pfSense custom build hardware with Realtek port dilemma

stephenw10

https://forum.netgate.com/topic/135850/official-realtek-driver-binary-1-95-for-2-4-4-release

provels

I doubt you'll see any problems in a home setup. I've use a quad-Realtek MB for 10 years there without issue with Hyper-V. But I picked up a quad-Intel i340 for about 20 bucks on Ebay because why not, especially with their great rep?

techtester-m

@stephenw10 I read that post and saw this answer:

But someone else asked how to compile the drivers.

Maybe I'm misunderstanding all of this but it seems to me like there's 2 options to install this driver - (1) Compile these drivers with a pfSense release, creating your "own" compiled version of pfSense. (2) Just simply install the driver onto an existing machine. Correct?

Gertjan

Dono where, but the compiled driver file is linked somewhere on the forum.
For FreeBSD 11.2 (pfSense 2.4.4-p3) and FreeBSD 12 (pfSense 2.5.0).

Btw : the info you quoted is wrong.
Read a couple of inches lower in that same thread for the correct info.

edit : a file like /boot/loader.conf can be updated / upgraded and thus your edits are lost.
In that case the user supplied driver won't get used, the kernel-build-in one will.

To make your edits persistent, create and use a file called /boot/loader.conf.local - as stated in the thread you mentioned.

stephenw10

The precompiled binary is attached to the first post in that thread. Copy the kernel module to pfSense and edit loader.conf.local as mentioned to load it.

You have to trust that that binary file is what it claims to be. I have no reason to think it isn't.
But otherwise you have to compile it yourself from source using FreeBSD. There are no build tools in pfSense.

But you should just test the NIC first. It will probably run fine with the included driver.

Steve

techtester-m

@stephenw10

1. My pfSense version is 2.4.4-RELEASE-p3. The driver we're talking hasn't been made official and thus won't be in this release or even in the upcoming releases, right?

2. If I understand you correctly, unless I have a running FreeBSD OS, I won't be able to compile this driver and thus have to use that binary file attached to that post?

3. If I'm correct about both (1,2 above) I think I'll just use the build in driver and test it.

Thanks,

Gertjan

1. Right. pfSense uses close-to-stock FreeBSD. Netgate builds pfSense and the used OS from source. A source for the realtek NIC's is integrated.
   Note : The up stream FreeBSD can change or modify their sources whenever they want. If there is a good reason.

2. Exact again. Read the entire post again. You need to have a pure 'native' FreeBSD system ( start here ), you have to add the 'build tools'. Add the source of this new driver and type the word with which the world is build : make. Then you obtain the 'binaries' for your type of FreeBSD kernel. Copy it over and done.

3. Good choice. You know an alternative exists - if needed. It's like having a Plan B ....

stephenw10

Yes, on all three points!

If you use the NIC and see 'watchdog timeout' errors in the system log from the re driver then consider using the alternative driver. It has been shown to work better in that situation.

Steve

techtester-m

2 last questions (I hope haha):

1. I've read on few articles that SSD and pfSense logs (or maybe more accurately RRD graphs etc.) are not the best friends to say the least. Perhaps it was relevant many years ago but it made me disable the logs for my home setup. I enable them back only for testing stuff until it works perfectly or when I notice a problem or strange behavior which almost never happens. As a programmer I perfectly know that logs are important haha but for this specific pfSense setup I hardly need them.
   Any input on the SSD wearing out issues with pfSense logs?

2. Any good benefit, besides compiling drivers for pfSense hahaha, in installing a FreeBSD OS on an old PC?

stephenw10

Any recent SSD should have a write life that far exceeds anything that pfSense can ever do to it. However if you're at all concerned there are somethings you can do to minimise drive writes.

Remove the SWAP slice during install. pfSense should never use swap anyway but if you exhaust the RAM and it does that's a lot of writes.
Set /tmp and /var as RAM drives. The majority of writes are there. That's an option in Sys > Adv > Misc.
Make sure / is mounted noatime. Run mount -p to check. If it isn't edit the fstab to include that.

Just for the experience of using FreeBSD? I use a VM for anything like that.

