Working Specialist Platforms

garethevans1986

First post updated.

dotdash

I've run 1.2.3 nano on the Acrosser AR-B1554. Basically write the card and go.

stephenw10

Hmm,
I just tried to use Win32 Disk Imager but used Physdiskwrite instead.
Two reasons:
Disk Imager doesn't give any information on the drive I'm selecting so I have to check manually to make sure I don't write over something.
Disk Imager won't open Gzipped image files directly so that's an extra step for me.
Am I missing something?

Steve

jimp

Guess that's not a big deal for me since I know the drive letter of my removable media, and I never trust writing the images from physdiskwrite gzipped anyhow… :-)

thompsa

Nortel Networks

Contivity 1010 - Need to set Use device polling and manually set the MAC addresss on the 2nd interface

stuxhost

Woah, rad to see socalfreenet still kickin'! Haven't checked out the project in…. Probably 5-6 years, if not longer.

Great tutorials. I'm starting to think that it's time to be doing some major work in the pfSense wiki department.

garethevans1986 - Check out using MultiMarkdown (http://fletcherpenney.net/multimarkdown/features/) to put some of your articles in. It'll render out to both HTML and LaTeX quite nicely, and then you'll be able to have some nice looking handouts while searching for more nodes for the net, and maintain le bloggery.

mnemonics.ca

Is there any plan to port pfsense 2.0 to PowerPC, mainly to take advantage of the new Mikrotik Roterboard 1000 series routers.

D.

Guest

Nope.

Jhe

I installed it successfully on a Checkpoint UTM 130 via USB stick, I used the memstick-serial 2.2 release. No special instructions needed - worked as expected.

UnEsxi

They're literally hundreds of them around and at $30 a pop make great 5 port firewalls, if only they ran pfSense. MShould run as they are 800MHz x86 IIRC, but maybe better for m0nowall due to storage capacity.

Evad

Checkpoint UTM 270 U10 - pfSense Ver 2.2 Full & Standard Kernel - Sata HD - install to HD on another system using (I used Dell GX-620 with HP nc360t) 'press I to launch the installer'. Boot HD in the unit. WAN (Int) and LAN (Ext) are reversed.

Checkpoint UTM 570 U20 - pfSense Ver 2.2 Full & Standard Kernel - IDE HD - Unable to get Sata to boot without errors. Install to HD on another system using  'press I to launch the installer'. Boot HD in the unit. WAN (Int) and LAN (Ext) are reversed.

On both units you can remove the motherboard from the case ( Metal case blocks PCI card slot ), install a VGA card in the PCI slot, USB kbyd and USB CDROM to install pfSence.

fakircz

Hi guys,
pfSense seems to like my McAfee Enterprise Firewall S1104 (Full 2.2.2 x64 serial).

No specific instructions are necessary, since it is basically a custom miniITX motherboard with Atom D410, 2 gigs of RAM and 4 Intel NICs, so just whack the USB stick in, select it in the BIOS boot menu and that's all.

The device has both VGA and serial port (RJ-45 Cisco-style) on the front panel so you can use either image variant. I've installed pfSense using the serial console and it worked just fine. The BIOS has a console redirection capability, which defaults to 9600 bps, so I'd recommend to change it to 115200 bps to match the BSD kernel setting.

Overall, the device works very well. NICs are labeled only by numbers 0 - 3 and use identical chips, so they can be assigned freely.
My device runs router/firewall, pfblockng, suricata, dhcp, ntp and a an IKEv2 VPN (rarely used, it's a backup in case our main VPN server goes down) and it can do around 100 Mbit/s throughput. More performance testing is yet to be done, but the CPU was definitely sweating.
It has a 500 gig SATA HDD so it can do proxy/caching, but I wouldn't have too high expectations here, since the Atom D410 isn't exactly a power house and without HW AES, it's almost useless for heavy SSL work like HTTPS decryption and filtering.

