Re: [pfSense Support] load balancing wan
Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Interesting no opt1 route there Only static routes My subnets are /29 so maybe the same issue or similar -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 17:34 To: [EMAIL PROTECTED] are /29 Subject: Re: [pfSense Support] load balancing wa Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing wan
Issue from a shell to find out: fetch -o /etc/inc/pfsense-utils.inc http://pfsense.com/cgi-bin/cvsweb.cgi/~checkout~/pfSense/etc/inc/pfsense-utils.inc?rev=1.316.2.60;content-type=text%2Fplain;only_with_tag=RELENG_1; On 2/17/06, alan walters [EMAIL PROTECTED] wrote: Interesting no opt1 route there Only static routes My subnets are /29 so maybe the same issue or similar -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 17:34 To: [EMAIL PROTECTED] are /29 Subject: Re: [pfSense Support] load balancing wa Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Bit confused what should this do. Fix the problem. Is there any a way to see the kernel routing table. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 20:38 To: support@pfsense.com Subject: Re: [pfSense Support] load balancing wan Issue from a shell to find out: fetch -o /etc/inc/pfsense-utils.inc http://pfsense.com/cgi-bin/cvsweb.cgi/~checkout~/pfSense/etc/inc/pfsens e-utils.inc?rev=1.316.2.60;content-type=text%2Fplain;only_with_tag=RELEN G_1 On 2/17/06, alan walters [EMAIL PROTECTED] wrote: Interesting no opt1 route there Only static routes My subnets are /29 so maybe the same issue or similar -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 17:34 To: [EMAIL PROTECTED] are /29 Subject: Re: [pfSense Support] load balancing wa Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing wan
On 2/17/06, alan walters [EMAIL PROTECTED] wrote: Bit confused what should this do. Updates the fix that Ben mentioned Fix the problem. Huh? Is there any a way to see the kernel routing table. These will not be in the system routing table, they are in pf's ruleset. Search for the route stuff like Ben mentioned earlier. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Could you clarify wheather the procedure is correct and I have answered my questions right at the bottom. I will look at it again in the morning Setup the pools visit services - load balancer delete any pools that are there that do not work add a new pool and call it loadbalancetowans or something descriptive set the description to load balancing from lan - internet or something descriptive set the type to gateway in the Monitor IP box, put the IP address of a host upstream from the router that can be polled (via tcp socket) to ensure link is up in the IP box type in the lan IP address of the router add a Monitor IP and router IP for each additional OPT interface click save Create NAT-Rules for your WAN-POOL visit firewallNATOutbound enable advanced outbound nat check the automatically created rules. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool) Apply the changes I am guessing that carp or VIP's are not required for this to work. I have the following queries where I may have gone wrong Q: polled (via tcp socket) A: can I poll my external webserver on port 80 (or what exactly should we be doing here) Q in the IP box type in the lan IP address of the router A: is this the gateway of wan and wan1 on the pfsense box Q: add a Monitor IP and router IP for each additional OPT interface A: should the monitor IP be the same for each wan interface Thanks alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
