This is why I wont be reporting any more bugs.
-
Ok regarding the issue in question (bug report), I did some more testing after I received some support.
I have now found a pattern.
I mentioned earlier that the traffic was been matched as the counters went up, well yes but it turns out its only matching the connection setup (initial syn).
I have written a ton of notes but it would be a very big post so will try to summarise.
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link, additional to the previous options I set I set http traffic to low priority as http is really easy to test and also that steam downloads are port 80 not the ports used in the wizard.
I observed by watching the queue screen there was a very small amount of qACK traffic but qOthersLow and QothersHigh both remained at a big fat zero.
I went back to the rules page and noticed the counter for the rules only incremented a small amount at the start of a connection but never increased for more traffic, e.g. a http download would increase the counter at the start of the download, but no more during the download. This I believe it is just recognising the initial syn packets and not the data packets afterwards.
I then went to the rule and highlighted LAN so both WAN and LAN are selected. This causes a small amount of traffic to appear in the qOthersLow for http but it is very tiny, not even 1 kbyte/sec, it shows using bytes/sec.
I switched back to default WAN only selected and changed the rule to pass.
Suddenly qOthersLow full of activity during a http download and in addition the packets counter for the rulle accumulated 'during' the download rapidly, suggesting its working (but of course with the security issue as a floating rule).
I then moved the pass rule to a LAN rule away from floating and it carries on working correctly but without the security issue. This behaviour is the same for my generic ack rule also.
I have tried to prove my previous results wrong, as I am the sort of person who will hold their hand up if proven wrong even if embarrassing but I cannot replicate what should be the correct behaviour on my setup. It is matching syn packets it seems but thats it, nothing else when the rule is a 'match' rule.
I need to test UDP dns, which I will test by running a dns benchmark app as I want to confirm if UDP is having the same issues as I know for sure on TCP.
Also this was posted in this section because I am running the 2.4 beta code not 2.2 stable.
-
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link
You should have selected Multiple Lan/Wan.
I'd really like to help you out but I think I'm done here. All these posts, all this heat, and yet you have not posted a single thing that anyone requested. No floating rules, no shaper config, nothing. Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done. It works for everyone els ein the expected way.
-
@KOM:
I wiped the traffic shaper config clean and ran the wizard again, I selected dedicated link
You should have selected Multiple Lan/Wan.
I'd really like to help you out but I think I'm done here. All these posts, all this heat, and yet you have not posted a single thing that anyone requested. No floating rules, no shaper config, nothing. Considering how you seem to want to get this working, I find it baffling that you consistently post nothing for anyone to help you other than your descriptions of what you think you've done. It works for everyone els ein the expected way.
That is what I selected the first time when I made the bug report, the issue you have is you are still approaching this as a operator error issue, you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.
Also noone asked me to do do anything apart from one guy who asked for the screenshots which I am posting in a matter of minutes from now, I know you are really hoping to see something that looks like I fiddled with something that must be to blame.
-
Ok here is the results using the dnsbench GRC application which I used to flood my router with outbound dns connections, the results were not the same as TCP tests.
1 - With the default rules created by the wizard it doesnt work but in addition unlike the other match rules there is 0 matches tallied on the rule.
2 - changing to pass whilst still a floating rule is the same result as #1.
3 - Having it as a pass rule on the outbound LAN interface (not floating) it correctly matches the packets and I see dns traffic in qOthersHigh queue. -
attaching floating rules pictures, I have explained already what is there, but for those who want to visualise here it is.
-
the issue you have is you are still approaching this as a operator error issue
Again, it works for everyone else, so yes we're assuming it's PEBKAC.
you simply refuse to accept anything else, until you change that line of thinking you will not manage to make any progress on this issue.
Since you consistently refuse to provide any details whatsoever, we have nothing else to go on, do we? You're saying that even though others (including myself) have it working but you don't we should assume it's a bug? Here's a thought: everyone in here is telling you you're wrong but you stubbornly refuse to listen and instead want to argue with the devs and old-timers. Maybe you're the one in need of a change in thinking?
