Re: [pfSense Support] Load Balancer Interfaces
On Wed, Aug 26, 2009 at 7:42 AM, Jesse Vollmar vollm...@gmail.com wrote: It seems like this is related to that OPT interface not having the gateway specified on it. That interface is however working and sending traffic out to my ISP's gateway. At the risk of looking like the N00b that I am, I don't see how pfsense can send traffic out on an interface that has no gateway. Respond, yes; initiate, no. Can we have a look at your routing table? db
[pfSense Support] Load Balancer Interfaces
Hello, I recently had to make some changes to one of my OPT interfaces and now I cannot re-setup the load balancing. I ended up not setting a gateway on that interface (which is used for a cable Internet connection) to get it to work with my ISP. Before making any changes, I deleted out my load balancing rules. When I go back to recreate them, the edit pool page is only showing WAN in the interface drop down. I am trying to do gateway failover using my two Internet connections. It seems like this is related to that OPT interface not having the gateway specified on it. That interface is however working and sending traffic out to my ISP's gateway. Jesse
Re: [pfSense Support] Load Balancer Interfaces
On Wed, Aug 26, 2009 at 10:39 AM, David Burgess apt@gmail.com wrote: At the risk of looking like the N00b that I am, I don't see how pfsense can send traffic out on an interface that has no gateway. Respond, yes; initiate, no. Can we have a look at your routing table? db The route for that OPT1 interface is showing up it is em2. $ netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default67.38.60.77UGS 0 455460ng0 10 link#1 UC 00em0 ... 66.188.33.xxx/30 link#3 UC 00em2 66.188.33.xxx 00:1f:e1:4b:d7:f4 UHLW10em2 1185 67.38.60.7799.23.221.xxx UH 1 4955ng0 99.23.221.xxx lo0UHS 00lo0 127.0.0.1 127.0.0.1 UH 00lo0 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancer Interfaces
On Wed, Aug 26, 2009 at 8:57 AM, Jesse Vollmar vollm...@gmail.com wrote: The route for that OPT1 interface is showing up it is em2. $ netstat -nr Routing tables Internet: DestinationGatewayFlagsRefs Use Netif Expire default67.38.60.77UGS 0 455460ng0 10 link#1 UC 00em0 ... 66.188.33.xxx/30 link#3 UC 00em2 66.188.33.xxx 00:1f:e1:4b:d7:f4 UHLW10em2 1185 67.38.60.7799.23.221.xxx UH 1 4955ng0 99.23.221.xxx lo0UHS 00lo0 127.0.0.1 127.0.0.1 UH 00lo0 As expected, you have no gateway on em2. pfsense is able to route packets to any host on that network, which means it can reply to any incoming packet, or contact any machine on that network, but any traffic that doesn't match the exact networks in the first column, ie, 'the internet', will take the default gateway, ng0. For load balancing to work, and for any outbound connection initiated from your network to go out the em2 interface, you will have to enter a gateway. If this messes things up with your ISP then your ISP has a problem, or you're not setting things up properly. Enter your ISP's gateway on em2 and if that doesn't work we'll troubleshoot from there. db
Re: [pfSense Support] Load Balancer Interfaces
On Wed, Aug 26, 2009 at 11:19 AM, David Burgessapt@gmail.com wrote: As expected, you have no gateway on em2. pfsense is able to route packets to any host on that network, which means it can reply to any incoming packet, or contact any machine on that network, but any traffic that doesn't match the exact networks in the first column, ie, 'the internet', will take the default gateway, ng0. For load balancing to work, and for any outbound connection initiated from your network to go out the em2 interface, you will have to enter a gateway. If this messes things up with your ISP then your ISP has a problem, or you're not setting things up properly. Enter your ISP's gateway on em2 and if that doesn't work we'll troubleshoot from there. db I have entered the ISP's gateway (They actually have two due to us using multiple subnets) and when I do, pfsense can only ping that address. Packets to any other network won't go through. When I remove it, I can ping any internet host from em2. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancer Interfaces
On Wed, Aug 26, 2009 at 9:24 AM, Jesse Vollmar vollm...@gmail.com wrote: On Wed, Aug 26, 2009 at 11:19 AM, David Burgessapt@gmail.com wrote: I have entered the ISP's gateway (They actually have two due to us using multiple subnets) and when I do, pfsense can only ping that address. Packets to any other network won't go through. When I remove it, I can ping any internet host from em2. pfsense's GUI ping utility lies WRT interface selection. Try unplugging the WAN and ping some internet hosts. db
[pfSense Support] Load Balancer Using TCP
Hello, I have a load balancer with two web servers behind it. The web servers are to be monitored via ICMP. However, the servers frequently flap, and I see this message in the load balancer log: Apr 1 21:06:57 slbd[56826]: TCP poll succeeded for 192.168.20.61:80, marking service UP Apr 1 21:06:52 slbd[56826]: Service servicename changed status, reloading filter policy Apr 1 21:06:52 slbd[56826]: TCP poll failed for 192.168.20.61:80, marking service DOWN What's going on? :( Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.us http://support.atlasnetworks.us/portal attachment: winmail.dat- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load balancer
On Sat, Feb 7, 2009 at 10:47 AM, Tim Nelson tnel...@rockbochs.com wrote: I have to admit it took me a bit to find it as well. For whatever reason, when looking by category, it assumes you want to edit the category. I simply had to change the url from http://doc.pfsense.org/index.php?title=Category:Load_balancingaction=edit to http://doc.pfsense.org/index.php?title=Category:Load_balancing . Odd. Maybe something could be done to make the wiki more user friendly? For any links that don't exist, including categories that don't have a description, it assumes a click is an edit. Since we've had to lock things down considerably to prevent spam, that leaves the page inaccessible if you aren't logged in. Someone needs to go through and add a description for the categories that don't have one. If you'd like to help, email wikiad...@pfsense.org and we'll get an account created for you. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Load balancer
Where can I find details about the pfsense balancer? Things like how a request is handled and config options maybe even a howto? -Original Message- From: Gary Buckmaster [mailto:g...@centipedenetworks.com] Sent: 06 February 2009 19:57 To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer Hiren Joshi wrote: Hello all, I'm using pfsense to firewall at the moment but pass all the http traffic to an internal load balancer (nginx). My question is, would it be possible to replace nginx with pfsense and how would the two compare in terms of performance? Many thanks, Josh. We use pfSense to load balance 65 million requests daily to a cluster of HTTP servers on fairly minimal hardware. Performance for us has been excellent. I can't speak to nginx, never heard of it and I've not had reason to look past pfSense for our needs. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load balancer
A good start is here: http://doc.pfsense.org/index.php?title=Category:Load_balancing Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Hiren Joshi j...@moonfruit.com wrote: Where can I find details about the pfsense balancer? Things like how a request is handled and config options maybe even a howto? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Load balancer
Thanks for the quick reply... I just couldn't find it on the wiki! -Original Message- From: Tim Nelson [mailto:tnel...@rockbochs.com] Sent: 07 February 2009 15:32 To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer A good start is here: http://doc.pfsense.org/index.php?title=Category:Load_balancing Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Hiren Joshi j...@moonfruit.com wrote: Where can I find details about the pfsense balancer? Things like how a request is handled and config options maybe even a howto? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load balancer
I have to admit it took me a bit to find it as well. For whatever reason, when looking by category, it assumes you want to edit the category. I simply had to change the url from http://doc.pfsense.org/index.php?title=Category:Load_balancingaction=edit to http://doc.pfsense.org/index.php?title=Category:Load_balancing . Odd. Maybe something could be done to make the wiki more user friendly? Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - Hiren Joshi j...@moonfruit.com wrote: Thanks for the quick reply... I just couldn't find it on the wiki! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Load balancer
Hello all, I'm using pfsense to firewall at the moment but pass all the http traffic to an internal load balancer (nginx). My question is, would it be possible to replace nginx with pfsense and how would the two compare in terms of performance? Many thanks, Josh.
