Bribing pfSense
-
@Mr.:
@BlueKobold:
For those wondering: Snort runs on WAN2, Suricata on WAN1 (testing).
Not really,
Yes, really ( ;D ) (Meaning: what did you mean?)
He means that even when each one deserves ONE NIC, not two, they are still running both at the same time on the box.
These two are cycle eaters.
Slow GUI could mean: you are running out of these cycles.[ Or, other broken stuff like a brainless DNS would do even better ]
Btw: the "updating in 10 secondes" could be the result of a slow GUI problem - OR : you have a browser cache problem, some old Java scripts are still present: nuke browser cache to be sure.
Access your pfSEnse box using the medic entrance : put on your gloves, and SSH in.
When you see the menu, go for option 8, don't worry, it dark in there, that's ok.
Type this command
topShow us a screen (text !!) copy using the "Code" bbcode.
Something like thislast pid: 19531; load averages: 0.16, 0.17, 0.13 up 9+00:53:58 13:05:15 71 processes: 1 running, 70 sleeping CPU: 0.4% user, 0.0% nice, 0.2% system, 0.4% interrupt, 99.0% idle Mem: 14M Active, 295M Inact, 153M Wired, 192K Cache, 204M Buf, 1489M Free Swap: 4096M Total, 4096M Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 81667 root 1 20 0 223M 33072K nanslp 0 0:00 0.29% php-fpm 5528 root 1 20 0 65132K 17360K kqread 1 28:15 0.00% lighttpd 20764 root 1 20 0 12456K 2168K select 1 5:18 0.00% apinger 4879 root 1 20 0 52844K 6960K kqread 1 1:54 0.00% lighttpd 94541 nobody 1 20 0 30264K 4960K select 1 1:43 0.00% dnsmasq 57214 root 1 28 0 49820K 12296K select 1 0:52 0.00% perl 32771 root 1 52 20 17136K 2700K wait 1 0:34 0.00% sh 71546 root 1 20 0 18984K 2768K select 1 0:32 0.00% usbhid-ups 87976 root 1 20 0 50800K 10828K kqread 0 0:23 0.00% lighttpd 31143 root 1 20 0 14656K 2340K select 0 0:23 0.00% syslogd 29813 dhcpd 1 20 0 24844K 13708K select 0 0:23 0.00% dhcpd 243 root 1 25 0 219M 21308K kqread 0 0:22 0.00% php-fpm 30581 dhcpd 1 20 0 24972K 11736K select 1 0:20 0.00% dhcpd 20996 root 1 20 0 28344K 3008K piperd 0 0:19 0.00% rrdtool 16790 root 1 20 0 16804K 2308K bpf 0 0:13 0.00% filterlog 6307 root 1 20 0 43608K 6344K select 0 0:12 0.00% mpd5 80158 root 1 20 0 28168K 18052K select 1 0:09 0.00% ntpd 98277 root 1 20 0 14532K 2224K select 0 0:08 0.00% radvd 35631 root 1 23 0 227M 41308K accept 1 0:07 0.00% php 74158 root 1 20 0 18844K 2572K select 0 0:07 0.00% upsd 3844 root 5 52 0 27568K 3128K uwait 0 0:06 0.00% filterdns 56128 root 1 20 0 223M 34980K accept 1 0:06 0.00% php 76711 uucp 1 20 0 18832K 2592K nanslp 1 0:05 0.00% upsmon 56214 root 1 21 0 223M 34976K accept 1 0:05 0.00% php 26234 root 1 20 0 223M 34980K accept 1 0:04 0.00% php 10743 root 1 21 0 223M 34976K accept 1 0:03 0.00% php 10397 root 1 20 0 227M 41796K accept 1 0:02 0.00% php 6188 root 1 25 0 12404K 1916K nanslp 1 0:01 0.00% minicron 8910 root 1 21 0 227M 41500K accept 0 0:01 0.00% php 34702 root 1 20 0 16664K 2296K nanslp 0 0:01 0.00% cron 8161 root 1 20 0 227M 41788K accept 0 0:01 0.00% php 17633 root 1 20 0 18780K 2376K select 0 0:01 0.00% inetd 7340 root 1 20 0 227M 41904K accept 1 0:01 0.00% php 8855 root 1 20 0 219M 22360K wait 0 0:00 0.00% php 9200 root 1 20 0 223M 34972K accept 1 0:00 0.00% php 42716 root 1 40 0 12404K 1916K nanslp 1 0:00 0.00% minicron 272 root 1 20 0 13160K 4476K select 1 0:00 0.00% devd 259 root 1 40 20 19024K 2588K kqread 1 0:00 0.00% check_reload_status 6702 root 1 52 0 219M 22360K wait 1 0:00 0.00% php 8598 root 1 26 0 219M 22360K wait 0 0:00 0.00% php 7146 root 1 52 0 219M 22360K wait 0 0:00 0.00% php 5022 root 1 52 0 219M 22360K wait 1 0:00 0.00% php -
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
-
don't worry, it dark in there, that's ok.
