Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - dennypage

Pages: [1] 2 3
1
Packages / LLDP daemon package
« on: February 07, 2018, 07:38:13 pm »
This topic is for information on the lldpd package.


Version history:
  • 0.9.4   Initial release
  • 0.9.9   Update to lldpd version 0.9.9

2
Packages / NUT info thread
« on: July 18, 2017, 07:56:52 am »
Mods, the nut info thread has spontaneously disappeared. Can you investigate please?

https://forum.pfsense.org/index.php?topic=115349

Thanks

3
Traffic Shaping / HFSC & Codel
« on: February 28, 2017, 07:31:00 pm »
Would anyone who is using HFSC or PRIQ with Codel care to share their actual configuration as an educational exercise for the less experienced?

Thanks in advance to any volunteers.

4
Installation and Upgrades / SG-2220 upgrade failure
« on: February 22, 2017, 10:21:46 pm »
I have an SG-2220 that is failing the upgrade from 2.3.2-RELEASE-p1 to 2.3.3.

Updating from the UI produces this:
Code: [Select]
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
ERROR: It was not possible to determine pfSense-repo remote version
Failed

Updating via the console produces this:
Code: [Select]
>>> Updating repositories metadata...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
>>> Unlocking package pfSense-kernel-pfSense... done.
The following 5 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense-rc: 2.3.2_1 -> 2.3.3 [pfSense-core]
pfSense-kernel-pfSense: 2.3.2_1 -> 2.3.3 [pfSense-core]
pfSense-default-config: 2.3.2_1 -> 2.3.3 [pfSense-core]
pfSense-base: 2.3.2_1 -> 2.3.3 [pfSense-core]

Installed packages to be REINSTALLED:
scponly-4.8.20110526_2 [pfSense] (options changed)

Number of packages to be upgraded: 4
Number of packages to be reinstalled: 1

40 MiB to be downloaded.

**** WARNING ****
Reboot will be required!!
Proceed with upgrade? (y/N) y
>>> Downloading upgrade packages...
Updating pfSense-core repository catalogue...
pfSense-core repository is up-to-date.
Updating pfSense repository catalogue...
pfSense repository is up-to-date.
All repositories are up-to-date.
Checking for upgrades (5 candidates): ..... done
Processing candidates (5 candidates): ..... done
The following 5 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
pfSense-rc: 2.3.2_1 -> 2.3.3 [pfSense-core]
pfSense-kernel-pfSense: 2.3.2_1 -> 2.3.3 [pfSense-core]
pfSense-default-config: 2.3.2_1 -> 2.3.3 [pfSense-core]
pfSense-base: 2.3.2_1 -> 2.3.3 [pfSense-core]

Installed packages to be REINSTALLED:
scponly-4.8.20110526_2 [pfSense] (options changed)

Number of packages to be upgraded: 4
Number of packages to be reinstalled: 1

40 MiB to be downloaded.
Fetching scponly-4.8.20110526_2.txz: .. done
pkg: cached package scponly-4.8.20110526_2: size mismatch, fetching from remote
Fetching scponly-4.8.20110526_2.txz: .. done
pkg: cached package scponly-4.8.20110526_2: size mismatch, cannot continue
>>> Locking package pfSense-kernel-pfSense... done.

Unfortunately the unit is remote, so I can't just wipe and re-install. Ideas?

Thanks in advance.

5
Installation and Upgrades / pkg update failures
« on: October 12, 2016, 01:30:56 am »
Can someone offer more information regarding this tweet from the pfSense project please?

6
Installation and Upgrades / 2.3.2_1 crash report
« on: October 07, 2016, 11:37:22 pm »
Following the upgrade from 2.3.2 to to 2.3.2_1, I'm receiving a crash report on each reboot:

Code: [Select]
Crash report begins.  Anonymous machine information:

amd64
10.3-RELEASE-p9
FreeBSD 10.3-RELEASE-p9 #1 5fc1b19(RELENG_2_3_2): Tue Sep 27 12:25:49 CDT 2016     root@factory23-amd64-builder:/builder/factory-232/tmp/obj/builder/factory-232/tmp/FreeBSD-src/sys/pfSense

Crash report details:

PHP Errors:
[07-Oct-2016 21:30:33 PST8PDT] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20131226/suhosin.so' - /usr/local/lib/php/20131226/suhosin.so: Undefined symbol "ps_globals" in Unknown on line 0

This seems to be very similar to a problem I had with the 2.3.3 snapshot series, but in this case this is a SG-4860 unit that has only had release versions on it. No alpha/beta snapshots at all.

7
General Discussion / Chrony
« on: October 01, 2016, 08:24:18 pm »
Has anyone looked at offering Chrony as an alternative or replacement for ntpd?