Also noone asked me to do do anything apart from one guy who asked for the screenshots
I'm pretty sure I've asked at least once before.
I know you are really hoping to see something that looks like I fiddled with something that must be to blame.
You're making this personal for no good reason. I was hoping we could fix your problem so you would stop moaning about it but like I said I'm done. I'm sure someone else here can look at your diagrams.
-
You havent been constructive in any of your posts in this thread. I have obviously personally ruled out operator error by repeating the procedure probably a dozen times now, its not my fault you wont accept that. You said you staying out of the thread which is probably the best post you made in here, of course if you want to offer constructive input go ahead, but first step back take a breather.
I have never said this doesnt work on any pfsense routers. You seem to think something either must be broken on every usage case, or working in every usage case, nothing in between, except the real world doesnt work like that, bugs can surface themselves in mysterious ways. Not to mention that you saying "everyone" has told me that I am wrong in that there is a malfunctioning code problem (or documentation issue). As that is also not the case.
I have spent 100s of hours in my job when having to track down bugs that may only affect sub 1% of people. I didnt reject reports because "it works for most people".
-
A few observations-
- I don't think trying to continue troubleshooting in a thread that was started to comment on the bug reporting process is going to be productive for you. Perhaps continue on a previous thread, or start a clean one.
- Most of the people here are just other users trying to help out, so don't get so offended is someone is short with you. If you are paying me $100 an hour to troubleshoot your problem, I promise I will be very polite and professional. For free help, take what you want and ignore the rest.
- Skill level varies widely, so there is naturally skepticism. I have tried to reason with people who claimed to have years of network experience, but acted like twelve year old kids.
- Document your case, and ignore those who you feel are not constructive. Getting in feuds is not going to help you solve your problem.
I'll stop there. Good luck on your issue. Personally, I find the shaper complex enough that I don't try to give others advice on it.
-
Fair points dotdash.
I will take your advice and start a new thread on the issue alone and we can see if a resolution is found.
-
thread for the issue is here if anyone wants to participate on the problem at hand (not for discussion of the bug report issue.)
https://forum.pfsense.org/index.php?topic=123757.new#new
-
I have had a lot of help from this forum, but mostly best answers given by peoples who develop or support this project.
I have reported issues also onto redmine and it was fully working for me, until one day I have received this crap as an answer https://redmine.pfsense.org/issues/6836
This is unacceptable, IMHO. -
So right now you have started no less than 3 threads about the same thing.
- this
- https://forum.pfsense.org/index.php?topic=123757.0
- https://forum.pfsense.org/index.php?topic=123654.0
No idea how this helps to solve any of your problems. :(
-
"Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc."
Not to point out the obvious here NOYB, but all the words of be nice seems a bit odd coming from someone with -109 Karma points.. When you only have 118 on the + side to counter those.. Clearly you pissed of some people with your honey vs vinger posts ;) hehehe
Just saying ;) hehehe
BTW: Dok is one of the nicest most helpful people on this board, and he knows his SHIT!! That is for sure - sorry but if he says something is BS, and calls you on it.. I would bet my left nut he is right on point.. Also just saying ;)
-
John he must really know his stuff, as he said I have not provided information he needs, yet somehow managed to determine what I said was the word you used.
Unless I have misunderstood you, you have them decided to agree with him based on his reputation alone.
He is welcome to do any of the following which he has not done.
Provide documentation that is not sourced from pfSense or from openbsd post 4.5 that explains what he says.
Provide me a step by step diagnostics route to follow to prove or disprove a theory.All he has done is basically try to discredit me personally, thats pretty much what every one of his posts has been about. He also hasnt said who he was in the bug report ticket, but given only one person not called jim responded to that ticket, I think I can guess who he was, the guy who pretty much decided that because it works for him that alone must mean its not what I said it is.
