Re: [pfSense] Transparent Squid with Multiwan on 2.1.3?
ok I've managed to get it working. The problem was that except from 2 Gateways I had also defined 2 additional gateways (not for internet) and associated static routes to them. Deleting and putting them below wan1 and wan2 did the trick. thank you for your help! Yannis Sent by mobile On Aug 2, 2014 10:46 PM, compdoc comp...@hotrodpc.com wrote: With Squid disabled, fail over works as expected. In the lab I created to test this machine, I have squid with havp set to transparent. Also have snort. I don’t use squidguard. If I disconnect wan #1, most browsers will time out. But I can often just refresh to get them going again. Squid never complains. There are a couple of remote clients and programs that have to be closed and then opened again after the gateway fails. (maybe because they cache something?) I'm pretty happy with it. (49) Can't assign requested address What is your client connecting to? Is it some sort of secure remote session? A disconnect cannot be avoided with any type of secure connection. You're changing external ip addresses when it falls over, after all. Are you able to recover normal connections to google or youtube, etc.? Close the browser and try again after waiting for the switch to happen. There are settings for how long it takes pfSense to decide a gateway is down, and how it determines its down. I use just 'packet loss'. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Transparent Squid with Multiwan on 2.1.3?
Hello, I have pfSense 2.1.3 with 2 Wan links + 1 Lan. I have squid+squidguard packages installed. Squid is working in transparent mode. Is there a way to make Squid redirect http connections on Wan2 in case Wan1 is down? I am mainly interested in failover and not so in loadbalancing http connections. thank you Yannis ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Transparent Squid with Multiwan on 2.1.3?
Tried that option but it does not seem to work. When I disconnect wan1 I get the following error on clients browser: Connection to Failed The system returned: (49) Can't assign requested address With Squid disabled, fail over works as expected. Maybe Squid is using a different mechanism to handle gateways? I read different kinds of posts on forum about this issue. There are people suggesting creating Floating rules, inserting tcp_outgoing_address 127.0.0.1 on Squid configuration, but none of them seem to work. Yannis Milios Systems Administrator Mob. +30 6932-657-029 Tel. +30 211-800-1230 E-mail. yannis.mil...@gmail.com On Fri, Aug 1, 2014 at 5:48 PM, Nishant Sharma codemarau...@gmail.com wrote: On 1 August 2014 8:00:54 pm IST, compdoc comp...@hotrodpc.com wrote: Is there a way to make Squid redirect http connections on Wan2 in case Wan1 is down? It is simple. Squid sends traffic through the default gateway without any specific configuration. Just enable 'Default Gateway Switching' in System - Advanced Settings and you are good to go. Regards, Nishant -- Sent from my Android device with K-9 Mail. Please excuse my brevity. ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] Dual-WAN setup using VLANs + pfsense on virtual machine
Hello friends, I am planning following setup and I would like your opinion if this kind of setup can work: http://i41.tinypic.com/24fzocn.png What I want to achieve is having a pfsense vm on a linux box which will act as router/firewall for lan workstations. There is just one vlan capable switch in the network. There is just one nic interface on this linux box.Pfsense vm should have 3 virtual nics (1 wan1,1 wan2, 1 lan). If this setup is viable, where shoud vlan routing be done? on linux box or in pfsense vm? I am using (https://doc.pfsense.org/index.php/HOWTO_setup_vlans_with_pfSense) as a reference for this setup. Thank you for your time and sorry for my bad english ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Dual-WAN setup using VLANs + pfsense on virtual machine
yes i mean vlan tagging. ok understood, thank you very much! On Jan 22, 2014 3:45 PM, Giles Coochey gi...@coochey.net wrote: On 22/01/2014 13:19, Yannis Milios wrote: The routing between the VLANs should be done by pfsense. So that means in my case that all (3) virtual nics should be bridged to the server's (1) physical nic and all vlan routing should be managed by virtual pfsense? When you say vlan routing you might mean vlan tagging?? This depends on your virtualisation hypervisor software, if possible you might want to split your VLANs into Virtual networks and attach multiple virtual NICs to each virtual network. If that is not possible then pfsense can use VLANs and you can virtually map the virtual interface on pfsense to the physical interface on the machine hosting the virtual machines. Both methods can be done, not sure which would be the best, it would depend on the hypervisor. -- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk gi...@coochey.net ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
[pfSense] Problem updating snort rules on 2.1-BETA1
Hello I have pfsense 2.1-BETA1 on alix board. I've installed snort 2.9.4.1 pkg v. 2.5.4 without problems but I have problem updating its rules.I have provided an Oink code and try to update and it shows a progress Downloading snort.org md5 file... and The Rules update has finished... but under Snort Interfaces - Categories nothing shows up. Under Status - System logs: Apr 3 21:18:49php: /snort/snort_download_rules.php: The Rules update has finished...Apr 3 21:18:49php: /snort/snort_download_rules.php: Please wait... You may only check for New Rules every 15 minutes...Apr 3 21:18:49php: /snort/snort_download_rules.php: Snort MD5 Attempts: 5 Any suggestions please? thank you ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SSH error
Can you access it locally? On Tue, Aug 28, 2012 at 9:17 AM, Pankaj Kumar pankajnh...@gmail.com wrote: I have PfSense 2.0.1 installed with Multiple WAN load balancing. everything was running smooth but suddenly i am experiencing error (*Network error: connection timeout*) while accessing the server lie behind pfsense through ssh earlier i was able to access my server from anywhere but now i am in trouble i go through some troubleshoot which is below checked the lP address of server it was OK checked the Public IP of ISP that is OK checked the NAT in firewall that also OK Now i don't know what to check further to get out of this Please help anybody Thanks ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] SSH error
Try these: 1. From a machine inside your LAN open thishttps://www.grc.com/x/ne.dll?bh0bkyd2page. 2. Press proceed and then on the center of the page (in the box) type: 22 (default ssh port.Put the port that you have opened on the internet through your pfsense). 3. Then press Use specified custom probe 4. Wait until it scans your firewall for open port.If the result is green or stealth then your SSH port is blocked from pfsense. Your should check NAT settings and Firewall rules and be 100% sure that they point to the right internal SSH server. ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list