;D ;D ;D
(Bedankt GJ :P )
It's not a cache problem, cache is cleared on every browser close.
Topperdepop (I'm fine with that, as long as it isn't 'De Toppers', although I admire their lighting engineers (this is Dutch secret insiders knowledge 8) ;D ;D ;D )):
last pid: 16659; load averages: 0.38, 0.49, 0.49 up 4+02:10:34 17:18:00 112 processes: 1 running, 103 sleeping, 8 zombie CPU: 12.4% user, 18.5% nice, 3.0% system, 0.2% interrupt, 65.9% idle Mem: 679M Active, 4992M Inact, 1389M Wired, 492K Cache, 1340M Buf, 8676M Free Swap: 32G Total, 32G Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 34328 root 2 40 20 997M 605M nanslp 1 365:43 33.98% snort 20752 proxy 1 27 0 460M 369M kqread 0 14:54 8.40% squid 34395 root 2 40 20 1841M 1253M nanslp 1 55:18 0.98% snort 68239 root 15 20 0 243M 119M nanslp 1 41:21 0.10% ntopng 68918 root 8 40 20 1748M 1645M uwait 1 2:27 0.10% suricata 28135 root 1 20 0 21720K 5864K select 1 56:32 0.00% openvpn 27561 root 150 20 0 108M 22960K uwait 1 2:28 0.00% filterdns 64168 root 3 24 0 24572K 5656K uwait 0 2:04 0.00% redis-server 2077 nobody 1 20 0 19060K 3996K select 1 1:51 0.00% darkstat 11438 unbound 2 20 0 154M 123M kqread 0 1:21 0.00% unbound 33291 root 1 20 0 14656K 2424K select 0 1:17 0.00% syslogd 37369 root 1 20 0 12456K 2172K select 0 1:04 0.00% apinger 92995 root 1 20 0 21720K 5896K select 0 0:39 0.00% openvpn 44385 root 1 20 0 54884K 12808K kqread 0 0:31 0.00% lighttpd 28647 root 1 20 0 16804K 2844K bpf 0 0:27 0.00% filterlog 34210 root 2 40 20 787M 392M nanslp 0 0:23 0.00% snort 81842 root 1 20 0 14540K 1984K select 1 0:23 0.00% powerd 19443 root 1 52 20 17136K 2708K wait 1 0:10 0.00% sh 18589 dhcpd 1 20 0 24812K 13732K select 0 0:09 0.00% dhcpd 249 root 1 20 0 224M 23864K kqread 0 0:06 0.00% php-fpm 52746 root 1 20 0 55720K 8208K bpf 1 0:06 0.00% bandwidthd 51691 root 1 20 0 55720K 8208K bpf 1 0:06 0.00% bandwidthd 52256 root 1 20 0 55720K 7784K bpf 0 0:06 0.00% bandwidthd 53072 root 1 20 0 55720K 7784K bpf 0 0:06 0.00% bandwidthd 52390 root 1 20 0 55720K 7592K bpf 0 0:06 0.00% bandwidthd 53363 root 1 20 0 55720K 7592K bpf 1 0:06 0.00% bandwidthd 52369 root 1 20 0 55720K 7592K bpf 0 0:06 0.00% bandwidthd 53433 root 1 20 0 55720K 7592K bpf 1 0:06 0.00% bandwidthd 74125 root 1 20 0 28164K 18052K select 1 0:04 0.00% ntpd 21345 proxy 1 20 0 26420K 3496K msgrcv 1 0:03 0.00% diskd 37674 root 1 20 0 28344K 3004K piperd 1 0:03 0.00% rrdtool 21331 root 1 24 0 17136K 2472K wait 0 0:02 0.00% sh 5939 root 1 20 0 43604K 6296K select 0 0:02 0.00% mpd5 76391 