So that to me actually makes me disrepect him, because he comes across as someone who thinks he is above others (note how he talks down to me as if he is some expert and I am someone who is not understanding whats going on) and because I called out his bad language on the bug report he is now just concentrating on me but not on the issue I raised.
Obviously people develop trust with each other and friendships and so forth, he is a senior member of this community and naturally those who have been here a while will just accept his opinion. I already know this "technical problem" will get nowhere, I will just use the traffic shaper with the LAN configured rules which are working 100% and others on here will just continue to conclude that I must have fiddled with something, or "somehow" broke it myself and that the code base remains 100% rock solid.
Of course this issue is not the only one that will fall into a back hole. There is the repeated unbound problems that were reported first in 2015 from what my search finds, and have yet to be actioned upon.
I also reported a bug with pfblockerng to bbcan17, instead of calling my report bollocks, he is a friendly guy who has said he will be doing testing using the proposed fix I offered. That is a the response of a mature friendly developer. Its not a competition to try and score points of each other, but a community where we work together to solve problems including problems that are undesirable behaviour.
To come back to this quote
""Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc.""
Are you saying NOYB has not been like that to myself on this thread and on the ticket?
Please explain how calling a bug report bollocks and deciding from the off that the bug is invalid is not insulting and belittling?
-
All he has done is basically try to discredit me personally, thats pretty much what every one of his posts has been about. He also hasnt said who he was in the bug report ticket, but given only one person not called jim responded to that ticket, I think I can guess who he was, the guy who pretty much decided that because it works for him that alone must mean its not what I said it is.
Hey dude, that was me. And no, I actually suggested to move your issues to the forum, where they belong. Alas, that was completely unproductive. Perhaps you need some tinfoil supply?
And unfortunately, the suggestion by one of the pfSense devs to stop digging security holes into your firewall did not have any better effect either, as you clearly still insist on producing exact same nonsense that you filed as a security bug originally, and even suggesting that as a solution.
From Kill Bill with love. :P
-
Making pass rules on the LAN section is not a security hole as all outbound traffic is already allowed by a default rule created by pfsense.
All those rules do is also move the traffic to specific ALTQ qeues.
Lets face it mud sticks, and I have upset enough senior members of this forum that I will now only be slammed for what I do.
e.g. it was suggested I make a new thread to invite suggestions, so far none of you have replied to that thread and even someone slammed me for making that new thread.
No senior members have actually suggested anything, but actually instead concentrated on telling me to "not" do stuff.If you do not want people posting what they believe to be bugs on the bug report site, then you need to lock out the bug report site to approved people only. The reason you dont want me posting there is because you want a sort of triage to occur on the forum first, so basically every problem is determined to be an end user problem by default unless decided otherwise.
The following are all facts which has produced hurt, but none have really been disproved.
Openbsd documention up to 4.5 and older states to use pass rules to send traffic to queues.
FreeBSD documentation states the same.
pfSense documention states to use floating match rules, however I have not been able to verify the author of that documention and who wrote them.My own experience which I have lost count now of how many times I have said it proves on my own specific setup/configuration the match rules created by the traffic wizard simply do not work as intended. After pointing this out a few excuses have flown my way such as "I dont understand what they supposed to do", "I have done something wrong". Very vague excuses but no proper diagnostics.
Even now the post you just made. It is concentrating on what you think I shouldnt do but no actual ideas from yourself as to why its not working. You have no idea, all you seem intent on doing now is basically getting me off the forum.
So to sum up.
you have still not said what a "real bug" is. Is it not a real bug until you or jim can produce it? My altq interface bug report was rejected but then when jim reproduced it is now suddenly valid, umm ok.
You told me to post it on here which I now have done, but still some days later, you have not offered anything constructive, instead you continue on a slander campaign as proved by your above posts again just concentrating on discrediting me as an idiot.
You try to mock me for creating apparent security holes yet I am not the one who has created a default behaviour for the dns resolver to listen on the internet interface.Finally you label my final comment here https://redmine.pfsense.org/issues/7104#note-9 as nonsense without explaining why you believe it to be nonsense.