Re: [pfSense Support] Load balancer
Hiren Joshi wrote: Hello all, I'm using pfsense to firewall at the moment but pass all the http traffic to an internal load balancer (nginx). My question is, would it be possible to replace nginx with pfsense and how would the two compare in terms of performance? Many thanks, Josh. We use pfSense to load balance 65 million requests daily to a cluster of HTTP servers on fairly minimal hardware. Performance for us has been excellent. I can't speak to nginx, never heard of it and I've not had reason to look past pfSense for our needs. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Load Balancer Question
Hi ALL! I have a few questions about the load balancer function: 1. Can I round-robin udp packets? for instance I would like to setup and internal(LAN side) VIP that will be in front of 2 dns servers. 2. Will it allow me to load balance internally? i.e not a on the WAN side but on the LAN side. I am assuming both of the above are yes it will, but I was wondering if anyone had done this and would be able to offer me a few pointers or guide me though the process. Something unrelated to the above questions, is there a FAQ about asterisk and pfsense? -Joel Robison Systems Administrator - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer Question
The documentation site is very helpful in this regard: http://devwiki.pfsense.org/OutgoingLoadBalancing or http://devwiki.pfsense.org/IncomingLoadBalancing choose your poison. Joel Robison wrote: Hi ALL! I have a few questions about the load balancer function: 1. Can I round-robin udp packets? for instance I would like to setup and internal(LAN side) VIP that will be in front of 2 dns servers. 2. Will it allow me to load balance internally? i.e not a on the WAN side but on the LAN side. I am assuming both of the above are yes it will, but I was wondering if anyone had done this and would be able to offer me a few pointers or guide me though the process. Something unrelated to the above questions, is there a FAQ about asterisk and pfsense? -Joel Robison Systems Administrator - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Hi Bill,
Same here, I even have the same thing working on 1.1 PFsense for another
customer. Is there a way to down grade from 1.2 RC2 to 1.1?
Thanks,
Lee
Bill Marquette wrote:
Strange, other than the sticky address (which should be more a
nuisance than anything) not getting set on the secondary, I'm not
seeing anything obvious that would prevent the connection from
working.
The only other thing I can think to look at is whether the rulesets
(/tmp/rules.debug) are the same between the two machines (with
exception to a few subtle differences they should be).
You can try tcpdump'ing on the secondary and making sure the tcp
traffic is making it to the external interface. If it is, check the
inside and see what's actually getting passed through. Lastly, double
check the firewall logs, you might be seeing blocks for some reason.
FWIW, I have similar setups working just fine (minus pfsense as the
frontend), so this is likely a pfsense bug or a config issue of some
sort.
--Bill
On 10/10/07, Lee Hetherington [EMAIL PROTECTED] wrote:
Hi Bill,
All is carp, when the primary is off, I can ping the address still.
Primary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin sticky-address
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin sticky-address
Secondary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin
Thanks,
Lee
Bill Marquette wrote:
Hmm, what does the output of pfctl -sn -aslb look like on both
boxes? The other obvious question is, are the virtual addresses that
front end your load balance pool CARP addresses? If they aren't, then
the secondary won't take them over on failover regardless of the load
balance config.
--Bill
On 10/10/07, Lee Hetherington [EMAIL PROTECTED] wrote:
Hi Bill,
The config was sync'd ok, I can see it on both boxes. Below is a ps -ax
from the secondary machine:
# ps -ax |grep slb
60083 ?? Ss 0:00.51 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
65097 p0 RV 0:00.00 grep slb (tcsh)
Looks to me like its running? I tried editing the config and saving it
like you suggest, and the ps -ax was then:
# ps -ax | grep slb
65407 ?? Ss 0:00.00 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
Still nothing however when I reboot the primary...
Lee
Bill Marquette wrote:
Can you confirm that the load balancer config sync'd over to the
secondary? Also, assuming it did, can you do a 'ps -ax |grep slb'
from the shell? I suspect it never started slbd after sync (as an
interim workaround, you could try going to the load balancer page on
the secondary and editing/saving the config).
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi Bill,
Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are
load balancing 443 and 80 TCP
Lee
On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED] wrote:
Inbound or outbound load balancing?
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi There,
Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and
working, the two machines are syncing settings and the carp is working
properly. However, if I reboot the primary firewall the secondary takes
over pings, but the load balancing doesnt work again until the primary is
back online.
Everything seems to be ok, when the primary disappears, the ping drops 1
packet, then the secondary carries on and everything runs ok. The servers
on the lan interface of the firewall can route out to the internet fine
whilst running with only the secondary firewall. The only thing not to
work is the load balancer.