root 1 52 0 16664K 2580K nanslp 0 0:02 0.00% cron 62926 uucp 1 20 0 18832K 2580K nanslp 1 0:02 0.00% upsmon 2449 root 6 20 0 841M 19180K usem 0 0:01 0.00% radiusd 51508 proxy 1 20 0 39948K 13320K sbwait 1 0:00 0.00% squidGuard 29824 root 1 20 0 18780K 2344K select 0 0:00 0.00% inetd 84405 root 1 20 0 228M 40988K accept 0 0:00 0.00% php-fpm 26787 proxy 1 20 0 39948K 13320K sbwait 1 0:00 0.00% squidGuard 277 root 1 20 0 13164K 4468K select 0 0:00 0.00% devd 21859 root 1 36 0 12404K 2008K nanslp 1 0:00 0.00% minicron 264 root 1 40 20 19024K 2580K kqread 0 0:00 0.00% check_reload_status 21741 _dhcp 1 20 0 14696K 2432K select 0 0:00 0.00% dhclient 67699 proxy 1 20 0 39948K 13320K sbwait 1 0:00 0.00% squidGuard 70370 proxy 1 20 0 39948K 13256K sbwait 1 0:00 0.00% squidGuard 14139 root 1 26 0 14696K 2304K select 0 0:00 0.00% dhclient 75957 proxy 1 20 0 39948K 13204K sbwait 0 0:00 0.00% squidGuard 78957 proxy 1 20 0 39948K 13032K sbwait 1 0:00 0.00% squidGuard 73199 proxy 1 20 0 39948K 13276K sbwait 1 0:00 0.00% squidGuard 88656 proxy 1 20 0 39948K 12832K sbwait 1 0:00 0.00% squidGuard 80350 proxy 1 20 0 39948K 12892K sbwait 0 0:00 0.00% squidGuard 83638 proxy 1 20 0 39948K 12992K sbwait 0 0:00 0.00% squidGuard 88080 proxy 1 20 0 39948K 12932K sbwait 0 0:00 0.00% squidGuard 93258 proxy 1 20 0 39948K 12812K sbwait 1 0:00 0.00% squidGuard 21949 proxy 1 52 0 39948K 12284K sbwait 0 0:00 0.00% squidGuard 44222 proxy 1 20 0 39948K 12532K sbwait 1 0:00 0.00% squidGuard 58083 proxy 1 20 0 39948K 12424K sbwait 1 0:00 0.00% squidGuard 46334 proxy 1 20 0 39948K 12652K sbwait 0 0:00 0.00% squidGuard 41249 proxy 1 20 0 39948K 12532K sbwait 0 0:00 0.00% squidGuard 72968 proxy 1 20 0 39948K 12424K sbwait 1 0:00 0.00% squidGuard 49510 proxy 1 20 0 39948K 12532K sbwait 1 0:00 0.00% squidGuard 54945 proxy 1 20 0 39948K 12384K sbwait 1 0:00 0.00% squidGuard 52169 proxy 1 20 0 39948K 12484K sbwait 0 0:00 0.00% squidGuard -
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
I admire your efforts, yet I'm still on 2.2.1; upgrading to 2.2.2 gave problems so rolled back; hoping 2.2.3 would skip the 2.2.2 problems so I upgraded that and rolled back again to 2.2.1. I'm afraid to upgrade to any new version, ever since 2.0 every upgrade required a fresh install + days of customizing the packages by hand, as the 'restore configuration' never worked :-[
So I will probably see the new GUI at pfSense 167.2.9 ;D ;D ;D
-
2.2.4 will be out soon (today, probably) and should be even better. Certainly better than 2.2.3 or 2.2.2.