How old are you 12? I mean you seem to have just proved my point, I said there is a complete lack of respect given to me on the bug ticket, by calling my report bollocks without any kind of investigation and then you done the exact same thing again, you called a proper diagnostics procedure I carried out as "nonsense", please explain yourself, or is that beneath your station?
Remember this forum is here for all the public to see, and pfsense are selling hardware and other services in a professional environment and the sort of replies here are doing the brand no favours.
-
No senior members have actually suggested anything, but actually instead concentrated on telling me to "not" do stuff.
Perhaps because everyone is either fed up by your moaning, or just cannot be bothered to follow your 3 different threads about the same, with chaotic pieces of info posted here or there or elsewhere.
Finally you label my final comment here https://redmine.pfsense.org/issues/7104#note-9 as nonsense without explaining why you believe it to be nonsense.
Actually no, I originally labeled is a "load of bollocks". And posted a screenshot reasoning why.
Have better things to do with my time, outta here.
-
So you are hanging onto the fact it works for you, and that reason alone that everything I said is nonsense/bollocks.
Is that what you really trying to say and consider adequate diagnostics?
I do agree this whole thing has been a waste of time, I have spent far too much time on this subject, especially as I already have a working solution in place.
-
"Be gracious in giving (helping others) rather than condescending, insulting, belittling, etc."
Not to point out the obvious here NOYB, but all the words of be nice seems a bit odd coming from someone with -109 Karma points.. When you only have 118 on the + side to counter those.. Clearly you pissed of some people with your honey vs vinger posts ;) hehehe
Just saying ;) hehehe
So you want to shoot the messenger eh. ;)
Karma point context matters. So if you want to use that then provide the context of them as well.
-
I am not aware of any of these issues, on what dok might or might not have said on some comments on redmine. I don't really want to get involved with that. The funny part I found in this thread was someone saying hey you catch more flies with honey, yet has a - karma that is almost higher than his +… Which doesn't see like practice what he is preaching is all..
But what I can tell you is have been reading dok's posts, and chatting off and on with him for years. He might seem a bit blunt or rough sometimes in his comments. And while it might see rude or atleast not very nice to those that do no know his style. That is not his intent to be sure..
What I can tell you is I can not recall a post of his that was off base from tech point of view. Be it his posts didn't put in enough please and thank you's I don't really give 2 shits about. This is a tech board, and about information. Sorry but if you get offended because someone calls BS on information posted - maybe you should only visit the board when its not your time of the month ;)
To be honest his blunt and upfront posts normally bring a smile to my face ;) Because its nice to see vs all the flowery fluff that fills many boards.. Keep in mind that its really hard to correctly interpret tone in a forum post.. I get the same reaction to some of my posts.. And I can assure you I am just here to help and exchange information that allows the user to do what they want to do. If they are going down the wrong path per my "opinion" that I might say nonsense or bs, etc. etc.
I don't really care for all the flowery nonsense, I don't care if you catch a billion more flies.. I don't really like flies - so if we have to spread about some vinegar about - who cares.. Keeps the flies away if you ask me ;)
If you think he assumed something is wrong, then call him on it posting why.. The facts are the facts. But to go crying that he was direct and to the point with his opinion and you found it not to your likely.. Oh well ;)
Does not matter if he called you a moron or an idiot or whatever. These are just words from some random guy on the internet.. Why would you get upset? What does it matter - comes down to the information that the discussion is about. If something doesn't work, then it doesn't work - show your steps in why you think the problem was xyz.. If the problem is not xyz and someone says oh that is BS.. Vs hey mister poster hope your having a nice day, but I do not believe the information you provided is correct..
Its easier and quicker and to me gets a more honest opinion across if you just say Bollocks! or BS that is not the problem.. If they jumped to conclusion that you think is false then show why.. They are going to feel stupid if you show you are correct and they are wrong now arn't they.. If was just too blokes chatting at the pub and one said that is BS, and then finds out its not you both laugh and have a beer.. You don't go home crying to mommy ;)
-
On a somewhat productive note, closing all your duplicate threads (this one included) and starting a new fresh one, with focus on stating relevant info (incl. the shaper config), what you are trying to achieve, what have you done, what results you have expected and what does not work might even produce some result.
