Welcome, Guest. Please login or register.

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - gderf

Pages: 1 [2] 3
Feature Requests / SNMP Agent Upgrade to 64bit
« on: August 04, 2015, 04:17:02 PM »
The current SNMP Agent/MIB does not have any 64bit counters available.

On high speed interfaces with high throughput rates, the 32bit counters used in the current t1n1wall version wrap too quickly to be of use by programs that poll interfaces infrequently.

Current pfsense does not have this problem as it makes use of 64bit counters on the interface OIDs.

Services / PC Engines APU1D4 and SNMP
« on: August 02, 2015, 07:00:18 PM »
I have been using IOG http://www.dynw.com/iog/ for many years with all sorts of firewall appliances with good results even though the program is very dated.

When I transitioned from my old ALIX 2C3 to my new APU1D4, IOG continued on seemingly well with no changes required to its configuration.

But I found myself in an unusual situation, unusual for me that is' and now IOG is broken, and badly.

What happened is that I did an extensive amount of downloading over a fairly short period of time ~175GB in just a few hours. What I observed is that IOG no longer reported bandwidth usage accurately, and I man WAY OFF as in way too low.

From what I can tell the problem is caused by the SNMP OID counters for the network interfaces in the router are only 32bit capable, and are wrapping around and starting over from zero more than once during any one hour period for which IOG polls the counters.

In the past this was never seen because my usage patterns combined with the prior low speed capability of my internet service meant that I couldn't or didn't exceed the counters' capabilities in any one hour period for which IOG polls the counters.

What's happening now is that my internet connection is now capable of more than 125mbps and running it flat out easily wraps the SNMP OID counters for the network interfaces of the router, probably several times in any one hour period before they are polled again by IOG.

Does anyone have any solution to this?

I did do an SNMP walk of the APU1D4 and didn't spot any OIDs that referenced 64bit within their names.

Is this a limitation of the APU1D4 and/or is it a deficiency of the SNMP MIB that is within t1n1wall?

Installation / Re: Anyone Running on an APU?
« on: July 25, 2015, 05:06:16 PM »
I should add that I am able to run only 1.8.2 generic-pc images on APU. The 1.10 branch will not run on APU1d4.

Installation / Re: iso image file to bootable usb stick
« on: July 25, 2015, 05:03:41 PM »
Thanks, but this is way more than I would be willing to get involved with, especially considering it would have to be done all over again for every incremental new release.

Installation / Re: iso image file to bootable usb stick
« on: July 22, 2015, 04:41:12 PM »
Well, that's a step in the right direction, but still a convoluted solution. It would be easier to just run from USB rather than internal SD, at least while playing with new versions that might not boot.

Would it be possible to make a generic-pc version that is writable to, and bootable from a USB stick, just like we already have now, but that has an install to disk option from the console just like the Live-CD has?

Installation / Re: iso image file to bootable usb stick
« on: July 20, 2015, 07:03:33 PM »
Thanks Lee, but you miss my point.

I want to be able to boot from a USB flash drive for one purpose, and one purpose only: To be able to install the on USB drive version to the internal SD card - just like can be done from the Live-CD version.

What I am faced with now when an upgrade from the GUI goes bad: I have to remove the cover from my AUP router box, remove the SD card, take it to another machine, write the previous known to work version to the SD card, take the card back to the AUP, boot it, then restore the configuration from a backup copy.

Needless to say, I am not terribly interested in testing new versions under these circumstances.

Installation / Re: iso image file to bootable usb stick
« on: July 15, 2015, 02:22:51 PM »
On a linux box I am using:

dd if=generic-pc-1.8.2b42.iso of=/dev/sde bs=1M

I have tried a few different choices for bs= but it doesn't make a difference.

The USB stick is good as writing generic-pc-1.8.2b42.img to it works fine.

If dd is not correct for writing isos, what is?

Installation / Re: Anyone Running on an APU?
« on: July 13, 2015, 02:35:36 AM »
The only quirk I ran into was that the generic-pc-serial images that work on ALIX don't work on APU. That's counterintuitive, but I have run into that before.

The correct images for APU are the generic-pc.

Installation / iso image file to bootable usb stick
« on: July 09, 2015, 09:00:47 PM »
I am starting with generic-pc-1.8.2b42.iso file and I use (among other things) dd to write it to an 8GB Sandisk  USB stick. However, the resulting USB drive will not boot on any machine I have.

Any ideas?

Installation / Anyone Running on an APU?
« on: July 04, 2015, 07:18:13 PM »
My ISP recently upgraded my service. Until that happened, my trusty old Alix 2C board with 100mbps NICs was all I needed.

Prior to the upgrade, I was provisioned for ~85mbps down and the ALIX seemed to handle that well, giving me all of it.

However, the upgrade was to ~125mbps down, and the ALIX will not deliver anymore than that same ~85mbps. I am now Bottlenecked by the NICs or CPU or both. I know this because if I plug a PBCwith 1gbs NIC directly into the modem, I get the full 125mbs down.

So I ordered an APU1D4 board and it will be here in about a week. I plan to boot it with t1n1wall on a Sandisk Cruiser Fit USB drive.

Has anyone set up for an APU? Any quirks or special handling over what works for ALIX installs?

Sometimes I am doing things on LAN machines such as installing new software that wants to connect to the internet in ways that might be leaking information I would rather not disclose, such as my IP address. I usually unplug the router WAN cable as it's the easiest one to reach. I could power off the cable modem instead, but it takes quite a while to boot.

This would be easier if I could disable the router WAN port from the serial console.

I would find it useful to be able to occasionally disable/re-enable a network interface.

Obviously, this could be a problem if done from the network remotely, so restricting the capability to the serial console would be appropriate.

Currently I unplug/re-plug ethernet cables to do this.

Thanks for considering this enhancement.

Feature Requests / Re: BlinkLED
« on: April 14, 2015, 04:19:11 PM »
Well, I'm flexible - anything other than 'always off' would make sense to me.

Feature Requests / Re: BlinkLED
« on: April 10, 2015, 06:26:37 PM »
Currently, LED 1 (the far left) indicates power on.

I would like to have the three LEDs indicate network traffic on the three available interfaces as I don't see having a power on indicator (the current LED 1 behavior) necessary because any network traffic on any interface would indicate that the unit is switched on.

A compromise would be to have LED 1 indicate power on, and the other two LEDs could be user assigned to any two of the three available interfaces.


Feature Requests / BlinkLED
« on: April 03, 2015, 04:41:10 PM »
BlinkLED is a pfsense feature that allows LEDs available on ALIX boards to be assigned to network interfaces and indicate the presence of traffic on them. Would be useful for installations where the rear panel is not visible, but the front panel is. See:


Pages: 1 [2] 3