[pfSense Support] 2 default routes
Hello. I have 2 ethernet links from different providers and want to setup some load balancing. I know(?) this can be done with 2 default routes with different metrics, but FreeBSD lacks this feature. As i saw on FreeBSD mailing lists this thing can be done with some ipfw rules, how these rules will look like in pf or pfSense? Rules described here: http://lists.freebsd.org/pipermail/freebsd-questions/2005-July/093113.html -- Michael mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing
Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Re: CARP Failover Not working correctly.
If you need anyone to test, let me know. We aren't in production yet with these firewalls, so it's not a big deal. Failover is one of the big reasons we picked pfsense, so I am interested in helping to get it working well. Thanks for all your work on this. Lynn Scott Ullrich wrote: I've been noticing interesting CARP problems here too. Mainly the state is INIT. I'm looking into the problem. I plan on moving back to RELENG_6 (we're now on RELENG_6_0) to see if it solves the issues. On 11/9/05, Lynn A. Roth <[EMAIL PROTECTED]> wrote: I have my two machines set up. (Thanks Scott for the kernel patch). I followed the CARP Failover tutorial to setup failover. I have a couple of problems. I'll name the two machines A and B. A is supposed to be the primary and B the backup. First, B always grabs master on the carp interfaces. The Advertising Frequency on A (on all the VIPs) is 0. It is 100 on all the VIPs on B. Preemption is set on both machines. It does pass traffic over the CARP interfaces, so I decided to test the failover. When I reboot B, A takes over fine. When B finishes booting back up, it starts to take over from A, but in the process A actually loses the IP on the Sync interface (opt1 named Sync) (no inet address for bge1 via ifconfig) The failback then seems to be in an odd state until I go to the SYNC interface on A and click Save. (ifconfig then shows the IP again) and B takes over everything. I would appreciate any help that anyone could give on this. Thanks, Lynn A. Roth - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] IPSEC over 2 wan access with failover and load balancing
Hi, I would like to configure an IPSEC tunnel between 2 pfsense each over 2 Internet access with automatic failover and load balancing. I think it will be a good tutorial regards, Thomas
RE: [pfSense Support] 2 default routes
http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing -Original Message- From: Michael Lednev [mailto:[EMAIL PROTECTED] Sent: Thursday, November 10, 2005 2:52 AM To: support@pfsense.com Subject: [pfSense Support] 2 default routes Hello. I have 2 ethernet links from different providers and want to setup some load balancing. I know(?) this can be done with 2 default routes with different metrics, but FreeBSD lacks this feature. As i saw on FreeBSD mailing lists this thing can be done with some ipfw rules, how these rules will look like in pf or pfSense? Rules described here: http://lists.freebsd.org/pipermail/freebsd-questions/2005-July/093113.html -- Michael mailto:[EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: CARP Failover Not working correctly.
SASYNCD is not fully finished yet. With that said failover works fine for me and my IP phone that is VPN'd into work. On 11/10/05, Lynn A. Roth <[EMAIL PROTECTED]> wrote: > If you need anyone to test, let me know. We aren't in production yet > with these firewalls, so it's not a big deal. Failover is one of the > big reasons we picked pfsense, so I am interested in helping to get it > working well. Thanks for all your work on this. > > Lynn > > > > Scott Ullrich wrote: > > I've been noticing interesting CARP problems here too. Mainly the > > state is INIT. I'm looking into the problem. I plan on moving back > > to RELENG_6 (we're now on RELENG_6_0) to see if it solves the issues. > > > > On 11/9/05, Lynn A. Roth <[EMAIL PROTECTED]> wrote: > > > >>I have my two machines set up. (Thanks Scott for the kernel patch). > >> > >>I followed the CARP Failover tutorial to setup failover. I have a > >>couple of problems. I'll name the two machines A and B. A is supposed > >>to be the primary and B the backup. > >> > >>First, B always grabs master on the carp interfaces. The Advertising > >>Frequency on A (on all the VIPs) is 0. It is 100 on all the VIPs on B. > >>Preemption is set on both machines. > >> > >>It does pass traffic over the CARP interfaces, so I decided to test the > >>failover. When I reboot B, A takes over fine. When B finishes booting > >>back up, it starts to take over from A, but in the process A actually > >>loses the IP on the Sync interface (opt1 named Sync) (no inet address > >>for bge1 via ifconfig) The failback then seems to be in an odd state > >>until I go to the SYNC interface on A and click Save. (ifconfig then > >>shows the IP again) and B takes over everything. > >> > >>I would appreciate any help that anyone could give on this. > >> > >>Thanks, > >>Lynn A. Roth > >> > >> > >>- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPSEC over 2 wan access with failover and load balancing
I dont think load balancing and IPSEC are compatible directly. You want to load balance VPN traffic!?! On 11/10/05, Thomas Frézouls <[EMAIL PROTECTED]> wrote: > > Hi, > > I would like to configure an IPSEC tunnel between 2 pfsense each over 2 > Internet access with automatic failover and load balancing. > I think it will be a good tutorial > > regards, > > Thomas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > Hi, > > Im new to pfsense and have two machines running 0.92 both with 2x Dual > Port 100+ Intel Management adaptors. I cannot for the life of me get > load balancing working. Here is how I have them setup: > > left.pfsense > > fxp1 Lan > fxp2 Cross Over cable to right.pfsense for sync > fxp3 DMZ Servers > fxp4 WAN > > right.pfsense > > fxp1 Lan > fxp2 Cross Over cable to right.pfsense for sync > fxp3 DMZ Servers > fxp4 WAN > > On my internal lan and wan I have carp's setup with virtual ip's. I wish > to use one of my virtual ip's to load balance mail to 2 servers on my > internal lan. I have it all setup as per on the wiki but I cannot get > anything through to the mailservers on the internal lan. I have a > firewall rule which allows * to connect to the virtual ip on port 25. > > Any ideas? please help. > > Lee > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPSEC over 2 wan access with failover and load balancing
sound like MITM attack.. Yes, I agree with Scott, I think ipsec and load balancing will not work together. In a near future I'll test ipsec and failover...this may work (maybe) Tom On 11/10/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > I dont think load balancing and IPSEC are compatible directly. You > want to load balance VPN traffic!?! > > On 11/10/05, Thomas Frézouls <[EMAIL PROTECTED]> wrote: > > > > Hi, > > > > I would like to configure an IPSEC tunnel between 2 pfsense each over 2 > > Internet access with automatic failover and load balancing. > > I think it will be a good tutorial > > > > regards, > > > > Thomas > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > Hi Scott, > > I followed those exactly. And yet I still have no Joy :( > > Can anyone suggest anything which I may need to tick or the such which > may prevent this from working? > > Regards > > Lee > > > > Scott Ullrich wrote: > > >Try visiting these docs: > > > >http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > > > >Scott > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>Hi, > >> > >>Im new to pfsense and have two machines running 0.92 both with 2x Dual > >>Port 100+ Intel Management adaptors. I cannot for the life of me get > >>load balancing working. Here is how I have them setup: > >> > >>left.pfsense > >> > >>fxp1 Lan > >>fxp2 Cross Over cable to right.pfsense for sync > >>fxp3 DMZ Servers > >>fxp4 WAN > >> > >>right.pfsense > >> > >>fxp1 Lan > >>fxp2 Cross Over cable to right.pfsense for sync > >>fxp3 DMZ Servers > >>fxp4 WAN > >> > >>On my internal lan and wan I have carp's setup with virtual ip's. I wish > >>to use one of my virtual ip's to load balance mail to 2 servers on my > >>internal lan. I have it all setup as per on the wiki but I cannot get > >>anything through to the mailservers on the internal lan. I have a > >>firewall rule which allows * to connect to the virtual ip on port 25. > >> > >>Any ideas? please help. > >> > >>Lee > >> > >>- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > >This e-mail has been scanned for viruses by Mailsauce. For further > >information visit http://www.mailsauce.com > > > > > > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] IPSEC over 2 wan access with failover and load balancing