From the mess and OT noise posted so far and some chaotic descriptions, the only thing I got that you got some god knows what tool from the infamous grc.com site (proudly spreading FUD and misinformation since ~2000 or so) and did some random messing with DNS queries. Kinda hard to debug that.
P.S. On the karma note, perhaps someone fix my satanic +666 karma meanwhile? :P
-
P.S. On the karma note, perhaps someone fix my satanic +666 karma meanwhile? :P
I think it's awesome, and compliments your avatar.
-
P.S. On the karma note, perhaps someone fix my satanic +666 karma meanwhile? :P
Nope. I think it fits you. We should just make it static for you. ;)
-
-
We should just make it static for you. ;)
Hmmm, sounds good. 8) :P
Thought you might like that. Maybe is why you pointed it out. So people would rebel and not bump it. Oh the head games to be played. ;)
-
"668: The Neighbour of the Beast"
-
https://web.archive.org/web/20060118024806/http://grcsucks.com/
669 your welcome!
-
https://web.archive.org/web/20060118024806/http://grcsucks.com/
LOL. Yeah. Even worse was the SpinRite snakeoil. Should be just criminal. >:( >:( >:(
-
I am not aware of any of these issues, on what dok might or might not have said on some comments on redmine. I don't really want to get involved with that. The funny part I found in this thread was someone saying hey you catch more flies with honey, yet has a - karma that is almost higher than his +… Which doesn't see like practice what he is preaching is all..
But what I can tell you is have been reading dok's posts, and chatting off and on with him for years. He might seem a bit blunt or rough sometimes in his comments. And while it might see rude or atleast not very nice to those that do no know his style. That is not his intent to be sure..
What I can tell you is I can not recall a post of his that was off base from tech point of view. Be it his posts didn't put in enough please and thank you's I don't really give 2 shits about. This is a tech board, and about information. Sorry but if you get offended because someone calls BS on information posted - maybe you should only visit the board when its not your time of the month ;)
To be honest his blunt and upfront posts normally bring a smile to my face ;) Because its nice to see vs all the flowery fluff that fills many boards.. Keep in mind that its really hard to correctly interpret tone in a forum post.. I get the same reaction to some of my posts.. And I can assure you I am just here to help and exchange information that allows the user to do what they want to do. If they are going down the wrong path per my "opinion" that I might say nonsense or bs, etc. etc.
I don't really care for all the flowery nonsense, I don't care if you catch a billion more flies.. I don't really like flies - so if we have to spread about some vinegar about - who cares.. Keeps the flies away if you ask me ;)
If you think he assumed something is wrong, then call him on it posting why.. The facts are the facts. But to go crying that he was direct and to the point with his opinion and you found it not to your likely.. Oh well ;)
Does not matter if he called you a moron or an idiot or whatever. These are just words from some random guy on the internet.. Why would you get upset? What does it matter - comes down to the information that the discussion is about. If something doesn't work, then it doesn't work - show your steps in why you think the problem was xyz.. If the problem is not xyz and someone says oh that is BS.. Vs hey mister poster hope your having a nice day, but I do not believe the information you provided is correct..
Its easier and quicker and to me gets a more honest opinion across if you just say Bollocks! or BS that is not the problem.. If they jumped to conclusion that you think is false then show why.. They are going to feel stupid if you show you are correct and they are wrong now arn't they.. If was just too blokes chatting at the pub and one said that is BS, and then finds out its not you both laugh and have a beer.. You don't go home crying to mommy ;)
General Questions / Re: How do you automate pFsense Changes?