Anyone have any ideas?
I have it wired as:
INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X
CISCO 3550-EMI -- LAN
Each of the pix/pfsense are connected to seperate switches, which are in
turn linked together.
Thanks in advance,
Lee
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Message scanned for all known viruses by Mailsauce. Email protection
solutions from E-Sauce. For more information please visit
http://www.mailsauce.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional
Re: [pfSense Support] Load Balancer + Failover
Lee Hetherington wrote: Hi Bill, Same here, I even have the same thing working on 1.1 PFsense for another customer. Is there a way to down grade from 1.2 RC2 to 1.1? It would be MUCH better to help us figure out if there is indeed a regression in this from 1.2 to 1.0.1. Going back to 1.0.1 is strongly discouraged, there are serious problems with it under some circumstances. can you try the exact same config (restore a backup) that's working on 1.0.1 on a 1.2 system in a test environment? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Hi Chris, Its two different systems, in the 1.1 system I have the hosts behind the balancer being natted by the pfsense box, where as on the 1.2 they are direct routed, and natted upstream using a PIX 515e. Ive tried tcp dump on the secondary as discussed with Bill, I can see the packets hitting both interfaces, but tcpdump produces so much crap i cant really see whats going on, however its an issue that when the primary balancer isnt available the whole thing bar pings and routing dies... Thanks, Lee Chris Buechler wrote: Lee Hetherington wrote: Hi Bill, Same here, I even have the same thing working on 1.1 PFsense for another customer. Is there a way to down grade from 1.2 RC2 to 1.1? It would be MUCH better to help us figure out if there is indeed a regression in this from 1.2 to 1.0.1. Going back to 1.0.1 is strongly discouraged, there are serious problems with it under some circumstances. can you try the exact same config (restore a backup) that's working on 1.0.1 on a 1.2 system in a test environment? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Message scanned for all known viruses by Mailsauce. Email protection solutions from E-Sauce. For more information please visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Hi Bill, The config was sync'd ok, I can see it on both boxes. Below is a ps -ax from the secondary machine: # ps -ax |grep slb 60083 ?? Ss 0:00.51 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000 65097 p0 RV 0:00.00 grep slb (tcsh) Looks to me like its running? I tried editing the config and saving it like you suggest, and the ps -ax was then: # ps -ax | grep slb 65407 ?? Ss 0:00.00 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000 Still nothing however when I reboot the primary... Lee Bill Marquette wrote: Can you confirm that the load balancer config sync'd over to the secondary? Also, assuming it did, can you do a 'ps -ax |grep slb' from the shell? I suspect it never started slbd after sync (as an interim workaround, you could try going to the load balancer page on the secondary and editing/saving the config). --Bill On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Bill, Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are load balancing 443 and 80 TCP Lee On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED] wrote: Inbound or outbound load balancing? --Bill On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi There, Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working, the two machines are syncing settings and the carp is working properly. However, if I reboot the primary firewall the secondary takes over pings, but the load balancing doesnt work again until the primary is back online. Everything seems to be ok, when the primary disappears, the ping drops 1 packet, then the secondary carries on and everything runs ok. The servers on the lan interface of the firewall can route out to the internet fine whilst running with only the secondary firewall. The only thing not to work is the load balancer. Anyone have any ideas? I have it wired as: INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X CISCO 3550-EMI -- LAN Each of the pix/pfsense are connected to seperate switches, which are in turn linked together. Thanks in advance, Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Message scanned for all known viruses by Mailsauce. Email protection solutions from E-Sauce. For more information please visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Message scanned for all known viruses by Mailsauce. Email protection solutions from E-Sauce. For more information please visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Hmm, what does the output of pfctl -sn -aslb look like on both boxes? The other obvious question is, are the virtual addresses that front end your load balance pool CARP addresses? If they aren't, then the secondary won't take them over on failover regardless of the load balance config. --Bill On 10/10/07, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Bill, The config was sync'd ok, I can see it on both boxes. Below is a ps -ax from the secondary machine: # ps -ax |grep slb 60083 ?? Ss 0:00.51 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000 65097 p0 RV 0:00.00 grep slb (tcsh) Looks to me like its running? I tried editing the config and saving it like you suggest, and the ps -ax was then: # ps -ax | grep slb 65407 ?? Ss 0:00.00 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000 Still nothing however when I reboot the primary... Lee Bill Marquette wrote: Can you confirm that the load balancer config sync'd over to the secondary? Also, assuming it did, can you do a 'ps -ax |grep slb' from the shell? I suspect it never started slbd after sync (as an interim workaround, you could try going to the load balancer page on the secondary and editing/saving the config). --Bill On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Bill, Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are load balancing 443 and 80 TCP Lee On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED] wrote: Inbound or outbound load balancing? --Bill On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi There, Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working, the two machines are syncing settings and the carp is working properly. However, if I reboot the primary firewall the secondary takes over pings, but the load balancing doesnt work again until the primary is back online. Everything seems to be ok, when the primary disappears, the ping drops 1 packet, then the secondary carries on and everything runs ok. The servers on the lan interface of the firewall can route out to the internet fine whilst running with only the secondary firewall. The only thing not to work is the load balancer. Anyone have any ideas? I have it wired as: INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X CISCO 3550-EMI -- LAN Each of the pix/pfsense are connected to seperate switches, which are in turn linked together. Thanks in advance, Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Message scanned for all known viruses by Mailsauce. Email protection solutions from E-Sauce. For more information please visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Message scanned for all known viruses by Mailsauce. Email protection solutions from E-Sauce. For more information please visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Hi Bill,
All is carp, when the primary is off, I can ping the address still.
Primary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin sticky-address
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin sticky-address
Secondary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin
Thanks,
Lee
Bill Marquette wrote:
Hmm, what does the output of pfctl -sn -aslb look like on both
boxes? The other obvious question is, are the virtual addresses that
front end your load balance pool CARP addresses? If they aren't, then
the secondary won't take them over on failover regardless of the load
balance config.
