> Please double check the floating pass rule with 'sloppy state' is in place for the backend connection, > otherwise you might notice a similar 'break' in the traffic.
Ahhhhh! I only had that rule on the backend I made file uploads to. Added so the rule is for all backends and voila! Huge downloads work perfectly now too! Thank you, problem solved!!! > As for config files haproxy is started with a startup parameter which points to the configfile to load, > nothing strange about that.?. And yes changes in the gui will recreate the config files & certificate > folders and such after pressing 'apply' doesnt seem to strange to me.. It was just my ignorance that scared me from fiddling with it from the shell :-) Thanks again! /Magnus -----Original Message----- From: PiBa-NL [mailto:[email protected]] Sent: den 31 januari 2014 21:18 To: Magnus Thomé; [email protected] Cc: 'Willy Tarreau' Subject: Re: File downloads stall after 40 seconds. Changing timeout settings doesn't help Hi Magnus, Please double check the floating pass rule with 'sloppy state' is in place for the backend connection, otherwise you might notice a similar 'break' in the traffic. http://marc.info/?l=haproxy&m=139008554829345&w=2 , you can also check with tcpdump, what you might see is that the backend is still sending [P.] push-ack packets, but haproxy is nolonger allowed to send [.] ack packets.. This should also show in the firewall log. (if you have logging for defaultrules enabled) This floating rule will be automated in a pullrequest yet to be pulled: https://github.com/pfsense/pfsense-packages/pull/580 . Not sure why that hasn't been done yet.. The HAProxy included in pfSense package system is only compiled from the official FeeBSD ports, which follow the -dev releases. The snapshots which are available for every commit to the repository are are not supplied through the package system. Im not sure if Willy is issuing the dev22 anytime soon, which would then probably be available a few days later through the pfSense package system. A installed pfSense distribution itself does not have any compilers / make tools included so to compile a version of HAProxy yourself. So you must install FreeBSD 8.3 of the same architecture as your pfSense runs x86 / x64 into a virtualmachine. Then checkout ports and compile haproxy. Then download the snapshot from the haproxy repository, copy it to the machine and re-compile it again. (make sure that this filecopy isn't automatically un-done..). Then just copy the compiled haproxy binary from the FreeBSD system to pfSense replacing the original program after that it should work, at least for testing... (i have done that before.) As for config files haproxy is started with a startup parameter which points to the configfile to load, nothing strange about that.?. And yes changes in the gui will recreate the config files & certificate folders and such after pressing 'apply' doesnt seem to strange to me.. Greets PiBa-NL Magnus Thomé schreef op 31-1-2014 10:41: > Thank you for the feedback! > > > Right now that's the latest available (1.5-dev21) through the pfsense > package installer GUI. > > > I'm a bit weary to mix "package install through pfsense GUI" with > "manual install in shell from snapshot" since I have no insight in > do's and don'ts and possible implications. The GUI version of HAProxy > in pfsense seem to work a bit differently with where files are stored, > how the config file is used and overwritten and son on. > > > But if I possibly could get proper instructions and a "oh, that's not > a problem, I've done that before" I have no problem doing it :-) On > the other hand, maybe the needed newer build is coming to the pfsense > package installer soon, I could wait? > > > /Magnus > > > > > -----Original Message----- > From: Willy Tarreau [mailto:[email protected]] > Sent: den 31 januari 2014 10:29 > To: Magnus Thomé > Subject: Re: File downloads stall after 40 seconds. Changing timeout > settings doesn't help > > On Fri, Jan 31, 2014 at 10:12:54AM +0100, Magnus Thomé wrote: >> I updated the HAProxy package from within pfsense web GUI to >> 1.5-dev21 pkg v >> 0.6.1 > Don't you have a way to build the latest *snapshot* instead ? Two > issues are plaguing dev21 and were fixed after : > > 3ef5af3 BUG: Revert "OPTIM/MEDIUM: epoll: fuse active events into > polled ones during polling changes" > 8663105 BUG: Revert "OPTIM: poll: restore polling after a > poll/stop/want sequence" > > Willy > >