« by cmb on July 01, 2015, 09:58:33 pm »
johnpoz: be nice, please.
https://forum.pfsense.org/index.php?topic=95850.msg534212#msg534212webGUI / Re: WebGui admin available from WAN
« by cmb on April 30, 2016, 01:21:54 pm »
Be nice, johnpoz.
https://forum.pfsense.org/index.php?topic=110784.msg618541#msg618541Be careful hurling those stones around. You might break your house.
This is why I don't put much value in the karma ratings. Because I don't see any means available for associating them with a post and person who is awarding them. i.e. context
You may have a better +/- karma % than I but I'll take my % over your being chastised by one of, if not the, top dog at least twice in less than a year for down right horrible treatment of others on the pfSense forums.
Especially since I know that many if not most of my - karma points were intentionally solicited and egg on, even directly invited by myself. So in light of that I'll say again, karma points context matters.
And oh by the way. One does not have to be all flower and giggles to not be rude, condescending, and a plethora of synonyms and interact with people respectfully. And being blunt does not equate to or necessitate being those things either. Also a persons MO/style is not justification/license to be the afore mentioned things. As was stated earlier by someone, "Please don't make excuses for rudeness."
-
I suggest that you simply stop running the wizard. And if you DO run the wizard, don't check every damn checkbox. Check one for something that's easily understood - like DNS. And maybe HTTP so you get some TCP happening. See what the wizard did then take a config backup, remove the shaper and build it yourself. You are always just a 3 minute restore away from starting over again.
Make maybe three queues on WAN. Priority, HTTP, and Default. Don't even worry about download shaping on LAN.
Start with PRIQ not HFSC.
Start simple. Not with 40 floating rules.
When you can look at a floating match rule and be able to KNOW exactly what it is doing and you can DEMONSTRATE there is something that isn't behaving as designed and get perhaps some CONSENSUS here, THEN open a detailed bug report with the clear steps to REPRODUCE. You are obviously a beginner at this. Beginners should not be wasting the developers' valuable time filing what basically amount to frivolous bug reports that are essentially nothing but a support request to help teach them how to configure the traffic shaper (free of charge).
That is what the forum is for and is exactly what you were told over on redmine but you decided to get butt-hurt instead.
Moving to general discussion.
-
pfSense is amazing software, but the attitude to bug reports I have made has been pretty shocking, there is "assumptions" been made that things are due to errors I must have made myself, and I have even been called a liar…
I agree, you were treated appallingly. And even if it was not a "real bug", there's this thing called diplomacy. There are a couple of posters in the forums who are prone to fly off the handle and treat people poorly.
If I treated customers or my testers like that I'd be in line at the unemployment office.
Diplomacy does not solve technical issues. Technical issues are mostly caused by ineptitude. Ineptitude can solved with knowledge. But you can only lead a horse to water, you can't make it drink. When the horse refuses to drink, being diplomatic is a waste of time. You either need to figure out how to force it or give up on the lost cause.
When my cat needs to take his pill, I may be nice the first few times, but after a bit, I'm going to force that pill down his throat. It's for his own good. I can't do that over the Internet, but I get the luxury of being emotionally un-invested with anonymous other people, making it easy to cut my losses.
That fact that they have no given up shows how much they care, even if a bit rouge around the edges.
P.S. I hate diplomatic people. I find them to be very "fake" and untrustworthy. Always twisting words and never being strait and to the point, interacting with your emotions instead of your reason.
-
Derelict what made you conclude I am obviously a beginner?
A beginner first wouldnt even have noticed the problem, as they wouldnt know to look at the queue statistics.
Also one important diagnostic step in diagnosing if firewall rules behave as expected is to look at the counters for the individual rules, not only did I do this, but I demonstrated that I did it.
The only thing I agree with you is that yes it is best to test on one rule only, and for that I could run the wizard and select http and nothing else. The result would be the same tho. The result is not because there is multiple rules, and there certainly is not 40 rules there is no need to try and exaggerate things.
I wont be taking this further with pfSense, there is simply too much opposition to the mere thought of there been a bug, and for that reason this will never develop into what would be a proper solution, a FreeBSD developer is checking the PF source code however to check exactly what the code is supposed to be doing in regards to pass vs match rules.
