Intel Quad NIC not working in pfsense 2.1
-
I've notice some people on the pfsense forums seem to be rather casual about mixing vlans n' wans…don't cross the streams :)
I personally consider it about as smart and valid as harry homeowner's DIY home improvement that uses the neutral wire as a ground because "everything still works".I suppose I would be one of those people. Unless your switch is either misconfigured or broken, there is nothing particularly "hacky" or dangerous about this; frames don't just spontaneously jump from one VLAN to another.
-
Hi people,
I have a similar problem with quad nic, rather than being a very new one I got a hold of a good old quad nic from SUN Microsystems. I installed it on a Pentium 4 machine, installed openBSD on the machine and everything went beautifully well.
Then I only swaped the IDE harddrive with an empty one and installed pfsense on it.
Booting pfsense from the CDROM went good, cards where detected and I was able to configure them. So I installed pfsense and rebooted. After a minute or 2 all nics of the quad nic card are going up and down. CPU usage went to 99%.
From my point of view, this is some kind of Software bug at pfsense.So if someone from the development team could help me here would be great.
Thanks in advance.
-
I've notice some people on the pfsense forums seem to be rather casual about mixing vlans n' wans…don't cross the streams :)
I personally consider it about as smart and valid as harry homeowner's DIY home improvement that uses the neutral wire as a ground because "everything still works".I suppose I would be one of those people. Unless your switch is either misconfigured or broken, there is nothing particularly "hacky" or dangerous about this; frames don't just spontaneously jump from one VLAN to another.
My definition of broken is similar to the mindset of the National Electric code, it worries about design flaws that Harry Homeowner's neutra-ground does not.
A lot of switches are running their own OS that you have no insight into. Some might even meet my definition of broken on purpose, in which case putting them on the wide open internet is a Bad Idea
. (his WAN caveat is moot if you treat it like just another LAN) -
The biggest worry for me using vlans for wan-lan separation is what happens if your switch loses its config for some reason? Does if go back to the defaults? Will that bridge wan and lan?
I've never seen a switch do that but my experience is limited.Steve
-
If you have a switch using VLANs only for WANs and a separate switch for just the LANs, it would be better.
VLANs are not a true security isolation mechanism because there are still some theoretical (but not practical lately) attacks to hop between VLANs. But if you treat your WANs as the hostile wastelands they are then if someone hopped from WAN1 to WAN2 they wouldn't have gained anything. I'd have to check but last I heard it had been quite some time since the last VLAN hopping bug/firmware in a mainstream switch.
I'd be more worried about local attacks where the attacker can actually be on the same layer 2.
That said, for most it's "good enough", though not ideal.
-
I fixed your post ;)
I'd have to check but last I heard it had been quite some time since the last known VLAN hopping bug/firmware/backdoor in closed source firmware ultimately in full control of network traffic.
I can't be alone in choosing mostly verifiable software like pfsense to keep evil networks separate from ones I own because the commercial market has continued to fail us. That it happens to often be cheaper to use and more powerful in the right hands is pure icing on the cake.
If you're going through the trouble to run pfsense over an off the shelf black box and then throw something in front of it that defeats one of the main benefits in the first place, why bother at all?That said, for most it's "good enough", though not ideal.
"Good enough" electrical wiring burns down houses and gets insurance claims denied, I can't in good conscience recommend or condone the same in the IT world just because our voltages are lower and the "fires" do virtual damage instead :)
Ok I digress,
Edit: I just remembered that I updated the ROM on the card. I used UEFI, since I wasn't sure what to choose. Does that matter at all? Should I choose PXE instead?
Yeah try the PXE option, can't hurt.
-
Time for a switch with open source firmware?
Steve
-
Time for a switch with open source firmware?
Steve
Thats actually starting to become a possible option at the high end, if you need 10/40GbE and got some cash to burn :)
-
Okay, I just forked up $124 for a new mini-itx board…the Gigabyte GA-H61N-USB3. H61 chipset, and PCIe 2.0, instead of 3.0. Card is not recognised >:(
I really dont get why this card is not working on mini-itx boards. I have three other ATX and micro ATX boards in which the card works fine. Is this card not working at all on the mini-itx platform?
Regards
Tommy
-
Do I understand that you want to use an 1155 Socket board for a firewall solution. Aint that a little overpowered??
Why don't you use something like an Intel D2500CCE Atom Mini-ITX Mainboard. It basically has everything that you need for a firewall solution. -
Do I understand that you want to use an 1155 Socket board for a firewall solution. Aint that a little overpowered??
Why don't you use something like an Intel D2500CCE Atom Mini-ITX Mainboard. It basically has everything that you need for a firewall solution.Lose two serial ports and DVI and gimme more gigabitz.
-
Do I understand that you want to use an 1155 Socket board for a firewall solution. Aint that a little overpowered??
Why don't you use something like an Intel D2500CCE Atom Mini-ITX Mainboard. It basically has everything that you need for a firewall solution.Yeah, I know, but I always like to have some extra power, and also be a little future proof.
And I really HATE to have to give up on something…so now I want it to work more than ever...u know the feeling i'm sure :)
-
I'm pretty sure about it, but IF it is home use, and you use a motherboard that has a slot has a pci Express X16 slot that could run a nice graphic card for gaming is a waste. If that slot would have been a pci slot then I COULD understand. But this is way too overpowered.
It is as if you use a tank to squash the fly.And this is no criticism, I do understand what you are saying very well. But you will NEVER meet the full computational requirements of the CPU in routing and firewalling.
-
Do I understand that you want to use an 1155 Socket board for a firewall solution. Aint that a little overpowered??
Not necessarily at all.
There are many, many CPUs that can fit a socket 1155 motherboard from the most basic G1610 Celeron right up to a screaming quad core i7. That gives you a lot of flexibility and upgradability.
The Atom CPUs are great but there are plenty of scenarios where you will run of CPU power quickly. It's unlikely you'll more need more for a home broadband connection (unless you have Google fibre!) if you're using just firewall and NAT. If you need to run a VPN you may well have more WAN bandwidth than you can use. If you have several internal interfaces your traffic between them will be limited below gigabit wire speed.Steve
-
I totally agree but look at the board, case principle of a firewall is to filter traffic on one interface and let it out on the other. This board has only 1 interface and no possibility to add another one. So how is it going to be usefull still stephenw10?
-
It has a PCIe slot in which the subject of this thread, a quad port NIC, was intended to go. 5 interfaces total. Could also use VLAN interfaces as well. Seems reasonable to me. The fact that the NIC didn't work is unfortunate. ::)
Steve
-
To the OP: have you got the quad port (39y6138) working with pfsense 2.1 yet???
Looking to get one on fleebay but I found this thread before I bought the controller so i'd like to know if it works..
Cheers!
-
Oh yes, its working great. But not on any of the three lga1155 boards I have tested it on..its not recognised by the boards. But it's currently running perfectly fine on an older lga755 board.
-
Oh yes, its working great. But not on any of the three lga1155 boards I have tested it on..its not recognised by the boards. But it's currently running perfectly fine on an older lga755 board.
It's been mentioned that newer motherboards with UEFI may be the cause for it.
-
But one of the lga1155 boards, a Gigabyte z68x-ud3h-b3, did not have an UEFI bios…and still wouldn't recognise it...
