[pfSense Support] Take my update ???

[drovalev]

Please  send me link, where we take my changes PFsense.


Drovalev Roman Nikolaevich.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Load Balancer + Failover

[Lee Hetherington]

Hi Bill,

Same here, I even have the same thing working on 1.1 PFsense for another 
customer.  Is there a way to down grade from 1.2 RC2 to 1.1?


Thanks,

Lee

Bill Marquette wrote:

Strange, other than the sticky address (which should be more a
nuisance than anything) not getting set on the secondary, I'm not
seeing anything obvious that would prevent the connection from
working.

The only other thing I can think to look at is whether the rulesets
(/tmp/rules.debug) are the same between the two machines (with
exception to a few subtle differences they should be).

You can try tcpdump'ing on the secondary and making sure the tcp
traffic is making it to the external interface.  If it is, check the
inside and see what's actually getting passed through.  Lastly, double
check the firewall logs, you might be seeing blocks for some reason.

FWIW, I have similar setups working just fine (minus pfsense as the
frontend), so this is likely a pfsense bug or a config issue of some
sort.

--Bill

On 10/10/07, Lee Hetherington [EMAIL PROTECTED] wrote:
  

Hi Bill,

All is carp, when the primary is off, I can ping the address still.

Primary:

# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin sticky-address
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin sticky-address

Secondary:

# pfctl -sn -aslb
rdr inet proto tcp from any to 10.2.48.1 port = smtp - { 10.5.49.1,
10.5.49.2 } port 25 round-robin
rdr inet proto tcp from any to 10.2.48.1 port = http - { 10.5.49.1,
10.5.49.2 } port 80 round-robin

Thanks,

Lee

Bill Marquette wrote:


Hmm, what does the output of pfctl -sn -aslb look like on both
boxes?  The other obvious question is, are the virtual addresses that
front end your load balance pool CARP addresses?  If they aren't, then
the secondary won't take them over on failover regardless of the load
balance config.

--Bill

On 10/10/07, Lee Hetherington [EMAIL PROTECTED] wrote:

  

Hi Bill,

The config was sync'd ok, I can see it on both boxes.  Below is a ps -ax
from the secondary machine:

# ps -ax |grep slb
60083  ??  Ss 0:00.51 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000
65097  p0  RV 0:00.00 grep slb (tcsh)

Looks to me like its running?  I tried editing the config and saving it
like you suggest, and the ps -ax was then:

# ps -ax | grep slb
65407  ??  Ss 0:00.00 /usr/local/sbin/slbd -c/var/etc/slbd.conf -r5000

Still nothing however when I reboot the primary...

Lee

Bill Marquette wrote:



Can you confirm that the load balancer config sync'd over to the
secondary?  Also, assuming it did, can you do a 'ps -ax |grep slb'
from the shell?  I suspect it never started slbd after sync (as an
interim workaround, you could try going to the load balancer page on
the secondary and editing/saving the config).

--Bill

On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:


  

Hi Bill,

Sorry, inbound...  we have 2x Web Servers behind the PFsense boxes so we are 
load balancing 443 and 80 TCP

Lee

On Tue, 9 Oct 2007 08:47:27 -0500, Bill Marquette [EMAIL PROTECTED] wrote:




Inbound or outbound load balancing?

--Bill

On 10/9/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:


  

Hi There,

Im using 1.2 RC2 on Intel boxes.  I have the load balancer setup and




working, the two machines are syncing settings and the carp is working
properly.  However, if I reboot the primary firewall the secondary takes
over pings, but the load balancing doesnt work again until the primary is
back online.


  

Everything seems to be ok, when the primary disappears, the ping drops 1




packet, then the secondary carries on and everything runs ok.  The servers
on the lan interface of the firewall can route out to the internet fine
whilst running with only the secondary firewall. The only thing not to
work is the load balancer.


  

Anyone have any ideas?

I have it wired as:

INTERNET --  PIX 515 PAIR -- 2X CISCO 3550-EMI -- PFSENSE PAIR -- 2X




CISCO 3550-EMI -- LAN


  

Each of the pix/pfsense are connected to seperate switches, which are in




turn linked together.


  

Thanks in advance,

Lee


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



--
Message scanned for all known viruses by Mailsauce. Email protection
solutions from E-Sauce. For more information please visit
http://www.mailsauce.com


  

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional 

Re: [pfSense Support] Load Balancer + Failover

[Chris Buechler]

Lee Hetherington wrote:

Hi Bill,

Same here, I even have the same thing working on 1.1 PFsense for 
another customer.  Is there a way to down grade from 1.2 RC2 to 1.1?


It would be MUCH better to help us figure out if there is indeed a 
regression in this from 1.2 to 1.0.1. Going back to 1.0.1 is strongly 
discouraged, there are serious problems with it under some circumstances.


can you try the exact same config (restore a backup) that's working on 
1.0.1 on a 1.2 system in a test environment?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] Load Balancer + Failover

[Lee Hetherington]

Hi Chris,

Its two different systems, in the 1.1 system I have the hosts behind the 
balancer being natted by the pfsense box, where as on the 1.2 they are 
direct routed, and natted upstream using a PIX 515e.


Ive tried tcp dump on the secondary as discussed with Bill, I can see 
the packets hitting both interfaces, but tcpdump produces so much crap 
i cant really see whats going on, however its an issue that when the 
primary balancer isnt available the whole thing bar pings and routing 
dies...


Thanks,

Lee

Chris Buechler wrote:

Lee Hetherington wrote:

Hi Bill,

Same here, I even have the same thing working on 1.1 PFsense for 
another customer.  Is there a way to down grade from 1.2 RC2 to 1.1?


It would be MUCH better to help us figure out if there is indeed a 
regression in this from 1.2 to 1.0.1. Going back to 1.0.1 is strongly 
discouraged, there are serious problems with it under some circumstances.


can you try the exact same config (restore a backup) that's working on 
1.0.1 on a 1.2 system in a test environment?



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



--
Message scanned for all known viruses by Mailsauce. Email protection 
solutions from E-Sauce. For more information please visit 
http://www.mailsauce.com





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Re: Take my update ???

[Ugo Bellavance]

[EMAIL PROTECTED] wrote:

Please  send me link, where we take my changes PFsense.


Hi, what are you looking for exactly?

Ugo


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [pfSense Support] hotplug event on LAN triggers problem on PPTP WAN

[Jan Hoevers]

Chris Buechler wrote on 26-9-2007 2:02:
Definitely sounds like a bug. I opened a ticket. If you can, please hang 
on with 1.2rc2 for the time being. None of the developers have a PPTP 
WAN, so we'll need somebody to test the change with that specific setup.


hi Chris,

Perfect, the issue is fixed!

As you requested off list I've installed the embedded platform image 
labelled 1.2-RC3 built on Thu Oct 11 17:09:49 EDT 2007 and created 
some ethernet hotplug events as a test. Of course I still find them in 
the logs (check_reload_status: rc.linkup starting, etc.) but mpd doesn't 
get killed anymore and the PPTP-WAN link remains up.


I'm quite happy with this result, and with your fast reaction.

thanks a lot,
Jan Hoevers

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]