2.3 with Bootstrap will be a few months out yet. Not sure on an ETA, probably sometime this fall.
-
@Mr.:
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
I admire your efforts, yet I'm still on 2.2.1; upgrading to 2.2.2 gave problems so rolled back; hoping 2.2.3 would skip the 2.2.2 problems so I upgraded that and rolled back again to 2.2.1. I'm afraid to upgrade to any new version, ever since 2.0 every upgrade required a fresh install + days of customizing the packages by hand, as the 'restore configuration' never worked :-[
So I will probably see the new GUI at pfSense 167.2.9 ;D ;D ;D
[/quote]That's strange. I have installs upgrading since 2.1.x to 2.2.x with no issues. Restoring config as well. Could be that there is something in your pfSense setup that is messed up due rollbacks, packages who knows. How big is your backup config?
-
Ok, I saw your 'top'.
snort and squid eat already 45% of your CPU time.
Note that you have some zombies to (8). THis means processes are crashing in your box.
But all this isn't very conclusive for me.This might a be a nasty one: you have a boatload of packages running or your box.
I guess it might be worth the shot to disable them all, enable one by one and see when the GUI (simple web server+ PHP) starts slowing down.It can't be your hardware, you have more horse power in the box as I have, but still, the "software load" bogs it down …
-
@Mr.:
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
I admire your efforts, yet I'm still on 2.2.1; upgrading to 2.2.2 gave problems so rolled back; hoping 2.2.3 would skip the 2.2.2 problems so I upgraded that and rolled back again to 2.2.1. I'm afraid to upgrade to any new version, ever since 2.0 every upgrade required a fresh install + days of customizing the packages by hand, as the 'restore configuration' never worked :-[
So I will probably see the new GUI at pfSense 167.2.9 ;D ;D ;D
[/quote]That's strange. I have installs upgrading since 2.1.x to 2.2.x with no issues. Restoring config as well. Could be that there is something in your pfSense setup that is messed up due rollbacks, packages who knows. How big is your backup config?
Thanks Igor. I just test that, and created a screenshot.
-
@Mr.:
@Mr.:
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
I admire your efforts, yet I'm still on 2.2.1; upgrading to 2.2.2 gave problems so rolled back; hoping 2.2.3 would skip the 2.2.2 problems so I upgraded that and rolled back again to 2.2.1. I'm afraid to upgrade to any new version, ever since 2.0 every upgrade required a fresh install + days of customizing the packages by hand, as the 'restore configuration' never worked :-[
So I will probably see the new GUI at pfSense 167.2.9 ;D ;D ;D
[/quote]That's strange. I have installs upgrading since 2.1.x to 2.2.x with no issues. Restoring config as well. Could be that there is something in your pfSense setup that is messed up due rollbacks, packages who knows. How big is your backup config?
Thanks Igor. I just test that, and created a screenshot.
That's ungodly big config backup.
-
Ok, I saw your 'top'.
snort and squid eat already 45% of your CPU time.
Note that you have some zombies to ( 8) . THis means processes are crashing in your box.
