Re: [pfSense Support] 1.0 RC2
It is my great pleasure to announce pfSense 1.0-RC2! Thanks Scott, it goes really well. Some small points: Something creates /root/.tcshrc (time stamp of about install time). This file contains one byte of white space, and its existance effectively disables /root/.cshrc, which has real content (tcsh reads either .tcshrc or .cshrc). System-Advanced mentions a firmware updates check under systems-firmware, however that check seems to have disappeared. Remove the comment? I didn't yet test, but does the shaper wizzard now check the correct interfaces for SQF(?) capability? There was no code change there. Regards, Volker -- Volker Kuhlmann is list0570 with the domain in header http://volker.dnsalias.net/ Please do not CC list postings to me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] OPENVPN Interface
Please use one of themost recent snapshots and retest: http://pfsense.com/~sullrich/1.0-SNAPSHOT-09-14-06/ Holger -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, September 18, 2006 5:55 AM To: support@pfsense.com Subject: [pfSense Support] OPENVPN Interface I am following the howto (http://doc.pfsense.org/index.php/Setting_up_OpenVPN_with_pfSe nse) and I do not have an openvpn interface (tun interface). Is this because I am also using the pptp vpn? or has this part changed in rc2? Thanks Jeb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] 1.0 RC2
On 9/18/06, Volker Kuhlmann [EMAIL PROTECTED] wrote: I didn't yet test, but does the shaper wizzard now check the correct interfaces for SQF(?) capability? There was no code change there. SQF? --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dynamic Rule
I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pfsense to netgear ipsec vpn
Hello, I'm a relative newbie to ipsec on pfsense. I'm trying to establish an ipsec vpn connection to a netgear FVS124G. I already have a connection going to a sonicwall and that runs fine. The configuration on the pfsense is remote ip address PSK = the key and they match Interface = WAN (and its my primary address) Local Subnet = LAN Subnet remote subnet = 192.168.1.0/24 remote gateway = remote ip address Description = Charlotte Corporate Phase 1 Negotiation mode = main My identifier = My IP address Encryption algorithm = 3DES Hash algorithm = SHA1 DH Key group = 2 (1024 bit) lifetime = 86400 Autentication Method = Pre-Shared Key Pre-Shared Key = my psk Phase 2 (SA/Key Exchange) Protocol = ESP Encryption Algorithms = 3DES Hash Algoritm = SHA1 PFS key group = 2 (1024 bit) Lifetime = 28800 On the Netgear IKE Policy General name = pwmtest Direction/Type = Both Directions Exchange Mode = Main Mode Local Select Local Gateway = Wan1 (69.whatever) Local Identity type WAN IP Address Remote Remote Host Configuration Record = None Remote Identity Type = WAN IP IKE SA Parameters Encryption Algorithm = 3DES Authentication Algorithm = SHA1 Authentication Method = Pre-shared Key my key Diffie-Hellman (DH) Group = Group 2 (1024 bit) SA Life Time = 28800 On the Netgear VPN Policy General Policy Name = pwmtest IKE Policy = pwmtest Remote VPN Endpoint Type = IP Address Remote VPN Endpoint IP Address = my ip address Traffic Selector Local IP = Subnet address Start IP address = 192.168.1.0 Finish IP Address = N/A Subnet Mask = 255.255.255.0 Remote IP = Subnet address Start IP Address = 10.0.0.0 Finnish IP Address = n/a Subnet Mask = 255.255.252.0 AH Conguration = unchecked ESP Configuration Enable Encryption = checked = 3DES Enable Authentication = checked = SHA-1 From the pfsense I get: (some lines wrapped) racoon: INFO: respond new phase 1 negotiation: local wan ip[500]=remote wan ip[500] racoon: ERROR: not acceptable Identity Protection mode racoon: ERROR: not acceptable Identity Protection mode Thanks in advance -- Curtis Maurand Senior Network Systems Engineer BlueTarp Financial, Inc. 443 Congress St. 6th Floor Portland, ME 04101 207.797.5900 x233 (office) 207.797.3833 (fax) mailto:[EMAIL PROTECTED] http://www.bluetarp.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
why don't you just setup an ssh tunnel and give him psuedo vpn via that? On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
This sounds like a better route. I wondered though, I know SSH access is setup internally, but I assume I must create a rule to allow access to it from the outside? Can I setup access from another port than 22 on the external interface or in the SSH config file? A little new here to setting these types of rules up. Thanks In Advance. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Rob Terhaar [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Mon, 18 Sep 2006 10:50:34 -0500 To: support@pfsense.com Subject: Re: [pfSense Support] Dynamic Rule why don't you just setup an ssh tunnel and give him psuedo vpn via that? On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- You could always try OpenVPN. I know of at least one person using pfSense using it with OSX. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