With attitudes such as "Technical issues are mostly caused by ineptitude. " It is simply not worth my time.
Also even tho i have stated I am only using HSFQ it does not mean that is all I have tried, if I came on here with a post stating I had already tried several different configurations (including PRIQ) I would likely have been told I shouldnt have done that, in other words you guys are so obsessed with the idea that this has to be operator error you are now taking the approach to find a reason to come to that conclusion. You are not thinking with an open mind. I of course still have an open mind, its not 100% chance of it been a bug, "but" and its a big but, not one single person has come on here and said something like this.
We need to rule out that it is not you misconfiguring the software so please carry out the following steps and report back the results.
If something like that was posted I would of course have cooperated, followed the steps and reported back, but instead its just been a barrage of insults with the problem been "me".
If I took this approach with the people who pay my bills I likely would be looking for a job right now, I for sure simply could not brush of issues with "well it works for Mr White so it must be Mr Black's fault it doesnt work for him".
-
It is clear that there is something toxic in the workflow for forum based assistance.
Pfsense has been brought to the mainstream due to coverage on youtube from several tech personalities.
Networking can be deceivingly easy to get going - but we all know how complex this stuff is.
I'm not saying anyone is right or wrong. I'm just posting an observation that I've made.
The board is flooded with "beginner level" inquiries. Stuff that most consumers encounter when they buy an off the shelf consumer grade piece. This is not a put down. It is a classification.
Honestly, pfsense is what I would call enterprise level. Theres settings in there where you can totally screw it up whereas something that has been made idiot proof cannot be made to do so - or let's just say it's obvious if you've messed up on it.
That is necessary for all the different use cases people have at the enterprise level that a "gaming" router is not set up to do with 99.99% uptime.So we have a ton of people in here at different levels of understanding trying to get the attention of the pfsense community for no charge to get their setup working.
Could you imagine grade schoolers asking College Professors grade school level questions during a College course?
I think there needs to be some sort of hierarchy - the only problem is people don't necessarily know what level their issue is.
Call centers solved this issue by making people go through tiers of support so the easy stuff never gets the attention of the higher level techs who are busy with higher level things.
Anyway I'm ranting again.
No one is wrong - the structure made to help is.
Take care of each other out there! ;D
-
It is clear that there is something toxic in the workflow for forum based assistance.
This thread ain't about forum based assistance. This thread origin was a guy who repeatedly filed nonsensical bugs and - when pointed to use the forum - got offended instead and accused people of trying to keep the bugs number down.
P.S. When in need of enterprise support, just purchase one. They'll deal with your PEBKAC happily. Don't abuse the issue tracker for that.
-
as a reminder I am done with this thread so will not respond to any more comments, even favourable one's, I am still active in the new thread tho.
-
With attitudes such as "Technical issues are mostly caused by ineptitude. " It is simply not worth my time.
Something wrong with that? It's true. There are two reasons to having a problem when there should not be a problem.
- You understand the problem and made a mistake somewhere and are just trying to catch your mistake
- You don't understand the problem aka inept
I find myself to be inept from time to time, but I l better myself in the process. Inept just means you have a lack of knowledge or skill. I actually find it strangely exciting, even though bitter-sweet. When someone shows me the error of my way, even if it smashes my ego into the ground, I thank them and become a less inept person.
If you fear what you don't know because it hurts your ego, you're not going to get very far. You sir, have a bad attitude towards learning. Many people pointed out that your issue is only caused by yourself. You made a wrong assumption and the "bug" with PFSense is a feature, and for good reason. Instead of even acknowledging that reason, you went on a crusade talking about how you're correct, PFSense is wrong, and PFSense needs to completely change the fundamental concept of stateful firewalling.
-
After reading this thread from start to finish(and the bugtracker post). I just have a few things i must say.
1. The OP could have been clearer, and more fourthcoming with the properly requested info at times, but he was understandingly distracted by what i would call hecklers.