But all this isn't very conclusive for me.This might a be a nasty one: you have a boatload of packages running or your box.
I guess it might be worth the shot to disable them all, enable one by one and see when the GUI (simple web server+ PHP) starts slowing down.It can't be your hardware, you have more horse power in the box as I have, but still, the "software load" bogs it down …
Thanks GertJan ;D
(Bedaankt :-* ).
I may have pasted the top while Snort was updating. Here's another one:
last pid: 411; load averages: 0.40, 0.37, 0.29 up 0+04:45:25 19:22:51 65 processes: 1 running, 58 sleeping, 6 zombie CPU: 4.3% user, 0.0% nice, 4.3% system, 0.8% interrupt, 90.6% idle Mem: 361M Active, 2169M Inact, 1213M Wired, 528K Cache, 2104M Buf, 12G Free Swap: 32G Total, 32G Free PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND 14853 root 8 20 0 1984M 1881M uwait 0 6:28 3.47% suricata 22287 root 15 20 0 219M 93032K nanslp 0 1:38 2.98% ntopng 76817 root 1 20 0 21988K 3152K CPU0 0 0:02 0.10% top 14138 root 150 20 0 193M 21948K uwait 0 0:26 0.00% filterdns 23911 root 1 20 0 14656K 2436K select 1 0:20 0.00% syslogd 96188 nobody 1 20 0 19060K 3516K select 1 0:12 0.00% darkstat 63665 root 1 20 0 21720K 5892K select 0 0:08 0.00% openvpn 30669 root 1 20 0 12456K 2180K select 1 0:06 0.00% apinger 71884 unbound 2 20 0 88488K 32732K kqread 1 0:06 0.00% unbound 17917 root 3 52 0 24572K 4716K uwait 0 0:03 0.00% redis-server 49979 dhcpd 1 20 0 24812K 13732K select 1 0:02 0.00% dhcpd 39033 root 1 20 0 50788K 7796K kqread 0 0:02 0.00% lighttpd 66015 root 1 20 0 21720K 5920K select 0 0:02 0.00% openvpn 65501 root 2 20 0 783M 386M nanslp 1 0:01 0.00% snort 99052 root 1 20 0 14540K 2080K select 1 0:01 0.00% powerd 79354 root 1 52 20 17136K 2708K wait 1 0:01 0.00% sh 249 root 1 20 0 224M 23864K kqread 1 0:01 0.00% php-fpm 89390 root 1 20 0 55720K 7588K bpf 0 0:01 0.00% bandwidthd 91338 root 1 20 0 55720K 7528K bpf 0 0:01 0.00% bandwidthd 90609 root 1 20 0 55720K 7528K bpf 0 0:01 0.00% bandwidthd 89470 root 1 20 0 55720K 7588K bpf 0 0:01 0.00% bandwidthd 91063 root 1 20 0 55720K 7588K bpf 1 0:01 0.00% bandwidthd 90317 root 1 20 0 55720K 7588K bpf 0 0:01 0.00% bandwidthd 90849 root 1 20 0 55720K 7588K bpf 0 0:01 0.00% bandwidthd 27472 root 1 20 0 16804K 2340K bpf 1 0:01 0.00% filterlog 89712 root 1 20 0 55720K 7588K bpf 1 0:01 0.00% bandwidthd 26816 root 1 20 0 28164K 18052K select 1 0:00 0.00% ntpd 14226 root 1 52 0 16664K 2524K nanslp 1 0:00 0.00% cron 6133 root 1 20 0 43604K 6296K select 0 0:00 0.00% mpd5 99043 uucp 1 20 0 18832K 2580K nanslp 1 0:00 0.00% upsmon 30999 root 1 20 0 28344K 3004K piperd 1 0:00 0.00% rrdtool 40664 root 1 20 0 55624K 6216K select 1 0:00 0.00% sshd 40320 root 6 20 0 737M 16308K usem 0 0:00 0.00% radiusd 264 root 1 40 20 19024K 2580K kqread 1 0:00 0.00% check_reload_status 28002 root 1 20 0 