Snort does not run in WAN interface in pfSense 2.1
-
http://www.amazon.com/s/ref=nb_sb_noss_1/190-7687956-8103958?url=search-alias%3Daps&field-keywords=pc3200&sprefix=pc3200%2Caps&rh=i%3Aaps%2Ck%3Apc3200
-
http://www.amazon.com/s/ref=nb_sb_noss_1/190-7687956-8103958?url=search-alias%3Daps&field-keywords=pc3200&sprefix=pc3200%2Caps&rh=i%3Aaps%2Ck%3Apc3200
Thanks supermule for the link. But HP uses DDR Synch Dram PC3200 UNBUFFERED memory like Kingston's KTH-D530/1G. The motherboard seems very choosy about memories as I read at http://h30499.www3.hp.com/t5/Business-PCs-Compaq-Elite-Pro/DC7100-SDRAM-upgrade-2-x-1GB-appears-as-2-x-512MB/td-p/1152268, fyi.
I have two machines HP Compaq Deskpro dc7600 sff (http://h10010.www1.hp.com/wwpc/ca/en/sm/WF06b/12132708-12132884-12132884-12132884-12221730-12221860-77102439.html?dnr=1) besides this one. I guess the same KTH-D530/1G applies to this one, too.
Sorry, it sounds a hardware thread, but is the foundation to pfSense working ;-)
-
Sorry, it sounds a hardware thread, but is the foundation to pfSense working ;-)
Hi Zenny:
I replied to your e-mail as well with essentiall the same info as this post. 1.5 GB of RAM is just not enough for Snort with a lot of rules on multiple interfaces. I also noticed in the config.xml you sent me that a number of packages such as AV, SquidGuard, pfBlocker and others were also installed along with Snort. If all those packages fire up, a 1.5 GB of RAM box is going to be pretty stressed. As you are getting "out of swap space" errors, that leaves no doubt that the box is running out of physical RAM and even exhausting the virtual RAM in swap.
I would recommend at least a 4GB RAM box. Newegg in the USA did have a nice little 1U ASUS barebones server chassis for $279 US. You would have to provide a CPU and RAM, so that would up the total cost. There are also some Intel Atom-based servers made by Supermicro at Newegg. Those start at $379 if I remember correctly.
Bill
-
There must be something wrong with my system then ;), because I have sensors on WAN, LAN and WLAN. LAN and WLAN are set on IPS-balanced and WAN has some ET rulesets. I have 2 GB Ram and system is using almost 50% of the installed memory. But I don't have other demanding packages installed.
-
There must be something wrong with my system then ;), because I have sensors on WAN, LAN and WLAN. LAN and WLAN are set on IPS-balanced and WAN has some ET rulesets. I have 2 GB Ram and system is using almost 50% of the installed memory. But I don't have other demanding packages installed.
Zenny had a large number of other packages installed such as pfBlocker, Unbound, Squidguard, Sarg, spamd, HAVP, Squid, Varnish3, tinc, and a few others. That much stuff along with Snort and a lot of enabled rules won't mix well with 1.5 GB of RAM. I heard back that he is upgrading the firewall to 4 GB of RAM. Hopefully that will do the trick.
Bill
-
FYI
The following being enabled kept the WAN interface from turning on.
It will show enabled, but it will have that red X next to it and it refused to start.
After troubleshooting, I narrowed it down to this very specific rule (which you need to add to your exception list)
2011695 ET WEB_CLIENT Possible Microsoft Internet Explorer Dynamic Object Tag/URLMON Sniffing Cross Domain Information Disclosure Attempt Disclosure Attempt
If I disable that, then the WAN interface is able to show the green play button (running) without issue.
