[Talk] - pfSense 2.3 release/upgrades

[RMerlin]

Asus at the time took a major hit, as they produced many boards for other OEM's - and their supply chain got hammered by the bad/counterfeit formula on the capacitors...

I don't remember having any issues with the few Asus we sold at the time. However the Abit and MSI boards were all timebombs - this was probably one of the big reasons that made us standardize on Asus afterward. (before that, we only used Asus for higher-end PCs).

 

[coxhaus]

I wonder if Dell was recapping them as they would only do 20 or 30 at a time. Then they would come back a week or 2 later.

 

[sfx2000]

I wonder if Dell was recapping them as they would only do 20 or 30 at a time. Then they would come back a week or 2 later.

If I recall - they were doing remove/replace motherboards at the service center level to speed up turnaround - and depot level for warranty and FRU stock...

I do recall seeing pallets of these things sitting down in shipping/receiving on their way to get fixed (we were a bit Dell shop at the time)

 

[kvic]

Never choose release 3.0 for anything...

Release 1.0 - gotta ship something
Release 1.1 - fix bugs in the shipping release
Release 1.1.1 - fix the fixies...
Release 2.0 - finally, all the stuff we wanted to put in Release 1.0, but busy fixing bugs and gotta ship pressure..
Release 2.1 - fix the things we broke in release 2.0

After the death march... as marketing has spun the 2.0 release as something really cool...

Release 3.0 - new team - let's do it another way, refactor all the code...

Gah... in real life, 3.0 releases are horrible, as many of the original devs/coders have left due to the death march of the rel 1, rel 2 cadence...

lol. pfSense 3.0 will have better support for multi-gigabit NICs.

 

[sfx2000]

Was thinking about this - and I might do a quick writeup on how to export the SNMP data out to a Cacti server (and then perhaps get Xymon and Syslog charting as well) - and that should take care of most of the charting/reporting data..

Been considering this for a while for my QNAP NAS box, so seems like a good time to start on it...

Hokay... working on this for a bit, getting good correlation so far outside of pfSense and the classic RRDTool stuff...

I'm using an external host (outside of the router, inside my lan)... the one you want to look at is CoxUpstream... and compare that to the WAN_DHCP results from pfSense 2.2...

From pfSense quality - apinger...

 

[sfx2000]

So right now - trying to keep it simple - and external - most is pretty turn-key with Ubuntu 14.04LTS, which was chosen as that distro supports both x86 and ARM - e.g. when done, one can set up a RaspPI as a data collector, or a linux box/VM...

 

[sfx2000]

Traffic monitoring is working now with the external box - happy I went this route as pfSense only monitors itself, whereas the external can monitor the router, along with other boxes/test points on the network..

This is a 24 hour graph for the router - can also do 1 week, 1 month - it's also collecting on another page cumulative data (total in/out) over the same time period slots...

 

[sfx2000]

I'll probably break this out to another thread - as it will work with anything that support SNMP, Syslog, and not just pfSense...

 

[Nullity]

sfx, have you considered using netflow rather than SNMP?

PS - pfSense 2.3_1 is an ntpd security update that does not require a system restart, only a restart of the ntpd service. https://forum.pfsense.org/index.php?topic=111150.msg619125#msg619125

 

[sfx2000]

sfx, have you considered using netflow rather than SNMP?

SNMP is more "standards" oriented - so when quantifying one's network - between SNMP and Syslog, this is more common...

netflow is very powerful, no doubt, but with most consumer platforms, it's a non-starter...

 

[sfx2000]

Anyways - I've been dropping hints on the forums to see if there is some interest in a "Quantified Network" series - not just PFSense, but other things as well - cannot judge where you are without numbers to back it up...

 

[sfx2000]

Sounds good... linux it is...

 

[sfx2000]

[DYI] - Network Monitoring/Quantifying

 

[oletuv]

Sfx,

Have you upgraded your pfSense firewall to 2.3.1?

Ole

 

[sfx2000]

Sfx,

Have you upgraded your pfSense firewall to 2.3.1?

Ole

no - because 2.2.6 works fine for me... it does a specific role, and it does it well

I only update items central to my network if it fixes things that are important to me - right now, 2.3.1 doesn't do that, and introduces new problems.

