[pfSense Support] Load Balancer
Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin
AW: [pfSense Support] Load Balancer
Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer
Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] Load Balancer
1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer
Hi Holger, we built it on 31st Jan 2007. Has there been significant change since then? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:42 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer 1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer
new snapshots come out at least once a week and sometimes sooner. each one has bug fixes and enhancements in it. I usually upgrade everytime a new snapshot comes out. -Sean From: [EMAIL PROTECTED] To: support@pfsense.com Date: Fri, 9 Mar 2007 22:19:23 +0800 Subject: RE: [pfSense Support] Load Balancer Hi Holger, we built it on 31st Jan 2007. Has there been significant change since then? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:42 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer 1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Connect to the next generation of MSN Messenger http://imagine-msn.com/messenger/launch80/default.aspx?locale=en-ussource=wlmailtagline
AW: [pfSense Support] Load Balancer
For sure. I remember that there has been a rule issue with pings that also resulted in wan quality rrd graph showing constant packetloss which was fixed and your problem seems to be similiar. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 15:19 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, we built it on 31st Jan 2007. Has there been significant change since then? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:42 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer 1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't connect to PPTP with dialup
Luca Lucchesi wrote: I setted up the PPTP server on a pfSense system. The clients can connect to it from Windows XP with a natted ADSL Internet connection, but if I try with a dialup connection I get a 619 error. 619 is typically caused by blocking or NAT breakage of GRE. If you try a different dial up provider does it work? If you try a different PPTP connection on the same dial up provider does it work? My first guess is the dial up ISP is doing something to cause it to not work (either intentionally or inadvertently). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Installing pfflowd
There are instructions on how to remount the flash drive into RW mode in the FAQ. http://faq.pfsense.org/index.php?action=artikelcat=11id=171artlang=en There's the rope, I hope it is enough. pfflowd shouldn't be writing when in use, so this should be safe to use. Remount to RW mode, install pfflowd, then remount to RO mode and run. But I'm no expert. I think the searching in the FAQ might be broken, it wasn't working for me. Can anyone confirm. Josh Karl von Muller wrote: Thanks Holger. How can I get pfflowd on my WRAP then? Re-flash then manually put the package on? On 3/9/07, *Holger Bauer* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Embedded builds don't support packages (and we hide this option therefor from the menu and you shouldn't use it). The filesystem is mounted readonly to not let your cfcard wear out due to limited write cycle lifetime for embedded builds. This is normal and by design. Holger Von: Karl von Muller [mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 8. März 2007 14:56 An: support@pfsense.com mailto:support@pfsense.com Betreff: [pfSense Support] Installing pfflowd Hi all, Have just started using pfSense and its great :) Running 1.01 on a WRAP 1. Seems that because I'm using compact flash the filesystem is mounted read only. Not sure if this is the default or how it came (I purchased the WRAP from a company in Aus with CF card and image pre-installed), but it seems to be stopping me from installing any packages (see below). Is there any way to remount the filesystem RW or do I need to grab a new image? Thanks, Karl Error while trying to install - Installation of pfflowd FAILED! Downloading package configuration file... failed! Installation aborted. Installation halted. Warning: fopen(/usr/local/pkg/pfflowd.xml): failed to open stream: Read-only file system in /etc/inc/pkg- utils.inc on line 321 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pkg- utils.inc on line 370 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pkg-utils.inc on line 370 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pkg-utils.inc on line 370 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pkg-utils.inc on line 336 - To unsubscribe, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] -- Lake Agassiz Regional Library - Moorhead MN larl.org Josh Stompro | Office 218.233.3757 EXT-139 LARL Network Administrator | Cell 218.790.2110
Re: [pfSense Support] ESX + CARP solution found
Hi, This worked fine when I was using a switch with no VLAN configuration , but as soon as we defined VLANs on the switch, it seems that the PFSense machine has lost contact with all other machines, both virtual and physical. Are the VLANs defined at the switch level transparent to the virtual interfaces of the PFSENSE virtual machine? I mean I simply define 4 interfaces on my virtual machine (although I only have one physical interface) as if there were no VLANs. It should be VMWare who does the mapping between my virtual interfaces and my VLANs, right? At the VMWare level I've defined a virtual switch and the virtual networks with a VLAN tag, which is also used on the Cisco switch. Other virtual machines are working fine with the VLANs, but not my PFSENSE VMs... Any ideas? thanks Joe Scott Ullrich wrote: If you are trying to setup a CARP cluster using pfSense + ESX, please see the following VMWARE thread: http://www.vmware.com/community/thread.jspa?messageID=576885 In a nutshell, you need to enable promiscuous mode on each of the connected vswitch's. Hope this helps someone in the future, it just helped me!! Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Can't connect to PPTP with dialup