SASYNCD is not fully fininshed yet (sound like a broken record today from all the same subject posts) but it works for me. See another thread from today. I think it was #2 out of 3 posts in a 8 hour period about load balancing. On 11/10/05, Tommaso Di Donato <[EMAIL PROTECTED]> wrote: > sound like MITM attack.. > Yes, I agree with Scott, I think ipsec and load balancing will not > work together. > In a near future I'll test ipsec and failover...this may work (maybe) > > Tom > > On 11/10/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > I dont think load balancing and IPSEC are compatible directly. You > > want to load balance VPN traffic!?! > > > > On 11/10/05, Thomas Frézouls <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > > > I would like to configure an IPSEC tunnel between 2 pfsense each over 2 > > > Internet access with automatic failover and load balancing. > > > I think it will be a good tutorial > > > > > > regards, > > > > > > Thomas > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Flash tutorial
I think it could be a good idea to create a mailto: link on the Tutorial section or an upload form. - Original Message - From: lee sheng To: support@pfsense.com Sent: Thursday, November 10, 2005 4:53 PM Subject: [pfSense Support] Flash tutorial pfsense team,I wonder where should I send to and apparently someone has sent before me and my friend do, anyway I just sent in not to waste my effort of myself and my friend, quak. We will create more and more soon since wink is now become handy to us.Regards,geek00L -To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying "bad gateway 85.116.x.1" Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > Ok, > > I have left and right pfsense boxes. On my opt1 interface I have a carp > setup: 85.116.x.1/27 is the network im using. My internal network is > then 192.168.x.0/24 > > I have 85.116.x.1 assigned as the virtual > I have 85.116.x.2 on left > 85.116.x.3 on right > > I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > setup which contains: > > 192.168.x.1 > 192.168.x.4 > > The left and right also have > > 192.168.x.254 as virtual > 192.168.x.252 on left > 192.168.x.253 on right > > I have a firewall rule which allows * to connect on port 25 to the carp > address which is 85.116.x.1 > > The tcp connection just times out. At one point it was in the log > saying "bad gateway 85.116.x.1" > > Other than this, its exactly as described in the IncomingLoadBalancing > example on the wiki. > > Lee > > > Scott Ullrich wrote: > > >Many people have followed these and they work. You'll need to provide > >more information of how its all setup and what doesn't work. > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>Hi Scott, > >> > >>I followed those exactly. And yet I still have no Joy :( > >> > >>Can anyone suggest anything which I may need to tick or the such which > >>may prevent this from working? > >> > >>Regards > >> > >>Lee > >> > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >>>Try visiting these docs: > >>> > >>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > >>> > >>>Scott > >>> > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > Hi, > > Im new to pfsense and have two machines running 0.92 both with 2x Dual > Port 100+ Intel Management adaptors. I cannot for the life of me get > load balancing working. Here is how I have them setup: > > left.pfsense > > fxp1 Lan > fxp2 Cross Over cable to right.pfsense for sync > fxp3 DMZ Servers > fxp4 WAN > > right.pfsense > > fxp1 Lan > fxp2 Cross Over cable to right.pfsense for sync > fxp3 DMZ Servers > fxp4 WAN > > On my internal lan and wan I have carp's setup with virtual ip's. I wish > to use one of my virtual ip's to load balance mail to 2 servers on my > internal lan. I have it all setup as per on the wiki but I cannot get > anything through to the mailservers on the internal lan. I have a > firewall rule which allows * to connect to the virtual ip on port 25. > > Any ideas? please help. > > Lee > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > >>>- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>>This e-mail has been scanned for viruses by Mailsauce. For further > >>>information visit http://www.mailsauce.com > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > > > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > >This e-mail has been scanned for viruses by Mailsauce. For further > >information visit http://www.mailsauce.com > > > > > > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Flash tutorial
Yup, suppose creating a mailto better, that's was what I looking for when i look at the tutorial link. I will send the one I'm working on, It is configuring pfsense as a pure router without nat. I think it is useful for certain user when they don't want nat because I have been asked by certain users regarding it. Regards, geek00LOn 11/11/05, Christian Veith <[EMAIL PROTECTED]> wrote: I think it could be a good idea to create a mailto: link on the Tutorial section or an upload form. - Original Message - From: lee sheng To: support@pfsense.com Sent: Thursday, November 10, 2005 4:53 PM Subject: [pfSense Support] Flash tutorial pfsense team,I wonder where should I send to and apparently someone has sent before me and my friend do, anyway I just sent in not to waste my effort of myself and my friend, quak. We will create more and more soon since wink is now become handy to us.Regards,geek00L -To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying "bad gateway 85.116.x.1" Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > 0.92 Latest > > For some reason left is master for the carp of the smtp and right is > master of the carp for the external (routing)... > > On the machine which is the inbound carp I have: > > DENIED: > > Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP > > > On the machine which is the smtp carp I have: > > DENIED: > > Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP > > > Looks like one of them has the wrong date too :) > > Scott Ullrich wrote: > > >1. What version > >2. What do you see in the firewall filter logs regarding these connections > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>Ok, > >> > >>I have left and right pfsense boxes. On my opt1 interface I have a carp > >>setup: 85.116.x.1/27 is the network im using. My internal network is > >>then 192.168.x.0/24 > >> > >>I have 85.116.x.1 assigned as the virtual > >>I have 85.116.x.2 on left > >>85.116.x.3 on right > >> > >>I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > >>setup which contains: > >> > >>192.168.x.1 > >>192.168.x.4 > >> > >>The left and right also have > >> > >>192.168.x.254 as virtual > >>192.168.x.252 on left > >>192.168.x.253 on right > >> > >>I have a firewall rule which allows * to connect on port 25 to the carp > >>address which is 85.116.x.1 > >> > >>The tcp connection just times out. At one point it was in the log > >>saying "bad gateway 85.116.x.1" > >> > >>Other than this, its exactly as described in the IncomingLoadBalancing > >>example on the wiki. > >> > >>Lee > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >>>Many people have followed these and they work. You'll need to provide > >>>more information of how its all setup and what doesn't work. > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > Hi Scott, > > I followed