Newbie Questions - Please HELP
-
Hi All, this is my first post but I have been a long time user of pfsense but new to forums. I have been running a firebox x550e (x86) with upgraded cpu and 2gb ram on version 2.1.5 1gb embedded version. I never had any issues and everything worked as expected. DNS forwarding, NAT, DHCP and overall performance. Couldn't be happier. However, I found out that the version was no longer supported and greatly aged so I spent the time to research how to upgrade and get past the DMA issues for the firebox. I have now been running the latest release on a 4gb embedded CF. I have had nothing but issues. I have had to power off the firewall daily in some cases to restore internet and local intranet. I did a fresh install and that did not help because it has almost gotten worse. I am tempted to switch back to 2.1.5 on this box for the time being but I am sure that opens countless security issues or would I be fine?
I have purchased a new Firebox XTM 505 (x64), 8200s quad core, 4gb ram with a 4gb cf. I am hoping that I can get this box to work better but it could be that im the issue but I just dont get why the 2.1.5 could be up for > 70 days and now im lucky if the same hardware is up for 24 hours.
Here is my current config:
pfsense 2.3.2 (x86) 4G CFsk0 = WAN (150/150mbs directly connected to ISP no modem, DHCP)
sk1 = notused
sk2 = LAN (connectied to a 10/100/1000 24 port web managed switch)
sk3 = DMZ (24 port unmanaged 10/100 switch)I have a couple NAT's for a terminal server and application server. I have the Firewall Optimization set to Conservative.
Any guidance or help would be greatly appreciated. Even if its just a place to start looking and troubleshooting would be amazing.
EDIT: I updated my DNS Forwarder to only include local intranets for DNS and this has reduced my issues and I have not had to restart the firewall today. I also updated my DMZ DHCP server to only allow specified devices. I am still having lots of dropped connections but not completely down. Its a small improvement but lots of area to get better.
EDIT 2: I updated Firewall Optimization set to High-Latency. This has prevented my connection from dropping that are valid and active. My WAN has a 12ms ping so im not sure why there is need for the High-Latency setting but oh well. I am wondering if its my Unifi AC Lite AP now and not the firewall at all.
-
Hi All, this is my first post but I have been a long time user of pfsense but new to forums. I have been running a firebox x550e with upgraded cpu and 2gb ram on version 2.1.5 1gb embedded version.
32Bit or 64Bit? you can try out the version 2.2.6, it will be the best bet between the newer 2.3.x version and the older
versions from 2.2.x might be my guess to this. This version will be sorted with updates as I was reading it here in the forum.I have purchased a new Firebox XTM 505, 8200s quad core, 4gb ram with a 4gb cf.
Once more again 32Bit or 64Bit? Also here it might be the best option to start with the 2.2.6 or if this is 64Bit hardware
inside with the latest stable one.I am hoping that I can get this box to work better but it could be that im the issue but I just dont get why the 2.1.5 could be up for > 70 days and now im lucky if the same hardware is up for 24 hours.
Good luck with it.
-
The current box is 32bit. The new XTM 5 will be 64bit.
I will pull down that version and give it a try. At this point its just painful.
-
So everything had been running fairly smooth over that past several day until today. Check out my packet loss that just happened twice today. Other then my ISP dropping what else could this be?
![Screen Shot 2017-01-19 at 4.57.01 PM.png](/public/imported_attachments/1/Screen Shot 2017-01-19 at 4.57.01 PM.png)
![Screen Shot 2017-01-19 at 4.57.01 PM.png_thumb](/public/imported_attachments/1/Screen Shot 2017-01-19 at 4.57.01 PM.png_thumb) -
So everything had been running fairly smooth over that past several day until today. Check out my packet loss that just happened twice today. Other then my ISP dropping what else could this be?
The problem is the LCDd. It is filling the error log with the following…
Jan 19 14:11:05 LCDd sock_send: socket write error
All of my down times and packet loss match exactly to when LCDd is writing that into my system logs. I am going to have to try removing that from my firewall and running without it for a while. Just really like that tool so that my display is not always on and when it is it displays useful info... Really hope a 2.3.2 package for LCDd gets created so we don't have to do the crazy install process.