Mmm, I can see no reason why it would not be unless you using some unusual connection method. Like maybe fiber directly. Or something similar to pfatt.

Steve

You will be seeing two issues here.

The firewall still boots because lagg is a subinterface excluded from the check. So even though it boors without issue the defined lagg will still be re NICs and hence invalid.

When you add a 4 port Intel NIC it it's using the igb driver the WAN and LAN ports will probably have moved onto the card. The ports are numbered in the order they are detected and the expansion card is usually parsed first.
See: https://docs.netgate.com/pfsense/en/latest/solutions/xg-1537/io-ports.html#optional-intel-1-gbps-expansion-card-ports

Steve

If you just change the NIC type in Hyper-V I would expect pfSense to fail to boot because the assigned ix NICs would no longer be present. It would stop in the console and you would have to re-assign the interfaces there to the new ixv NICs.

Steve

@stephenw10 Thank you. I'll keep an eye on future updates.

@steveits had a quick look but its late and just finished a 12hr work day... but the main difference i spotted between the 2 units isn't black magic but an accelerator card CPIC-8955 that seems to offload the encryption from CPU and " accelerate cryptographic workloads ".

For a " home lab " I cannot justify spending $2650USD or $3150USD and the recurring $500USD yearly subscription when the Asus RS100 listed above set me back $550CAD + 98CAD for CPU + $110 for a 500GB WD SN750 + $140 for 16GB DDR4 2666 ECC RAM which is a hair under $900CAD which at the current exchange rate is roughly 732USD.

Not sure about the forward compatibility of the NETGATE units with other "firewall" software and would suck to get hardware locked after spending such a large amount of money, but for me... leaving the door open to other avenues to be discovered and allows future flexibility in mind is a good thing as now more than ever that is something to keep in mind.

@stephenw10

Many thanks for sharing these simple instructions! I agree this was much easier than messing about with compiling drivers and manually editing boot files. Much appreciated 🙂

pkg install realtek-re-kmod
then
echo 'if_re_load="YES"' >> /boot/loader.conf.local
then
reboot
then check the boot logs for output from the new driver loading using
grep version: /var/log/dmesg.boot
(output to look for is re0: version:1.96.04)
but also the if_re.ko driver is listed for me when I use
kldstat | grep if_re
which shows output ending in 11e230 if_re.ko (when driver loaded)

Source:
https://forum.netgate.com/topic/135850/official-realtek-driver-binary-1-95-for-2-4-4-release/168#

Routing I'm getting about 1712 Mbps avg (Highs in 280s MB/s) but I'm not sure if that is the upper limit or just the limitation of my 2.5Gbps USB NICS. I don't have any 10Gbps Gear other than this firewall and Brocade switches. My Windows 2019 Server is 10Gb as well but I'm thinking that this little box is a winner. I haven't tried NAT performance but I would expect similar results even though NATing I feel like is more resource intensive but this box never gets to 50% utilization. I think the bottle neck is the 2.5Gbps USB NICs or my SK hynix Gold S31 SATA Gen3 2.5 inch SSD or My Samsung 860 Evo SSD, 10 Gb USB NICs are too expensive right now in the neighborhood of $300.

What chipsets do those NICs use? They are probably Realtek or Aquantia. Both have drivers available in 2.5.

Steve

It should be supported by bxe(4). There is no other driver as far as I know.

Steve

Glad to know this solution confirmed working and is a great hurricane or other disaster back.

@aidanic

I do have this system now: https://www.supermicro.com/products/system/1u/5018/SYS-5018D-FN8T.cfm

Yeah and the fans are noise at full speed. I use Optimal settings on mine.
I was planing to order the Noctua NF-A4x20, but you need to do some "tweak/hack" on the fan speed control using ipmitool.

Using this guide: https://forums.servethehome.com/index.php?resources/supermicro-x9-x10-x11-fan-speed-control.20/

But i decide not to do it yeah. :)

@stephenw10 Thanks for your reply, but I am not sure if this was the case, as I can see in the log that igb0 - igb3 is still same (original) mac address.

I also switched the two Quad NICs in the PCI-E ports. After switching the WebGui and WAN were available again and I was also able to enable to new interfaces. Everything now works.

Still do not understand why just adding new NIC in empty PCI-E didn't work immediately. Adding a new NIC shouldn't require any adjustments or analysis (imo).

@sparky17

No, I have not had any issues with the system. I do not run any third party apps. It works great.

I use a Silverstone Milo 10 Case with a Nocuta Fan on the top blowing cold air. I have it mounted to my wall.

https://www.silverstonetek.com/product.php?pid=923&area=en

I also use a Mini-Box P4-DC jack to enable power with a 60 watt power supply

https://www.mini-box.com/P4-DC-Jack-Cable

https://www.mini-box.com/60w-12v-5A-AC-DC-Power-Adapter

The system runs about 32 to 36 degrees C daily.

Without any outbound NAT only the device with the public IP directly is able to connect out and get replies.
Anything in a private subnet behind that needs to have it's outbound connections translated to the public in order to get replies. That is outbound NAT.

So you need to have some outbound NAT. A lack of it entirely might have fitted your initial symptoms.

It doesn't really matter what you set the NAT on the new device. The best solution would be to pass the public IPO to pfSense and let it handle the NAT but if it's working well as it is I wouldn't worry about it.

Steve

@tenou said in Nexcom LCM with LCDproc:

@stephenw10 it's been a long time, but you were totally right! The display works flawlessly using the "Watchguard Firebox with SDEC" driver with default settings.

NSA5130-OS1.png

How to spot a fake card:

https://forums.servethehome.com/index.php?threads/comparison-intel-i350-t4-genuine-vs-fake.6917/

Unfortunately still no MBIM or QMI support for directly connected modems so an external Ethernet connected device is the generally the best choice.

Steve

@foolish86 with some modify now go 300mbit. not bad, but still missing more 500mbit

Looks like you have a static ARP entry set which is pretty much never required.

You see that error though because it cannot allocate memory in the ARP table for an IP in a subnet the firewall doesn't have an interface in. Which is probably because the re NIC has gone AWOL.

Installing the pkg is not enough. You still need the loader line to load it at boot:
See: https://forum.netgate.com/post/962889

Steve