[pfSense Support] Call for Papers AsiaBSDCon 2008
Hi, http://2008.asiabsdcon.org/ Thank you so much Kind Regards Siju - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Asterisk and PfSense
Hi, I have an asterisk server that is working mostly with SIP clients behind NAT. I'd like to put this asterisk server behind the PfSense to benefit from QoS and added security, packages, etc. However, I just tested and I can't make it work with more than 2 clients at the time (using 1-to-1 NAT). I've tried disabling static port. I've also tried to also disable scrubbing. I've tried setting the firewall setting to 'conservative'. The problem I'm getting is that once a second SIP client registers, it kind of kicks out the first one and so on. I've tried it without NAT, but I didn't really know how to do it, so I just gave the linux (asterisk) server the public IP address I wanted and made appropriate firewall rules. I couldn't connect using ssh, so I stopped fiddling around and wrote this message. What is recommended in my situation? Regards, Ugo Bellavance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing for internal and external servers
You won't be able to test load balancing of virtual servers from inside your network. It's a pf thing and unlikely to ever get resolved. --Bill On 10/9/07, Paul M <[EMAIL PROTECTED]> wrote: > Thanks for reading this. > > pair of pfsense firewalls with > * external carp IP 1.2.3.4 > * internal carp IP 192.168.0.1 with each machine on .2 and .3 > > the bit that works: > we have a couple of web servers, and I created a pool, > and a virtual server which listens on external carp > IP, then added the rule permitting traffic. > > works just fine, I can see the web servers from > outside world > > the bit that doesn't > wanting to test the load balanced pool from inside, > I created a virtual server listening on the internal > 192.168 address, no rules were required because > internal (LAN) traffic is 100% permitted. > > Using tcpdump I see the tcp connection coming from desktop:highport to > 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to > webserver:80 which completes, but no traffic goes back to desktop! > > nothing in the firewall logs indicates dropped traffic! > > any clues gratefully received. > > thanks > Paul > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Spoofing/faking another NAT IP?
I recently switched most of my infrastructure over to a new LAN. I have two pfSense boxes, because I couldn't get Multi-WAN to work the way I needed it to (but that's another story). With the IPSEC tunnels now terminating at a 172.16 network and the server they need to connect to being on that new network, is there any way I can get pfSense to "fake" the old 10.0 network or host IP and respond to it? I have tried various NAT settings, proxy arp, Virtual IPs but I have a feeling I am getting something wrong. Is this even possible? Thanks, Gabe
Re: [pfSense Support] Load Balancer + Failover
Can you confirm that the load balancer config sync'd over to the secondary? Also, assuming it did, can you do a 'ps -ax |grep slb' from the shell? I suspect it never started slbd after sync (as an interim workaround, you could try going to the load balancer page on the secondary and editing/saving the config). --Bill On 10/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi Bill, > > Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are > load balancing 443 and 80 TCP > > Lee > > On Tue, 9 Oct 2007 08:47:27 -0500, "Bill Marquette" <[EMAIL PROTECTED]> wrote: > > Inbound or outbound load balancing? > > > > --Bill > > > > On 10/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > >> > >> Hi There, > >> > >> Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and > > working, the two machines are syncing settings and the carp is working > > properly. However, if I reboot the primary firewall the secondary takes > > over pings, but the load balancing doesnt work again until the primary is > > back online. > >> > >> Everything seems to be ok, when the primary disappears, the ping drops 1 > > packet, then the secondary carries on and everything runs ok. The servers > > on the lan interface of the firewall can route out to the internet fine > > whilst running with only the secondary firewall. The only thing not to > > work is the load balancer. > >> > >> Anyone have any ideas? > >> > >> I have it wired as: > >> > >> INTERNET --> PIX 515 PAIR --> 2X CISCO 3550-EMI --> PFSENSE PAIR --> 2X > > CISCO 3550-EMI --> LAN > >> > >> Each of the pix/pfsense are connected to seperate switches, which are in > > turn linked together. > >> > >> Thanks in advance, > >> > >> Lee > >> > >> > >> - > >> To unsubscribe, e-mail: [EMAIL PROTECTED] > >> For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > > Message scanned for all known viruses by Mailsauce. Email protection > > solutions from E-Sauce. For more information please visit > > http://www.mailsauce.com > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Hi Bill, Sorry, inbound... we have 2x Web Servers behind the PFsense boxes so we are load balancing 443 and 80 TCP Lee On Tue, 9 Oct 2007 08:47:27 -0500, "Bill Marquette" <[EMAIL PROTECTED]> wrote: > Inbound or outbound load balancing? > > --Bill > > On 10/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: >> >> Hi There, >> >> Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and > working, the two machines are syncing settings and the carp is working > properly. However, if I reboot the primary firewall the secondary takes > over pings, but the load balancing doesnt work again until the primary is > back online. >> >> Everything seems to be ok, when the primary disappears, the ping drops 1 > packet, then the secondary carries on and everything runs ok. The servers > on the lan interface of the firewall can route out to the internet fine > whilst running with only the secondary firewall. The only thing not to > work is the load balancer. >> >> Anyone have any ideas? >> >> I have it wired as: >> >> INTERNET --> PIX 515 PAIR --> 2X CISCO 3550-EMI --> PFSENSE PAIR --> 2X > CISCO 3550-EMI --> LAN >> >> Each of the pix/pfsense are connected to seperate switches, which are in > turn linked together. >> >> Thanks in advance, >> >> Lee >> >> >> - >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > -- > Message scanned for all known viruses by Mailsauce. Email protection > solutions from E-Sauce. For more information please visit > http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Help setting up 1:1 NAT
