Re: [pfSense Support] Load Balancing on vlans
You shouldn't use the parent interface generally. Don't think that's related though. You losing connectivity from the firewall to the gateway? You're far from uncharted territory, the several boxes I've worked on that have 6-12 WANs all use VLANs as WANs. You may need negate rules for anything not reachable via the specified gateway, when you specify a gateway it forces traffic to that gateway. Those are automatically added generally but you could be doing something that's overriding that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, your comments have confused me just a bit. I have two physical WAN connections that are doing failover and one LAN interface with vlans under it. I want those vlans to use the failover rather than just the default gateway. Is this not a standard thing to do? If it won't work like this, I suppose I could do some routing on my switch to eliminate the vlans at pfsense. I just thought pfsense would be able to handle that.
Re: [pfSense Support] Load Balancing on vlans
On Fri, Aug 28, 2009 at 8:41 AM, Jesse Vollmarvollm...@gmail.com wrote: You shouldn't use the parent interface generally. Don't think that's related though. You losing connectivity from the firewall to the gateway? You're far from uncharted territory, the several boxes I've worked on that have 6-12 WANs all use VLANs as WANs. You may need negate rules for anything not reachable via the specified gateway, when you specify a gateway it forces traffic to that gateway. Those are automatically added generally but you could be doing something that's overriding that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, your comments have confused me just a bit. I have two physical WAN connections that are doing failover and one LAN interface with vlans under it. I want those vlans to use the failover rather than just the default gateway. Is this not a standard thing to do? If it won't work like this, I suppose I could do some routing on my switch to eliminate the vlans at pfsense. I just thought pfsense would be able to handle that. What's not normal (and not recommended) is the use of the physical NIC for a network while simultaneously sending tagged frames to it. That may or may not be related to the issue you are having. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Fri, Aug 28, 2009 at 9:47 AM, Bill Marquette bill.marque...@gmail.comwrote: What's not normal (and not recommended) is the use of the physical NIC for a network while simultaneously sending tagged frames to it. That may or may not be related to the issue you are having. --Bill Should have mentioned that I am not actually using the LAN NIC for anything but the tagged vlans. Should I be using an OPT interface rather than the LAN interface for my vlans?
Re: [pfSense Support] Load Balancing on vlans
On Fri, Aug 28, 2009 at 8:57 AM, Jesse Vollmarvollm...@gmail.com wrote: On Fri, Aug 28, 2009 at 9:47 AM, Bill Marquette bill.marque...@gmail.com wrote: What's not normal (and not recommended) is the use of the physical NIC for a network while simultaneously sending tagged frames to it. That may or may not be related to the issue you are having. --Bill Should have mentioned that I am not actually using the LAN NIC for anything but the tagged vlans. Should I be using an OPT interface rather than the LAN interface for my vlans? Nope, that helps alot. So, you already have one VLAN interface using a load balancing rule correct? When you try to setup another VLAN interface for load balancing it breaks? --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
Jesse Vollmar wrote: On Fri, Aug 28, 2009 at 9:47 AM, Bill Marquette bill.marque...@gmail.com mailto:bill.marque...@gmail.com wrote: What's not normal (and not recommended) is the use of the physical NIC for a network while simultaneously sending tagged frames to it. That may or may not be related to the issue you are having. --Bill Should have mentioned that I am not actually using the LAN NIC for anything but the tagged vlans. Should I be using an OPT interface rather than the LAN interface for my vlans? So your LAN is assigned to VLAN not to physical em0 or bge0 or whatever? And you have no LAN, WAN, OPTx assigned to this physical one? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
Nope, that helps alot. So, you already have one VLAN interface using a load balancing rule correct? When you try to setup another VLAN interface for load balancing it breaks? It is breaking when I try to setup the first load balancing rule. It will work as expected for a few minutes, then stops. So your LAN is assigned to VLAN not to physical em0 or bge0 or whatever? And you have no LAN, WAN, OPTx assigned to this physical one? I just recently configured the vlan interfaces on a router that had em0 assigned to LAN. I haven't changed that because I didn't know it was a problem, and you are required to have a LAN interface. Do I need to get my vlans on a NIC that doesn't have LAN assigned to it?
