-
This post is deleted! -
@stephenw10 I have the same issue. I have Realtek cards on my Zimaboard and I can get them to stay stable, until I install suricata. If I do that the WAN just shuts off (LEDs off) and comes back on periodically. I tried the links provided for the pkg in the command prompt of PfSense and nothing will download/install. It sounds like I just need to wait on 2.7.
-
Ooops should have been:
pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/quarterly/All/realtek-re-kmod-196.04.pkg
Do you see anything logged though when it stops?
Are you trying to run Suricata in in-line mode?
Steve
-
@stephenw10 thanks, so that URL worked. I plugged that URL into the console in the PfSense web interface and got:
Fetching realtek-re-kmod-196.04.pkg: .......... done Installing realtek-re-kmod-196.04... Extracting realtek-re-kmod-196.04: .... done ===== Message from realtek-re-kmod-196.04: -- Add the following lines to your /boot/loader.conf to override the built-in FreeBSD re(4) driver. if_re_load="YES" if_re_name="/boot/modules/if_re.ko" By default, the size of allocated mbufs is enough to receive the largest Ethernet frame supported by the card. If your memory is highly fragmented, trying to allocate contiguous pages (more than 4096 bytes) may result in driver hangs. For this reason the value is tunable at boot time, e.g. if you don't need Jumbo frames you can lower the memory requirements and avoid this issue with: hw.re.max_rx_mbuf_sz="2048"
I then updated the loader.conf via SSH into the router. I added the two lines above at the very top of the loader file and made sure it wrote. I rebooted and I still have an issue where the WAN doesn’t grab an IP. I have to physically disconnect and reconnect the Ethernet cable. I have yet to try suricata again but yes I had it in inline.
-
@mxczxakm might want to put those lines into /boot/loader.conf.local
That way it (the manual settings you added) will stick around if you do an upgrade.
-
@rk0 Should I have those lines in both or just the .conf.local? Should i remove them from .conf? I don’t understand exactly what these files are doing so I’m flying blind.
-
@mxczxakm the full file name (and subdirectory location) for JUST the "new" configuration parameters would be /boot/loader.conf.local (just saying that, since you wrote .conf.local)
I'd leave your /boot/loader.conf file as "pristine", and just add the
if_re_load="YES"
if_re_name="/boot/modules/if_re.ko"lines to the "new" /boot/loader.conf.local file
...and perhaps the
hw.re.max_rx_mbuf_sz="2048"
line if you don't have anything on the network using jumbo frames...which would probably be unlikely -
@rk0 Thanks for this!
I’d add .local to the note that comes up then. I took it literally.
Maybe it’s just normal Linux etiquette but wasn’t obvious to me.
-
Well, that fixed it! Thanks so much, this was killing me! Now to try Suricata again.
——
No more drops, you guys rock!
-
@mxczxakm (it wasn't obvious to me the first time through either ).
In fact, it was another user on this forum months ago that explained to me how the /boot/loader.conf.local file would stick around after an upgrade, while the /boot/loader.conf file might get reset back to initial settings....
Good advice passed on in the forum helps us all!
-
That note is from the kmod pkg install which is common to any FreeBSD installation. pfSense uses loader.conf.local specifically so it doesn't apply to us. But we can't easily remove it.
Steve
-
I spoke to soon, the WAN still cycles on/off. I get this error in the logs from the kernel:
arpresolve: can’t allocate llinfo for X.X.X.X on emX
-
What happens just before that when it goes down?
Those logs look normal for when an interface links up.
Are you still running it in in-line mode? I would try it in legacy mode as a test at least. In-line mode requires specific NICs.
Steve
-
@stephenw10 it disconnects and reconnects all by itself. I do still have suricata in inline. I’ll try legacy when I get back from travel on Friday. Thanks for the reminder.
Out of curiosity, does in-line just need intel or specific models of intel?
-
It uses netmap(4) which requires device support:
https://www.freebsd.org/cgi/man.cgi?query=netmap#SUPPORTED_DEVICESThat does include re(4) but actual support can be variable. The Intel drivers are generally better and more likely to work as expected. So, no, any Intel based NIC would be expected to work there AFAIK.
Steve
-
This post is deleted! -
How did it fail? At the mountroot prompt? What that after upgrading or a clean install?
I haven't seen that on any of the 2.7 test boxes I have. Yet.
Steve
-
This post is deleted! -
Ah, could be UFS.... Hmm. Testing....
-
Re: realtek-re-kmod missing in pfSense 2.6 repository?
Bit off topic but can pfsense be upgraded to 2.7 dev temporarily then “downgraded” to 2.7 release when it comes out? There’s been times I want to try the dev releases but I don’t want to get stuck in that path.