Thanks, I am going to go the SSH route first. I will have access to setup VPN in about 2 months. I just don't have the time currently, and this person's system is in California and I am not. I haven't setup the ssh tunnel before, so if anyone has any pointers. I want to make this as secure as possible on my end. He only has to get into our Filemaker server so limited remote access is where I will be going. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Bill Marquette [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Mon, 18 Sep 2006 11:40:02 -0500 To: support@pfsense.com Subject: Re: [pfSense Support] Dynamic Rule On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- You could always try OpenVPN. I know of at least one person using pfSense using it with OSX. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: Thanks, I am going to go the SSH route first. I will have access to setup VPN in about 2 months. I just don't have the time currently, and this person's system is in California and I am not. I haven't setup the ssh tunnel before, so if anyone has any pointers. I want to make this as secure as possible on my end. He only has to get into our Filemaker server so limited remote access is where I will be going. Hence the suggestion to use OpenVPN. It's a simple setup on the pfSense side and I don't think on the OSX side it get's much easier than using the OSX client at http://www.tunnelblick.net/ --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
PPTP has some issues with OS X 10.4 now, but OpenVPN works great on the Mac using the latest Tunnelblick client, 3.0 rc 3 (http://www.tunnelblick.net/). Nate On 9/18/06, Bill Marquette [EMAIL PROTECTED] wrote: On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: I have a user who sits outside of our Office network.I need to open up a port for them to access Filemaker Through.I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now.I don't really have time to get this setup.I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection.He travels frequently.What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson --You could always try OpenVPN.I know of at least one person usingpfSense using it with OSX.--Bill- To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Dynamic Rule
you can easily do an external port# to internal port# remap when you're setting up the port forwarding for the new SSH rule in pfsense. the process is fairly self explanatory. (i think?) On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: Thanks, I am going to go the SSH route first. I will have access to setup VPN in about 2 months. I just don't have the time currently, and this person's system is in California and I am not. I haven't setup the ssh tunnel before, so if anyone has any pointers. I want to make this as secure as possible on my end. He only has to get into our Filemaker server so limited remote access is where I will be going. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Bill Marquette [EMAIL PROTECTED] Reply-To: support@pfsense.com Date: Mon, 18 Sep 2006 11:40:02 -0500 To: support@pfsense.com Subject: Re: [pfSense Support] Dynamic Rule On 9/18/06, Heath Henderson [EMAIL PROTECTED] wrote: I have a user who sits outside of our Office network. I need to open up a port for them to access Filemaker Through. I want to eventually get a VPN setup, but he has a Mac and I am not certain of how well the VPN will work with X.4 right now. I don't really have time to get this setup. I thought I would see about opening the ports up for him. He is on a Dynamic DSL connection. He travels frequently. What is involved in setting up a script which can be run every minute which will check a dynDNS name and insert the correct IP # in to the rule I have setup for him to access this port through the firewall? I have this successfully working on a linux box with a hosts.allow script running and inserting the correct IP# so he can ssh into a server remotely. Thanks -- Heath Henderson -- You could always try OpenVPN. I know of at least one person using pfSense using it with OSX. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] pfsense to netgear ipsec vpn
Try to use aggressive mode on both ends. Also try to setup different identifiers (like combination of UFQDN and passkeyphrase. It looks to me that there is a problem with the identifier. Is one of the ends behind another NAT? Also what version are you running? Holger -Original Message- From: cmaurand [mailto:[EMAIL PROTECTED] Sent: Monday, September 18, 2006 5:28 PM To: support@pfsense.com Subject: [pfSense Support] pfsense to netgear ipsec vpn Hello, I'm a relative newbie to ipsec on pfsense. I'm trying to establish an ipsec vpn connection to a netgear FVS124G. I already have a connection going to a sonicwall and that runs fine. The configuration on the pfsense is remote ip address PSK = the key and they match Interface = WAN (and its my primary address) Local Subnet = LAN Subnet remote subnet = 192.168.1.0/24 remote gateway = remote ip address Description = Charlotte Corporate Phase 1 Negotiation mode = main My identifier = My IP address Encryption algorithm = 3DES Hash algorithm = SHA1 DH Key group = 2 (1024 bit) lifetime = 86400 Autentication Method = Pre-Shared Key Pre-Shared Key = my psk Phase 2 (SA/Key Exchange) Protocol = ESP Encryption Algorithms = 3DES Hash Algoritm = SHA1 PFS key group = 2 (1024 bit) Lifetime = 28800 On the Netgear IKE Policy General name = pwmtest Direction/Type = Both Directions Exchange Mode = Main Mode Local Select Local Gateway = Wan1 (69.whatever) Local Identity type WAN IP Address Remote Remote Host Configuration Record = None