I thought I had NAT set up properly, but when I went to plug it in the things that needed to access the network couldn't. Are there some detailed step by step tutorials around that might can assist me in setting up 1:1. Current Setup External: 206.63.66.0/27 Internal: 10.20.10.0/21 I need to have 206.63.66.195 -> 10.20.10.14 smtp I am overlooking something, I just do not know what. I've done what I thought was logical 1. Created a virtual ip 206.63.66.195 2. Added 1:1 - WAN 206.63.66.195/32 -> 10.20.10.14/32 3. Created rule to allow smtp to 206.63.66.195 I also tried a port forward with no success. Thanks for assistance. Russ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] RE: Help setting up 1:1 NAT
Oh yeah, one more item WAN: 206.63.66.94 LAN: 10.20.10.1 -Original Message- From: Russ Bennett Sent: Tuesday, October 09, 2007 11:53 AM To: support@pfsense.com Subject: Help setting up 1:1 NAT I thought I had NAT set up properly, but when I went to plug it in the things that needed to access the network couldn't. Are there some detailed step by step tutorials around that might can assist me in setting up 1:1. Current Setup External: 206.63.66.0/27 Internal: 10.20.10.0/21 I need to have 206.63.66.195 -> 10.20.10.14 smtp I am overlooking something, I just do not know what. I've done what I thought was logical 1. Created a virtual ip 206.63.66.195 2. Added 1:1 - WAN 206.63.66.195/32 -> 10.20.10.14/32 3. Created rule to allow smtp to 206.63.66.195 I also tried a port forward with no success. Thanks for assistance. Russ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing for internal and external servers
Paul M wrote: > Thanks for reading this. > > pair of pfsense firewalls with > * external carp IP 1.2.3.4 > * internal carp IP 192.168.0.1 with each machine on .2 and .3 > > the bit that works: > we have a couple of web servers, and I created a pool, > and a virtual server which listens on external carp > IP, then added the rule permitting traffic. > > works just fine, I can see the web servers from > outside world > > the bit that doesn't > wanting to test the load balanced pool from inside, > I created a virtual server listening on the internal > 192.168 address, no rules were required because > internal (LAN) traffic is 100% permitted. > > Using tcpdump I see the tcp connection coming from desktop:highport to > 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to > webserver:80 which completes, but no traffic goes back to desktop! > > nothing in the firewall logs indicates dropped traffic! > > any clues gratefully received. p.s. I do have the "Bypass firewall rules for traffic on the same interface" option ticked in system-advanced settings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancing for internal and external servers
Thanks for reading this. pair of pfsense firewalls with * external carp IP 1.2.3.4 * internal carp IP 192.168.0.1 with each machine on .2 and .3 the bit that works: we have a couple of web servers, and I created a pool, and a virtual server which listens on external carp IP, then added the rule permitting traffic. works just fine, I can see the web servers from outside world the bit that doesn't wanting to test the load balanced pool from inside, I created a virtual server listening on the internal 192.168 address, no rules were required because internal (LAN) traffic is 100% permitted. Using tcpdump I see the tcp connection coming from desktop:highport to 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to webserver:80 which completes, but no traffic goes back to desktop! nothing in the firewall logs indicates dropped traffic! any clues gratefully received. thanks Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancer + Failover
Inbound or outbound load balancing? --Bill On 10/9/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Hi There, > > Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working, > the two machines are syncing settings and the carp is working properly. > However, if I reboot the primary firewall the secondary takes over pings, but > the load balancing doesnt work again until the primary is back online. > > Everything seems to be ok, when the primary disappears, the ping drops 1 > packet, then the secondary carries on and everything runs ok. The servers on > the lan interface of the firewall can route out to the internet fine whilst > running with only the secondary firewall. The only thing not to work is the > load balancer. > > Anyone have any ideas? > > I have it wired as: > > INTERNET --> PIX 515 PAIR --> 2X CISCO 3550-EMI --> PFSENSE PAIR --> 2X > CISCO 3550-EMI --> LAN > > Each of the pix/pfsense are connected to seperate switches, which are in turn > linked together. > > Thanks in advance, > > Lee > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancer + Failover
Hi There, Im using 1.2 RC2 on Intel boxes. I have the load balancer setup and working, the two machines are syncing settings and the carp is working properly. However, if I reboot the primary firewall the secondary takes over pings, but the load balancing doesnt work again until the primary is back online. Everything seems to be ok, when the primary disappears, the ping drops 1 packet, then the secondary carries on and everything runs ok. The servers on the lan interface of the firewall can route out to the internet fine whilst running with only the secondary firewall. The only thing not to work is the load balancer. Anyone have any ideas? I have it wired as: INTERNET --> PIX 515 PAIR --> 2X CISCO 3550-EMI --> PFSENSE PAIR --> 2X CISCO 3550-EMI --> LAN Each of the pix/pfsense are connected to seperate switches, which are in turn linked together. Thanks in advance, Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]