those exactly. And yet I still have no Joy :( > > Can anyone suggest anything which I may need to tick or the such which > may prevent this from working? > > Regards > > Lee > > > > Scott Ullrich wrote: > > > > > > >Try visiting these docs: > > > >http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > > > >Scott > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > >>Hi, > >> > >>Im new to pfsense and have two machines running 0.92 both with 2x Dual > >>Port 100+ Intel Management adaptors. I cannot for the life of me get > >>load balancing working. Here is how I have them setup: > >> > >>left.pfsense > >> > >>fxp1 Lan > >>fxp2 Cross Over cable to right.pfsense for sync > >>fxp3 DMZ Servers > >>fxp4 WAN > >> > >>right.pfsense > >> > >>fxp1 Lan > >>fxp2 Cross Over cable to right.pfsense for sync > >>fxp3 DMZ Servers > >>fxp4 WAN > >> > >>On my internal lan and wan I have carp's setup with virtual ip's. I wish > >>to use one of my virtual ip's to load balance mail to 2 servers on my > >>internal lan. I have it all setup as per on the wiki but I cannot get > >>anything through to the mailservers on the internal lan. I have a > >>firewall rule which allows * to connect to the virtual ip on port 25. > >> > >>Any ideas? please help. > >> > >>Lee > >> > >>- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > >> > >> > >> > >> > >> > >> > >- > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > >This e-mail has been scanned for viruses by Mailsauce. For further > >information visit http://www.mailsauce.com > > > > > > > > > > > > > > > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > >>>- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>>This e-mail has been scanned for viruses by Mailsauce. For further > >>>information visit http://www.mailsauce.com > >>> > >>
Re: [pfSense Support] Load Balancing
I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying "bad gateway 85.116.x.1" Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -
Re: [pfSense Support] Flash tutorial
Christian Veith wrote: I think it could be a good idea to create a mailto: link on the Tutorial section or an upload form. gr... indeed, since everybody thinks it's a good idea to email a 6 MB file to 300 people. my message size limit obviously didn't work. will look at that later today when I have time. in the mean time DO NOT SEND FILE ATTACHMENTS TO THE LIST. please send wink contributions to [EMAIL PROTECTED] thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Yes. The default rules create entries for the LAN addresses, not public. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > I have. On the wan interface, im allowing anything to connect to the vip > 85.116.30.1 address on port 25 > > Do I need any others? > > > Scott Ullrich wrote: > > >Perhaps you need firewall rules!? > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>0.92 Latest > >> > >>For some reason left is master for the carp of the smtp and right is > >>master of the carp for the external (routing)... > >> > >>On the machine which is the inbound carp I have: > >> > >>DENIED: > >> > >>Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP > >> > >> > >>On the machine which is the smtp carp I have: > >> > >>DENIED: > >> > >>Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP > >> > >> > >>Looks like one of them has the wrong date too :) > >> > >>Scott Ullrich wrote: > >> > >> > >> > >>>1. What version > >>>2. What do you see in the firewall filter logs regarding these connections > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > Ok, > > I have left and right pfsense boxes. On my opt1 interface I have a carp > setup: 85.116.x.1/27 is the network im using. My internal network is > then 192.168.x.0/24 > > I have 85.116.x.1 assigned as the virtual > I have 85.116.x.2 on left > 85.116.x.3 on right > > I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > setup which contains: > > 192.168.x.1 > 192.168.x.4 > > The left and right also have > > 192.168.x.254 as virtual > 192.168.x.252 on left > 192.168.x.253 on right > > I have a firewall rule which allows * to connect on port 25 to the carp > address which is 85.116.x.1 > > The tcp connection just times out. At one point it was in the log > saying "bad gateway 85.116.x.1" > > Other than this, its exactly as described in the IncomingLoadBalancing > example on the wiki. > > Lee > > > Scott Ullrich wrote: > > > > > > >Many people have followed these and they work. You'll need to provide > >more information of how its all setup and what doesn't work. > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > >>Hi Scott, > >> > >>I followed those exactly. And yet I still have no Joy :( > >> > >>Can anyone suggest anything which I may need to tick or the such which > >>may prevent this from working? > >> > >>Regards > >> > >>Lee > >> > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >> > >> > >> > >> > >>>Try visiting these docs: > >>> > >>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > >>> > >>>Scott > >>> > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > Hi, > > Im new to pfsense and have two machines running 0.92 both with 2x Dual > Port 100+ Intel Management adaptors. I cannot for the life of me get > load balancing working. Here is how I have them setup: > > left.pfsense > > fxp1 Lan > fxp2 Cross Over cable to right.pfsense for sync > fxp3 DMZ Servers > fxp4 WAN > > right.pfsense > > fxp1 Lan > fxp2 Cross Over cable to right.pfsense for sync > fxp3 DMZ Servers > fxp4 WAN > > On my internal lan and wan I have carp's setup with virtual ip's. I > wish > to use one of my virtual ip's to load balance mail to 2 servers on my > internal lan. I have it all setup as per on the wiki but I cannot get > anything through to the mailservers on the internal lan. I have a > firewall rule which allows * to connect to the virtual ip on port 25. > > Any ideas? please help. > > Lee > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > >>>- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>>This e-mail has been scanned for viruses by M
Re: [pfSense Support] Load Balancing
I have a rule created allowing anything to connect to the wan vip on port 25. Still, telnet just says timeout. Lee Scott Ullrich wrote: Yes. The default rules create entries for the LAN addresses, not public. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying "bad gateway 85.116.x.1" Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __
Re: [pfSense Support] Load Balancing
No, to the LAN IP! On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > I have a rule created allowing anything to connect to the wan vip on > port 25. > > Still, telnet just says timeout. > > Lee > > > Scott Ullrich wrote: > > >Yes. The default rules create entries for the LAN addresses, not public. > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>I have. On the wan interface, im allowing anything to connect to the vip > >>85.116.30.1 address on port 25 > >> > >>Do I need any others? > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >>>Perhaps you need firewall rules!? > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > 0.92 Latest > > For some reason left is master for the carp of the smtp and right is > master of the carp for the external (routing)... > > On the machine which is the inbound carp I have: > > DENIED: > > Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 > TCP > > > On the machine which is the smtp carp I have: > > DENIED: > > Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 > TCP > > > Looks like one of them has the wrong date too :) > > Scott Ullrich wrote: > > > > > > >1. What version > >2. What do you see in the firewall filter logs regarding these > >connections > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > >>Ok, > >> > >>I have left and right pfsense boxes. On my opt1 interface I have a carp > >>setup: 85.116.x.1/27 is the network im using. My internal network is > >>then 192.168.x.0/24 > >> > >>I have 85.116.x.1 assigned as the virtual > >>I have 85.116.x.2 on left > >>85.116.x.3 on right > >> > >>I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > >>setup which contains: > >> > >>192.168.x.1 > >>192.168.x.4 > >> > >>The left and right also have > >> > >>192.168.x.254 as virtual > >>192.168.x.252 on left > >>192.168.x.253 on right > >> > >>I have a firewall rule which allows * to connect on port 25 to the carp > >>address which is 85.116.x.1 > >> > >>The tcp connection just times out. At one point it was in the log > >>saying "bad gateway 85.116.x.1" > >> > >>Other than this, its exactly as described in the IncomingLoadBalancing > >>example on the wiki. > >> > >>Lee > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >> > >> > >> > >> > >>>Many people have followed these and they work. You'll need to provide > >>>more information of how its all setup and what doesn't work. > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > Hi Scott, > > I followed those exactly. And yet I still have no Joy :( > > Can anyone suggest anything which I may need to tick or the such which > may prevent this from working? > > Regards > > Lee > > > > Scott Ullrich wrote: > > > > > > > > > > >Try visiting these docs: > > > >http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > > > >Scott > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > >>Hi, > >> > >>Im new to pfsense and have two machines running 0.92 both with 2x > >>Dual > >>Port 100+ Intel Management adaptors. I cannot for the life of me > >>get > >>load balancing working. Here is how I have them setup: > >> > >>left.pfsense > >> > >>fxp1 Lan > >>fxp2 Cross Over cable to right.pfsense for sync > >>fxp3 DMZ Servers > >>fxp4 WAN > >> > >>right.pfsense > >> > >>fxp1 Lan > >>fxp2 Cross Over cable to right.pfsense for sync > >>fxp3 DMZ Servers > >>fxp4 WAN > >> > >>On my internal lan and wan I have carp's setup with virtual ip's. I > >>wish > >>to use one of my virtual ip's to load balance mail to 2 servers on > >>my > >>internal lan. I have it all setup as per on the wiki but I cannot > >>get > >>anything through to the mailservers on the internal lan. I have a > >>firewall rul
Re: [pfSense Support] Load Balancing
NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > I have. On the wan interface, im allowing anything to connect to the vip > 85.116.30.1 address on port 25 > > Do I need any others? > > > Scott Ullrich wrote: > > >Perhaps you need firewall rules!? > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>0.92 Latest > >> > >>For some reason left is master for the carp of the smtp and right is > >>master of the carp for the external (routing)... > >> > >>On the machine which is the inbound carp I have: > >> > >>DENIED: > >> > >>Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP > >> > >> > >>On the machine which is the smtp carp I have: > >> > >>DENIED: > >> > >>Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP > >> > >> > >>Looks like one of them has the wrong date too :) > >> > >>Scott Ullrich wrote: > >> > >> > >> > >>>1. What version > >>>2. What do you see in the firewall filter logs regarding these connections > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > Ok, > > I have left and right pfsense boxes. On my opt1 interface I have a carp > setup: 85.116.x.1/27 is the network im using. My internal network is > then 192.168.x.0/24 > > I have 85.116.x.1 assigned as the virtual > I have 85.116.x.2 on left > 85.116.x.3 on right > > I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > setup which contains: > > 192.168.x.1 > 192.168.x.4 > > The left and right also have > > 192.168.x.254 as virtual > 192.168.x.252 on left > 192.168.x.253 on right > > I have a firewall rule which allows * to connect on port 25 to the carp > address which is 85.116.x.1 > > The tcp connection just times out. At one point it was in the log > saying "bad gateway 85.116.x.1" > > Other than this, its exactly as described in the IncomingLoadBalancing > example on the wiki. > > Lee > > > Scott Ullrich wrote: > > > > > > >Many people have followed these and they work. You'll need to provide > >more information of how its all setup and what doesn't work. > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > >>Hi Scott, > >> > >>I followed those exactly. And yet I still have no Joy :( > >> > >>Can anyone suggest anything which I may need to tick or the such which > >>may prevent this from working? > >> > >>Regards > >> > >>Lee > >> > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >> > >> > >> > >> > >>>Try visiting these docs: > >>> > >>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > >>> > >>>Scott > >>> > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > Hi, > > Im new to pfsense and have two machines running 0.92 both with 2x Dual > Port 100+ Intel Management adaptors. I cannot for the life of me get > load balancing working. Here is how I have them setup: > > left.pfsense > > fxp1 Lan > fxp2 Cross Over cable to right.pfsense for sync > fxp3 DMZ Servers > fxp4 WAN > > right.pfsense > > fxp1 Lan > fxp2 Cross Over cable to right.pfsense for sync > fxp3 DMZ Servers > fxp4 WAN > > On my internal lan and wan I have carp's setup with virtual ip's. I > wish > to use one of my virtual ip's to load balance mail to 2 servers on my > internal lan. I have it all setup as per on the wiki but I cannot get > anything through to the mailservers on the internal lan. I have a > firewall rule which allows * to connect to the virtual ip on port 25. > > Any ideas? please help. > > Lee > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > >>>- > >>>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>>For additional commands, e-mail: [EMAIL PROTECTED] > >>> > >>> > >>> > >>
Re: [pfSense Support] Load Balancing
If that is the case then why does "Automatically create a rule" creat a firewall rule permitting traffic to the LAN IP? On 11/10/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > NAT occurs before filtering. You need a rule on the WAN interface > allowing connections to the physical server IPs. > > --Bill > > On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > I have. On the wan interface, im allowing anything to connect to the vip > > 85.116.30.1 address on port 25 > > > > Do I need any others? > > > > > > Scott Ullrich wrote: > > > > >Perhaps you need firewall rules!? > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > >>0.92 Latest > > >> > > >>For some reason left is master for the carp of the smtp and right is > > >>master of the carp for the external (routing)... > > >> > > >>On the machine which is the inbound carp I have: > > >> > > >>DENIED: > > >> > > >>Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 > > >>TCP > > >> > > >> > > >>On the machine which is the smtp carp I have: > > >> > > >>DENIED: > > >> > > >>Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 > > >>TCP > > >> > > >> > > >>Looks like one of them has the wrong date too :) > > >> > > >>Scott Ullrich wrote: > > >> > > >> > > >> > > >>>1. What version > > >>>2. What do you see in the firewall filter logs regarding these > > >>>connections > > >>> > > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > >>> > > >>> > > >>> > > >>> > > Ok, > > > > I have left and right pfsense boxes. On my opt1 interface I have a carp > > setup: 85.116.x.1/27 is the network im using. My internal network is > > then 192.168.x.0/24 > > > > I have 85.116.x.1 assigned as the virtual > > I have 85.116.x.2 on left > > 85.116.x.3 on right > > > > I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > > setup which contains: > > > > 192.168.x.1 > > 192.168.x.4 > > > > The left and right also have > > > > 192.168.x.254 as virtual > > 192.168.x.252 on left > > 192.168.x.253 on right > > > > I have a firewall rule which allows * to connect on port 25 to the carp > > address which is 85.116.x.1 > > > > The tcp connection just times out. At one point it was in the log > > saying "bad gateway 85.116.x.1" > > > > Other than this, its exactly as described in the IncomingLoadBalancing > > example on the wiki. > > > > Lee > > > > > > Scott Ullrich wrote: > > > > > > > > > > > > >Many people have followed these and they work. You'll