Remote Identity Type = WAN IP IKE SA Parameters Encryption Algorithm = 3DES Authentication Algorithm = SHA1 Authentication Method = Pre-shared Key my key Diffie-Hellman (DH) Group = Group 2 (1024 bit) SA Life Time = 28800 On the Netgear VPN Policy General Policy Name = pwmtest IKE Policy = pwmtest Remote VPN Endpoint Type = IP Address Remote VPN Endpoint IP Address = my ip address Traffic Selector Local IP = Subnet address Start IP address = 192.168.1.0 Finish IP Address = N/A Subnet Mask = 255.255.255.0 Remote IP = Subnet address Start IP Address = 10.0.0.0 Finnish IP Address = n/a Subnet Mask = 255.255.252.0 AH Conguration = unchecked ESP Configuration Enable Encryption = checked = 3DES Enable Authentication = checked = SHA-1 From the pfsense I get: (some lines wrapped) racoon: INFO: respond new phase 1 negotiation: local wan ip[500]=remote wan ip[500] racoon: ERROR: not acceptable Identity Protection mode racoon: ERROR: not acceptable Identity Protection mode Thanks in advance -- Curtis Maurand Senior Network Systems Engineer BlueTarp Financial, Inc. 443 Congress St. 6th Floor Portland, ME 04101 207.797.5900 x233 (office) 207.797.3833(fax) mailto:[EMAIL PROTECTED] http://www.bluetarp.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] pfsense to netgear ipsec vpn [solved]
This email will look best in a monospaced font. changed to aggressive mode on both ends. Pfsense is version 2.3 Changed the netgear identifiers to pwmtest for the ike policy and pwm-office for the vpn policy. I deleted the vpn policy and re-created it. So here are final settings. Netgear: VPN - Auto Policy General Policy Name pwm-office IKE policy pwmtest Remote VPN Endpoint Address Type: IP Address Address Data: ip address of pfsense firewall SA Life Time86400 (Seconds) 0 (Kbytes) IPSec PFS [checked] PFS Key Group: Group 2 (1024 Bit) Traffic Selector Local IPSubnet address Start IP address: 192.168.1.0 Finish IP address: n/a Subnet Mask: 255.255.255.0 Remote IP Subnet address Start IP address: 10.0.0.0 Finish IP address: n/a Subnet Mask 255.255.252.0 AH Configuration Enable Authentication [not checked] Authentication Algorithm: SHA-1 ESP Configuration Enable Encryption [checked] Encryption Algorithm: 3DES Enable Authentication [checked] Authentication Algorithm: SHA-1 IKE Policy Configuration General Policy Name pwmtest Direction/Type Both Directions Exchange Mode: Aggressive Local Select Local Gateway: Wan1 (this particular unit has two wann ports with failover.) Local Identity Type:WAN IP Address Remote Identity Data: blank (This info doesn't get entered here.) IKE SA Parameters Encryption Algorithm: 3DES Authentication Algorithm: SHA1 Authentication Method:Pre-Shared Key your preshared key goes here RSA Signature (requires Certificate) [unchecked] Diffie-Hellman Group Group 2 (1024 bit) SA Life Time: 28800 On the pfsense box: VPN:IPsec:Edit tunnel Mode: Tunnel Disabled: [unchecked] Interface:WAN Local Subnet: LAN subnet Remote Subnet:192.168.1.0/24 Remote GatewayWAN Address of the netgear router Description however you want to describe yours' Phase 1 Proposed (Authentication) Negotiation mode aggressive My identifier:IP Address my WAN ipaddress Encryption algorithm: 3DES Hash Algorithm: SHA1 DH Key Group: 2 Lifetime 28800 Authentication Method:Pre-shared key Pre-Shared Key: pre shared key goes here. Certificate blank Key blank Peer certificate blank Phase2 proposal (SA/Key Exchange) Protocol: ESP Encryption algorithms:3DES Hash algorithms: SHA1 PFS key group:2 Lifetime: 86400 I hope this helps anyone having trouble. Thanks for your help Holger. Curtis Holger Bauer wrote: Try to use aggressive mode on both ends. Also try to setup different identifiers (like combination of UFQDN and passkeyphrase. It looks to me that there is a problem with the identifier. Is one of the ends behind another NAT? Also what version are you running? Holger -Original Message- From: cmaurand [mailto:[EMAIL PROTECTED] Sent: Monday, September 18, 2006 5:28 PM To: support@pfsense.com Subject: [pfSense Support] pfsense to netgear ipsec vpn Hello, I'm a relative newbie to ipsec on pfsense. I'm trying to establish an ipsec vpn connection to a netgear FVS124G. I already have a connection going to a sonicwall and that runs fine. The configuration on the pfsense is remote ip address PSK = the key and they match Interface = WAN (and its my primary address) Local Subnet = LAN Subnet remote subnet = 192.168.1.0/24 remote gateway = remote ip address Description = Charlotte Corporate Phase 1 Negotiation mode = main My identifier = My IP address Encryption algorithm = 3DES Hash algorithm = SHA1 DH Key group = 2 (1024 bit) lifetime = 86400 Autentication Method = Pre-Shared Key Pre-Shared Key = my psk Phase 2 (SA/Key Exchange) Protocol = ESP Encryption Algorithms = 3DES Hash Algoritm = SHA1 PFS key group = 2 (1024 bit) Lifetime = 28800 On the Netgear IKE Policy General name = pwmtest Direction/Type = Both Directions Exchange Mode = Main Mode Local Select Local Gateway = Wan1 (69.whatever) Local Identity type WAN IP Address Remote Remote Host Configuration Record = None Remote Identity Type = WAN IP IKE SA Parameters Encryption Algorithm = 3DES Authentication Algorithm = SHA1 Authentication Method = Pre-shared Key my key Diffie-Hellman (DH) Group = Group 2 (1024 bit) SA Life Time = 28800 On the Netgear VPN Policy
