Interesting, I usually type 'exit' if that happens to get back to the menu. Could be you can enter anything there. I'll have to try it.
I've only seen that happen if the console is connected after boot by the way.

Steve

One more thing.

I got the latest version of mbmon here:

http://pkg.freebsd.org/freebsd:10:x86:64/latest/All/

It is the file xmbmon-205_14.txz

Hardware should be fine.
4GB RAM is enough for most uses.

No wireless AC cards are supported.  Get an external AP, you'll be much happier.

Hi guys,

I plan to buy a Lanner 7573A.

Any news about the i210 issues ?
Does it works well on 2.2.X ?

Thanks

Thx for Reply - Sounds good.

So basically I'm testing 2 scenarios

1.  WAN -> LAN (so receiving data)..  I max out at just over 750Mbps in this scenario.  The load is 1 CPU at 100% utilization (system), while the other is at around 60% (interrupt)
2.  LAN -> WAN (so pushing data)..  I max out at just over 800Mbps in this scenario.  The load is 1 CPU at 100% utilization (system), while the other is at around 20% (interrupt)

I tried to do bi-directional using iperf 2 vs 3, and due to the load that 1 stream puts on the box, the other stream just sits idle.

What I don't understand is the difference in interrupt processing in the two different scenarios.

During this testing (I ran 10 minutes at a time using iperf 3) in both scenarios.  This was repeatable.  I was also monitoring the CPU frequency via sysctl during this, and it was jumping up to 2100 (turbo boost I guess?  as the CPU in this unit is a 1.74Ghz I believe).

I also tested this by removing the pfSense box and just going direct to direct to ensure that the hardware I was utilizing was not a limitation and was getting over 940Mbps both directions (even bi-directional I was able to push/pull simultaneously above 900Mbps)

So my guess is this is just the absolute limit of this processor..  For what I bought it for, this is fine, however it tells me that I need to buy a more powerful box for the other locations.

With the aesni.ko module loaded it's part of cryptodev.

: openssl engine -t -c (cryptodev) BSD cryptodev engine [RSA, DSA, DH, AES-128-CBC, AES-192-CBC, AES-256-CBC]     [ available ] (rsax) RSAX engine support [RSA]     [ available ] (rdrand) Intel RDRAND engine [RAND]     [ available ] (dynamic) Dynamic engine loading support     [ unavailable ]

OpenSSL on its own will find it and use it internally but that can be a bit more difficult to identify.

any news ?

Thanks :)

@messerchmidt:

…run pfsense in a hyper-v vm on server 2012 r2...

on a J1900 Celeron CPU?
I want the same you had for breakfast.

@P3R:

To hopefully save this thread from further abuse and personal attacks I'm leaving now.

@jim1000,
Good luck with your new switch, whatever it may be.

Thanks for your help with this.

See, even switches can get people upset and swinging at each other. Thanks for NAT and SPI, as it has undoubtedly saved lives.  Regardless, thanks for the advice that managed to sneak past the need to slug it out on important issues like these.

A long time ago I thought about going out for a CCNA, but decided against it because I was too old to start a new career and it was overkill for just tinkering around the home network. Given that the CCNP has an entire exam on switches, I wonder how the tone would have changed if BGP or spanning tree issues got into the mix. Break out the weapons. Seriously, thanks for adding some light. My little V1 will do for now. Maybe I'll get another managed switch if I can find a good inexpensive used one on eBay or Amazon and it has decent reviews. Some of us have yet to build our first VLAN, even though we know, abstractly, what they are. I won't spend $200 - $300 just to split a signal.

Below is my experience with this issue. Should I use a system patch instead of editing the _rw/_ro functions in /etc/inc/config.lib.inc by hand? Is there a config toggle or better way? Should I leave /cf mounted sync, as that's where the conf/rrd/leases live? With the system on a UPS and the NanoBSD "backup partition" to fall back on, I'll take the usable performance.

I have an embedded system (it's rebranded, not sure of exact model#) with a 2GB consumer CF card that ran 2.1.3 fine. Pulled the system out of storage recently and decided to do a clean 2.2.2 install; I booted an Ubuntu livecd and downloaded then wrote the x86 2GB embedded VGA pfSense 2.2.2 image to CF at ~7MB/sec.

After getting it running, I tried to install some packages but it was taking ages. With iostat/dd/fetch, traced it down to the slow CF card, writing at 17-20KB/sec. Followed some booting tips to disable DMA, write caching and ACPI with no write-speed improvement. Had a poke at BIOS settings but nothing really jumped out. Fired up a FreeBSD 10.1R livecd and got good performance there, so it was back to poking pfSense… continued onto the second page of forum search results for "cf card" this time, which brings us here.

[2.2.2-RELEASE][admin@pash]/boot: mount /dev/ufs/pfsense0 on / (ufs, local, noatime, synchronous) /dev/ufs/cf on /cf (ufs, local, noatime, synchronous) [2.2.2-RELEASE][admin@pash]/root/tmp: dd if=/dev/zero of=1MB bs=1M count=1 1048576 bytes transferred in 49.369825 secs (21239 bytes/sec) [2.2.2-RELEASE][admin@pash]/root: mount -o noatime,async  /dev/ufs/pfsense0 / /dev/ufs/pfsense0 on / (ufs, asynchronous, local, noatime) /dev/ufs/cf on /cf (ufs, local, noatime, synchronous) [2.2.2-RELEASE][admin@pash]/root/tmp: dd if=/dev/zero of=10MB bs=1m count=10 10485760 bytes transferred in 1.950883 secs (5374879 bytes/sec)

Edit: below is the system patch that I've applied…

--- config.lib.inc      2015-04-13 19:16:38.000000000 -0600 +++ config.lib.inc.async        2015-05-31 04:26:02.000000000 -0600 @@ -328,12 +328,12 @@         /*    if the platform is soekris or wrap or pfSense, lets mount the         *    compact flash cards root.           */ -      $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); +      $status = mwexec("/sbin/mount -u -w -o async,noatime /");         /* we could not mount this correctly.  kick off fsck */         if($status <> 0) {                 log_error(gettext("File system is dirty.  Launching FSCK for /"));                 mwexec("/sbin/fsck -y /"); -              $status = mwexec("/sbin/mount -u -w -o sync,noatime /"); +              $status = mwexec("/sbin/mount -u -w -o async,noatime /");         }         mark_subsystem_dirty('mount'); @@ -367,7 +367,7 @@         /* sync data, then force a remount of /cf */         pfSense_sync();         mwexec("/sbin/mount -u -r -f -o sync,noatime {$g['cf_path']}"); -      mwexec("/sbin/mount -u -r -f -o sync,noatime /"); +      mwexec("/sbin/mount -u -r -f -o async,noatime /"); } /****f* config/convert_config

Just backup the config and restore it to the new box when it comes.
If the new box has the same physical device names (em0, em1…) then all should be seamless.
If the physical device names are different, then edit the backed up config, put the new device names in. Then restore to the new box. That saves having to go through the interfaces assign script on the console.

You should be good to go then (barring some other hardware issue).

Let us know how it turns out.

There are no cards supported by FreeBSD that would work as a DSL modem, either.

Not only that, but I wouldn't want to plug a precious device worth hundreds of $currency directly into a telco port that routinely gets voltage spikes.

I've seen far, far, far too many pieces of equipment fried by telco wiring (mostly due to lightning strikes) to ever want them near expensive gear. Even with surge protection.

Get a cheapy bridged DSL modem to put in front of it, don't try to converge that function into the firewall. It's not worth it. Unless you're in the business of selling the customer asking for this a lot of hardware and then maybe it might make you lots of money on replacement boards.

I'm also building a pc, but it's for a slower internet connection so I can't comment about your gigabit requirement.

However, I did learn a bit about cases along the way. You are interested in a mini itx board. If you want to use the pci slot, you will need a case bigger than mini itx. It seems the standard mini itx case uses the area in front of the pci slot for the power connection. This means you will need a bigger case or a different motherboard if you want to use a mini itx case and have a sufficient number of intel lan connections. Supermicro makes a couple for the top of the line atom cxxx processors. They are a little expensive. Neither offer HDMI, in case that is on your wish list.

Little old me stays at my desk, the NUC's do all the globe trotting, We use them as remote network probes and traffic generators.

@hda was faster, but anyways:

https://www.draytek.com/index.php?option=com_k2&view=item&id=5240&Itemid=3810&lang=en

Only issue I have that I could not resolve yet is this here:

https://forum.pfsense.org/index.php?topic=92054.msg509855#msg509855

I imagine you're saying why isn't my Apple USB-Ethernet adapter working? And I imagine you have the A1277 adapter?
The answer is that it should be. It's listed here:
@https://svnweb.freebsd.org/base/release/10.1.0/sys/dev/usb/usbdevs?revision=274417&view=markup:

product APPLE ETHERNET          0x1402  Ethernet A1277

It should be supported by the axe(4) driver.

This thread shows it recognised.

Since you are saying it is not recognised it must be using some other chipset in the version you have. Connect the adapter then at the command line run:

usbconfig dump_device_desc

Paste the output here.

Steve

@jim1000:

Wait … I see the problem. The hotel initiated request goes to a.b.c.d.:5001 to start the slingbox and to send commands back and forth. pfsense need to know about it and direct it to the inside router while it's in use. This means I will need to get off the inside router asap and just use it for internet surfing only. Normal internet stuff ok. Outside - in requests will need configuration.

So both answers are right. Cascading routers work in only surfing. Anything complex means double nat is bad.

Back to the original question about atom processors?

Yes, you got it!  If the incoming port is fixed, yes, you can map it all the way back.  If it is dynamic, you're hosed.

Yeah, the atom should be fine.  I refer back to the link I posted comparing your CPU versus the one I have.  You should have no issues.