If you try a different dial up provider does it work? If I try a different dialup provider it doesn't work... If you try a different PPTP connection on the same dial up provider does it work? No, it doesn't work... My first guess is the dial up ISP is doing something to cause it to not work (either intentionally or inadvertently). I can't connect to any PPTP server with any dialup provider... :-( _ Ogni ricerca da questo sito, una donazione per i bambini rifugiati http://click4thecause.live.com/Search/Charity/Default.aspx?locale=it-it - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Dial Up Failover
Would that mean one could configure dialup failover? If so that would be really cool. Kind regards David - Original Message - From: Luca Lucchesi [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, March 09, 2007 9:08 AM Subject: [pfSense Support] Can't connect to PPTP with dialup Hi. I setted up the PPTP server on a pfSense system. The clients can connect to it from Windows XP with a natted ADSL Internet connection, but if I try with a dialup connection I get a 619 error. I tried so setup the MTU value to 576, but I was not be able to solve the problem. Could you help me, please? Thank you very much and goodbye! Luca. _ Telefona con Messenger...Le chiamate ai PC sono Gratis! http://get.live.com/messenger/features - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] Can't connect to PPTP with dialup
Looks like a client issue then. Do you run any so called mtu optimizers or webaccelerators on the client? Some hardcode a higher mtu if you tell them to optimize for dsl-lines for example. Holger -Ursprüngliche Nachricht- Von: Luca Lucchesi [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 20:43 An: support@pfsense.com Betreff: Re: [pfSense Support] Can't connect to PPTP with dialup If you try a different dial up provider does it work? If I try a different dialup provider it doesn't work... If you try a different PPTP connection on the same dial up provider does it work? No, it doesn't work... My first guess is the dial up ISP is doing something to cause it to not work (either intentionally or inadvertently). I can't connect to any PPTP server with any dialup provider... :-( _ Ogni ricerca da questo sito, una donazione per i bambini rifugiati http://click4thecause.live.com/Search/Charity/Default.aspx?locale=it-it - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: [pfSense Support] Dial Up Failover
No, this is something completely different. We don't support any kind of dialup connections. Only ethernet type interfaces are supported. Holger -Ursprüngliche Nachricht- Von: Tortise [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 20:43 An: support@pfsense.com Betreff: [pfSense Support] Dial Up Failover Would that mean one could configure dialup failover? If so that would be really cool. Kind regards David - Original Message - From: Luca Lucchesi [EMAIL PROTECTED] To: support@pfsense.com Sent: Friday, March 09, 2007 9:08 AM Subject: [pfSense Support] Can't connect to PPTP with dialup Hi. I setted up the PPTP server on a pfSense system. The clients can connect to it from Windows XP with a natted ADSL Internet connection, but if I try with a dialup connection I get a 619 error. I tried so setup the MTU value to 576, but I was not be able to solve the problem. Could you help me, please? Thank you very much and goodbye! Luca. _ Telefona con Messenger...Le chiamate ai PC sono Gratis! http://get.live.com/messenger/features - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancer
Ok, Thanks Holger -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 10:44 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer For sure. I remember that there has been a rule issue with pings that also resulted in wan quality rrd graph showing constant packetloss which was fixed and your problem seems to be similiar. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 15:19 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, we built it on 31st Jan 2007. Has there been significant change since then? -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:42 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer 1. What Version of pfSense are you running? If it's not a recent snapshot please upgrade. 2. Yes, that is correct. Holger -Ursprüngliche Nachricht- Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 12:36 An: support@pfsense.com Betreff: RE: [pfSense Support] Load Balancer Hi Holger, 1. I take back my words. WAN interface fires icmp poll too, but strange that the icmp poll fired by OPT1 is found in the states table but not for the one fired by the WAN interface. I found this on a reject log in firewall log. I configured the firewall rule for WAN interface to accept echo reply and it functions now. It is strange that the OPT1 interface did not reject the echo reply though. 