8
2.3.3 Development Snapshots / 2.3.3 reboot crash report
« on: September 10, 2016, 09:08:35 am »
The current build of 2.3.3 is drooping a crash report on each reboot:

PHP Errors:
[10-Sep-2016 07:00:18 America/Los_Angeles] PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/local/lib/php/20131226/suhosin.so' - /usr/local/lib/php/20131226/suhosin.so: Undefined symbol "ps_globals" in Unknown on line 0

9
Packages / NUT package
« on: July 18, 2016, 04:21:10 pm »
This topic is for information on the new NUT package.

The new package, version 2.7.4, has been released. If you have the prior 2.3.X package installed, it is recommended, but not required, that you uninstall the old package before installing the new package. This will ensure that all files from the prior package are removed.

The new package brings an all new gui and alignment with current NUT architecture. It supports configuration for all UPS types that the FreeBSD NUT distribution supports, including local USB, local serial, remote SNMP, remote NUT and apcupsd servers.

After installing the new package, NUT status and settings can be accessed in Services / UPS. The new widget can be added to the dashboard by selecting UPS Status.

Background information can be found in the beta test topic here: https://forum.pfsense.org/index.php?topic=114871.0


Version history:
  • 2.7.4_1   Fix repo/build issues
  • 2.7.4_2   Fix repo/build issues
  • 2.7.4_3   Remove orphaned NUT menu entry on upgrade
  • 2.7.4_4   Allow mixed case for serial port (/dev/cua[uU]?)
  • 2.7.4_5   Add support for NUT's "dummy" driver
  • 2.7.4_6   Add support for power kill following shutdown (requires pfSense 2.4.3)

10
Packages / Beta test of new NUT UPS package
« on: July 10, 2016, 01:09:49 am »
I am looking for some volunteers to help with testing a new NUT UPS package.

Please note that in order to install the beta nut package, you must be comfortable using the command line interface. If you are not comfortable with the command line, please wait for the ga version of the package.

Please PM me if interested.

11
Installation and Upgrades / 2.3.1_1 update?
« on: May 25, 2016, 05:06:28 pm »
On the system dashboard for my SG units, it is showing "Version 2.3.1_1 is available." However, when I click on the update link, the system update page says 2.3.1 is "Up to date." Is there a 2.3.1_1 update?

12
Packages / NUT?
« on: May 09, 2016, 11:21:34 am »
I see references to NUT being available in 2.3, but it doesn't show up in available packages on my 2.3 units. The only place I see it is in my 2.3.1 test system. It this being held for 2.3.1?

13
General Questions / PF was wedged/busy and has been reset.
« on: May 03, 2016, 02:21:05 pm »
I have an SG-2220 that has just been upgraded from 2.2.6 to 2.3. Following the upgrade, I am receiving the following two notices each time the unit boots:

Code: [Select]
pf_busy

 PF was wedged/busy and has been reset. @ 2016-05-03 11:58:53

Filter Reload

 There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]: @ 2016-05-03 11:58:54

The system log entries are:
Code: [Select]
May 3 11:58:53 php-fpm 272 rc.newwanip: New alert found: There were error(s) loading the rules: pfctl: DIOCXCOMMIT: Device busy - The line in question reads [0]:
May 3 11:58:53 php-fpm 272 rc.newwanip: New alert found: PF was wedged/busy and has been reset.

Both WAN addresses (IPv4 & IPv6) are DHCP. If I disable IPv6 on the WAN interface, the problem still occurs.

The only packages that are installed are AutoConfigBackup and Service_Watchdog.

Suggestions welcome.

14
Hardware / SG-2220 identification in 2.3
« on: May 03, 2016, 02:20:13 pm »
I have an SG-2220 that has been upgraded from 2.2.6 to 2.3. In the System Information widget, it identifies itself as "Netgate RCC-DFF", whereas my SG-4860 correctly identifies itself as "SG-4860".

Does this indicate that I've somehow lost the "factory" image setting on the SG-2220?

15
General Questions / Chasing latency
« on: March 08, 2016, 02:09:09 am »
I've spent a bit of time chasing latency to/from pfSense recently, and I thought it would be worth posting about. Perhaps it will save someone else a few hours of frustration.

The issue started with trying to track latency spikes on the WAN connection. In an effort to eliminate various components before talking with the ISP, I set up various latency monitoring points, both on the firewall and off the firewall. The surprising results seen in the local network quickly became an investigation all on its own...

What I initially saw is show in the first two images. The first graph shows the latency when pinging from the firewall (SG-4860) to a directly connected (no switch) host in the DMZ. The second graph shows the latency when pinging from a host in the LAN through the firewall to the same host in the DMZ.

As you can see, both are nice sawtooth graphs. Clearly cyclic, but with a long period. 20 minutes or so. Pretty unusual. Even more unusual, was that on rare occasion it would just flatten out for 5 or 10 minutes. No discernible pattern. And any attempt at interactive diagnosis would cause an immediate reversion to sawtooth. I spent time combing through logs trying to correlate events. "Really, did an IPSEC rekey just cause my latency to drop?!? A pfBlocker list update? Seriously?"

The answer turns out to be yes. I finally found the cause: powerd with Hiadaptive. On the SG-4860 at least, it's bad news. After disabling powerd the latency appears as one would expect (graphs 3 and 4). And disabling powerd had little or no effect on core temperature. Win win.

Pages: [1] 2 3