2. If you are in a position of power on the bug tracker, or the forum, you have no business running your trap in anything other than a professional way, if you want to crack fun at someone, keep your mouth shut whether you think they deserve it or not. Even if they said the sky is F-ing pink.
3. Any respectable employer would scoff at some of the behavior ive seen from certain people here not naming names. And i have even seen volunteers kicked out of projects because they could not remain professional, or hold in their ranting or at least keep it constructive.
4. And anyone who thinks these statements arent accurate take heed from this! I have worked with 14 law enforcement agencies(including FBI, DHS, etc.) as a contractor. I have worked for 89 Private Sector companies and organizations as a contractor, and i have worked on systems from 3 countries, and ive lost count of how many states in the USA.
I would have at the very leasy had a stern reprimand for such behavior, and if it continued after that, regardless of how smart or good at their job a person was, i would either bench them to work away from working with outside people, or terminate them. When i have subcontracted pieces of work, i have had to axe people for the same reasons.
My company are even mulling becoming a pfSense partner atm to resell, and i can attest, that we will not shuff it off if the people we deal with for support issues act like this. In fact if such an incident happens, i think i would post screenshots publicly to ensure the matter was resolved, and only remove them once it had been.
Ive been in this industry for 15 years now, mostly on the security and engineering side, and if i had the kind of attitude i have seen here, and numerous other theads, and bugs on the site. I would have lost many contracts, and possibly even my primary employment.
Im not here to slander anyone, This is my encouragement for the "POWERS THAT BE" to get these issues under control if you want to continue to be seen as a viable alternative to big boy firewalls. We cant go parade pfSense around in front of the Cisco boys if your support people dont behave up to par.
And i am quite proud to be using pfsense, as well as be selling them, and maintaining them, its a superior product to most of the other options, and so cost effective, please dont drag it through the mud un-nessicerily.
After-thought: Everyone pokes a little fun here or there, and what happens in the shop talk can be humor about a silly customer, that happens, people are human. But dont expose it to the public view, or even disclose it to the person. Keep a level head and professional attitude, even if you are laughing while there on hold….. Ive run into such rediculous arguements from customers or other engineers that sometimes you just have to laugh, or go "WTF is this guy thinking", but never to their face, or publicly. Keep it behind closed doors, or not at all.
-
@MasterX-BKC-:
After reading this thread from start to finish(and the bugtracker post). I just have a few things i must say.
/snipTry to keep in mind some things-
- This is a public forum, and very few on here are associated with Netgate/ESF. This is not the paid support forum. Actions of individuals on here are not an official support response. The tracker is likewise open to the public.
- People here are generally trying to help others. If you don't like my advice, please ignore it, maybe someone else will help you.
- I'm not getting paid to help you, you can't get me fired for losing my patience with you. We do not have a professional relationship. It's a damn forum, if you are going to get offended easily by people on the Internet, please buy a support contract.
- Professional engineers and twelve year old kids use this software. If you don't tell me everything, I just might assume you are making mistakes that many beginners make. Try not to get upset about it.
-
Although I wont be replying to comments, I will say someone else has actually confirmed the bug and submitted his own report.
Also here is my profile on the freebsd forums, note the join date.
https://forums.freebsd.org/members/1523/
-
- I'm not getting paid to help you, you can't get me fired for losing my patience with you. We do not have a professional relationship. It's a damn forum, if you are going to get offended easily by people on the Internet, please buy a support contract.
I hold support contracts for all of our pfsense units with the exception of the virtuals. That being said havent needed to use them. Trash talk from guests/random users is one thing, but anyone who is designated as anything voluteer or higher should be held to a higher standard, and if they cannot maintain it, they loose such title and go back to being in the random crowd again.
I am not having any issues atm, but i have had a few in the past, and when i submitted a bug in which the webui was incorrectly formatting a config file regarding DHCP, i received a simularly dis-tastefull response.
Just because someone is a volunteer should not give them a license to muddy the waters without reprimand, or loss of their title/position/rank/rights….