--Bill
On 10/10/07, Lee Hetherington [EMAIL PROTECTED] wrote:
Hi Bill,
The config was sync'd ok, I can see it on both boxes. Below is a ps -ax
from the secondary machine:
# ps -ax |grep slb
60083 ?? Ss 0:00.51 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
65097 p0 RV 0:00.00 grep slb (tcsh)
Looks to me like its running? I tried editing the config and saving it
like you suggest, and the ps -ax was then:
# ps -ax | grep slb
65407 ?? Ss 0:00.00 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
Still nothing however when I reboot the primary...
Lee
Bill Marquette wrote:
Can you confirm that the load balancer config sync'd over to the
secondary? Also, assuming it did, can you do a 'ps -ax |grep slb'
from the shell? I suspect it never started slbd after sync (as an
interim workaround, you could try going to the load balancer page on
the secondary and editing/saving the config).
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi Bill,
Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are
load balancing 443 and 80 TCP
Lee
On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED] wrote:
Inbound or outbound load balancing?
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi There,
Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and
working, the two machines are syncing settings and the carp is working
properly. However, if I reboot the primary firewall the secondary takes
over pings, but the load balancing doesnt work again until the primary is
back online.
Everything seems to be ok, when the primary disappears, the ping drops 1
packet, then the secondary carries on and everything runs ok. The servers
on the lan interface of the firewall can route out to the internet fine
whilst running with only the secondary firewall. The only thing not to
work is the load balancer.
Anyone have any ideas?
I have it wired as:
INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X
CISCO 3550-EMI -- LAN
Each of the pix/pfsense are connected to seperate switches, which are in
turn linked together.
Thanks in advance,
Lee
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Message scanned for all known viruses by Mailsauce. Email protection
solutions from E-Sauce. For more information please visit
http://www.mailsauce.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Message scanned for all known viruses by Mailsauce. Email protection solutions
from E-Sauce. For more information please visit http://www.mailsauce.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Message scanned for all known viruses by Mailsauce. Email protection solutions
from E-Sauce. For more information please visit http://www.mailsauce.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Strange, other than the sticky address (which should be more a
nuisance than anything) not getting set on the secondary, I'm not
seeing anything obvious that would prevent the connection from
working.
The only other thing I can think to look at is whether the rulesets
(/tmp/rules.debug) are the same between the two machines (with
exception to a few subtle differences they should be).
You can try tcpdump'ing on the secondary and making sure the tcp
traffic is making it to the external interface. If it is, check the
inside and see what's actually getting passed through. Lastly, double
check the firewall logs, you might be seeing blocks for some reason.
FWIW, I have similar setups working just fine (minus pfsense as the
frontend), so this is likely a pfsense bug or a config issue of some
sort.
--Bill
On 10/10/07, Lee Hetherington [EMAIL PROTECTED] wrote:
Hi Bill,
All is carp, when the primary is off, I can ping the address still.
Primary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin sticky-address
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin sticky-address
Secondary:
# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin
Thanks,
Lee
Bill Marquette wrote:
Hmm, what does the output of pfctl -sn -aslb look like on both
boxes? The other obvious question is, are the virtual addresses that
front end your load balance pool CARP addresses? If they aren't, then
the secondary won't take them over on failover regardless of the load
balance config.
--Bill
On 10/10/07, Lee Hetherington [EMAIL PROTECTED] wrote:
Hi Bill,
The config was sync'd ok, I can see it on both boxes. Below is a ps -ax
from the secondary machine:
# ps -ax |grep slb
60083 ?? Ss 0:00.51 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
65097 p0 RV 0:00.00 grep slb (tcsh)
Looks to me like its running? I tried editing the config and saving it
like you suggest, and the ps -ax was then:
# ps -ax | grep slb
65407 ?? Ss 0:00.00 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
Still nothing however when I reboot the primary...
Lee
Bill Marquette wrote:
Can you confirm that the load balancer config sync'd over to the
secondary? Also, assuming it did, can you do a 'ps -ax |grep slb'
from the shell? I suspect it never started slbd after sync (as an
interim workaround, you could try going to the load balancer page on
the secondary and editing/saving the config).
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi Bill,
Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we
are load balancing 443 and 80 TCP
Lee
On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED]
wrote:
Inbound or outbound load balancing?
--Bill
On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Hi There,
Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and
working, the two machines are syncing settings and the carp is working
properly. However, if I reboot the primary firewall the secondary takes
over pings, but the load balancing doesnt work again until the primary
is
back online.
Everything seems to be ok, when the primary disappears, the ping drops
1
packet, then the secondary carries on and everything runs ok. The
servers
on the lan interface of the firewall can route out to the internet fine
whilst running with only the secondary firewall. The only thing not to
work is the load balancer.
Anyone have any ideas?
I have it wired as:
INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR --
2X
CISCO 3550-EMI -- LAN
Each of the pix/pfsense are connected to seperate switches, which are
in
turn linked together.