need to provide > > >more information of how its all setup and what doesn't work. > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > >>Hi Scott, > > >> > > >>I followed those exactly. And yet I still have no Joy :( > > >> > > >>Can anyone suggest anything which I may need to tick or the such which > > >>may prevent this from working? > > >> > > >>Regards > > >> > > >>Lee > > >> > > >> > > >> > > >>Scott Ullrich wrote: > > >> > > >> > > >> > > >> > > >> > > >> > > >> > > >>>Try visiting these docs: > > >>> > > >>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > > >>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > > >>> > > >>>Scott > > >>> > > >>> > > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > Hi, > > > > Im new to pfsense and have two machines running 0.92 both with 2x > > Dual > > Port 100+ Intel Management adaptors. I cannot for the life of me > > get > > load balancing working. Here is how I have them setup: > > > > left.pfsense > > > > fxp1 Lan > > fxp2 Cross Over cable to right.pfsense for sync > > fxp3 DMZ Servers > > fxp4 WAN > > > > right.pfsense > > > > fxp1 Lan > > fxp2 Cross Over cable to right.pfsense for sync > > fxp3 DMZ Servers > > fxp4 WAN > > > > On my internal lan and wan I have carp's setup with virtual ip's. I > > wish > > to use one of my virtual ip's to load balance mail to 2 servers on > > my > > internal lan. I have it all setup as per on the wiki but I cannot > > get > > anything through to the mailservers on the internal lan. I have a > > firewall rule which allows * to connect to the virtual ip on port > > 25. > > > > Any ideas? please help. > > > > Lee > > >
Re: [pfSense Support] Load Balancing
Ok here is what I have WAN interface Allow anything to connect to vip address on port 25 Allow anything to connect to internal /24 on port 25 LAN Interface Allow anything to connect to internal/24 on port 25 Surely that covers it off? Lee Bill Marquette wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying "bad gateway 85.116.x.1" Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --
Re: [pfSense Support] Load Balancing
I dont know you tell us. Did it work? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > Ok here is what I have > > WAN interface > > Allow anything to connect to vip address on port 25 > Allow anything to connect to internal /24 on port 25 > > LAN Interface > > Allow anything to connect to internal/24 on port 25 > > Surely that covers it off? > > Lee > > Bill Marquette wrote: > > >NAT occurs before filtering. You need a rule on the WAN interface > >allowing connections to the physical server IPs. > > > >--Bill > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>I have. On the wan interface, im allowing anything to connect to the vip > >>85.116.30.1 address on port 25 > >> > >>Do I need any others? > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >>>Perhaps you need firewall rules!? > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > 0.92 Latest > > For some reason left is master for the carp of the smtp and right is > master of the carp for the external (routing)... > > On the machine which is the inbound carp I have: > > DENIED: > > Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 > TCP > > > On the machine which is the smtp carp I have: > > DENIED: > > Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 > TCP > > > Looks like one of them has the wrong date too :) > > Scott Ullrich wrote: > > > > > > >1. What version > >2. What do you see in the firewall filter logs regarding these > >connections > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > >>Ok, > >> > >>I have left and right pfsense boxes. On my opt1 interface I have a carp > >>setup: 85.116.x.1/27 is the network im using. My internal network is > >>then 192.168.x.0/24 > >> > >>I have 85.116.x.1 assigned as the virtual > >>I have 85.116.x.2 on left > >>85.116.x.3 on right > >> > >>I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > >>setup which contains: > >> > >>192.168.x.1 > >>192.168.x.4 > >> > >>The left and right also have > >> > >>192.168.x.254 as virtual > >>192.168.x.252 on left > >>192.168.x.253 on right > >> > >>I have a firewall rule which allows * to connect on port 25 to the carp > >>address which is 85.116.x.1 > >> > >>The tcp connection just times out. At one point it was in the log > >>saying "bad gateway 85.116.x.1" > >> > >>Other than this, its exactly as described in the IncomingLoadBalancing > >>example on the wiki. > >> > >>Lee > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >> > >> > >> > >> > >>>Many people have followed these and they work. You'll need to provide > >>>more information of how its all setup and what doesn't work. > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > Hi Scott, > > I followed those exactly. And yet I still have no Joy :( > > Can anyone suggest anything which I may need to tick or the such which > may prevent this from working? > > Regards > > Lee > > > > Scott Ullrich wrote: > > > > > > > > > > >Try visiting these docs: > > > >http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > > > >Scott > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > >>Hi, > >> > >>Im new to pfsense and have two machines running 0.92 both with 2x > >>Dual > >>Port 100+ Intel Management adaptors. I cannot for the life of me > >>get > >>load balancing working. Here is how I have them setup: > >> > >>left.pfsense > >> > >>fxp1 Lan > >>fxp2 Cross Over cable to right.pfsense for sync > >>fxp3 DMZ Servers > >>fxp4 WAN > >> > >>right.pfsense > >> > >>fxp1 Lan > >>fxp2 Cross Over cable to right.pfsense for sync > >>fxp3 DMZ Servers > >>fxp4 WAN > >> > >>On my internal lan and wan I have carp's setup with virtual ip's. I > >>wish > >>to use one of my virtual ip's to load balance mail to 2 server
Re: [pfSense Support] Load Balancing
Uhhh, cause you just said what I said? Would the LAN IP not also be the physical server IP? :) --Bill On 11/10/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > If that is the case then why does "Automatically create a rule" creat > a firewall rule permitting traffic to the LAN IP? > > On 11/10/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > > NAT occurs before filtering. You need a rule on the WAN interface > > allowing connections to the physical server IPs. > > > > --Bill > > > > On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > I have. On the wan interface, im allowing anything to connect to the vip > > > 85.116.30.1 address on port 25 > > > > > > Do I need any others? > > > > > > > > > Scott Ullrich wrote: > > > > > > >Perhaps you need firewall rules!? > > > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > >>0.92 Latest > > > >> > > > >>For some reason left is master for the carp of the smtp and right is > > > >>master of the carp for the external (routing)... > > > >> > > > >>On the machine which is the inbound carp I have: > > > >> > > > >>DENIED: > > > >> > > > >>Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 > > > >>TCP > > > >> > > > >> > > > >>On the machine which is the smtp carp I have: > > > >> > > > >>DENIED: > > > >> > > > >>Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 > > > >>TCP > > > >> > > > >> > > > >>Looks like one of them has the wrong date too :) > > > >> > > > >>Scott Ullrich wrote: > > > >> > > > >> > > > >> > > > >>>1. What version > > > >>>2. What do you see in the firewall filter logs regarding these > > > >>>connections > > > >>> > > > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > >>> > > > >>> > > > >>> > > > >>> > > > Ok, > > > > > > I have left and right pfsense boxes. On my opt1 interface I have a > > > carp > > > setup: 85.116.x.1/27 is the network im using. My internal network is > > > then 192.168.x.0/24 > > > > > > I have 85.116.x.1 assigned as the virtual > > > I have 85.116.x.2 on left > > > 85.116.x.3 on right > > > > > > I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > > > setup which contains: > > > > > > 192.168.x.1 > > > 192.168.x.4 > > > > > > The left and right also have > > > > > > 192.168.x.254 