FW: [pfSense Support] load balancer
It is not possible to build up any connection (except web traffic) evenwhen the WAN and OPT connection are connected to the Internet When i start for example the program Putty i get the message unable to open connection to 192.168.1.1 (i try edseveral different ip address) Network error connection refused. If i remove the load balance option from PFsense all traffic goes well (SSH, telnet) I don't get any messages in the log file -Oorspronkelijk bericht-Van: Bill Marquette [mailto: [EMAIL PROTECTED]]Verzonden: zaterdag 15 juli 2006 0:36Aan: support@pfsense.comOnderwerp: Re: [pfSense Support] load balancerFails in what way?You mean, when a WAN goes down you get disconnected (to be expected)?--BillOn 7/14/06, Tunge2 [EMAIL PROTECTED] wrote: hello, We installed the load balancer on our PFsense RELENG_1_SNAPSHOT-07-09-2006 machine. The load balance seams to work great at web traffic (if we shutdown the WAN connection, OPT takes it over nicely:) that's a fantastic function, keep up the great work) But if i try to build up any SSH or telnet connection, to internal or an external connection it fails. The log files are not showing any thing usesfull Greetings-To unsubscribe, e-mail: [EMAIL PROTECTED] For additionalcommands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] CARP - battle of the firewalls
Title: RE: [pfSense Support] CARP - battle of the firewalls Hi - well this sounds interesting, though not very encouraging! The whole thing is set up on a test bench at the moment, and as it happens, we are using *different* types of switches on different interfaces. The LANs are using 24-port Netgears, and the WANs are using cheapo D-Link consumer switches temporarily. All but one are unmanaged, though I think we'll be using the managed ones in the production setup. This looks like a tricky one to diagnose - maybe it will all 'just work' in production? :-) -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED]] Sent: Fri 14/07/2006 12:00 To: support@pfsense.com Subject: RE: [pfSense Support] CARP - battle of the firewalls Check the switches you use at LAN. I think there were some strange errors reported previously with some specific switches where it looked like the keepalive broadcasts were lost somewhere and the backup machine didn't see the master anymore. Are the switches used at WAN and LAN the same model and vendor? Holger
Re: FW: [pfSense Support] load balancer
I'll need to see your rules before too much more. For the SSH to 192.168.1.1, it sounds like you need a non-load balanced rule to handle that in front of your (guessing here) from LAN to world use load balancer rule. --Bill On 7/17/06, Tunge2 [EMAIL PROTECTED] wrote: It is not possible to build up any connection (except web traffic) even when the WAN and OPT connection are connected to the Internet When i start for example the program Putty i get the message unable to open connection to 192.168.1.1 (i try ed several different ip address) Network error connection refused. If i remove the load balance option from PFsense all traffic goes well (SSH, telnet) I don't get any messages in the log file -Oorspronkelijk bericht- Van: Bill Marquette [mailto: [EMAIL PROTECTED] Verzonden: zaterdag 15 juli 2006 0:36 Aan: support@pfsense.com Onderwerp: Re: [pfSense Support] load balancer Fails in what way? You mean, when a WAN goes down you get disconnected (to be expected)? --Bill On 7/14/06, Tunge2 [EMAIL PROTECTED] wrote: hello, We installed the load balancer on our PFsense RELENG_1_SNAPSHOT-07-09-2006 machine. The load balance seams to work great at web traffic (if we shutdown the WAN connection, OPT takes it over nicely:) that's a fantastic function, keep up the great work) But if i try to build up any SSH or telnet connection, to internal or an external connection it fails. The log files are not showing any thing uses full Greetings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] CARP - battle of the firewalls
On 7/17/06, Alastair Stevens [EMAIL PROTECTED] wrote: Hi - well this sounds interesting, though not very encouraging! The whole thing is set up on a test bench at the moment, and as it happens, we are using *different* types of switches on different interfaces. The LANs are using 24-port Netgears, and the WANs are using cheapo D-Link consumer switches temporarily. All but one are unmanaged, though I think we'll be using the managed ones in the production setup. This looks like a tricky one to diagnose - maybe it will all 'just work' in production? :-) CARP is a multicast protocol and uses a multicast MAC address. The cheap switches _should_ handle it fine, with that said, I've only run it on high end Cisco's, Nortels, a netgear (consumer grade) and whatever is built into my cable modem and when I had it dsl modem. One the Ciscos and Nortels, I've certainly run it 'cross switch where each firewall interface was on a different interface, it works (be careful with the Nortels, we ran into code bugs with them). Not sure what more I can suggest, it sounds like you've got a pretty basic setup and it's still not working properly :-/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Question on multiple subnets, one WAN interface
