Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - photonman

Pages: [1] 2 3 4 5 6
1
I ran pfs 1 and then 2 on a dell 2950 ESXi 5 server for almost 2 years with no issues.  I used E1000 and most recently the vmnx nic drivers.  The host's dual Xeon E5440's did not have VT but pfs ran great anyways.  It would be great to be able to do hardware pass-through for the nics but I do not think I would have noticed.

since then I have gone to a bare metal pfs install on an old Dell 1750 and it runs just the same.

So VMWare esxi is a great platform for pfs.  The pfs vm rebooted a lot faster then the dell 1750...I miss that capability where I could sneak in a reboot during lunch hours O:

2
Packages / Re: HAVP Setup Questions
« on: November 05, 2012, 10:10:33 am »
thanks, it seems to be working the way I intended.

my pfsense box is a dell poweredge 1750 with dual xeon and 4 GB of RAM and Intel Pro/1000 GT nics.

right now my plans are for only HAVP and Snort packages.

Cable broadband ISP with 40 Mb down 5 Mb up.

Will that box be sufficient?


3
Packages / HAVP Setup Questions
« on: November 04, 2012, 08:58:40 am »
Hi all,

I decided to install this package but not quite understanding it

1.  Can I use transparent proxy mode without Squid package?

I want to have all http traffic scanned but I don't want to have to setup my clients for this and transparent mode sounds like what I want but I am confused by some of the comments in the settings such as "works as parent for squid...etc."

4
Firewalling / Re: Is blocking youtube really this hard?!
« on: October 16, 2012, 09:22:15 pm »
What else can I try?

Try Untangle in bridge mode.

That is what I did.  It has nicely packaged solutions for everything you want to block and gives you unreal amount of info of what is running through your firewall.

I used both pfs and Ut  over the last two plus years and recently decided I needed both.

I love the firewall functionality of pfs but the packages were too unpolished or not available for the current version.

And that is the void that UT filled in but sure, with added complexity and another device sitting in your network.

5
VMXNET 2 (Enhanced) and VMXNET 3 NICs are not supported yet?

with the open vmtools package, you can get vmxnet2 drivers to work easily.

6
i'm not sure but i think there are/were issues with the vmxnet drivers and vlan's ....



The VMXNET2 drivers work with the current stable edition of the OPEN VM TOOLS package so that is what I am running with now.

7
still confused over which NIC is the generally preferred option for pfSense 2 on a VMWare ESXi 5 hypervisor.

The E1000 seems to be the easiest to manage as far as not needing vmtools which makes upgrades easy.

But VMWare documentation calls the VMXNET nics "high performance" so immediately I think "I want that!!!"

VMXNET2 (enhanced) loads fine once you have vmtools package installed and I have not been successful yet in getting VMXNET3 working properly.
so I will wait until the pre-compiled vmtools package supports that one.

So with all things equal, which is the preferred NIC for a VMWare installation, E1000 or the VMXNET variation.

 Thanks (sorry if this is a redundant topic but there seems to be no definitive answer out there yet)

8
General Questions / Re: 2.0.1 BETA?
« on: December 21, 2011, 12:28:13 pm »
how important is this update? 

2.0  has been fine.  I rather wait for 2.1 if this is not critical.

9
would not expect the mac os to operate any different for web browsing.

I have leopards and lions behind my pfs with no issues.

check the dns settings on them vs. the windows dns settings but I would guess they all use the same DHCP server and gateways?

10
General Questions / Re: 60 days running straight!
« on: November 22, 2011, 03:56:46 pm »
Day 54 and still solid as day 1.

11
I would say VMware ESX would be more secure then Xenserver for the simple reason that Xenserver relies on an linux operating system whereas ESX is a hypervisor.

12
General Questions / Re: network topology conundrum help please
« on: October 17, 2011, 10:39:15 pm »
this sounds like the type of project that will need lots of testing and a solid fail back option.

if you were running your PFS  on vm's, you could leave your current PFS firewalls intact but you would need to overlap your ISP durations if a change is involved.

then you can test your new configurations during off hours on the new PFS setups and you could always just swap the cables back the current setup
if needed for fail back.

I would get A to B solid and reliable and then tackle B to C.

not sure I answered any of your questions but this sounds like a fun project with lots of opportunity to improve school c's link up.  Good Luck.

13
General Questions / 2.0 RELEASE VM Issue
« on: September 29, 2011, 01:04:35 pm »
just noticed that the loader.conf on a fresh build is like this:

autoboot_delay="3"
vm.kmem_size="435544320"
vm.kmem_size_max="535544320"
kern.ipc.nmbclusters="0"
kern.hz=100vmblock_load="YES"
vmmemct_load="YES"
vmhgfs_load="YES"
vmxnet_load="YES"
vmxnet3_load="YES"

it needs to be like this:

autoboot_delay="3"
vm.kmem_size="435544320"
vm.kmem_size_max="535544320"
kern.ipc.nmbclusters="0"
kern.hz=100
vmblock_load="YES"
vmmemct_load="YES"
vmhgfs_load="YES"
vmxnet_load="YES"
vmxnet3_load="YES"

14
I downloaded the packages manually from ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8-stable/Latest/  but now I am stumped as to how to load them in pfsense?

[UPDATE]...I got it loaded... used

pkg_add -rv ftp://ftp.freebsd.org/pubFreeBSD/ports/i386/packages-8-stable/Latest/

and assigning the interfaces was a tricky thing because it gave the valid interfaces as interface name + MAC address so for example:

vmx3f000:12:34:56:78:90:bb
vmx3f100:12:34:56:78:90:hh

You have to realize the interface names are vmx3f0 and vmx3f1

THANK YOU so much for the great instructions as I could have never done this without...

Notice that these files exist in /boot/modules and not in /boot/kernel like vmxnet.ko so is that a problem???

vmmemctl.ko
vmblock.ko
vmxnet3.ko

but I get this with kldstat which is good but no vmhgfs which could be a change in ESXi 5 vmtools?

$ kldstat
Id Refs Address    Size     Name
 1   10 0xc0400000 11796f4  kernel
 2    1 0xc157a000 5684     vmblock.ko
 3    1 0xc1580000 3404     vmmemctl.ko
 4    1 0xc1584000 4988     vmxnet.ko
 5    1 0xc1589000 8608     vmxnet3.ko

but then when I add the vmxnet 3 nics to the vm and reboot I get this:

$ ps ax|grep vmware
19319  ??  S      0:00.00 sh -c ps ax|grep vmware
19733  ??  S      0:00.00 grep vmware

which means the tools are not running?

and $ find /* |grep vmware-guestd

gives me nothing???

so I reinstalled the package from the shell and now I get this so perhaps vmware-guestd is now vmtoolsd and in VMware client it actually says VMware Tools: Running (Current)

$ ps ax|grep vmware
12758  ??  S      0:00.00 sh -c ps ax|grep vmware
12846  ??  R      0:00.00 grep vmware
15633  ??  S      0:00.11 /usr/local/lib/vmware-tools/sbin/vmtoolsd

but as soon as I reboot, the VMware says VMware Tools:Not Running (Current) and grep vmware does not show vmtoolsd?

I am hoping that I am way ahead of the pack and the current documentation cannot explain ESXi 5 vmtools on a pfSense 2.0 machine.




15
build a pfsense 2.0 vm

load open-vmtools

done

Pages: [1] 2 3 4 5 6