Thanks again for the tutorials/instructions
After getting everything setup, I do notice it works fine until i pull
the ethernet on one of the LAN of the routers, basically bringing it
offline to my computer. i notice a period of time where it doesnt do
anything, and then it works, but throughput is very slow. also packet
loss goes way up.
is this possibly because the pfsync interfaces are still up and talking
, but my computer cant send packets to one of the routers?
thought i'd ask. here are my 2 conf files just in case someone notices
something right off the bat of something i've done wrong
also, im using soekris 5501 with 256 ram and 433 geodes. could this be
too slow of hardware? the routers seem to be running nicely.
-topher
<?xml version="1.0"?>
<pfsense>
<version>3.0</version>
<lastchange/>
<theme>nervecenter</theme>
<system>
<optimization>normal</optimization>
<schedulertype>priq</schedulertype>
<hostname>router</hostname>
<domain>local</domain>
<username>admin</username>
<password>$1$02Ooo4ql$AuEHXPoV/gIw9PS/a19/..</password>
<timezone>America/Los_Angeles</timezone>
<time-update-interval/>
<timeservers>pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<port/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<dnsserver>207.246.154.2</dnsserver>
<dnsserver>207.246.154.3</dnsserver>
<dnsallowoverride/>
</system>
<interfaces>
<lan>
<if>vr0</if>
<ipaddr>192.168.1.1</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
</lan>
<wan>
<if>vr1</if>
<mtu/>
<blockpriv/>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<disableftpproxy/>
<ipaddr>192.168.10.50</ipaddr>
<subnet>24</subnet>
<gateway>192.168.10.1</gateway>
<spoofmac/>
</wan>
<opt1>
<if>vr2</if>
<descr>OPT1</descr>
</opt1>
<opt2>
<if>vr3</if>
<descr>Pfsync</descr>
<bridge/>
<enable/>
<ipaddr>192.168.4.1</ipaddr>
<subnet>24</subnet>
<gateway/>
<spoofmac/>
<mtu/>
</opt2>
</interfaces>
<staticroutes/>
<pppoe>
<username/>
<password/>
<provider/>
</pppoe>
<pptp>
<username/>
<password/>
<local/>
<subnet/>
<remote/>
</pptp>
<bigpond/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
</dyndns>
<dhcpd>
<lan>
<enable/>
<range>
<from>192.168.1.100</from>
<to>192.168.1.199</to>
</range>
<defaultleasetime/>
<maxleasetime/>
<netmask/>
<failover_peerip>192.168.1.2</failover_peerip>
<gateway>192.168.1.3</gateway>
<ddnsdomain/>
<next-server/>
<filename/>
</lan>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<ovpn/>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat>
<ipaddr/>
</ipv6nat>
</diag>
<bridge/>
<syslog/>
<nat>
<ipsecpassthru/>
<advancedoutbound>
<rule>
<source>
<network>192.168.1.0/24</network>
</source>
<sourceport/>
<descr>Map outgoing traff to carp shared ip</descr>
<target>192.168.10.52</target>
<interface>wan</interface>
<destination>
<any/>
</destination>
<natport/>
<dstport/>
</rule>
<enable/>
</advancedoutbound>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>opt2</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<descr>Pfsync Allow All</descr>
</rule>
<rule>
<type>pass</type>
<descr>Default LAN -> any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<shaper/>
<ipsec>
<preferredoldsa/>
</ipsec>
<aliases/>
<proxyarp/>
<wol/>
<cron>
<item>
<minute>0</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 newsyslog</command>
</item>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/bin/checkreload.sh</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/ping_hosts.sh</command>
</item>
<item>
<minute>*/140</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/sbin/reset_slbd.sh</command>
</item>
</cron>
<installedpackages>
<carpsettings>
<config>
<pfsyncenabled>on</pfsyncenabled>
<pfsyncinterface>opt2</pfsyncinterface>
<pfsyncpeerip/>
<synchronizerules>on</synchronizerules>
<synchronizeschedules>on</synchronizeschedules>
<synchronizealiases>on</synchronizealiases>
<synchronizenat>on</synchronizenat>
<synchronizeipsec>on</synchronizeipsec>
<synchronizewol>on</synchronizewol>
<synchronizestaticroutes>on</synchronizestaticroutes>
<synchronizelb>on</synchronizelb>
<synchronizevirtualip>on</synchronizevirtualip>
<synchronizetrafficshaper>on</synchronizetrafficshaper>
<synchronizednsforwarder>on</synchronizednsforwarder>
<synchronizetoip>192.168.4.2</synchronizetoip>
<password>drpcfix</password>
</config>
</carpsettings>
</installedpackages>
<revision>
<description>/firewall_nat_out.php made unknown change</description>
<time>1202515785</time>
</revision>
<rrd>
<enable/>
</rrd>
<virtualip>
<vip>
<mode>carp</mode>
<interface>wan</interface>
<vhid>1</vhid>
<advskew>0</advskew>
<password>yelhsa</password>
<descr>Primary Virtual IP</descr>
<type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.10.52</subnet>
</vip>
<vip>
<mode>carp</mode>
<interface>lan</interface>
<vhid>3</vhid>
<advskew>0</advskew>
<password>yelhsa</password>
<descr>LAN Virtual</descr>
