Re: [pfSense Support] Triple CARP setup
On Tue, Aug 18, 2009 at 9:28 AM, Veiko Kukkveiko.k...@krediidipank.ee wrote: How should I configure pfsync if I want to use three machines? I'm curious why you might want such a setup. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Triple CARP setup
On Tue, Aug 18, 2009 at 9:28 AM, Veiko Kukkveiko.k...@krediidipank.ee wrote: How should I configure pfsync if I want to use three machines? I'm curious why you might want such a setup. --Bill [Christopher Iarocci] I was thinking the same exact thing. I could see having a 3rd machine pre-configured to go in place should 1 fail, but to actively have 3 in service I don't understand. The chances of 2 going bad at the same time is probably nothing. Chris - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Triple CARP setup
On Wed, Aug 19, 2009 at 1:41 PM, Christopher M. Iarocciciaro...@tfop.net wrote: On Tue, Aug 18, 2009 at 9:28 AM, Veiko Kukkveiko.k...@krediidipank.ee wrote: How should I configure pfsync if I want to use three machines? I'm curious why you might want such a setup. --Bill [Christopher Iarocci] I was thinking the same exact thing. I could see having a 3rd machine pre-configured to go in place should 1 fail, but to actively have 3 in service I don't understand. The chances of 2 going bad at the same time is probably nothing. In environments where availability really matters, I run CARP on high end boxes that have redundant power supplies and hardware RAID (with hot spare), and hot swappable fans. The intent is to _never_ fail over, but have the hot spare box available in the event that a disaster really does impact the primary box we only take a small (usually unnoticed) hit during failover. I'm sure there's a good reason to have triple redundancy, but I can't think of a reason for it, where a few thousand dollars on higher end gear won't solve the same problem with less complexity. In running CARP clusters since CARP came out o 5? years ago or so now, I have yet to run into a situation where having more than two machines in the cluster (firewalls only here, not web servers and the like) would have bought me anything. Anything bad enough to take down the primary and the secondary would have impacted a tertiary (and I've only seen kernel bugs nail primary and secondary - our clusters are separated by about 2 miles of fiber). --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Fresh install can't access internet.
On Wed, Aug 19, 2009 at 3:55 PM, li...@mgreg.comli...@mgreg.com wrote: Hi All, I've decided to give pfSense a go. When I initially installed it about (20 mins ago), everything seemed to work just fine. Now, however, I can ping and SSH to all machines behind the pfSense box, but I can't access the internet. LAN and WAN can't be the same subnet. Change one or the other. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] Fresh install can't access internet.
On Wed, Aug 19, 2009 at 3:55 PM, li...@mgreg.comli...@mgreg.com wrote: Hi All, I've decided to give pfSense a go. When I initially installed it about (20 mins ago), everything seemed to work just fine. Now, however, I can ping and SSH to all machines behind the pfSense box, but I can't access the internet. Looks like you have the LAN IP the same as your ISP Gateway... Change that IP to something other than 192.168.1.1 -Tim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Fresh install can't access internet.
On Aug 19, 2009, at 4:03 PM, Chris Buechler wrote: On Wed, Aug 19, 2009 at 3:55 PM, li...@mgreg.comli...@mgreg.com wrote: Hi All, I've decided to give pfSense a go. When I initially installed it about (20 mins ago), everything seemed to work just fine. Now, however, I can ping and SSH to all machines behind the pfSense box, but I can't access the internet. LAN and WAN can't be the same subnet. Change one or the other. Thanks for the input guys. There was also something wrong with the DSL router in that it wasn't truly turning off DHCP and it was basically ignoring traffic from devices from which it didn't assign an IP. I finally got it into true dummy bridge mode and now it acts as nothing more than a passthrough for pfSense. Much appreciated! - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Loopback traffic...?
Hi All, I just installed pfSense and am absolutely loving it. One question though: How do I go about allowing for "loopback" traffic? Basically I have some internal web servers that I need to test via the external IP, but it seems as though internal traffic is blocked from accessing the WAN by default. What rule can I enter to change this? Thanks, Michael - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Loopback traffic...?
