[pfSense] can I run dhcp v4 and v6 relay on the same LAN interface pfsense
Hello, I have a separate DHCP sever and am running both v4 & v6 servers on the same eth1 interface. On pfSense, I have one LAN interface configured it with both v4 & v6 static IP addresses. I am also running DHCP v4 relay on the same. v4 relay works fine. v6 relay, I get a syslog message: /services_dhcpv6_relay.php: No suitable interface found for running dhcrelay -6! What could be an issue here? Thanks /Shivaram ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
ok. does it also sync all settings like ipsec and openvpn keys? Eero 16.11.2016 7.14 ap. "Chris L"kirjoitti: > > On Nov 15, 2016, at 1:50 PM, Eero Volotinen > wrote: > > > > same ports? you mean that same port assigment and nic can be different > type? > > > > eero > > No. > > Hardware should be as identical as possible. 100% identical is best. If > LAN is em0 on one side, it must be em0 on the other. > > > > > > 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: > > > >>Any hardware should work fine. They recommend a separate > NIC/port > >> for the sync traffic since if syncing states there can be a lot of > traffic > >> (if not syncing state there is probably very little). I don't think it > >> needs to be identical hardware but the rules would need to copy over so > it > >> would need the same ports. > >> > >>One gotcha that caught me...under "System/High Availability > >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > >> "Remote System Username" field. That field is ignored, and "admin" is > >> always used. > >> > >> -- > >> > >> Steve Yates > >> ITS, Inc. > >> > >> -Original Message- > >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > >> Volotinen > >> Sent: Tuesday, November 15, 2016 2:20 PM > >> To: pfSense Support and Discussion Mailing List > > >> Subject: [pfSense] pfsense + carp + ha > >> > >> Hi List, > >> > >> What are requirements for pfsense ha clustering? does any of x86 > hardware > >> work with ha? does hardware need to be identical? > >> > >> ___ > >> pfSense mailing list > >> https://lists.pfsense.org/mailman/listinfo/list > >> Support the project with Gold! https://pfsense.org/gold > >> > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
> On Nov 15, 2016, at 1:50 PM, Eero Volotinenwrote: > > same ports? you mean that same port assigment and nic can be different type? > > eero No. Hardware should be as identical as possible. 100% identical is best. If LAN is em0 on one side, it must be em0 on the other. > > 15.11.2016 11.36 ip. "Steve Yates" kirjoitti: > >>Any hardware should work fine. They recommend a separate NIC/port >> for the sync traffic since if syncing states there can be a lot of traffic >> (if not syncing state there is probably very little). I don't think it >> needs to be identical hardware but the rules would need to copy over so it >> would need the same ports. >> >>One gotcha that caught me...under "System/High Availability >> Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a >> "Remote System Username" field. That field is ignored, and "admin" is >> always used. >> >> -- >> >> Steve Yates >> ITS, Inc. >> >> -Original Message- >> From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero >> Volotinen >> Sent: Tuesday, November 15, 2016 2:20 PM >> To: pfSense Support and Discussion Mailing List >> Subject: [pfSense] pfsense + carp + ha >> >> Hi List, >> >> What are requirements for pfsense ha clustering? does any of x86 hardware >> work with ha? does hardware need to be identical? >> >> ___ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold >> > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense default firewall configuration
I moved from IPCop to pfSense years ago. It was good enough then. It is better now. Without an idea of what you customization are, we can't tell you how many rules you might need to add to get the same functionality from a pfSense setup. On Tue, Nov 15, 2016 at 8:19 AM, Ryan Colemanwrote: > I would add that it is “good enough” to start from and do what you need > after that. > > > > On Nov 15, 2016, at 7:46 AM, Vick Khera wrote: > > > > On Tue, Nov 15, 2016 at 3:17 AM, user49b wrote: > >> I have heavily modified my IPcop configuration and just wanted to know > if > >> pfSesnse's default firewall configuration is good enough. > > > > The default is deny everything inbound, and allow everything outbound. > > Nobody can say what's "good enough" for you without knowing your > > requirements. > > ___ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > -- The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well-meaning but without understanding. -- Justice Louis D. Brandeis ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
same ports? you mean that same port assigment and nic can be different type? eero 15.11.2016 11.36 ip. "Steve Yates"kirjoitti: > Any hardware should work fine. They recommend a separate NIC/port > for the sync traffic since if syncing states there can be a lot of traffic > (if not syncing state there is probably very little). I don't think it > needs to be identical hardware but the rules would need to copy over so it > would need the same ports. > > One gotcha that caught me...under "System/High Availability > Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a > "Remote System Username" field. That field is ignored, and "admin" is > always used. > > -- > > Steve Yates > ITS, Inc. > > -Original Message- > From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero > Volotinen > Sent: Tuesday, November 15, 2016 2:20 PM > To: pfSense Support and Discussion Mailing List > Subject: [pfSense] pfsense + carp + ha > > Hi List, > > What are requirements for pfsense ha clustering? does any of x86 hardware > work with ha? does hardware need to be identical? > > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
Any hardware should work fine. They recommend a separate NIC/port for the sync traffic since if syncing states there can be a lot of traffic (if not syncing state there is probably very little). I don't think it needs to be identical hardware but the rules would need to copy over so it would need the same ports. One gotcha that caught me...under "System/High Availability Sync/Configuration Synchronization Settings (XMLRPC Sync)" there is a "Remote System Username" field. That field is ignored, and "admin" is always used. -- Steve Yates ITS, Inc. -Original Message- From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Eero Volotinen Sent: Tuesday, November 15, 2016 2:20 PM To: pfSense Support and Discussion Mailing ListSubject: [pfSense] pfsense + carp + ha Hi List, What are requirements for pfsense ha clustering? does any of x86 hardware work with ha? does hardware need to be identical? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense + carp + ha
I use commodity x86 (64-bit) hardware. I tend to make my pairs identical, so I know the backup can handle the load if the primary keels over. There's no hard requirement for that, though. On Tue, Nov 15, 2016 at 3:19 PM, Eero Volotinenwrote: > Hi List, > > What are requirements for pfsense ha clustering? does any of x86 hardware > work with ha? does hardware need to be identical? > > -- > Eero > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfsense + carp + ha
Hi List, What are requirements for pfsense ha clustering? does any of x86 hardware work with ha? does hardware need to be identical? -- Eero ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense default firewall configuration
I would add that it is “good enough” to start from and do what you need after that. > On Nov 15, 2016, at 7:46 AM, Vick Kherawrote: > > On Tue, Nov 15, 2016 at 3:17 AM, user49b wrote: >> I have heavily modified my IPcop configuration and just wanted to know if >> pfSesnse's default firewall configuration is good enough. > > The default is deny everything inbound, and allow everything outbound. > Nobody can say what's "good enough" for you without knowing your > requirements. > ___ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] pfsense default firewall configuration
On Tue, Nov 15, 2016 at 3:17 AM, user49bwrote: > I have heavily modified my IPcop configuration and just wanted to know if > pfSesnse's default firewall configuration is good enough. The default is deny everything inbound, and allow everything outbound. Nobody can say what's "good enough" for you without knowing your requirements. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] pfsense default firewall configuration
Hi everybody I'm moving from IPcop to pfSense. I have heavily modified my IPcop configuration and just wanted to know if pfSesnse's default firewall configuration is good enough. Should I look at adding to the rules and if so, is there maybe a nice wiki? Regards Chris ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold