Nice! What are the specs on that? You got internal pics? Looks pretty powerful from the hardware guide.
Unfortunately that's way outside my budget for hardware to experiment with so I've never had the opportunity to poke about with it's fan controls. I doubt it's much different to the XTM-800 though, or any of Watchguards recent Lanner units. Just a matter of identifiying the SuperIO chip in use then poking registers to find how it's connected.
There are probably some fan settings available in the BIOS though.
@signalz and @stephenw10
Thanks both for you answers. It appears i have no chance using the wifi card onboard, as an host AP. I will move on then...
Regarding the setup, it is a bit overkill , yes. I have a 35W i3 CPU and 8GB RAM with a normal HDD. I read about the inutility of having a SSD in this case. THe power supply has 250W and it is the smallest one i could find to fit in a 1U case.
Thank you again guys.
@grimson : that's an interesting idea. it would certainly make for a simpler physical install but i am not sure about managing the switch and firewall together. my first thought is that they could be less secure in that arrangement, and i should have a single wan interface managed by the firewall.
Necropost here, but I found another option that worked well for me. I thought it might be helpful for others arriving by web search. Similar to the above solution by dotdash, but it works in a shell and is not limited to Intel nics.
Physically connect or disconnect the port in question, then at a shell prompt:
dmesg | tail
At the end of the output, you should see something like:
emn: link state changed to UP
emn: link state changed to DOWN
Depending on whether you connected or disconnected the port.
For what it's worth...
Thanks, it's working! And I was able to activate the module in
and control my fan with
(switching the fan-control to "manual")
(sets the fan-speed to 4300rpm (max))
The laptop is in the basement and may prefer to be a little louder and cooler.
Thanks for your help!
The chances of getting that device working with pfSense are very low to zero I would think. Mostly because that's not really a NIC it's a CPU and as such requires everything that goes with that. An OS to run independently of pfSense.
It may have that already but getting pfSense/FreeBSD to talk to it as a network interface would be a massive task.
Also wanted to share my additional discoveries which I posted in this thread:
It's impressive to see how much difference a simple algorithm change can make in terms of performance on a high speed link.
Just wanted to share that I successfully connected my M7350 v3 box via USB to my pfSense 2.4.3.
After following the above steps, the interface showed up as ue0 and I could continue adding a new Interface in pfSense.
No kernel panic indeed .
It appears there's a known issue with Broadcom BCM57810 adapters in FreeBSD (LACP bonding is not working well): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213606
Today I tried to make some tests thru the HAProxy running on the firewall and the server has just screwed up after reaching ~140000 connections. Log contained:
Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: ECORE: timeout waiting for state 1
Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: Queue(3) SETUP failed (rc = -4)
Aug 9 05:20:17 pfSense kernel: bxe0: ERROR: Queue(3) setup failed rc = -4
Aug 9 05:20:18 pfSense rc.gateway_alarm: >>> Gateway alarm: WANGW (Addr:a.b.c.d Alarm:1 RTT:2000271ms RTTsd:3249226ms Loss:21%)
Aug 9 05:20:28 pfSense kernel: bxe1: ERROR: TX watchdog timeout on fp, resetting!
Aug 9 05:20:34 pfSense kernel: bxe1: ERROR: ECORE: timeout waiting for state 7
Aug 9 05:21:02 pfSense kernel: bxe0: ERROR: FW failed to respond!
Aug 9 05:21:02 pfSense kernel: bxe0: ERROR: Initialization failed, stack notified driver is NOT running!
Aug 9 05:21:17 pfSense rc.gateway_alarm: >>> Gateway alarm: WANGW (Addr:a.b.c.d Alarm:1 RTT:0ms RTTsd:0ms Loss:100%)
Aug 9 05:21:31 pfSense kernel: bxe2: Interface stopped DISTRIBUTING, possible flapping
Aug 9 05:21:42 pfSense sshd: Timeout, client not responding.
Aug 9 05:21:54 pfSense sshd: Timeout, client not responding.
Aug 9 05:21:55 pfSense kernel: bxe0: Interface stopped DISTRIBUTING, possible flapping
Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: ECORE: timeout waiting for state 1
Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: Queue(0) SETUP failed (rc = -4)
Aug 9 05:22:43 pfSense kernel: bxe1: ERROR: Setup leading failed! rc = -4
Aug 9 05:23:14 pfSense kernel: bxe1: ERROR: Initialization failed, stack notified driver is NOT running!