as virtual > > > 192.168.x.252 on left > > > 192.168.x.253 on right > > > > > > I have a firewall rule which allows * to connect on port 25 to the > > > carp > > > address which is 85.116.x.1 > > > > > > The tcp connection just times out. At one point it was in the log > > > saying "bad gateway 85.116.x.1" > > > > > > Other than this, its exactly as described in the IncomingLoadBalancing > > > example on the wiki. > > > > > > Lee > > > > > > > > > Scott Ullrich wrote: > > > > > > > > > > > > > > > > > > >Many people have followed these and they work. You'll need to > > > >provide > > > >more information of how its all setup and what doesn't work. > > > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > >>Hi Scott, > > > >> > > > >>I followed those exactly. And yet I still have no Joy :( > > > >> > > > >>Can anyone suggest anything which I may need to tick or the such > > > >>which > > > >>may prevent this from working? > > > >> > > > >>Regards > > > >> > > > >>Lee > > > >> > > > >> > > > >> > > > >>Scott Ullrich wrote: > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >> > > > >>>Try visiting these docs: > > > >>> > > > >>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > > > >>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > > > >>> > > > >>>Scott > > > >>> > > > >>> > > > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > >>> > > > Hi, > > > > > > Im new to pfsense and have two machines running 0.92 both with 2x > > > Dual > > > Port 100+ Intel Management adaptors. I cannot for the life of me > > > get > > > load balancing working. Here is how I have them setup: > > > > > > left.pfsense > > > > > > fxp1 Lan > > > fxp2 Cross Over cable to right.pfsense for sync > > > fxp3 DMZ Servers > > > fxp4 WAN > > > > > > right.pfsense > > > > > > fxp1 Lan > > > fxp2 Cross Over cable to right.pfsense for sync > > > fxp3 DMZ Servers > > > fxp4 WAN > > > >
Re: [pfSense Support] Load Balancing
LOL - Nevermind. I misread what you said. I'm going to blame this on the cold medicine yet again. On 11/10/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > Uhhh, cause you just said what I said? Would the LAN IP not also be > the physical server IP? :) > > --Bill > > On 11/10/05, Scott Ullrich <[EMAIL PROTECTED]> wrote: > > If that is the case then why does "Automatically create a rule" creat > > a firewall rule permitting traffic to the LAN IP? > > > > On 11/10/05, Bill Marquette <[EMAIL PROTECTED]> wrote: > > > NAT occurs before filtering. You need a rule on the WAN interface > > > allowing connections to the physical server IPs. > > > > > > --Bill > > > > > > On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > I have. On the wan interface, im allowing anything to connect to the vip > > > > 85.116.30.1 address on port 25 > > > > > > > > Do I need any others? > > > > > > > > > > > > Scott Ullrich wrote: > > > > > > > > >Perhaps you need firewall rules!? > > > > > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > >>0.92 Latest > > > > >> > > > > >>For some reason left is master for the carp of the smtp and right is > > > > >>master of the carp for the external (routing)... > > > > >> > > > > >>On the machine which is the inbound carp I have: > > > > >> > > > > >>DENIED: > > > > >> > > > > >>Aug 13 16:12:12 WAN 81.174.235.11.34623 > > > > >>85.116.30.1.25 TCP > > > > >> > > > > >> > > > > >>On the machine which is the smtp carp I have: > > > > >> > > > > >>DENIED: > > > > >> > > > > >>Nov 10 16:20:48 WAN 81.174.235.11.34683 > > > > >>192.168.7.1.25 TCP > > > > >> > > > > >> > > > > >>Looks like one of them has the wrong date too :) > > > > >> > > > > >>Scott Ullrich wrote: > > > > >> > > > > >> > > > > >> > > > > >>>1. What version > > > > >>>2. What do you see in the firewall filter logs regarding these > > > > >>>connections > > > > >>> > > > > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > Ok, > > > > > > > > I have left and right pfsense boxes. On my opt1 interface I have a > > > > carp > > > > setup: 85.116.x.1/27 is the network im using. My internal network is > > > > then 192.168.x.0/24 > > > > > > > > I have 85.116.x.1 assigned as the virtual > > > > I have 85.116.x.2 on left > > > > 85.116.x.3 on right > > > > > > > > I want to load balance 85.116.x.1 inbound on port 25 to a pool i > > > > have > > > > setup which contains: > > > > > > > > 192.168.x.1 > > > > 192.168.x.4 > > > > > > > > The left and right also have > > > > > > > > 192.168.x.254 as virtual > > > > 192.168.x.252 on left > > > > 192.168.x.253 on right > > > > > > > > I have a firewall rule which allows * to connect on port 25 to the > > > > carp > > > > address which is 85.116.x.1 > > > > > > > > The tcp connection just times out. At one point it was in the log > > > > saying "bad gateway 85.116.x.1" > > > > > > > > Other than this, its exactly as described in the > > > > IncomingLoadBalancing > > > > example on the wiki. > > > > > > > > Lee > > > > > > > > > > > > Scott Ullrich wrote: > > > > > > > > > > > > > > > > > > > > > > > > >Many people have followed these and they work. You'll need to > > > > >provide > > > > >more information of how its all setup and what doesn't work. > > > > > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >>Hi Scott, > > > > >> > > > > >>I followed those exactly. And yet I still have no Joy :( > > > > >> > > > > >>Can anyone suggest anything which I may need to tick or the such > > > > >>which > > > > >>may prevent this from working? > > > > >> > > > > >>Regards > > > > >> > > > > >>Lee > > > > >> > > > > >> > > > > >> > > > > >>Scott Ullrich wrote: > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >> > > > > >>>Try visiting these docs: > > > > >>> > > > > >>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > > > > >>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > > > > >>> > > > > >>>Scott > > > > >>> > > > > >>> > > > > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > >>> > > > > Hi, > > > > > > > > Im new to pfsense and have two machines running 0.92 both with > > > > 2x Dual > > > > Port 100+ Intel Management adaptors. I cannot for the life of > > > > >>>
Re: [pfSense Support] Load Balancing
Nope. Doesnt even log any errors in the firewall log either... Scott Ullrich wrote: I dont know you tell us. Did it work? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok here is what I have WAN interface Allow anything to connect to vip address on port 25 Allow anything to connect to internal /24 on port 25 LAN Interface Allow anything to connect to internal/24 on port 25 Surely that covers it off? Lee Bill Marquette wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying "bad gateway 85.116.x.1" Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For furth
Re: [pfSense Support] Load Balancing
You are testing this from the outside of the firewall correct? --Bill On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > Nope. Doesnt even log any errors in the firewall log either... > > > > Scott Ullrich wrote: > > >I dont know you tell us. Did it work? > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>Ok here is what I have > >> > >>WAN interface > >> > >>Allow anything to connect to vip address on port 25 > >>Allow anything to connect to internal /24 on port 25 > >> > >>LAN Interface > >> > >>Allow anything to connect to internal/24 on port 25 > >> > >>Surely that covers it off? > >> > >>Lee > >> > >>Bill Marquette wrote: > >> > >> > >> > >>>NAT occurs before filtering. You need a rule on the WAN interface > >>>allowing connections to the physical server IPs. > >>> > >>>--Bill > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > I have. On the wan interface, im allowing anything to connect to the vip > 85.116.30.1 address on port 25 > > Do I need any others? > > > Scott Ullrich wrote: > > > > > > >Perhaps you need firewall rules!? > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > >>0.92 Latest > >> > >>For some reason left is master for the carp of the smtp and right is > >>master of the carp for the external (routing)... > >> > >>On the machine which is the inbound