[pfSense Support] Load balancer problem
I have settled the load balancer section to use 2 isp connections. For some reason the log looks like this: Sep 19 03:10:13 slbd[297]: Service Balancer changed status, reloading filter policy Sep 19 03:10:13 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 19 03:10:08 slbd[297]: Service Balancer changed status, reloading filter policy Sep 19 03:10:08 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 23:52:38 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:52:38 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 23:52:33 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:52:33 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 23:39:47 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:39:47 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 23:39:42 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:39:42 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 21:39:59 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:39:59 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 21:39:54 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:39:54 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 21:25:51 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:25:51 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 21:25:46 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:25:46 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 20:48:16 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:48:16 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 20:48:11 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:48:11 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 20:20:59 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:20:59 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 20:20:54 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:20:54 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 19:27:07 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 19:27:07 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP And so on... I don't know why one of the internet connections seems to be down to pfSenese. And belive me, is not. Is there any chance to increase the timeout for the sevice check or the no. of retrays? Catalin -- AkerBraila SA e-mail server This message was scanned for spam and viruses by BitDefender For more information please visit http://linux.bitdefender.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
On 9/19/06, Catalin Epure [EMAIL PROTECTED] wrote: I have settled the load balancer section to use 2 isp connections. For some reason the log looks like this: Sep 19 03:10:13 slbd[297]: Service Balancer changed status, reloading filter policy Sep 19 03:10:13 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 19 03:10:08 slbd[297]: Service Balancer changed status, reloading filter policy Sep 19 03:10:08 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 23:52:38 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:52:38 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 23:52:33 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:52:33 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 23:39:47 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:39:47 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 23:39:42 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 23:39:42 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 21:39:59 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:39:59 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 21:39:54 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:39:54 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 21:25:51 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:25:51 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 21:25:46 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 21:25:46 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 20:48:16 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:48:16 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 20:48:11 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:48:11 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 20:20:59 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:20:59 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP Sep 18 20:20:54 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 20:20:54 slbd[297]: ICMP poll failed for IP.IP.IP.IP, marking service DOWN Sep 18 19:27:07 slbd[297]: Service Balancer changed status, reloading filter policy Sep 18 19:27:07 slbd[297]: ICMP poll succeeded for IP.IP.IP.IP, marking service UP And so on... I don't know why one of the internet connections seems to be down to pfSenese. And belive me, is not. Is there any chance to increase the timeout for the sevice check or the no. of retrays? Catalin -- AkerBraila SA e-mail server This message was scanned for spam and viruses by BitDefender For more information please visit http://linux.bitdefender.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] What version? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancer problem
On 9/19/06, Catalin Epure [EMAIL PROTECTED] wrote: v.1 R.C.2 Catalin Please upgrade to http://www.pfsense.com/~sullrich/1.0-SNAPSHOT-09-18-06/ and see if this solves the problems. Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