Aug 9 05:23:36 pfSense kernel: bxe3: Interface stopped DISTRIBUTING, possible flapping
Aug 9 05:24:23 pfSense kernel: bxe1: Interface stopped DISTRIBUTING, possible flapping
Going to change the adapters to Intel.
Yeah, at their best USB NICs require more CPU than PCIe NICs, and a D2550 doesn't have much to spare. Also, most USB2 NICs are 100Mbps--you usually need a more recent USB3 NIC to get to 1000Mbps (or 185Mbps). You may also want to check that the USB NICs are on separate buses (the ports are usually in pairs per bus).
If you reinstall the original Steelhead code you can toggle the bypass NIC to "fail-to-block" i.e. keep both NICs up all the time. See CLI commands below. The interface name is "inpath0_0". You can do a "show run" CLI command to see all the settings and interface names.
Once you set "fail-to-block", the HW seems to remember the setting (it must be flipping a hidden BIOS setting) so you can install pfsense and have the additional two NICs.
Fail-to-Block CLI commands:
• no interface <interface-name> fail-to-bypass enable: Sets the interface to block when there is a failure.
• interface <interface-name> fail-to-bypass enable: Sets the interface to bypass when there is a failure.
@stephenw10 said in pfSense Image for Firebox X700!:
You might also consider it time to upgrade. Those original X-Core boxes are fairly ancient.
Yeah - you're spot on the money, just one of these things that's laying around so I figure it can go in the workshop until it dies... I'll post back shortly with an update
The SoC in the 3100 is thermally bonded to the base plate which it uses as a heatsink.
80°C is not a critical temperature for it. Whilst a little higher than I usually see I would not worry about that as a peak reading. 65-75°C is the expected range. Obviously that depends on the ambient temperature.
Are you seeing that shown as 'critical' on the Thermal Sensors widget? Those values are generic there and not taken from the hardware. It should be set higher for the 3100.
I don't argue at all with the assertion that Intel NICs are superior. And if this is for anything other than a non-critical home setup, I wouldn't even consider Realtek. However, if you're budget-constrained and willing to do a little more work, I can say that I've been running a Zotac CI323 Nano (dual Realtek RTL8111E NICs) for years without any problems. My connection is only 100/10, but iperf tests on the LAN interface suggest they're capable of at least 500+Mbps. That said, the extra work is running with the latest official Realtek driver. It's not too bad really:
@stephenw10 said in PfSense hardware for home router - OpenVPN performance:
Nice. Are you able to test a reality figure on there at all?
In linux with a client running on the same machine in kvm, it hit 1100Mbps. (So, zero latency internal network, but with the load of being both client and server.) I'd not expect to see that on a real link, as I don't think OpenVPN will keep enough packets in flight to fill the pipe, but the hardware can do it. That said, I'd pick a newer i3 if I just wanted a firewall with openvpn; the ryzen is overkill for that, and an i3 should hit the same numbers for less money.
@johnpoz said in Intel Gigabit port but only get 100mbps:
^ exactly... You wouldn't believe how many times have this discussion. Gig is designed to auto, if it doesn't auto then something is wrong.. You fix that something vs hard code..
Only time you would hard code is if your wanting gig to run at 100 or 10..
And then only if you know the other side is also hard-set and not auto-negotiate.
About the only place this should ever be the case these days is talking to an ISP 100-Mbit metro-e or something. They often want you to hard-set 100-full for those. They should explicitly ask you to do so.
Hi guys, I know this is a super old thread - but just wondering if anyone in here could share me the a copy of the last x32 bit via DD configured for the x700 - Please see here for the actual thread with the background as to why: https://forum.netgate.com/topic/133044/pfsense-image-for-firebox-x700
@jahonix said in Coreboot Update for APU1:
@vamike said in Coreboot Update for APU1:
Short answer: you're wasting your time.
I did the update myself and, as noted before, there are severe benefits for doing so. Booting from previously unsupported mSATA drives for example.
For me it was absolutely worth it.
Sure, if you need functionality in a newer version then go for it. If you're doing it for vague reasons of "security", no.
I can answer some of your questions but not all of them. I'll give you my experience and suggestions for the areas that I know.
Regarding the build, I would recommend something newer than the N3700 series. I'm currently running an Asrock J3455 based system now with a PicoPSU, and it's pulling 11 watts on 110v power here in the US.