carp I have: > >> > >>DENIED: > >> > >>Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 > >>TCP > >> > >> > >>On the machine which is the smtp carp I have: > >> > >>DENIED: > >> > >>Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 > >>TCP > >> > >> > >>Looks like one of them has the wrong date too :) > >> > >>Scott Ullrich wrote: > >> > >> > >> > >> > >> > >> > >> > >>>1. What version > >>>2. What do you see in the firewall filter logs regarding these > >>>connections > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > Ok, > > I have left and right pfsense boxes. On my opt1 interface I have a > carp > setup: 85.116.x.1/27 is the network im using. My internal network is > then 192.168.x.0/24 > > I have 85.116.x.1 assigned as the virtual > I have 85.116.x.2 on left > 85.116.x.3 on right > > I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > setup which contains: > > 192.168.x.1 > 192.168.x.4 > > The left and right also have > > 192.168.x.254 as virtual > 192.168.x.252 on left > 192.168.x.253 on right > > I have a firewall rule which allows * to connect on port 25 to the > carp > address which is 85.116.x.1 > > The tcp connection just times out. At one point it was in the log > saying "bad gateway 85.116.x.1" > > Other than this, its exactly as described in the IncomingLoadBalancing > example on the wiki. > > Lee > > > Scott Ullrich wrote: > > > > > > > > > > >Many people have followed these and they work. You'll need to > >provide > >more information of how its all setup and what doesn't work. > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > >>Hi Scott, > >> > >>I followed those exactly. And yet I still have no Joy :( > >> > >>Can anyone suggest anything which I may need to tick or the such > >>which > >>may prevent this from working? > >> > >>Regards > >> > >>Lee > >> > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >>>Try visiting these docs: > >>> > >>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > >>> > >>>Scott > >>> > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>
Re: [pfSense Support] Load Balancing
Well if your no longer logging errors your headed in the right direction. Have you rebooted?Have you telnetted from the firewall to the private ip port 25? Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > Nope. Doesnt even log any errors in the firewall log either... > > > > Scott Ullrich wrote: > > >I dont know you tell us. Did it work? > > > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > >>Ok here is what I have > >> > >>WAN interface > >> > >>Allow anything to connect to vip address on port 25 > >>Allow anything to connect to internal /24 on port 25 > >> > >>LAN Interface > >> > >>Allow anything to connect to internal/24 on port 25 > >> > >>Surely that covers it off? > >> > >>Lee > >> > >>Bill Marquette wrote: > >> > >> > >> > >>>NAT occurs before filtering. You need a rule on the WAN interface > >>>allowing connections to the physical server IPs. > >>> > >>>--Bill > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > I have. On the wan interface, im allowing anything to connect to the vip > 85.116.30.1 address on port 25 > > Do I need any others? > > > Scott Ullrich wrote: > > > > > > >Perhaps you need firewall rules!? > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > >>0.92 Latest > >> > >>For some reason left is master for the carp of the smtp and right is > >>master of the carp for the external (routing)... > >> > >>On the machine which is the inbound carp I have: > >> > >>DENIED: > >> > >>Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 > >>TCP > >> > >> > >>On the machine which is the smtp carp I have: > >> > >>DENIED: > >> > >>Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 > >>TCP > >> > >> > >>Looks like one of them has the wrong date too :) > >> > >>Scott Ullrich wrote: > >> > >> > >> > >> > >> > >> > >> > >>>1. What version > >>>2. What do you see in the firewall filter logs regarding these > >>>connections > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > >>> > >>> > >>> > Ok, > > I have left and right pfsense boxes. On my opt1 interface I have a > carp > setup: 85.116.x.1/27 is the network im using. My internal network is > then 192.168.x.0/24 > > I have 85.116.x.1 assigned as the virtual > I have 85.116.x.2 on left > 85.116.x.3 on right > > I want to load balance 85.116.x.1 inbound on port 25 to a pool i have > setup which contains: > > 192.168.x.1 > 192.168.x.4 > > The left and right also have > > 192.168.x.254 as virtual > 192.168.x.252 on left > 192.168.x.253 on right > > I have a firewall rule which allows * to connect on port 25 to the > carp > address which is 85.116.x.1 > > The tcp connection just times out. At one point it was in the log > saying "bad gateway 85.116.x.1" > > Other than this, its exactly as described in the IncomingLoadBalancing > example on the wiki. > > Lee > > > Scott Ullrich wrote: > > > > > > > > > > >Many people have followed these and they work. You'll need to > >provide > >more information of how its all setup and what doesn't work. > > > >On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > >>Hi Scott, > >> > >>I followed those exactly. And yet I still have no Joy :( > >> > >>Can anyone suggest anything which I may need to tick or the such > >>which > >>may prevent this from working? > >> > >>Regards > >> > >>Lee > >> > >> > >> > >>Scott Ullrich wrote: > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >>>Try visiting these docs: > >>> > >>>http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing > >>>http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing > >>> > >>>Scott > >>> > >>> > >>>On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: > >>> > >>> > >>> > >>> > >>> > >>
Re: [pfSense Support] Load Balancing
Bill Yes Im outside of that physical network Scott No errors no... Im just rebooting now actually. Im going to login and try telnet from firewall to private ip in a sec... Scott Ullrich wrote: Well if your no longer logging errors your headed in the right direction. Have you rebooted?Have you telnetted from the firewall to the private ip port 25? Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Nope. Doesnt even log any errors in the firewall log either... Scott Ullrich wrote: I dont know you tell us. Did it work? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok here is what I have WAN interface Allow anything to connect to vip address on port 25 Allow anything to connect to internal /24 on port 25 LAN Interface Allow anything to connect to internal/24 on port 25 Surely that covers it off? Lee Bill Marquette wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying "bad gateway 85.116.x.1" Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com
Re: [pfSense Support] Load Balancing
Damn things. Now my external carp has gone to INIT and the right firewall wont let me connect. But I can telnet from left onto the actual lan server on port 25 Lee Lee Hetherington wrote: Bill Yes Im outside of that physical network Scott No errors no... Im just rebooting now actually. Im going to login and try telnet from firewall to private ip in a sec... Scott Ullrich wrote: Well if your no longer logging errors your headed in the right direction. Have you rebooted?Have you telnetted from the firewall to the private ip port 25? Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Nope. Doesnt even log any errors in the firewall log either... Scott Ullrich wrote: I dont know you tell us. Did it work? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok here is what I have WAN interface Allow anything to connect to vip address on port 25 Allow anything to connect to internal /24 on port 25 LAN Interface Allow anything to connect to internal/24 on port 25 Surely that covers it off? Lee Bill Marquette wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying "bad gateway 85.116.x.1" Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington <[EMAIL PROTECTED]> wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands,
[pfSense Support] Re: CARP Failover Not working correctly.