Hello, I was wondering if anyone knows how well this will work: Currently have a /28 on my WAN, and want to add another subnet, or subnets, and these new subnets might not be a /29, maybe a /24, or /25, not sure. The provider has told me they statically will route the new subnets to me (im running VRRP and STP to the carrier behind all of this), and they said I would have 2 gateways, one for current subnet, and one for the new one. I would just add these ips as CARP and everything should function as normal, and then somehow add a static route im guessing? Any help would be great! Brad - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] ClamAV 1.0RC1
I have tried RC1 on a few different machines and ClamAV says it installs succsefully but doesnt appear to start. Same with FreshClam. However, ClamSMTP does install and start and appears to work. Any Ideas? What Im really trying to get going is havp.It gives this once I try to install: Downloading package configuration file... done.Saving updated package information... done.Downloading havp and its dependencies... done.Checking for successful package installation... failed! Installation aborted. I suppose this is becuase ClamAV is broken in my setup? I have tried finding any logs pertaining to the ClamAV install in the console but cant seem to find much. Thanks in advamce. Tim
Re: [pfSense Support] USB Cdrom install is not working
Scott, how do you do a hard drive install on an FX5620? I am a little stumped since USB cdrom's don't work and the system only has one IDE header? Do I have to install with a 2nd system and then move the hard drive over? Thanks Josh Scott Ullrich wrote: Well, I always have to do this... Its part of maintaing a system. Lots of things are a PITA, this is computers. Welcome. On 3/23/06, Roy Walker [EMAIL PROTECTED] wrote: For units like the Lex Light system or the little firewall unit you were talking about on http://pfsense.blogspot.com/ the USB CDrom is a much easier route then having to crack the unit open and plug in a IDE cdrom since you have to power the cdrom off another system's power supply. Really is a pain in the A$$. Roy -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 23, 2006 11:12 AM To: support@pfsense.com Subject: Re: [pfSense Support] USB Cdrom install is not working In addition, I am pretty sure option 7 will whipe out what we do to make the keyboards work We worked around this option. On 3/23/06, Holger Bauer [EMAIL PROTECTED] wrote: unplug the keyboard and replug it when asked to assign vlans. it's hot swappable. Holger -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 23, 2006 6:04 PM To: support@pfsense.com Subject: Re: [pfSense Support] USB Cdrom install is not working You do not need to enable the keyboard. We do this automatically with the new keyboard mux code. Don't know about the USB CDROM... Use a real one. On 3/23/06, Roy Walker [EMAIL PROTECTED] wrote: Installing from a USB Cdrom is not working. This was fixed once before, but tried it yesterday with Beta2 ISO and no go. Also if you boot off an IDE cdrom and select option 7 to enable USB keyboard support, the keyboard was detected, but it did not work. Roy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Virus checked by G DATA AntiVirusKit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Can we do Source NAT'ing?
Hi, Quick question, is it possible to do SNAT somehow that I'm just not thinking of? IE, 192.168.100.122 VIP on the WAN - 10.20.100.1 (Interface IP of LAN), so when connections are made to other hosts in the LAN network, it's coming from 10.20.100.1 (instead of whatever it happens to be out on the WAN interface). -Kyle - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can we do Source NAT'ing?
On pfSense its called 1:1 NAT and it works swimmingly. Kyle Mott wrote: Hi, Quick question, is it possible to do SNAT somehow that I'm just not thinking of? IE, 192.168.100.122 VIP on the WAN - 10.20.100.1 (Interface IP of LAN), so when connections are made to other hosts in the LAN network, it's coming from 10.20.100.1 (instead of whatever it happens to be out on the WAN interface). -Kyle - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can we do Source NAT'ing?