Thanks in advance,
Lee
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Message scanned for all known viruses by Mailsauce. Email protection
solutions from E-Sauce. For more information please visit
http://www.mailsauce.com
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[pfSense Support] Load Balancer + Failover
Hi There, Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working, the two machines are syncing settings and the carp is working properly. However, if I reboot the primary firewall the secondary takes over pings, but the load balancing doesnt work again until the primary is back online. Everything seems to be ok, when the primary disappears, the ping drops 1 packet, then the secondary carries on and everything runs ok. The servers on the lan interface of the firewall can route out to the internet fine whilst running with only the secondary firewall. The only thing not to work is the load balancer. Anyone have any ideas? I have it wired as: INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X CISCO 3550-EMI -- LAN Each of the pix/pfsense are connected to seperate switches, which are in turn linked together. Thanks in advance, Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Inbound or outbound load balancing? --Bill On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi There, Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working, the two machines are syncing settings and the carp is working properly. However, if I reboot the primary firewall the secondary takes over pings, but the load balancing doesnt work again until the primary is back online. Everything seems to be ok, when the primary disappears, the ping drops 1 packet, then the secondary carries on and everything runs ok. The servers on the lan interface of the firewall can route out to the internet fine whilst running with only the secondary firewall. The only thing not to work is the load balancer. Anyone have any ideas? I have it wired as: INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X CISCO 3550-EMI -- LAN Each of the pix/pfsense are connected to seperate switches, which are in turn linked together. Thanks in advance, Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Hi Bill, Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are load balancing 443 and 80 TCP Lee On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED] wrote: Inbound or outbound load balancing? --Bill On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi There, Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working, the two machines are syncing settings and the carp is working properly. However, if I reboot the primary firewall the secondary takes over pings, but the load balancing doesnt work again until the primary is back online. Everything seems to be ok, when the primary disappears, the ping drops 1 packet, then the secondary carries on and everything runs ok. The servers on the lan interface of the firewall can route out to the internet fine whilst running with only the secondary firewall. The only thing not to work is the load balancer. Anyone have any ideas? I have it wired as: INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X CISCO 3550-EMI -- LAN Each of the pix/pfsense are connected to seperate switches, which are in turn linked together. Thanks in advance, Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Message scanned for all known viruses by Mailsauce. Email protection solutions from E-Sauce. For more information please visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Can you confirm that the load balancer config sync'd over to the secondary? Also, assuming it did, can you do a 'ps -ax |grep slb' from the shell? I suspect it never started slbd after sync (as an interim workaround, you could try going to the load balancer page on the secondary and editing/saving the config). --Bill On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Bill, Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are load balancing 443 and 80 TCP Lee On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED] wrote: Inbound or outbound load balancing? --Bill On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi There, Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working, the two machines are syncing settings and the carp is working properly. However, if I reboot the primary firewall the secondary takes over pings, but the load balancing doesnt work again until the primary is back online. Everything seems to be ok, when the primary disappears, the ping drops 1 packet, then the secondary carries on and everything runs ok. The servers on the lan interface of the firewall can route out to the internet fine whilst running with only the secondary firewall. The only thing not to work is the load balancer. Anyone have any ideas? I have it wired as: INTERNET -- PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X CISCO 3550-EMI -- LAN Each of the pix/pfsense are connected to seperate switches, which are in turn linked together. Thanks in advance, Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Message scanned for all known viruses by Mailsauce. Email protection solutions from E-Sauce. For more information please visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancer problems
I'm trying to get the load balancer to work, but it causes the system to do a hard lockup. Hardware Compaq SFF P2 (400Mhz, 256MB ram) I'm using the internal ethernet card plus two in the PCI slots. They come up as fxp0, fxp1, fxp2. They are all on IRQ 11. I know there's documentation indicating that that is a problem, but pls let me further explain. I get the lockup at the same spot each time. I follow all the directions on setting up a load balancer. http://www.netlife.co.za/content/view/34/34/ When I do the final step (Add the rule to LAN) it locks up hard. Everytime. All three cards are connected and handling data just fine. That's why I'm not convinced that it's an IRQ problem. I'm using pfSense 1.0.1. Clean install, everytime. Any suggestions? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancer problems
Try one of the 1.2.1 beta's. Many issues resolved, all around better product. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancer problems
1. Upgrade to 1.2-BETA-1 2. See http://doc.pfsense.org/index.php/MultiWanVersion1.2 On 6/7/07, Dave Cabot [EMAIL PROTECTED] wrote: I'm trying to get the load balancer to work, but it causes the system to do a hard lockup. Hardware Compaq SFF P2 (400Mhz, 256MB ram) I'm using the internal ethernet card plus two in the PCI slots. They come up as fxp0, fxp1, fxp2. They are all on IRQ 11. I know there's documentation indicating that that is a problem, but pls let me further explain. I get the lockup at the same spot each time. I follow all the directions on setting up a load balancer. http://www.netlife.co.za/content/view/34/34/ When I do the final step (Add the rule to LAN) it locks up hard. Everytime. All three cards are connected and handling data just fine. That's why I'm not convinced that it's an IRQ problem. I'm using pfSense 1.0.1. Clean install, everytime. Any suggestions? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancer Behaviour
Scott (pfsense support), please help me, when adding a load balancer pool I can't see the interface name (WAN for example) preceding the |(Wan check ip). This is a fresh install with the latest snapshot and I can't figure hot why is going in this sense for me. I tried recreating the pools, but there's no way. Can you please help me? 10x in advance. r3N0oV4 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer Behaviour
You most likely don't run a latest snapshot but a releaseversion which has a different gui. Please make sure you are on a version from http://snapshots.pfsense.com/FreeBSD6/RELENG_1_2/ which has the gui mentioned at http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing . Holger -Original Message- From: Quirino Santilli [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 24, 2007 10:32 AM To: support@pfsense.com Subject: [pfSense Support] Load Balancer Behaviour Scott (pfsense support), please help me, when adding a load balancer pool I can't see the interface name (WAN for example) preceding the |(Wan check ip). This is a fresh install with the latest snapshot and I can't figure hot why is going in this sense for me. I tried recreating the pools, but there's no way. Can you please help me? 10x in advance. r3N0oV4 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit Version: AVK 17.4197 from 24.04.2007 Virus news: www.antiviruslab.com Virus checked by G DATA AntiVirusKit Version: AVK 17.4207 from 24.04.2007 Virus news: www.antiviruslab.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] R: [pfSense Support] Load Balancer Behaviour?
It doesn't worked for me. Any ideas? r3N0oV4 -Messaggio originale- Da: Scott Ullrich [mailto:[EMAIL PROTECTED] Inviato: venerdì 20 aprile 2007 18.55 A: support@pfsense.com Oggetto: Re: [pfSense Support] R: [pfSense Support] Load Balancer Behaviour? Remove the members of the pool and re-add them. Scott On 4/20/07, Quirino Santilli [EMAIL PROTECTED] wrote: Furthermore, looking at the routing table the WanMonitorIpAddress and the Wan2MonitorIpAddress share the same gateway, the default gateway. I think that it's not a visualization problem, It really doesn't fetch the interfaces when adding a Load Balancer Pool. 10x in advance. r3N0oV4 -Messaggio originale- Da: Quirino Santilli Inviato: venerdì 20 aprile 2007 10.15 A: 'support@pfsense.com' Oggetto: R: [pfSense Support] Load Balancer Behaviour? Ok, I updated and the issue solved, but now when adding a Load Balancer Pool in the list field I see something strange: on my howto the list format is WAN|(WanMonitorIpAddress) and WAN2|(Wan2MonitorIpAddress). On my firewall installation the results are different, the list field is in that format: |(WanMonitorIpAddress) and |(Wan2MonitorIpAddress). It seems like that the Interfaces in the resulting config is missing. Even when I look at the load balancer's list the Server/Gateway field is empty and the monitor field has no corresponding interface. Is it a configuration problem? 10x r3N0oV4 -Messaggio originale- Da: Scott Ullrich [mailto:[EMAIL PROTECTED] Inviato: giovedì 19 aprile 2007 19.35 A: support@pfsense.com Oggetto: Re: [pfSense Support] Load Balancer Behaviour? On 4/19/07, Quirino Santilli [EMAIL PROTECTED] wrote: I was finally configuring pfSense as a multi-wan / load-balancing / fail-over firewall for my company when i found something strange. Looking at the howto at this address http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing i found that the load-balancer had a behaviour field that in my 1.0.1 installation is not available. To make you believe I'm not fooling, you can find attached the interface that comes out in my installation and the one available on the howto. Can you tell me why? Upgrade to a recent snapshot. http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] R: [pfSense Support] Load Balancer Behaviour?