Steve

Gertjan

"RDD" info is not present in the logs.
"RDD" are fixed size files that change every minute or so. Older pfSense devices (Nano's etc) used storage devices that didn't like to be written at ; that had a none infinite live cycle. Even recent SSD's have these (some) limits.

pfSense is a firewall - a device that runs stand alone that needs ever ongoing surveillance. It's a security device, not some basic Arduinio-based-Coffee-machine.

The logs from my pfSense are being send to a syslog collector for later analyses - if needed. This is another device. Could be a NAS, some Widows system or any other "nix" based system.
For typical 'home' usage the onboard syslog facilities will do fine.

edit : lol, I'll back off.

techtester-m

@stephenw10 said in pfSense custom build hardware with Realtek port dilemma:

Remove the SWAP slice during install...

Already did that. Changed from 2g size to 0g during install...if that's the way to do it lol...

@stephenw10 said in pfSense custom build hardware with Realtek port dilemma:

If it isn't edit the fstab to include that

Have no idea how...

@stephenw10 said in pfSense custom build hardware with Realtek port dilemma:

I use a VM for anything like that

Yeah...thought so, I just have some old PCs :)

techtester-m

@Gertjan said in pfSense custom build hardware with Realtek port dilemma:

It's a security device, not some basic Arduinio-based-Coffee-machine

Hahaha I actually laughed out loud...Yeah, you're right...I was still just experimenting it.

@Gertjan said in pfSense custom build hardware with Realtek port dilemma:

send to a syslog collector for later analyses

I've seen that option under the Logs section (send to syslog server or something). Would a simple old PC with enough storage connected to the local network do the job?

@Gertjan said in pfSense custom build hardware with Realtek port dilemma:

For typical 'home' usage the onboard syslog facilities will do fine

The mini PC where I'm experimenting all of this, has a cheap 240GB Kingston SSD. Syslog server/collector isn't needed, right?

@Gertjan said in pfSense custom build hardware with Realtek port dilemma:

edit : lol, I'll back off

LOL don't give up on me...

Gertjan

@techtester-m said in pfSense custom build hardware with Realtek port dilemma:

I've seen that option under the Logs section (send to syslog server or something). Would a simple old PC with enough storage connected to the local network do the job?

Yes - some device with any OS (call it Windows) and you'll find the tool. My Syn Diskstation can handle that job also.
As does any 'linux' based PC, since they all use 'syslog'.

@techtester-m said in pfSense custom build hardware with Realtek port dilemma:

The mini PC where I'm experimenting all of this, has a cheap 240GB Kingston SSD.

Consider make the log files bigger.
Goto Status > System Logs > Settings and check the second option, Log file size (Bytes)

Note that these days, pfSense uses fixed size files with circular logging. These files will never grow. Perfect for devices where disk space is an issue.
Future pfSense (2.50) will use classic "clear" logging - like syslog does. A log file rotating facility will be present. Up to you to choose the number of days / weeks / month to keep. Disk space is less an issue these days.

@techtester-m said in pfSense custom build hardware with Realtek port dilemma:

LOL don't give up on me...

Noop. Said that because @stephenw10 (a frequent poster) was also replying the same thing, but differently at the same moment.

edit : wtf : @stephenw10 : more then 18 K posts ...

stephenw10

Go to Diag > Command Prompt and execute mount -p. You should see something like:

/dev/diskid/DISK-9E18E959s2a /			ufs	rw,noatime 	1 1
devfs			/dev			devfs	rw		0 0
/dev/diskid/DISK-9E18E959s1 /boot/u-boot		msdosfs	rw,noatime 	0 0
/dev/md0		/tmp			ufs	rw		2 2
/dev/md1		/var			ufs	rw		2 2
devfs			/var/dhcpd/dev		devfs	rw		0 0

You can see on that SG-3100 the root filesystem / is mounted 'noatime'.
If yours is not go to Diag > Edit File an open /etc/fstab. Edit the / line to include noatime. So it would probably just be rw. Change it to rw,noatime.
Note that breaking the fstab with a typo will probably make the system unbootable until it's corrected so....
Reboot to apply that change. Run mount -p again to be sure.

@Gertjan said in pfSense custom build hardware with Realtek port dilemma:

edit : wtf : @stephenw10 : more then 18 K posts ...

Yeah it's a problem. I'm trying to cut down!

Steve