Re: [pfSense Support] Load Balancing on vlans
Jesse Vollmar wrote: Nope, that helps alot. So, you already have one VLAN interface using a load balancing rule correct? When you try to setup another VLAN interface for load balancing it breaks? It is breaking when I try to setup the first load balancing rule. It will work as expected for a few minutes, then stops. So your LAN is assigned to VLAN not to physical em0 or bge0 or whatever? And you have no LAN, WAN, OPTx assigned to this physical one? I just recently configured the vlan interfaces on a router that had em0 assigned to LAN. I haven't changed that because I didn't know it was a problem, and you are required to have a LAN interface. Do I need to get my vlans on a NIC that doesn't have LAN assigned to it? Wait a sec. You configured the vlan interfaces on a router but what about pfSense side? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
Wait a sec. You configured the vlan interfaces on a router but what about pfSense side? I used router as a synonym for pfsense. My mistake. I just meant my pfSense box.
Re: [pfSense Support] Load Balancing on vlans
Jesse Vollmar wrote: Wait a sec. You configured the vlan interfaces on a router but what about pfSense side? I used router as a synonym for pfsense. My mistake. I just meant my pfSense box. Well, as it was mentioned here earlier what you've done is not recommended way but it should not cause problem you are experiencing. I would do the next: 1. Configure your LB and while it is working do pfctl -sr | grep route-to 2. Wait until it stops working and issue again pfctl -sr | grep route-to - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Fri, Aug 28, 2009 at 9:41 AM, Jesse Vollmarvollm...@gmail.com wrote: Sorry, your comments have confused me just a bit. I have two physical WAN connections that are doing failover and one LAN interface with vlans under it. I want those vlans to use the failover rather than just the default gateway. Is this not a standard thing to do? If it won't work like this, I suppose I could do some routing on my switch to eliminate the vlans at pfsense. I just thought pfsense would be able to handle that. You can do that, I do it, lots of others do, it works fine. Probably time for packet captures to see what's really happening here. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
FIXED! I finally figured out what was happening. There was no rule sending traffic that needed to reach the pfsense box itself to it. For some reason, EVERYTHING was getting pumped out the active gateway in my failover pool.
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 12:08 AM, Jesse Vollmarvollm...@gmail.com wrote: Well, when I set the firewall rule to send all traffic to a load balanced gateway (instead of default) stuff just breaks. I can't get to the Internet or I get to anything else on the other vlans. I am using a rule identical to the one I use for the load balancing on LAN except the interface. I tried again this morning to change the allow rule on a vlan interface to send traffic out on a gateway other than default and after about five minutes of working like it should, all traffic stopped. Hosts on that vlan could no longer ping the gateway of that vlan or anything on another network. This is only happening on my vlan interfaces (parent interface is LAN). - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 11:05 AM, Jesse Vollmarvollm...@gmail.com wrote: I tried again this morning to change the allow rule on a vlan interface to send traffic out on a gateway other than default and after about five minutes of working like it should, all traffic stopped. Hosts on that vlan could no longer ping the gateway of that vlan or anything on another network. This is only happening on my vlan interfaces (parent interface is LAN). Sounds like a NIC driver issue. Make sure you are using Intel NICS. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 12:49 PM, Scott Ullrich sullr...@gmail.com wrote: Sounds like a NIC driver issue. Make sure you are using Intel NICS. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org I'm using high quality Intel NICs. The vlan tagging works just fine. It appears to be an issue with routing.
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 11:05 AM, Jesse Vollmarvollm...@gmail.com wrote: I tried again this morning to change the allow rule on a vlan interface to send traffic out on a gateway other than default and after about five minutes of working like it should, all traffic stopped. Hosts on that vlan could no longer ping the gateway of that vlan or anything on another network. This is only happening on my vlan interfaces (parent interface is LAN). You shouldn't use the parent interface generally. Don't think that's related though. You losing connectivity from the firewall to the gateway? You're far from uncharted territory, the several boxes I've worked on that have 6-12 WANs all use VLANs as WANs. You may need negate rules for anything not reachable via the specified gateway, when you specify a gateway it forces traffic to that gateway. Those are automatically added generally but you could be doing something that's overriding that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Load Balancing on vlans
Is load balancing supported on vlan interfaces? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Wed, Aug 26, 2009 at 11:14 PM, Jesse Vollmarvollm...@gmail.com wrote: Is load balancing supported on vlan interfaces? Yes. They're no different than any other. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 12:01 AM, Chris Buechlerc...@pfsense.org wrote: Yes. They're no different than any other. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Well, when I set the firewall rule to send all traffic to a load balanced gateway (instead of default) stuff just breaks. I can't get to the Internet or I get to anything else on the other vlans. I am using a rule identical to the one I use for the load balancing on LAN except the interface. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