Furthermore, looking at the routing table the WanMonitorIpAddress and the Wan2MonitorIpAddress share the same gateway, the default gateway. I think that it's not a visualization problem, It really doesn't fetch the interfaces when adding a Load Balancer Pool. 10x in advance. r3N0oV4 -Messaggio originale- Da: Quirino Santilli Inviato: venerdì 20 aprile 2007 10.15 A: 'support@pfsense.com' Oggetto: R: [pfSense Support] Load Balancer Behaviour? Ok, I updated and the issue solved, but now when adding a Load Balancer Pool in the list field I see something strange: on my howto the list format is WAN|(WanMonitorIpAddress) and WAN2|(Wan2MonitorIpAddress). On my firewall installation the results are different, the list field is in that format: |(WanMonitorIpAddress) and |(Wan2MonitorIpAddress). It seems like that the Interfaces in the resulting config is missing. Even when I look at the load balancer's list the Server/Gateway field is empty and the monitor field has no corresponding interface. Is it a configuration problem? 10x r3N0oV4 -Messaggio originale- Da: Scott Ullrich [mailto:[EMAIL PROTECTED] Inviato: giovedì 19 aprile 2007 19.35 A: support@pfsense.com Oggetto: Re: [pfSense Support] Load Balancer Behaviour? On 4/19/07, Quirino Santilli [EMAIL PROTECTED] wrote: I was finally configuring pfSense as a multi-wan / load-balancing / fail-over firewall for my company when i found something strange. Looking at the howto at this address http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing i found that the load-balancer had a behaviour field that in my 1.0.1 installation is not available. To make you believe I'm not fooling, you can find attached the interface that comes out in my installation and the one available on the howto. Can you tell me why? Upgrade to a recent snapshot. http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] R: [pfSense Support] Load Balancer Behaviour?
Ok, I updated and the issue solved, but now when adding a Load Balancer Pool in the list field I see something strange: on my howto the list format is WAN|(WanMonitorIpAddress) and WAN2|(Wan2MonitorIpAddress). On my firewall installation the results are different, the list field is in that format: |(WanMonitorIpAddress) and |(Wan2MonitorIpAddress). It seems like that the Interfaces in the resulting config is missing. Even when I look at the load balancer's list the Server/Gateway field is empty and the monitor field has no corresponding interface. Is it a configuration problem? 10x r3N0oV4 -Messaggio originale- Da: Scott Ullrich [mailto:[EMAIL PROTECTED] Inviato: giovedì 19 aprile 2007 19.35 A: support@pfsense.com Oggetto: Re: [pfSense Support] Load Balancer Behaviour? On 4/19/07, Quirino Santilli [EMAIL PROTECTED] wrote: I was finally configuring pfSense as a multi-wan / load-balancing / fail-over firewall for my company when i found something strange. Looking at the howto at this address http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing i found that the load-balancer had a behaviour field that in my 1.0.1 installation is not available. To make you believe I'm not fooling, you can find attached the interface that comes out in my installation and the one available on the howto. Can you tell me why? Upgrade to a recent snapshot. http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] R: [pfSense Support] Load Balancer Behaviour?
Remove the members of the pool and re-add them. Scott On 4/20/07, Quirino Santilli [EMAIL PROTECTED] wrote: Furthermore, looking at the routing table the WanMonitorIpAddress and the Wan2MonitorIpAddress share the same gateway, the default gateway. I think that it's not a visualization problem, It really doesn't fetch the interfaces when adding a Load Balancer Pool. 10x in advance. r3N0oV4 -Messaggio originale- Da: Quirino Santilli Inviato: venerdì 20 aprile 2007 10.15 A: 'support@pfsense.com' Oggetto: R: [pfSense Support] Load Balancer Behaviour? Ok, I updated and the issue solved, but now when adding a Load Balancer Pool in the list field I see something strange: on my howto the list format is WAN|(WanMonitorIpAddress) and WAN2|(Wan2MonitorIpAddress). On my firewall installation the results are different, the list field is in that format: |(WanMonitorIpAddress) and |(Wan2MonitorIpAddress). It seems like that the Interfaces in the resulting config is missing. Even when I look at the load balancer's list the Server/Gateway field is empty and the monitor field has no corresponding interface. Is it a configuration problem? 10x r3N0oV4 -Messaggio originale- Da: Scott Ullrich [mailto:[EMAIL PROTECTED] Inviato: giovedì 19 aprile 2007 19.35 A: support@pfsense.com Oggetto: Re: [pfSense Support] Load Balancer Behaviour? On 4/19/07, Quirino Santilli [EMAIL PROTECTED] wrote: I was finally configuring pfSense as a multi-wan / load-balancing / fail-over firewall for my company when i found something strange. Looking at the howto at this address http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing i found that the load-balancer had a behaviour field that in my 1.0.1 installation is not available. To make you believe I'm not fooling, you can find attached the interface that comes out in my installation and the one available on the howto. Can you tell me why? Upgrade to a recent snapshot. http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer Behaviour?
