Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - w0w

Pages: [1] 2 3 4 5 ... 39
1
2.4 Development Snapshots / Re: router dead.. mountroot>
« on: February 21, 2018, 10:07:12 pm »
Both loader.conf anf loader.conf.local are in place and in my case are not changed at all.

2
2.4 Development Snapshots / Re: router dead.. mountroot>
« on: February 21, 2018, 11:14:38 am »
What a mess... does anybody  tests those snaps on ZFS at all before making it available for download?

Hmm... I've updated another one system from 2.4.1 to 2.4.3
Code: [Select]
2.4.3-DEVELOPMENT (amd64)
built on Wed Feb 21 08:35:06 CST 2018
FreeBSD 11.1-RELEASE-p6

And it's booted just fine, even second time and yes it's ZFS.
Is it possible that you have updated your firewalls only twice in-between 14 and 21 February? Because this wrongly committed pfsense-utils.inc erases .conf files but you will know it only on second reboot or next upgrade, getting this well known mountroot>

Anyway I don't know how it's related to dummynet, but i was getting the same error when mountroot> came to me on 16 February.
On this 2.4.1 to 2.4.3  version I do not have it.

3
2.4 Development Snapshots / Re: Any updates on implementing fq_codel
« on: February 20, 2018, 10:33:40 pm »
Since I don't use this setup anymore I can not comment problems you are facing now. I just know that shaper working on pf side and limiter is working on ipfw side, since it's two different firewalls there may be conflicts in their work.

I suggest you to create new topic in https://forum.pfsense.org/index.php?board=26.0

4
2.4 Development Snapshots / Re: Any updates on implementing fq_codel
« on: February 18, 2018, 02:14:48 pm »
I have used https://forum.pfsense.org/index.php?topic=63531.0 this guide for evenly sharing.

Limiters is not the right thing you are looking for, you should do proper traffic sorting on shaper side, ex using HFSC and your torrent and http download must not share one queue, then you can set link share percents or bandwidth limits under service curve, for example setting 1% for torrent queue [qlow and qacklow in my sample setup] will limit this queue to 1% of overall bandwidth if any other queue wants full speed at the same time.


5
2.4 Development Snapshots / Re: router dead.. mountroot>
« on: February 18, 2018, 01:24:01 pm »
Sad that it was not properly tested before merging, but anyway the positive thing is that I've learned a bit how to restore snapshot on ZFS :)
And yes, thanks to MorpheusRO for pointing.

6
2.4 Development Snapshots / Re: Any updates on implementing fq_codel
« on: February 18, 2018, 12:08:48 am »
It was something like that, you must use floating rules with pass and quick apply option. WAN/LAN is using the same shaper parameters as I have symmetrical bandwidth.

7
2.4 Development Snapshots / Re: Any updates on implementing fq_codel
« on: February 17, 2018, 09:18:47 am »
Let me see tomorrow. I'll check some backups and let you know.

9
2.4 Development Snapshots / Re: Any updates on implementing fq_codel
« on: February 17, 2018, 06:49:53 am »
You can enable Codel for Queues in HFSC. I did that. It works for me, browsing is very fast when torrent download at full speed and no bufferbloat also, but shaper certainly needs fine tune and manual bandwidth limiting. So in my case it's HFSC with three queues where only two have codel enabled. Those are "p2p" and "everything else". VoIP, the third queue in HFSC have dedicated bandwidth. Also I have dynamic limiter that set to equalize bandwidth between IP addresses. A little bit complicated, but it works in my case. If fq_codel makes things better and simplifies shaping settings then I give it +1 to be implemented in pfSense.

I know that there is an old topic, but i'm trying to do the same setup. Would you mind sharing screenshots with your setup?

I am not using this scheme anymore, I am using FQ_CODEL now https://forum.pfsense.org/index.php?topic=126637.0

10
2.4 Development Snapshots / Re: router dead.. mountroot>
« on: February 17, 2018, 01:02:26 am »
Same thing happened to me...

You can use this workaround (https://redmine.pfsense.org/issues/6929) for the moment, to be able to boot, until the issue is solved.
No. It's fails with
 load /boot/kernel/opensolaris.ko can't find 'opensolaris'

Use load /boot/kernel.old/opensolaris.ko instead!

11
2.4 Development Snapshots / Re: router dead.. mountroot>
« on: February 17, 2018, 12:58:44 am »
Just finished migrating from bare metal to virtualbox and ran into this myself, thought it was something amiss in the migration.

After finished the migration, everything was working, then updated to the latest pfsense build; update apears to go fine, then after reboot, the zfs root will not mount.

Ended up backing up configuration, reloading with latest build image installed as ufs, and restoring configuration to get going again.

Update:  Dug up some info.

After the first update new error appears on console:

Warning: file_get_contents(): Filename cannot be empty in/etc/inc/pfsense-utils.inc on line 1120

Then once rebooted, the mount failure happens.

On the rebuild using UFS, after each reboot, I''m getting crash dump errors similar to the first error after upgrade.