(hint - might be my experience running big data stuff in a data center)

 

[oletuv]

no - because 2.2.6 works fine for me... it does a specific role, and it does it well

I only update items central to my network if it fixes things that are important to me - right now, 2.3.1 doesn't do that, and introduces new problems.

(hint - might be my experience running big data stuff in a data center)

You´re a wise man.

 

[sfx2000]

<off track>
speaking about updates - I had/inherited boxes in the data center - not production perhaps, but dev labs that hadn't been touched in, you do code updates/etc, but generally from an OS level -

Quite literally years... uptime on the side of 5 years plus... things are stable if you leave them alone, and wrap enough security around them - these were lab boxes, away from the internet in their own little sandbox.

When we had to do the ghost patching, that was a reboot - linux can be incredibly stable - once set up - leave it alone and let it work...

Nothing more scary that rebooting a server with 5 years (plus) uptime other than it losing power and going cold - then it's a 50/50 if it comes up again (which I had to deal with about a year ago)...

<emphasis>Perhaps a lesson learned with old servers - Sun, HP/Compaq, and IBM do good HW when the gear is 5 figures plus USD</emphasis>

<more off track>My 3 year old IBM blade center lab was 6 figure investment in itself - 8 blades, 2*12 core XEON's per blade (do the math, 8*2*12 - I really, really, miss that box... it was fun to do an lscpu and see *** cores) - had to be a small scale version of the production servers - storage was a bit limited - at 16TB on a filer (SAN)... all told, 8U in a rack for the blade chassis, 2U for the SAN, and 2U for a 10GB switch (we had 40GB on external side)...

It was silly fast... always thought about running some handbrake and converting some...

I miss that box...
</more off track>
</off track>

 

[oletuv]

Sfx,

What could cause my pfSense hostname not to be resolved? The ip address works fine for accessing the WebGUI and establishing a ssh connection. Using the host-name instead of the host-ip fails.

host-ip: 10.0.0.1
host-name: ole-pfsense.home

Ole

 

[sfx2000]

Sfx,

What could cause my pfSense hostname not to be resolved? The ip address works fine for accessing the WebGUI and establishing a ssh connection. Using the host-name instead of the host-ip fails.

host-ip: 10.0.0.1
host-name: ole-pfsense.home

Ole

Perhaps this will help - turn on Avahi on pfSense, and change hostname to ole-pfsense.local

From my epic in progress...

[SIZE=5][B]Avahi[/B][/SIZE]
What is Avahi - it's multicast DNS and service discovery - while invented by Apple, it's been adopted across multiple platforms - hint, if you're on Windows - install iTunes, and you can play along as well. iTunes for Windows includes a full mDNS stack - Win10 has a partial implementation, but is sort of broken, so again install iTunes - Macs all have it, Androids use it, and many printers and set-top boxes also take advantage of it.

Few people know how much useful avahi could be. You can forget to run ifconfig on the target machines/devices to know the IP, you don’t need a static IP anymore for those…

Installing avahi is quite simple - the client on Ubuntu Desktop is usually installed, but for our small server, we need to install the avahi-daemon and avahi-utils packages.

sudo apt install avahi-daemon avahi-utils
After that you can reach that machine over the net using its new domain name.

ping testbox.local
One can also do network discovery - might be surprised at how many devices support zerocong/msDNS

test@testbox:~$ avahi-browse -at
You might also consider running avahi-browse-domain utility:

test@testbox:~$ avahi-browse-domains -at
Avahi is useful enough that this series is dependent upon it for many of the examples and configurations - so it is a pre-requistie item.

[I]Editors note - Avahi, like NetworkManger, systemd, and LVM - these are newer technologies that actually make life easier for Linux users - both in the server as well as desktop environments - change is inevitable… this series will meet them head-on and make use of them - there are many benefits for the SmallNetwork SNB Basics admin and their users[/I]

 

[oletuv]

Perhaps this will help - turn on Avahi on pfSense, and change hostname to ole-pfsense.local

Thanks, Sfx.

Just installed Avahi in pfSense. I can ping ole-pfsense.local from pfSense (shell and WebGUI) but not from terminal on my MacBook.

Ole