Powered by Foswiki, The Free and Open Source Wiki

You are here: Foswiki>KnowledgeBase Web>PfsenseGeneralInfo (23 Apr 2023, NickDemou)Edit Attach

General Info about pfSense

monitoring commands

# Live BW usage
pkg instal iftop
/usr/local/sbin/iftop -nNpPi em0
# press t to cycle modes

# a more advanced use of iftop
iftop -o 10s -m600k -nNpPi em0 # monitor bw per IP @LAN 0.6mbps <-^

pftop -s1 -v queue # monitor Queues
# test download speed:
fetch -o /dev/null http://cachefly.cachefly.net/10mb.test
fetch -o /dev/null http://cachefly.cachefly.net/100mb.test
# test download/upload speed
# (note:doing a speedtest to/from PFSense is about 4x more expensive [on CPU] per packet.)
pkg install py27-speedtest-cli
rehash
speedtest-cli

Cheat sheet of commands

clog -f /var/log/ppp.log # tail -f logs
netstat -r # see routing table
sockstat -4 -l # list open ports
pkg instal pkgname # install pfsense package
ifconfig # view interface info
pftop # like iftop worse but included

/usr/bin/top # list process by CPU usage

killall -9 php; killall -9 lighttpd; /etc/rc.restart_webgui # restart web-UI

A VERY GOOD GUIDE Re: Limiters

https://superuser.com/questions/737511/get-router-or-computer-to-share-bandwidth-equally-amongst-applications/1210164#1210164

VoIP QoS

see ndemou zim wiki at PfsenseQos

HW for pfsense routers (and more)

Official HW support page for FreeBSD
http://www.freebsd.org/releases/10.1R/hardware.html

Intel Atom J1900 boards

Search at AliExpress for J1900 4 LAN pfsense and you'll find good deals
<<I have a J1900 box with 4 Intel NIC's [and 4GB RAM] that'll do 890mbit routing and 100mbit OpenVPN aes-256 all day with no issues. It'll also run Suricata well at >=150mbps for sure, (my line can't go faster). >>

APU2C4

Just the MOBO -*- In a small box -*- Rack mounted
APU2C4 and APUD4. A,B,C,D B means maturity of the build. A=you may see major revisions of chips/board/firmware D=only fixes in firmware are expected. 4 denotes the GBytes of RAM
mSATA instead of m.2 and only one SATA. [...]They are quite commonly used as a pfsense router. The APU2 boards like mine - however - have Intel NIC's.

installation on KVM

To use virtIO for networking goto to pfsense's webUI > System > Advanced > Networking > check "[x] Disable hardware checksum offload", then reboot. Otherwise everything will work but the host and other guests will not have network (no SYN-ACK's to SYN's). MAYBE you'll also need to run on linux hypervisor: ethtool -K brX tx off where brX is every bridge interface that pfsense VM uses

https://encrypted.google.com/search?hl=en&q=motherboard for a freebsd#hl=en&tbs=qdr:y&q=pfsense++kvm
http://wnapdlf.blogspot.gr/2015/03/installation-pfsense-on-kvm-and-using.html
http://www.mondaiji.com/blog/other/it/10254-virtual-pfsense-on-kvm-virtio-network-issues
https://doc.pfsense.org/index.php/PfSense_2_on_VMware_ESXi_5

to allow aes-ni passthrough

to allow aes-ni passthroug h best to use is cpu=host. All features of the host cpu are bypassed and not to much is emulated (and maybe also tell pfSense to use hardware acceleration: " Select via web GUI System -> Advanced -> Miscellaneous in the category „Cryptographic Hardware Acceleration“ the option „AES-NI CPU-based Acceleration (aesni)“")