I tried that, but it doesn't seem to work. I used the following 1:1 mapping: 192.168.100.122 - 10.20.100.122 And added a rule to allow any from WAN - 10.20.100.122, any protocol. Still can't get to it, : -Kyle Gary Buckmaster wrote: On pfSense its called 1:1 NAT and it works swimmingly. Kyle Mott wrote: Hi, Quick question, is it possible to do SNAT somehow that I'm just not thinking of? IE, 192.168.100.122 VIP on the WAN - 10.20.100.1 (Interface IP of LAN), so when connections are made to other hosts in the LAN network, it's coming from 10.20.100.1 (instead of whatever it happens to be out on the WAN interface). -Kyle - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can we do Source NAT'ing?
That's because you aren't following the instructions. Please consult the documentation and pay careful attention to the part where you are required to set up a virtual IP address on your WAN interface. Kyle Mott wrote: I tried that, but it doesn't seem to work. I used the following 1:1 mapping: 192.168.100.122 - 10.20.100.122 And added a rule to allow any from WAN - 10.20.100.122, any protocol. Still can't get to it, : -Kyle Gary Buckmaster wrote: On pfSense its called 1:1 NAT and it works swimmingly. Kyle Mott wrote: Hi, Quick question, is it possible to do SNAT somehow that I'm just not thinking of? IE, 192.168.100.122 VIP on the WAN - 10.20.100.1 (Interface IP of LAN), so when connections are made to other hosts in the LAN network, it's coming from 10.20.100.1 (instead of whatever it happens to be out on the WAN interface). -Kyle - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can we do Source NAT'ing?
Yup, I've got a Proxy ARP VIP, and it's still not working. I can see the traffic coming in to the host as the external Client IP still: 14:57:21.842937 192.168.55.28.2801 10.20.100.122.8443: S [tcp sum ok] This is what I followed, but it still doesn't seem to be working : http://forum.pfsense.org/index.php/topic,1224.msg7214.html#msg7214 -Kyle Gary Buckmaster wrote: That's because you aren't following the instructions. Please consult the documentation and pay careful attention to the part where you are required to set up a virtual IP address on your WAN interface. Kyle Mott wrote: I tried that, but it doesn't seem to work. I used the following 1:1 mapping: 192.168.100.122 - 10.20.100.122 And added a rule to allow any from WAN - 10.20.100.122, any protocol. Still can't get to it, : -Kyle Gary Buckmaster wrote: On pfSense its called 1:1 NAT and it works swimmingly. Kyle Mott wrote: Hi, Quick question, is it possible to do SNAT somehow that I'm just not thinking of? IE, 192.168.100.122 VIP on the WAN - 10.20.100.1 (Interface IP of LAN), so when connections are made to other hosts in the LAN network, it's coming from 10.20.100.1 (instead of whatever it happens to be out on the WAN interface). -Kyle - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] USB Cdrom install is not working
Holger Bauer wrote: Not sure as I unfortunately haven't seen such a system yet. I have a couple, but no USB CD-ROM drives. :/ Last I checked, they cost way more than I'd be willing to spend on one. USB CD-ROM's don't work because none of the devs have any appropriate equipment to test with. Not that there would then be any guarantee that it could be fixed, but there would be a much better chance if we actually had the hardware (or if somebody with the hardware available would dig into it themselves and report back any findings). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] USB Cdrom install is not working
We did not have any problems installing earlier, version 0.86/0.88. I will try to do the installation with the rc1 one later tonight with USB CDROM. Bao On Mon, Jul 17, 2006 at 06:23:42PM -0400, Chris Buechler wrote: Holger Bauer wrote: Not sure as I unfortunately haven't seen such a system yet. I have a couple, but no USB CD-ROM drives. :/ Last I checked, they cost way more than I'd be willing to spend on one. USB CD-ROM's don't work because none of the devs have any appropriate equipment to test with. Not that there would then be any guarantee that it could be fixed, but there would be a much better chance if we actually had the hardware (or if somebody with the hardware available would dig into it themselves and report back any findings). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Best Regards. Bao C. Ha Hacom OpenBrick Distributor USA http://www.hacom.net voice: (714) 530-8817 fax: (714) 530-8818 8D66 6672 7A9B 6879 85CD 42E0 9F6C 7908 ED95 6B38 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] USB Cdrom install is not working
On Mon, 17 Jul 2006, Chris Buechler wrote: I have a couple, but no USB CD-ROM drives. :/ Last I checked, they cost way more than I'd be willing to spend on one. Unless I'm confused, you can make any old CD-ROM a USB CD-ROM by purchasing a 5 1/4 case with a USB-IDE adapter. You can find them for under $40 on Newegg... Charles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]