Re: [pfSense-discussion] source-hash and sticky-address in pf pools
On 8/18/06, Scott Ullrich [EMAIL PROTECTED] wrote: Please share the script. It may be something we can turn into a package depending on how it looks and works, etc. Here it is: http://rajasuperman.googlepages.com/monitor-gw.tgz I've used the script for more than a month and it works well. Currently monitor-gw will use *any* gateway from any outgoing load balancing pool. It's okay with me, but I'm not sure if that's how everyone will want it. Beyond that there are a few small cleanups that need to be done (see TODO section in monitor-gw) and I would be happy if you could help me with that. I'm more interested in creating a working frickin pptp package for 1.0. And also see how it can be extended to support multiple servers. I wonder if there's any bounty towards it, that it would motivate me nicely. - Raja
RE: [pfSense-discussion] source-hash and sticky-address in pf pools
Thanks, I might hit you up for that script when I get to it. I have a DSL/Cable modem setup(2 WAN) 1 DMZ and 1 LAN. I am getting ready to setup. I haven't worked with this before, and the routing tables are a bit confusing the first time through. I think I have the basics though. Please share the script. It may be something we can turn into a package depending on how it looks and works, etc. Yes, share the Script
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
On 8/17/06, Raja Subramanian [EMAIL PROTECTED] wrote: Hi, I have a pfSense box with 5 wan links, 1 wan and 1 dmz and the load balancing and policy based routing in pfSense is simply fantastic. The one missing feature that I would like to see, is the ability to specify the source-hash or sticky-address option in pf pools. With this, I would be able to load balance troublesome websites and protocols (eg. pptp) instead of pushing them all through the default gateway. I noticed that Bill M's pf sticky patches to slbd got included circa Beta2. Will we be able to use this feature anytime soon? Simply touch /var/etc/use_pf_pool__stickyaddr From vsvc_rules.c: vsvc_rules.c: if(fexist(/var/etc/use_pf_pool__stickyaddr) == 1) { Scott
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
On 8/17/06, Raja Subramanian [EMAIL PROTECTED] wrote: Hi, I have a pfSense box with 5 wan links, 1 wan and 1 dmz and the load balancing and policy based routing in pfSense is simply fantastic. The one missing feature that I would like to see, is the ability to specify the source-hash or sticky-address option in pf pools. With this, I would be able to load balance troublesome websites and protocols (eg. pptp) instead of pushing them all through the default gateway. I noticed that Bill M's pf sticky patches to slbd got included circa Beta2. Will we be able to use this feature anytime soon? slbd isn't used for gateway balancing, just for monitoring the gateways. The sticky patches that Scott committed (not me) were for server load balancing. --Bill
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
On 8/17/06, Bill Marquette [EMAIL PROTECTED] wrote: slbd isn't used for gateway balancing, just for monitoring the gateways. The sticky patches that Scott committed (not me) were for server load balancing. My apologies, I thought he was talking about incoming load balancing.
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
Raja Did you use any special setup with this? I am currently building a 4 Nic setup. 2 Broadband Connection, 1 DMZ and 1 LAN. Any pointers, I have to setup VOIP on this at some point. New to this setup, have worked with IPCOP in the past. This looks much stronger though. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Raja Subramanian [EMAIL PROTECTED] Reply-To: discussion@pfsense.com Date: Fri, 18 Aug 2006 00:02:08 +0530 To: discussion@pfsense.com Subject: [pfSense-discussion] source-hash and sticky-address in pf pools Hi, I have a pfSense box with 5 wan links, 1 wan and 1 dmz and the load balancing and policy based routing in pfSense is simply fantastic. The one missing feature that I would like to see, is the ability to specify the source-hash or sticky-address option in pf pools. With this, I would be able to load balance troublesome websites and protocols (eg. pptp) instead of pushing them all through the default gateway. I noticed that Bill M's pf sticky patches to slbd got included circa Beta2. Will we be able to use this feature anytime soon? - Raja
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
On 8/18/06, Heath Henderson [EMAIL PROTECTED] wrote: Did you use any special setup with this? I'm using a stock RC2e box and my setup has been holding good since RC1. The only missing feature is that when a WAN link fails, the default gateway is not automatically changed. This causes things like dns forwarder, ftp-proxy, ntpd, etc to fail. I have a script that changes default route when wan fails. It's customized for my setup, so I don't know if you'll find it useful. Let me know if you want it. I am currently building a 4 Nic setup. 2 Broadband Connection, 1 DMZ and 1 LAN. Any pointers, I have to setup VOIP on this at some point. New to this setup, have worked with IPCOP in the past. This looks much stronger though. I've not tried traffic shaping yet. I don't know how well it works with multiple interfaces and such. I'm sure there are others on this list who can comment. I mucked around with Linux/IPTables before I settled on OpenBSD/pf. Now that I'm on pfSense I've never been happier. - Raja
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
Thanks, I might hit you up for that script when I get to it. I have a DSL/Cable modem setup(2 WAN) 1 DMZ and 1 LAN. I am getting ready to setup. I haven't worked with this before, and the routing tables are a bit confusing the first time through. I think I have the basics though. Thanks for the information. -- Heath Henderson [EMAIL PROTECTED] 1800 288 7750 -- From: Raja Subramanian [EMAIL PROTECTED] Reply-To: discussion@pfsense.com Date: Fri, 18 Aug 2006 02:26:29 +0530 To: discussion@pfsense.com Subject: Re: [pfSense-discussion] source-hash and sticky-address in pf pools On 8/18/06, Heath Henderson [EMAIL PROTECTED] wrote: Did you use any special setup with this? I'm using a stock RC2e box and my setup has been holding good since RC1. The only missing feature is that when a WAN link fails, the default gateway is not automatically changed. This causes things like dns forwarder, ftp-proxy, ntpd, etc to fail. I have a script that changes default route when wan fails. It's customized for my setup, so I don't know if you'll find it useful. Let me know if you want it. I am currently building a 4 Nic setup. 2 Broadband Connection, 1 DMZ and 1 LAN. Any pointers, I have to setup VOIP on this at some point. New to this setup, have worked with IPCOP in the past. This looks much stronger though. I've not tried traffic shaping yet. I don't know how well it works with multiple interfaces and such. I'm sure there are others on this list who can comment. I mucked around with Linux/IPTables before I settled on OpenBSD/pf. Now that I'm on pfSense I've never been happier. - Raja
Re: [pfSense-discussion] source-hash and sticky-address in pf pools
On 8/17/06, Heath Henderson [EMAIL PROTECTED] wrote: Thanks, I might hit you up for that script when I get to it. I have a DSL/Cable modem setup(2 WAN) 1 DMZ and 1 LAN. I am getting ready to setup. I haven't worked with this before, and the routing tables are a bit confusing the first time through. I think I have the basics though. Please share the script. It may be something we can turn into a package depending on how it looks and works, etc.