2. To make sure again, as long as the firewall rules make use of one of the 3 pools (instead of all 3 pools), everything will be ok? Regards, Kelvin -Original Message- From: Holger Bauer [mailto:[EMAIL PROTECTED] Sent: Friday, March 09, 2007 7:25 PM To: support@pfsense.com Subject: AW: [pfSense Support] Load Balancer Regarding 1: we'll check this Regarding 2: Yes, you are right. You typicall want to even create 3 pools for this: one loadbalanced (WAN+OPT1), one failover WAN to OPT1 and one failover OPT1 to WAN. Then just create firewallrules to make use of either of the pools. This way you can have services that run on both or prefer the one or other connection. Holger Von: Kelvin Chiang [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 9. März 2007 11:36 An: support@pfsense.com Betreff: [pfSense Support] Load Balancer Hi, I have some questions concerning Load Balancer and Failover, hope that someone can help. 1. I have configured the load balancer for 2 physical interfaces (WAN OPT1). I monitor the states table and realized that the icmp packets for monitoring purpose were fired only from the OPT1 interface, none from the WAN interface. Is this what it is supposed to do? Logically, to monitor whether each interface is online or offline, the icmp should be fired from each interface respectively. 2. If I want the WAN and OPT1 interface to function both for load balancing as well as failover, do I create 2 gateway pool, one with Load Balancing behaviour and other with Fail Over behaviour? Regards, Kelvin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Installing pfflowd
Thanks Josh, doesnt seem to be enough though. It seems to remount itself RO as soon as i try to write to it. # mount -o rw -u / # mount /dev/ufs/pfSense on / (ufs, local) devfs on /dev (devfs, local) /dev/md0 on /tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/pfSenseCfg on /cf (ufs, local, read-only) devfs on /var/dhcpd/dev (devfs, local) /dev/md2 on /var/db/rrd (ufs, local, soft-updates) # tail -n 2 system.log Mar 10 12:56:01 mjolnir php: /pkg_mgr_install.php: Beginning package installation for pfflowd. CLOG?|?# # # mount /dev/ufs/pfSense on / (ufs, local, read-only) devfs on /dev (devfs, local) /dev/md0 on /tmp (ufs, local) /dev/md1 on /var (ufs, local) /dev/ufs/pfSenseCfg on /cf (ufs, local, read-only) devfs on /var/dhcpd/dev (devfs, local) /dev/md2 on /var/db/rrd (ufs, local, soft-updates) # On 3/10/07, Josh Stompro [EMAIL PROTECTED] wrote: There are instructions on how to remount the flash drive into RW mode in the FAQ. http://faq.pfsense.org/index.php?action=artikelcat=11id=171artlang=en There's the rope, I hope it is enough. pfflowd shouldn't be writing when in use, so this should be safe to use. Remount to RW mode, install pfflowd, then remount to RO mode and run. But I'm no expert. I think the searching in the FAQ might be broken, it wasn't working for me. Can anyone confirm. Josh Karl von Muller wrote: Thanks Holger. How can I get pfflowd on my WRAP then? Re-flash then manually put the package on? On 3/9/07, Holger Bauer [EMAIL PROTECTED] wrote: Embedded builds don't support packages (and we hide this option therefor from the menu and you shouldn't use it). The filesystem is mounted readonly to not let your cfcard wear out due to limited write cycle lifetime for embedded builds. This is normal and by design. Holger Von: Karl von Muller [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 8. März 2007 14:56 An: support@pfsense.com Betreff: [pfSense Support] Installing pfflowd Hi all, Have just started using pfSense and its great :) Running 1.01 on a WRAP 1. Seems that because I'm using compact flash the filesystem is mounted read only. Not sure if this is the default or how it came (I purchased the WRAP from a company in Aus with CF card and image pre-installed), but it seems to be stopping me from installing any packages (see below). Is there any way to remount the filesystem RW or do I need to grab a new image? Thanks, Karl Error while trying to install - Installation of pfflowd FAILED! Downloading package configuration file... failed! Installation aborted. Installation halted. Warning: fopen(/usr/local/pkg/pfflowd.xml): failed to open stream: Read-only file system in /etc/inc/pkg- utils.inc on line 321 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pkg- utils.inc on line 370 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pkg-utils.inc on line 370 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pkg- utils.inc on line 370 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pkg-utils.inc on line 336 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Lake Agassiz Regional Library - Moorhead MN larl.org Josh Stompro | Office 218.233.3757 EXT-139 LARL Network Administrator | Cell 218.790.2110
[pfSense Support] AW: Linux-NFS via pfSense 1.0.1
Hi All I have pfsense 1.0.1 running on wrap. I have troubles passing Linux-NFS from/to LAN/WLAN. Somehow Linux sets Don't Fragment and additional Fragments. pfsense is dropping such packets... I have found in advance settings a checkbox for a workaround that pfsense is clearing the DF-flag, but that didn't helped (it still drops the packets). Knows anybody more? Best Regards, Harzi
Re: [pfSense Support] AW: Linux-NFS via pfSense 1.0.1
On Sat, 10 Mar 2007, Daniel Harzenmoser wrote: Hi All I have pfsense 1.0.1 running on wrap. I have troubles passing Linux-NFS from/to LAN/WLAN. Somehow Linux sets Don't Fragment and additional Fragments. pfsense is dropping such packets... I have found in advance settings a checkbox for a workaround that pfsense is clearing the DF-flag, but that didn't helped (it still drops the packets). Knows anybody more? I don't know how to get pfsense to do this, but the fix I found was to alter the scrub line in pf.conf to look like this: scrub in on $ext_if In other words, only do scrubbing on the dirty/outside interface. FWIW, I found that scrubbing pretty much made NFS between FBSD 6 boxes pretty weird as well... Charles Best Regards, Harzi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