On 4/19/07, Quirino Santilli [EMAIL PROTECTED] wrote: I was finally configuring pfSense as a multi-wan / load-balancing / fail-over firewall for my company when i found something strange. Looking at the howto at this address http://doc.pfsense.org/index.php/Multi-Wan/Load-Balancing i found that the load-balancer had a behaviour field that in my 1.0.1 installation is not available. To make you believe I'm not fooling, you can find attached the interface that comes out in my installation and the one available on the howto. Can you tell me why? Upgrade to a recent snapshot. http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancer
Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin
AW: [pfSense Support] Load Balancer
Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer
Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] Load Balancer
1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer
Hi Holger, we built it on 31st Jan 2007. Has there been significant change since then? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:42 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer 1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer
new snapshots come out at least once a week and sometimes sooner. each one has bug fixes and enhancements in it. I usually upgrade everytime a new snapshot comes out. -Sean From: [EMAIL PROTECTED] To: support@pfsense.com Date: Fri, 9 Mar 2007 22:19:23 +0800 Subject: RE: [pfSense Support] Load Balancer Hi Holger, we built it on 31st Jan 2007. Has there been significant change since then? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:42 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer 1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline
AW: [pfSense Support] Load Balancer
For sure. I remember that there has been a rule issue with pings that also resulted in wan quality rrd graph showing constant packetloss which was fixed and your problem seems to be similiar. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 15:19 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, we built it on 31st Jan 2007. Has there been significant change since then? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:42 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer 1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer
Ok, Thanks Holger -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 10:44 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer For sure. I remember that there has been a rule issue with pings that also resulted in wan quality rrd graph showing constant packetloss which was fixed and your problem seems to be similiar. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 15:19 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, we built it on 31st Jan 2007. Has there been significant change since then? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:42 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer 1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
This is probably a question which doesn't require an answer, but I am a little leary about updating to the http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ I was curious of how to go about the udpate. I see two files which look like they might be the update files. One is Pfsense.img and the other is fullupdate. Please advise. I haven't done any updates yet. We have RC2 built Aug1 of 2006. No updates have yet been applied. Thanks -- Heath Henderson -- From: Scott Ullrich [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 19 Sep 2006 01:38:10 -0400 To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
On 9/19/06, Heath Henderson [EMAIL PROTECTED] wrote: This is probably a question which doesn't require an answer, but I am a little leary about updating to the http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ I was curious of how to go about the udpate. I see two files which look like they might be the update files. One is Pfsense.img and the other is fullupdate. Please advise. I haven't done any updates yet. We have RC2 built Aug1 of 2006. No updates have yet been applied. Hmm, there is a README in the same directory that explains quite a bit. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
On 9/19/06, Bill Marquette [EMAIL PROTECTED] wrote: Hmm, there is a README in the same directory that explains quite a bit. README?! What's that!? Shouldn't I just be asking questions and not READING!? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load balancer problem
You guys crack me up! :) Honestly, I'm surprised you have as much patience as you do! -Tim -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 19, 2006 9:46 AM To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem On 9/19/06, Bill Marquette [EMAIL PROTECTED] wrote: Hmm, there is a README in the same directory that explains quite a bit. README?! What's that!? Shouldn't I just be asking questions and not READING!? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
Thanks, I will plan this for end of day then. I have a hdd install so I should be ok. Thanks again. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Holger Bauer [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 19 Sep 2006 16:59:30 +0200 To: support@pfsense.com Conversation: [pfSense Support] Load balancer problem Subject: RE: [pfSense Support] Load balancer problem If you run off a hdd full installation upload the full update file at systemfirmware. It will apply the update and reboot after that. You won't lose your configuration, just a downtime for the reboot. If you run from a cf-card and used the embedded image to start with you have to reflash the card. The version you are running doesn't support updates. Updates for embedded builds was introduced some versions ago. The new version however will now be upgradable. Please note that the new image has a size of 128 mb so you need at least a 128 mb cf-card. This was needed to support updates for these platforms. If you run this kind of install the future upgradeprocess will be the same like for the full install but you have to upload the mini update file. Holger -Original Message- From: Heath Henderson [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 19, 2006 3:44 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem This is probably a question which doesn't require an answer, but I am a little leary about updating to the http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ I was curious of how to go about the udpate. I see two files which look like they might be the update files. One is Pfsense.img and the other is fullupdate. Please advise. I haven't done any updates yet. We have RC2 built Aug1 of 2006. No updates have yet been applied. Thanks -- Heath Henderson -- From: Scott Ullrich [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 19 Sep 2006 01:38:10 -0400 To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
Thanks, I couldn't get the readme to open. I did however get the snapshot files downloaded earlier so I am good to go now. Thanks for the suggestion though. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Bill Marquette [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Tue, 19 Sep 2006 10:55:53 -0500 To: support@pfsense.com Subject: Re: [pfSense Support] Load balancer problem On 9/19/06, Heath Henderson [EMAIL PROTECTED] wrote: This is probably a question which doesn't require an answer, but I am a little leary about updating to the http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ I was curious of how to go about the udpate. I see two files which look like they might be the update files. One is Pfsense.img and the other is fullupdate. Please advise. I haven't done any updates yet. We have RC2 built Aug1 of 2006. No updates have yet been applied. Hmm, there is a README in the same directory that explains quite a bit. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load balancer problem
I have settled the load balancer section to use 2 isp connections. For some reason the log looks like this: Sep 19 03:10:13 slbd[297]: Service Balancer changed status, reloading filter policy Sep 19 03:10:13 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 19 03:10:08 slbd[297]: Service Balancer changed status, reloading filter policy Sep 19 03:10:08 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 23:52:38 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:52:38 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 23:52:33 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:52:33 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 23:39:47 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:39:47 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 23:39:42 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:39:42 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 21:39:59 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:39:59 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 21:39:54 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:39:54 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 21:25:51 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:25:51 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 21:25:46 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:25:46 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 20:48:16 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:48:16 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 20:48:11 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:48:11 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 20:20:59 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:20:59 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 20:20:54 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:20:54 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 19:27:07 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 19:27:07 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP And so on... I don't know why one of the internet connections seems to be down to pfSenese. And belive me, is not. Is there any chance to increase the timeout for the sevice check or the no. of retrays? Catalin -- AkerBraila SA e-mail server This message was scanned for spam and viruses by BitDefender For more information please visit http://linux.bitdefender.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
On 9/19/06, Catalin Epure [EMAIL PROTECTED] wrote: I have settled the load balancer section to use 2 isp connections. For some reason the log looks like this: Sep 19 03:10:13 slbd[297]: Service Balancer changed status, reloading filter policy Sep 19 03:10:13 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 19 03:10:08 slbd[297]: Service Balancer changed status, reloading filter policy Sep 19 03:10:08 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 23:52:38 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:52:38 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 23:52:33 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:52:33 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 23:39:47 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:39:47 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 23:39:42 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:39:42 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 21:39:59 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:39:59 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 21:39:54 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:39:54 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 21:25:51 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:25:51 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 21:25:46 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:25:46 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 20:48:16 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:48:16 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 20:48:11 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:48:11 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 20:20:59 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:20:59 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 20:20:54 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:20:54 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 19:27:07 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 19:27:07 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP And so on... I don't know why one of the internet connections seems to be down to pfSenese. And belive me, is not. Is there any chance to increase the timeout for the sevice check or the no. of retrays? Catalin -- AkerBraila SA e-mail server This message was scanned for spam and viruses by BitDefender For more information please visit http://linux.bitdefender.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] What version? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
On 9/19/06, Catalin Epure [EMAIL PROTECTED] wrote: v.1 R.C.2 Catalin Please upgrade to http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ and see if this solves the problems. Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancer status screen.