<type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.1.3</subnet>
</vip>
</virtualip>
</pfsense>
<?xml version="1.0"?>
<pfsense>
<version>3.0</version>
<lastchange/>
<theme>nervecenter</theme>
<system>
<optimization>normal</optimization>
<schedulertype>priq</schedulertype>
<hostname>routerbackup</hostname>
<domain>local</domain>
<username>admin</username>
<password>$1$irqZ42by$V03TE0sI0CN6wIA72sd7X0</password>
<timezone>America/Los_Angeles</timezone>
<time-update-interval/>
<timeservers>pool.ntp.org</timeservers>
<webgui>
<protocol>https</protocol>
<port/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<dnsserver>207.246.154.2</dnsserver>
<dnsserver>207.246.154.3</dnsserver>
<dnsallowoverride/>
</system>
<interfaces>
<lan>
<if>vr0</if>
<ipaddr>192.168.1.2</ipaddr>
<subnet>24</subnet>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<bridge/>
</lan>
<wan>
<if>vr1</if>
<mtu/>
<blockpriv/>
<media/>
<mediaopt/>
<bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<disableftpproxy/>
<ipaddr>192.168.10.51</ipaddr>
<subnet>24</subnet>
<gateway>192.168.10.1</gateway>
<spoofmac/>
</wan>
<opt1>
<if>vr2</if>
<descr>OPT1</descr>
</opt1>
<opt2>
<if>vr3</if>
<descr>Pfsync</descr>
<bridge/>
<enable/>
<ipaddr>192.168.4.2</ipaddr>
<subnet>24</subnet>
<gateway/>
<spoofmac/>
<mtu/>
</opt2>
</interfaces>
<staticroutes/>
<pppoe>
<username/>
<password/>
<provider/>
</pppoe>
<pptp>
<username/>
<password/>
<local/>
<subnet/>
<remote/>
</pptp>
<bigpond/>
<dyndns>
<type>dyndns</type>
<username/>
<password/>
<host/>
<mx/>
</dyndns>
<dhcpd>
<lan>
<range>
<from>192.168.1.100</from>
<to>192.168.1.199</to>
</range>
<defaultleasetime/>
<maxleasetime/>
<netmask/>
<failover_peerip>192.168.1.1</failover_peerip>
<gateway>192.168.1.3</gateway>
<ddnsdomain/>
<next-server/>
<filename/>
<enable/>
</lan>
</dhcpd>
<pptpd>
<mode/>
<redir/>
<localip/>
<remoteip/>
</pptpd>
<ovpn/>
<dnsmasq>
<enable/>
</dnsmasq>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<diag>
<ipv6nat>
<ipaddr/>
</ipv6nat>
</diag>
<bridge/>
<syslog/>
<nat>
<ipsecpassthru/>
<advancedoutbound>
<rule>
<source>
<network>192.168.1.0/24</network>
</source>
<sourceport/>
<descr>Map outgoing traff to carp shared ip</descr>
<target>192.168.10.52</target>
<interface>wan</interface>
<destination>
<any/>
</destination>
<natport/>
<dstport/>
</rule>
<enable/>
</advancedoutbound>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>opt2</interface>
<max-src-nodes/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<source>
<any/>
</source>
<destination>
<any/>
</destination>
<descr>Pfsync Allow All</descr>
</rule>
<rule>
<type>pass</type>
<descr>Default LAN - any</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
</filter>
<shaper/>
<ipsec>
<preferredoldsa/>
</ipsec>
<aliases/>
<proxyarp/>
<wol/>
<cron>
<item>
<minute>0</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 newsyslog</command>
</item>
<item>
<minute>1,31</minute>
<hour>0-5</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 adjkerntz -a</command>
</item>
<item>
<minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout</command>
</item>
<item>
<minute>1</minute>
<hour>1</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /etc/rc.dyndns.update</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot</command>
</item>
<item>
<minute>*/60</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/bin/checkreload.sh</command>
</item>
<item>
<minute>*/5</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/etc/ping_hosts.sh</command>
</item>
<item>
<minute>*/140</minute>
<hour>*</hour>
<mday>*</mday>
<month>*</month>
<wday>*</wday>
<who>root</who>
<command>/usr/local/sbin/reset_slbd.sh</command>
</item>
</cron>
<installedpackages>
<carpsettings>
<config>
<pfsyncenabled>on</pfsyncenabled>
<pfsyncinterface>opt2</pfsyncinterface>
<pfsyncpeerip/>
<synchronizerules/>
<synchronizeschedules/>
<synchronizealiases/>
<synchronizenat/>
<synchronizeipsec/>
<synchronizewol/>
<synchronizestaticroutes/>
<synchronizelb/>
<synchronizevirtualip/>
<synchronizetrafficshaper/>
<synchronizednsforwarder/>
<synchronizetoip/>
<password/>
</config>
</carpsettings>
</installedpackages>
<revision>
<description>Merged in config (filter,nat,virtualip,ipsec,dnsmasq sections) from XMLRPC client.</description>
<time>1202515800</time>
</revision>
<rrd>
<enable/>
</rrd>
<virtualip>
<vip>
<mode>carp</mode>
<interface>wan</interface>
<vhid>1</vhid>
<advskew>100</advskew>
<password>yelhsa</password>
<descr>Primary Virtual IP</descr>
<type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.10.52</subnet>
</vip>
<vip>
<mode>carp</mode>
<interface>lan</interface>
<vhid>3</vhid>
<advskew>100</advskew>
<password>yelhsa</password>
<descr>LAN Virtual</descr>
<type>single</type>
<subnet_bits>24</subnet_bits>
<subnet>192.168.1.3</subnet>
</vip>
</virtualip>
</pfsense>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