The J3455 board was about $65 from Newegg. The PicoPSU + power brick was $55. If you have some DDR3 memory laying around and an extra case, that is all you need to get started. If you need to purchase those items, add them to the cost.
For a NIC, Intel based is highly recommended. I have also had good luck with Broadcom NICs after some tweaking however, Intel NICs can be found very affordably on ebay from a working server pull. When you order the NIC, make sure you're getting one from a server recycling vendor that is selling an actual OEM product, do not order from China or you will very likely get a fake Intel NIC. Some good options are the HP NC365T, this is the same NIC as an Intel Quad I340. It uses the latest Intel IGB driver on pfsense and is very easy to tune. I have one of these NICs and it is rock solid stable, and quad port gives you room to grow.
I have also used HP NC382T NICs (dual port Broadcom 5709) and HP NC360T NICs (dual port Intel 82571). Both of these also work well, they aren't quite as new as the I340 and can be found cheaply, the broadcom NIC regularly sells for under $10. These are good budget options and both of them are very stable.
If going with a J3455 setup, PCIe slots are limited, and there is usually only one full bandwidth slot for an x2 or x4 PCIe card. I would recommend you buy a quad port card on the J3455 setup so that you can have a single card in the fastest PCI slot and maximize your bandwidth.
IMHO, I don't like to use onboard server NICs because of Intel Manage Engine issues (security hijack point). I much prefer a separate physical NIC to assign to WAN port and LAN ports to. Because of this, using a J3455 wasn't an issue for me because it had low quality Realtek NIC onboard, and I just disabled it and used my own PCIe NIC of choice.
People have issues witht he J3455 because FreeBSD had a regression in 11.1 release, which is what pfsense 2.4.3 is based on. If you run the development release (2.4.4.a), it will install natively in UEFI without any issues, that's how I run on my J3455 setup. Traffic shaping is now easy on 2.4.4.a and fq_codel is built in to the GUI on the latest pfsense builds in 2.4.4.a.
I don't used pfblocker, snort, or VPN on the firewall, so I can't give you direct feedback on those items. If you're on a budget, the J3455 is a very good setup, especially if you can re-use some older components (like an old ATX case) and just stick it under the stairs. You didn't mention your budget requirements so I'm not sure what targets you're trying to hit.
ok. 2pcs.* k9f1g08u0a 128m8bit controlled by Phison ps3002t controller
0_1531677767977_K9FxG08xxA.zip 0_1531677801633_PS3002 CompactMedia Controller Specification.zip It even has PhoenixBios E686, 44pin pata interface which i want to populate with 1 gb flash. the reason to do all this- its nice looking 1U 51Gbit ports with removable soc479 CPU, right now-celeron 370, with 1 DDR upgrade...+ PCMCI support and miniPCI slot and YES, it has db9 female port labelled console...Marvel 88e8001-lkj, Vitesse vsc7385xyv Ethernet Switch 6-Port 10Mbps/100Mbps/1Gbp, Zyxel SecureAsic cip-2001
@stephenw10 Unfortunately, my box has Broadcom NICs and I am in a CenturyLink area (PPPoE land.) We do have a municipal fiber provider (Utopia) but it’s not available in my area yet. They can provide from 250 Mbit to 10 Gigabit symmetric. I am just waiting for them to make it down my street and take my money.
The problem is that I already have a red box, and that is why I would like to replace the motherboard in it; buying a newer box just to replace the motherboard doesn't make much sense to me, at that point I might as well buy a second hand server such as the Dell R210 with an E3-1220 which already has all that is needed, for pretty much the same price as the solution that I am looking to implement.
The issue here is that I am trying to avoid is sending another piece of equipment to the landfill (or at least not all of it)
The Supermicro Motherboard boasts an Intel Pentium Processor N3700, which already has the AES support that is required for the latest versions of pfSense.
thank you for the tip of the Lanners offerings, I will look them up.
Neither PID listed here 9030 or 9032 are included in the most recent usb device list:
So I would not expect it to be detected in either if those modes. It might be detected in RNDIS mode if you load the kernel module since that can seemingly attach to things that reports to be an RNDIS interface. No promises though.
It's almost always better to use a device that provides an Ethernet connection if you can. Especially if you want 4G speeds.
@stephenw10 Yeah, you are right. It´s only me who has administrative access. Therefore I dont see a huge risk of exploiting security issues like Meltdown. It is still important to fix those issues because not every setup is different and those issues might be a problem for other users.