Re: [pfSense] Sanity check on Routing with pfSense
It's good to hear some people are having luck. I really want to run pfSense but am plagued by the following: 1. Empty TCP checksums [hardware offloading disabled on guest and hypervisor] [ CARP + Load balancing of service ] 2. First ping is always 3-10ms, subsequent pings are < 1ms.* 3. Dupe errors when pinging CARP VIP. * This only happens in pfSense, other KVM guests (Ubuntu) work fine. I've been working on this for over a week and already reached out to the mailing list, IRC channel and forums. Can anyone offer some help? I've documented my issues extensively in the following forum posts which include a diagram of my network setup: http://forum.pfsense.org/index.php/topic,62535.0.html http://forum.pfsense.org/index.php/topic,62565.msg337878.html Thanks, Jeff On Fri, May 24, 2013 at 4:32 PM, Glenn Kelley wrote: > I agree - > > We offer pFsense in our datacenter here in Worthington Ohio and have a > large number of folks using pF as well as KVM via Proxmox VE. > Very stable - runs well. > > > On May 24, 2013, at 4:30 PM, Chris Buechler wrote: > > > On Fri, May 24, 2013 at 4:25 PM, Jeffrey Mealo > > wrote: > >> Will be pfSense be running on bare metal or virtualized? pfSense has > issues > >> running on some hypervisors including KVM. > >> > > > > That's generally not true, it's widely used on many including KVM. > > ___ > > List mailing list > > List@lists.pfsense.org > > http://lists.pfsense.org/mailman/listinfo/list > > ___ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list > ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Sanity check on Routing with pfSense
Bare Metal dedicated boxes for pfSense. On 5/24/2013 4:25 PM, Jeffrey Mealo wrote: Will be pfSense be running on bare metal or virtualized? pfSense has issues running on some hypervisors including KVM. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Sanity check on Routing with pfSense
I agree - We offer pFsense in our datacenter here in Worthington Ohio and have a large number of folks using pF as well as KVM via Proxmox VE. Very stable - runs well. On May 24, 2013, at 4:30 PM, Chris Buechler wrote: > On Fri, May 24, 2013 at 4:25 PM, Jeffrey Mealo > wrote: >> Will be pfSense be running on bare metal or virtualized? pfSense has issues >> running on some hypervisors including KVM. >> > > That's generally not true, it's widely used on many including KVM. > ___ > List mailing list > List@lists.pfsense.org > http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Sanity check on Routing with pfSense
On Fri, May 24, 2013 at 4:25 PM, Jeffrey Mealo wrote: > Will be pfSense be running on bare metal or virtualized? pfSense has issues > running on some hypervisors including KVM. > That's generally not true, it's widely used on many including KVM. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Sanity check on Routing with pfSense
Am 24.05.2013 22:25, schrieb Jeffrey Mealo: Will be pfSense be running on bare metal or virtualized? pfSense has issues running on some hypervisors including KVM. It has? I haven't noticed any, and I'm running it on some 40-50 machines, since 2011 or so. This is Debian Squeeze with KVM. Care to elaborate? -Stefan ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Sanity check on Routing with pfSense
Will be pfSense be running on bare metal or virtualized? pfSense has issues running on some hypervisors including KVM. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Sanity check on Routing with pfSense
Hello, I am working with my current ISP to build scenario like the following: ISP -> x.x.x.x/29 -> pfSense(redundant with CARP) -> internal real and virtual servers on x.x.x.x/27 (possible divided into a few /29s) All IPs are Public routable addresses. The ISP will use one of the /29 host IPs for their router and obviously I will need one IP for each of the WAN interfaces on the two pfSense boxes and one for the first CARP ip. That leaves me 2 "spare" addresses to use later. I am planning to use these down the road as a network segmentation scheme. Am I missing anything that is gong to make this plan unfeasible? And yes, there is a good reason for doing this involving services (such as sip) that do not play well with NAT and the fact that due to architecture some virtual servers may be behind NAT within the internal environment which would mean NAT'ing a NAT'ed address. Thank You, JohnM ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list