On Wed, Aug 19, 2009 at 6:18 PM, li...@mgreg.com wrote: Hi All, I just installed pfSense and am absolutely loving it. One question though: How do I go about allowing for loopback traffic? Basically I have some internal web servers that I need to test via the external IP, but it seems as though internal traffic is blocked from accessing the WAN by default. What rule can I enter to change this? See: http://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] LSI boot issues - liveCD not booting
Yep, i'm wondering if it's something else causing the issue now.. I've attached a screenshot image of where the bootup hangs (in verbose mode)., also, the box hasn't actually hung if you alt-ctrl-delete - the machine will reboot nicely, killing off the processes it's started already. is there a way to get the init scripts to log more verbosely to the console to try work out where the failure is happening? I'm a linux person, and i'm unfortunately not terribly familiar with the BSD toolsets :\ Lenny wrote: Leon Strong wrote: Hi all, I'm wondering if you could provide some help with an issue i'm having installing pfsense on an IBM HS20 blade system, both the 1.2.2 and 1.2.3RC1 snapshots hang when booting.. (it stalls after mounting the filesystem from cdrom) - booting in verbose mode, it seems to get an unrecoverable error, and deadlocks. I read on the forums there was a few MTP patches that may fix this issue, is there a recent build that incorporates these fixes? Cheers, Leon. -- *Leon Strong *| Technical Engineer *DDI:* +64 9 950 2203 *Fax:* +64 9 302 0518 *Mobile:* +64 21 0202 8870 *Freephone:* 0800 SMX SMX (769 769) Level 11, 290 Queen Street, Auckland, New Zealand | SMX Ltd | smx.co.nz http://smx.co.nz SMX | Business Email Specialists The information contained in this email and any attachments is confidential. If you are not the intended recipient then you must not use, disseminate, distribute or copy any information contained in this email or any attachments. If you have received this email in error or you are not the originally intended recipient please contact SMX immediately and destroy this email. This email has been scrubbed for your protection by SMX. For more information visit smx.co.nz http://smx.co.nz/scrubbed Hi, Actually, I believe it was my post you were reading, as I was the one to ask to patch the recent version. Anyway, I never had the chance to install pfsense on HS20, but I did install on multiple x335 and x3550 and it works without a problem. I also think it's the same controller. By the way, the 1.2.2 version didn't have this problem at all, it started with 1.2.3 (FreeBSD 7.1 I think). But the current version of 1.2.3 does include those patches (approximately since 1.7.09). So unless it's a different controller, maybe you should start digging in other direction. Lenny. -- *Leon Strong *| Technical Engineer *DDI:* +64 9 950 2203 *Fax:* +64 9 302 0518 *Mobile:* +64 21 0202 8870 *Freephone:* 0800 SMX SMX (769 769) Level 11, 290 Queen Street, Auckland, New Zealand | SMX Ltd | smx.co.nz http://smx.co.nz SMX | Business Email Specialists The information contained in this email and any attachments is confidential. If you are not the intended recipient then you must not use, disseminate, distribute or copy any information contained in this email or any attachments. If you have received this email in error or you are not the originally intended recipient please contact SMX immediately and destroy this email. __ This email has been scrubbed for your protection by SMX. For more information visit http://smx.co.nz __ inline: Screenshot.png- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Installing FULL Version on 1 gig DOM
Hello everyone, I have what I belive is a very nice hardware for running pfSense.. http://www.calltheusa.com/1.jpg http://www.calltheusa.com/2.jpg http://www.calltheusa.com/3.jpg I installed the FULL version 1.2.2 on 4gig Transcend DOM on the only IDE port, and pfsense work nicely I have hear that installing on DOM is not a good idea because like CF cards is a problem with the writes I can install a small Microdrive on the CF slot in the botton of the unit, but I don't know how to separte the swap partition from the system, to the second hardrive.. the installer do not allow me to do that :( Is any special way to do that? Should I bother at all? How I can make the DOM read only? or is read only already? and only the swap partition is the one who get writes? I will appreciate you help!! thank you in adavnce!!! Manny
Re: [pfSense Support] Installing FULL Version on 1 gig DOM
On Thu, Aug 20, 2009 at 12:35 AM, Manny A. Wisemannyw...@gmail.com wrote: Hello everyone, I have what I belive is a very nice hardware for running pfSense.. http://www.calltheusa.com/1.jpg http://www.calltheusa.com/2.jpg http://www.calltheusa.com/3.jpg I installed the FULL version 1.2.2 on 4gig Transcend DOM on the only IDE port, and pfsense work nicely I have hear that installing on DOM is not a good idea because like CF cards is a problem with the writes I can install a small Microdrive on the CF slot in the botton of the unit, but I don't know how to separte the swap partition from the system, to the second hardrive.. the installer do not allow me to do that :( Is any special way to do that? Should I bother at all? How I can make the DOM read only? or is read only already? and only the swap partition is the one who get writes? Just use the 4 GB nanobsd. http://snapshots.pfsense.org/FreeBSD_RELENG_7_2/pfSense_RELENG_1_2/nanobsd/ - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org