Well, we aren't using IPSEC right now, so that isn't a deal breaker. Is pfsync stable? Scott Ullrich wrote: SASYNCD is not fully finished yet. With that said failover works fine for me and my IP phone that is VPN'd into work. On 11/10/05, Lynn A. Roth <[EMAIL PROTECTED]> wrote: If you need anyone to test, let me know. We aren't in production yet with these firewalls, so it's not a big deal. Failover is one of the big reasons we picked pfsense, so I am interested in helping to get it working well. Thanks for all your work on this. Lynn Scott Ullrich wrote: I've been noticing interesting CARP problems here too. Mainly the state is INIT. I'm looking into the problem. I plan on moving back to RELENG_6 (we're now on RELENG_6_0) to see if it solves the issues. On 11/9/05, Lynn A. Roth <[EMAIL PROTECTED]> wrote: I have my two machines set up. (Thanks Scott for the kernel patch). I followed the CARP Failover tutorial to setup failover. I have a couple of problems. I'll name the two machines A and B. A is supposed to be the primary and B the backup. First, B always grabs master on the carp interfaces. The Advertising Frequency on A (on all the VIPs) is 0. It is 100 on all the VIPs on B. Preemption is set on both machines. It does pass traffic over the CARP interfaces, so I decided to test the failover. When I reboot B, A takes over fine. When B finishes booting back up, it starts to take over from A, but in the process A actually loses the IP on the Sync interface (opt1 named Sync) (no inet address for bge1 via ifconfig) The failback then seems to be in an odd state until I go to the SYNC interface on A and click Save. (ifconfig then shows the IP again) and B takes over everything. I would appreciate any help that anyone could give on this. Thanks, Lynn A. Roth - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Re: CARP Failover Not working correctly.
pfsync is stable, yes. On 11/10/05, Lynn A. Roth <[EMAIL PROTECTED]> wrote: > Well, we aren't using IPSEC right now, so that isn't a deal breaker. > > Is pfsync stable? > > > > Scott Ullrich wrote: > > SASYNCD is not fully finished yet. With that said failover works > > fine for me and my IP phone that is VPN'd into work. > > > > On 11/10/05, Lynn A. Roth <[EMAIL PROTECTED]> wrote: > > > >>If you need anyone to test, let me know. We aren't in production yet > >>with these firewalls, so it's not a big deal. Failover is one of the > >>big reasons we picked pfsense, so I am interested in helping to get it > >>working well. Thanks for all your work on this. > >> > >>Lynn > >> > >> > >> > >>Scott Ullrich wrote: > >> > >>>I've been noticing interesting CARP problems here too. Mainly the > >>>state is INIT. I'm looking into the problem. I plan on moving back > >>>to RELENG_6 (we're now on RELENG_6_0) to see if it solves the issues. > >>> > >>>On 11/9/05, Lynn A. Roth <[EMAIL PROTECTED]> wrote: > >>> > >>> > I have my two machines set up. (Thanks Scott for the kernel patch). > > I followed the CARP Failover tutorial to setup failover. I have a > couple of problems. I'll name the two machines A and B. A is supposed > to be the primary and B the backup. > > First, B always grabs master on the carp interfaces. The Advertising > Frequency on A (on all the VIPs) is 0. It is 100 on all the VIPs on B. > Preemption is set on both machines. > > It does pass traffic over the CARP interfaces, so I decided to test the > failover. When I reboot B, A takes over fine. When B finishes booting > back up, it starts to take over from A, but in the process A actually > loses the IP on the Sync interface (opt1 named Sync) (no inet address > for bge1 via ifconfig) The failback then seems to be in an odd state > until I go to the SYNC interface on A and click Save. (ifconfig then > shows the IP again) and B takes over everything. > > I would appreciate any help that anyone could give on this. > > Thanks, > Lynn A. Roth > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > >> > >> > >>- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > >> > >> > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancing?
Hi, can I ask, if is possible configuration, if I have computer and pfSENSE where I have 2x NIC as 2xLAN and 2xNIC as 2x WAN-connected to two different ISP. Where via rules in PF can I configure traffic so, that users from LAN1 go to the ISP1 via WAN1 and users from LAN2 go through the second interface to the second ISP? And what abou configuration of traffic shaper in this case.?? Thanks. Best regards RoboK -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.SlovakNET.sk - profesionalny webhosting, domena .SK ZADARMO * www.inshop.sk - virtualna obchodna galeria s viac ako 230 obchodmi!
Re: [pfSense Support] load balancing?
This is not load balancing. This is policy based routing. Its supported now. On 11/10/05, Robo.K. <[EMAIL PROTECTED]> wrote: > > Hi, > can I ask, if is possible configuration, if I have computer and pfSENSE > where I have 2x NIC as 2xLAN and 2xNIC as 2x WAN-connected to two different > ISP. Where via rules in PF can I configure traffic so, that users from LAN1 > go to the ISP1 via WAN1 and users from LAN2 go through the second interface > to the second ISP? And what abou configuration of traffic shaper in this > case.?? > > Thanks. > Best regards > RoboK > > -- > * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA > * www.SlovakNET.sk - profesionalny webhosting, domena .SK ZADARMO > * www.inshop.sk - virtualna obchodna galeria s viac ako 230 obchodmi! > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] pfsense in VMware
Good morning list, yesterday I mangled a pfsense into a vmware 4.5 on a w2k laptop. The virtual HD is 0,5 GB "large", the memory is 64MB. For getting the thing to the "Show it to me in the browser"-point, I connected only the lan-side via ehternet. The Wan-side had no cable. In a first look, i didn't find any package or package manager, only am xml-error was to be seen. I wanted to use the squid package at first, but I'm not shure now, if the package is contained in the current live-installer-cd, or did I miss a download? When I understand the website correctly, the squid-package is an embedded package, or not? with regards Andreas Bahr (an ordinary m0n0wall user) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
