAM Disk Settings:

What RAM disk sizes would you recommend for a Netgate SG-2440?
Any idea why the very same installation does not show this behaviour an a PCEngines APU?

Hi,

Why would you want to use a RAM disk?
is it very important to have in your system....?

in front of me a colleague described very well why it is not advisable to use
(especially if you have little physical RAM in your system, such as 2 or 4GB on the APU MOBO)

here is a great and detailed description of @bmeeks:

https://forum.netgate.com/topic/155220/swap-usage

"Using RAM disks will make your problem orders of magnitude worse! Do you know what swap is for and what it actually is?

Swap memory is a type of temporary RAM. When there is not enough physical RAM to hold the information the currently running processes are using, the operating system will cycle currently idle sections of RAM out to a special file on the disk. So any currently loaded process that happens to be sleeping or otherwise not actively using CPU at that exact instant can have some or all of its data removed from RAM and written to the swap file on disk to free up RAM for use by another active process. Then, when that sleeping process "wakes up" and starts execution again, the operating system reads its data from the swap file and copies it back into RAM. This is an extremely slow set of processes compared to keeping the data in RAM the whole time. So usage of swap is basically to be avoided. When you start using swap, things are going to get very slow very fast.

A RAM disk uses part of RAM to hold data that is normally written to disk. So you would be taking up even more precious RAM to act as a disk drive and thus increase the operating system's need to use the swap file. You leave the OS even less free RAM to use for processes since a RAM disk reserves some RAM to be a disk drive. RAM disks today are generally a bad idea on pfSense. I suggest you avoid using them altogether.

As @DaddyGo mentioned, you are using some memory intensive packages. 4 GB of RAM is really not all that much for the packages you have. Are you sure you really need Squid? With the widespread use of HTTPS today, the utility of caching with Squid is reduced unless you are using some type of MITM. Squid can use a lot of disk space, too. The ntopng package can also be quite resource intensive as an Snort. So together, all those packages can give your firewall a real workout with only 4 GB of RAM available. That's why your firewall is resorting to use swap space, and it is having trouble even with that. This is because swap space is configured during pfSense installation and is a fixed size. Your error messages indicate you are exhausting your swap file space."

Maybe I'm overcomplicating things.

If the switch is mirroring the port connecting the router to the switch (thereby capturing all traffic from the router), will it even get an IP from the router and does it even need one set as a static IP? I've not seen any data from Snort for alerts in >48 hours which has me wondering. However, when I ran a packet capture, it seems to be capturing all packets.

If it wasn't 64-bit it couldn't even have made it that far, it would have had an exec format error much earlier in the boot process before loading the kernel.

okk, but its solved now :)

Thanks man. Just got there. Gunna close this.

Cheers.

Thanks everyone for the responses. Everything works now. Something in an older config backup had the wrong username.

@jdeloach said in CD (ISO) installer for 2.4.5-p1 is too large to write to a cd:

I use a DVD to write the ISO to instead of a CD. Seems to work just fine. I use Windows, don't know if there are issues with using a Mac.

I think most folks on here use a USB memory stick but I prefer to stay with DVDs.

It worked. Thanks much

Thank you for your response, I actually got it working. it was actually 65 error. How I got fixed it by putting 1500 into the MTU and set WAN interface hard code to 1 gig auto. It is working great now and I did a quick backup! I am actually running static IP that was assign to me by Comcast.

Thanks

Hi @Derelict thanks for your help.

I will test your recommendation soon, I had a trouble with hosting, the system crashing and I will have to reset and reinstall

When I can set all good, I will test your recommendation, and I will to continue with this thread.

Thanks you very much

I would suggest contact support - when I asked for an image, I had link in like 1 minute.. There is zero reason to searching around the archives of the internet.. Just contact them - you do not need a support contract for such a question

And yeah its good idea to have current image, don't get me wrong... But the time for that is like when you first install it.. Just keep a copy ;) Reason I contact them is wanted factory version of lastest image for my sg4860. And then for the 3100. You use to be able to download them off the portal.. But now you can not get factory version without contacting them for new versions that come out.

Is this netgate appliance, or you just using the CE version?

everything worked well and then suddenly stopped working, I am puzzled over this question which is disturbing me more than anything else, i see that i not only me encountered such a challenge but i am unlike others not. I had to be able to disable it from Console too otherwise i would need to make reinstallation..