I have 2 Wan connections connected using load balancer. On the StatusLoad Balancer screen it shows both online, but the color around WAN 2 changes from green to yellow pretty often. Even when it is yellow, it is still up and still says online. My question is, what does the color mean, if anything? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: FW: [pfSense Support] load balancer
On 7/18/06, Tunge2 [EMAIL PROTECTED] wrote: The Lan interface rules are: TCP/UDP LAN net 22 (SSH) * * * SSH LAN * LAN net * * *Load Balance Default LAN - any Ive tryed to add rules to the WAN and OPT interfaces also but that didn't work. It is not only the 192.168.1.1 that doesn't work but 194.109.21.4 also doesn't work What version are you running? Also in System-Advanced, is NAT Reflection checked or unchecked? Also, do you allow SSH in to the firewall from the WAN? This sounds suspiciously like the NAT Reflection bug I fixed before RC1. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
FW: [pfSense Support] load balancer
It is not possible to build up any connection (except web traffic) evenwhen the WAN and OPT connection are connected to the Internet When i start for example the program Putty i get the message unable to open connection to 192.168.1.1 (i try edseveral different ip address) Network error connection refused. If i remove the load balance option from PFsense all traffic goes well (SSH, telnet) I don't get any messages in the log file -Oorspronkelijk bericht-Van: Bill Marquette [mailto: [EMAIL PROTECTED]]Verzonden: zaterdag 15 juli 2006 0:36Aan: support@pfsense.comOnderwerp: Re: [pfSense Support] load balancerFails in what way?You mean, when a WAN goes down you get disconnected (to be expected)?--BillOn 7/14/06, Tunge2 [EMAIL PROTECTED] wrote: hello, We installed the load balancer on our PFsense RELENG_1_SNAPSHOT-07-09-2006 machine. The load balance seams to work great at web traffic (if we shutdown the WAN connection, OPT takes it over nicely:) that's a fantastic function, keep up the great work) But if i try to build up any SSH or telnet connection, to internal or an external connection it fails. The log files are not showing any thing usesfull Greetings-To unsubscribe, e-mail: [EMAIL PROTECTED] For additionalcommands, e-mail: [EMAIL PROTECTED]
Re: FW: [pfSense Support] load balancer
I'll need to see your rules before too much more. For the SSH to 192.168.1.1, it sounds like you need a non-load balanced rule to handle that in front of your (guessing here) from LAN to world use load balancer rule. --Bill On 7/17/06, Tunge2 [EMAIL PROTECTED] wrote: It is not possible to build up any connection (except web traffic) even when the WAN and OPT connection are connected to the Internet When i start for example the program Putty i get the message unable to open connection to 192.168.1.1 (i try ed several different ip address) Network error connection refused. If i remove the load balance option from PFsense all traffic goes well (SSH, telnet) I don't get any messages in the log file -Oorspronkelijk bericht- Van: Bill Marquette [mailto: [EMAIL PROTECTED] Verzonden: zaterdag 15 juli 2006 0:36 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] load balancer Fails in what way? You mean, when a WAN goes down you get disconnected (to be expected)? --Bill On 7/14/06, Tunge2 [EMAIL PROTECTED] wrote: hello, We installed the load balancer on our PFsense RELENG_1_SNAPSHOT-07-09-2006 machine. The load balance seams to work great at web traffic (if we shutdown the WAN connection, OPT takes it over nicely:) that's a fantastic function, keep up the great work) But if i try to build up any SSH or telnet connection, to internal or an external connection it fails. The log files are not showing any thing uses full Greetings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancer
hello, We installed the load balancer on our PFsense RELENG_1_SNAPSHOT-07-09-2006 machine. The load balance seams to work great at web traffic (if we shutdown the WAN connection, OPT takes it over nicely:) that's a fantastic function, keep up the great work) But if i try to build up any SSHor telnetconnection, to internal or an external connection it fails. The log files are not showing any thing uses full Greetings
Re: [pfSense Support] load balancer
Fails in what way? You mean, when a WAN goes down you get disconnected (to be expected)? --Bill On 7/14/06, Tunge2 [EMAIL PROTECTED] wrote: hello, We installed the load balancer on our PFsense RELENG_1_SNAPSHOT-07-09-2006 machine. The load balance seams to work great at web traffic (if we shutdown the WAN connection, OPT takes it over nicely:) that's a fantastic function, keep up the great work) But if i try to build up any SSH or telnet connection, to internal or an external connection it fails. The log files are not showing any thing uses full Greetings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancer
I have just upgrade from 73.12 to 77 on soekris 4801 Is load balancer for outbound connection too? The bug of ssh not restarting after a configuration restore is still here. regards Rodolfo - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancer
Just looking for a quick blah on how the incoming load balancer should work
Re: [pfSense Support] load balancer
You won't find one until that work is complete. How it should work is not how it currently works - it's a functioning work in progress. --Bill On 8/8/05, alan walters [EMAIL PROTECTED] wrote: Just looking for a quick blah on how the incoming load balancer should work - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