PHP Errors:
[16-Feb-2018 <scrub> America/Los_Angeles] PHP Warning:  file_get_contents(): Filename cannot be empty in /etc/inc/pfsense-utils.inc on line 1120

The "America/Los_Angels" part is the timezone.  I've tried changing the timezone, but still get the same error, just different time zone.
Same for me, first error was PHP and today's snap went to unknown filesystem  >:(

12
2.4 Development Snapshots / Re: Unbound start issue
« on: February 11, 2018, 12:33:14 am »
DO you see something in unbound logs?     Status/System Logs/System/DNS Resolver?

EDIT:
I've found something similar https://redmine.pfsense.org/projects/pfsense/repository/revisions/4aa33c9557c95f2d909d00b62a4e660210be9971
but I don't see anybody reported exactly the same issue, you should create one.

13
2.4 Development Snapshots / Re: Unbound start issue
« on: February 11, 2018, 12:24:07 am »
Can't reproduce it.
Code: [Select]
Feb 11 08:18:39 unbound 32441:0 info: start of service (unbound 1.6.8).
Feb 11 08:18:39 unbound 32441:0 notice: init module 1: iterator
Feb 11 08:18:39 unbound 32441:0 notice: init module 0: validator
Feb 8 18:34:49 unbound 28563:0 info: start of service (unbound 1.6.8).
Feb 8 18:34:49 unbound 28563:0 notice: init module 1: iterator
Feb 8 18:34:49 unbound 28563:0 notice: init module 0: validator
Feb 4 16:56:43 unbound 30403:0 info: start of service (unbound 1.6.8).
Feb 4 16:56:43 unbound 30403:0 notice: init module 1: iterator
Feb 4 16:56:43 unbound 30403:0 notice: init module 0: validator
Feb 3 07:04:57 unbound 28989:0 info: start of service (unbound 1.6.8).
Feb 3 07:04:57 unbound 28989:0 notice: init module 1: iterator
Feb 3 07:04:57 unbound 28989:0 notice: init module 0: validator
Feb 2 06:07:33 unbound 28386:0 info: start of service (unbound 1.6.8).
Feb 2 06:07:33 unbound 28386:0 notice: init module 1: iterator
Feb 2 06:07:33 unbound 28386:0 notice: init module 0: validator
Feb 1 05:48:40 unbound 30602:0 info: start of service (unbound 1.6.8).
Feb 1 05:48:40 unbound 30602:0 notice: init module 1: iterator
Feb 1 05:48:40 unbound 30602:0 notice: init module 0: validator
Jan 31 06:12:14 unbound 29505:0 info: start of service (unbound 1.6.8).
Jan 31 06:12:14 unbound 29505:0 notice: init module 1: iterator
Jan 31 06:12:14 unbound 29505:0 notice: init module 0: validator

Code: [Select]
Feb 11 08:18:39 kernel done.
Feb 11 08:18:39 php-cgi rc.bootup: sync unbound done.
Feb 11 08:18:39 kernel done.

Code: [Select]
2.4.3-DEVELOPMENT (amd64)
built on Sat Feb 10 22:49:37 CST 2018
FreeBSD 11.1-RELEASE-p6

Working just fine. I have IPv6 DISABLED if it does matter.

14
General Questions / Re: Admin password changed itself. Twice. Yes it did.
« on: January 25, 2018, 02:35:36 pm »
I don't really think that there is something compromised in pfSense on that non official piece of hardware, I do think it's just broken, corrupted or whatever else. If you feel your copyrights are violated, go to court, this is the right way. If you want to stop distribution of free version of pfSense for any reason, just stop it and see what happens, but I don't think this really can help you stop those sellers to pre install and sell anything they will call pfSense even if it's not.

15
Traffic Shaping / Re: playing with fq_codel in 2.4
« on: January 23, 2018, 10:31:51 am »
probably wont be until saturday, but I will post I tried an install of 2.4.0, restored the config, and it functions correctly, 100% same configuration. Back to 2.4.2 and problem comes back.  (tested yesterday).

I can post limiter config now I guess as its in the GUI but the enable box is unticked.

I got 2 issues with what john posted.

1 - It only applies fq_codel at boot, it will get lost on a limiter reload.
2 - He posted some instructions that were not detailed, meaning I cannot be sure if I follow his setup I am doing it right.

1. It applies every time when something causes reload of packages or at boot. Actually I don't understand why you need to reload limiter.
2. May be. It depends.

You can just configure your limiters via GUI and then run command via GUI command line:

Code: [Select]
/sbin/ipfw sched 1 config pipe 1 type fq_codel target 7ms quantum 2000 flows 2048 && /sbin/ipfw sched 2 config pipe 2 type fq_codel target 7ms quantum 2000 flows 2048 
Make sure that you have not messed up with traffic direction and masks.

Show your gui config, including LAN rule IN/OUT pipe and modded rules.limiter




What is missing on the ipfw sched show? I dont notice anything.

Mask is missing.




Actually I am on 2.4.3 and I am not sure is there something broken on 2.4.2

Pages: [1] 2 3 4 5 ... 39