18780K 2344K select 1 0:00 0.00% inetd 277 root 1 20 0 13164K 4464K select 0 0:00 0.00% devd 41275 root 1 24 0 17136K 2756K wait 0 0:00 0.00% sh 40969 root 2 20 0 14748K 2312K nanslp 1 0:00 0.00% sshlockout_pf 54468 root 1 47 0 12404K 2008K nanslp 1 0:00 0.00% minicron 43186 root 1 35 0 17476K 3856K pause 1 0:00 0.00% tcsh 41378 root 1 52 0 17136K 2664K wait 1 0:00 0.00% sh 7016 root 1 20 0 32420K 5228K select 0 0:00 0.00% sshd 72822 root 1 20 0 12408K 2224K kqread 0 0:00 0.00% dhcpleases 42562 root 1 20 0 43568K 2800K wait 0 0:00 0.00% login 58733 root 2 20 0 14748K 2312K nanslp 0 0:00 0.00% sshlockout_pf 7202 root 2 20 0 14748K 2220K nanslp 0 0:00 0.00% sshlockout_pf 42883 root 1 21 0 17136K 2776K wait 1 0:00 0.00% sh 42916 root 1 52 0 17136K 2660K ttyin 0 0:00 0.00% sh 20251 root 1 21 0 224M 23868K accept 0 0:00 0.00% php-fpm 18833 nagios 1 52 0 23180K 4956K select 1 0:00 0.00% nrpe2 98998 root 1 52 0 18832K 2552K piperd 0 0:00 0.00% upsmon 54781 root 1 20 0 12404K 2008K nanslp 0 0:00 0.00% minicron 411 root 1 52 20 8304K 1952K nanslp 0 0:00 0.00% sleep 96433 nobody 1 52 0 19060K 2396K sbwait 0 0:00 0.00% darkstat 54289 root 1 20 0 12404K 1996K wait 1 0:00 0.00% minicron 54475 root 1 21 0 12404K 1996K wait 1 0:00 0.00% minicron 55145 root 1 21 0 12404K 1996K wait 1 0:00 0.00% minicron 266 root 1 52 20 19024K 2404K kqread 1 0:00 0.00% check_reload_status 55546 root 1 20 0 12404K 2008K nanslp 1 0:00 0.00% minicronThat is showing the machine is doing very little?
How can I kill the zombies ( ;D ;D ;D )?
-
@Mr.:
@Mr.:
2.3 will have a shiny new Bootstrap-based GUI, so that should at least be different, if not faster. :-)
I admire your efforts, yet I'm still on 2.2.1; upgrading to 2.2.2 gave problems so rolled back; hoping 2.2.3 would skip the 2.2.2 problems so I upgraded that and rolled back again to 2.2.1. I'm afraid to upgrade to any new version, ever since 2.0 every upgrade required a fresh install + days of customizing the packages by hand, as the 'restore configuration' never worked :-[
So I will probably see the new GUI at pfSense 167.2.9 ;D ;D ;D
[/quote]That's strange. I have installs upgrading since 2.1.x to 2.2.x with no issues. Restoring config as well. Could be that there is something in your pfSense setup that is messed up due rollbacks, packages who knows. How big is your backup config?
Thanks Igor. I just test that, and created a screenshot.
That's ungodly big config backup.
'tIs a feature, not a bug ( ;D ;D ;D ).
I don't know, perhaps it's BB's pfblockerNG tables that are being backupped too? (I don't know :-[ ).
-
@Mr.:
'tIs a feature, not a bug ( ;D ;D ;D ).
I don't know, perhaps it's BB's pfblockerNG tables that are being backupped too? (I don't know :-[ ).
[/quote]Nope, it's not a feature. It's a result of very poor pfSense config. We offer paid support exactly to prevent that : )