But apart from that, it's pretty decent router/firewall with IPS, especially when you can get one cheap. I paid 2000 CZK (about $83) for an unused unit.

Regads,
Tomas

//Update: The BSD driver for the Intel 82574L NICs supports the TCP Segmentation Offloading. After enabling the feature in pfSense and rebooting, there was an obvious drop in CPU load when heavy traffic was passing through. I'll get some numbers soon, but just from my current observations, enabling TSO on this hardware may be useful.

robi

@fakircz:

//Update: The BSD driver for the Intel 82574L NICs supports the TCP Segmentation Offloading.

Where did you get that information from?

MikeV7896

From the FreeBSD em(4) man page:

The em driver provides support for PCI Gigabit Ethernet adapters based on
    the Intel 82540, 82541ER, 82541PI, 82542, 82543, 82544, 82545, 82546,
    82546EB, 82546GB, 82547, 82571, 81572, 82573, and 82574 Ethernet con-
    troller chips.  The driver supports Transmit/Receive checksum offload and
    Jumbo Frames on all but 82542-based adapters.  Furthermore it supports
    TCP segmentation offload (TSO) on all adapters but those based on the
    82543, 82544 and 82547 controller chips.

The igb driver also supports those features for 82575 and 82576-based adapters. (igb(4) man page)

robi

I'd be also interested for the same features in the Broadcom chipset.

MikeV7896

@robi:

I'd be also interested for the same features in the Broadcom chipset.

I'm pretty sure there are a number of different Broadcom drivers incorporated into FreeBSD. Your best bet would be to search the FreeBSD man pages for the driver used on your system (usually the letters of the interface; i.e. igb0 = interface 0 for the igb driver) and see what it says for features.

fakircz

@virgiliomi:

From the FreeBSD em(4) man page:

The em driver provides support for PCI Gigabit Ethernet adapters based on
    the Intel 82540, 82541ER, 82541PI, 82542, 82543, 82544, 82545, 82546,
    82546EB, 82546GB, 82547, 82571, 81572, 82573, and 82574 Ethernet con-
    troller chips.  The driver supports Transmit/Receive checksum offload and
    Jumbo Frames on all but 82542-based adapters.  Furthermore it supports
    TCP segmentation offload (TSO) on all adapters but those based on the
    82543, 82544 and 82547 controller chips.

The igb driver also supports those features for 82575 and 82576-based adapters. (igb(4) man page)

Exactly. Checking specs never hurts.

robi

Hmmm. That description is not accurate in the man page.

Supermicro A1SRi-2758F has Intel i354 nics, and pfSense loads igb driver for them. But in the man page of igb, I only find that

The igb driver provides support for PCI Express Gigabit Ethernet adapters
    based on the Intel 82575 and 82576 Ethernet controller chips.  The driver
    supports Transmit/Receive checksum offload and Jumbo Frames.  Furthermore
    it supports TCP segmentation offload (TSO) on all adapters.

It only mentions 82575 and 82576 chips supporting TCP segmentation offload, not a word about i354…

MikeV7896

@robi:

Hmmm. That description is not accurate in the man page.
…
It only mentions 82575 and 82576 chips supporting TCP segmentation offload, not a word about i354...

Later in the man page, under the Hardware section, it does mention the i350 and i354 Ethernet controllers are supported by the driver. However, as you mentioned, the man page does not mention that the i350/i354 support those other capabilities.

Since the i354 is integrated into the CPU as part of the C2000-series Atom SoC, there's not a lot of info about it. I looked through the C2000 datasheet (chapter 11 is dedicated to the Ethernet controller), but could find no info about offloading.

The i350, however, was sold as a separate Ethernet controller, and according to the Intel ARK, did support "Intelligent Offloading". Whether the FreeBSD driver will work with the i350 or not for offloading, that might be left to experimentation.

stephenw10

This is getting off topic. The NIC drivers or even the NIC hardware are not a specialist platform.  ;)
Can we take this discussion to a new thread please.

Steve