Re: [pfSense Support] Difference between IP Alias and Other for VIPs
I have created a table that synthesize the various possibilities offered by the various types of VIPs… "VIPs dans même sous réseau que l’interface" means VIPs in the same subnet as interface. Do you have any comment on this table ? Type Services Forward Traf. L2 Clustering VIPs dans même sous réseau que l’interface ICMP CARP Oui Oui Oui Oui Nécessaire Oui Proxy ARP Non Oui Oui Non Pas nécessaire Non Other Non Oui Non Non Pas nécessaire Non IP Alias Oui Oui Non Non Pas nécessaire Oui Le 17 mars 2011 à 13:34, Jim Pingle a écrit : > On 3/17/2011 8:29 AM, bsd wrote: >> I wanted to know what was the difference between IP Alias and Other in VIPs >> ? >> What does IP Alias do technically speaking ? >> >> It is not very clear to me. > > IP Alias is just that, an IP Alias in FreeBSD. It is an actual > additional IP address defined directly on the network card. It can be > used for anything -- listening for services, port forwards, outbound > nat, 1:1 nat, etc. It lets you actually address and talk to multiple > subnets on a single card if the Alias is in a different subnet. > > "Other" type VIPs are just placeholders. The work for those is done by > the upstream gear routing a subnet to an IP on your firewall, and the > "Other" type VIPs just let you use those IPs for NAT. > > Jim > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > –– -> Grégory Bernard Director <- ---> www.osnet.eu <--- --> Your provider of OpenSource appliances <-- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO
Re: [pfSense Support] Squid with LDAP not working
ok Thank you sir. On Thu, Mar 17, 2011 at 9:30 PM, Dominic wrote: > Hi Shali, > > Sorry I am still using 1.2.3, perhaps someone else on the list using > 2.0 can advise? > > I will be doing a test with 2.0 tomorrow and should I find something I > will let you know. > > On Thu, Mar 17, 2011 at 1:17 PM, Shali K.R. > wrote: > > Dear sir, > > > > Actually i am using pfsense 2.0 and how to check the openldap-client > version > > ??? > > > > On Thu, Mar 17, 2011 at 4:22 PM, Dominic wrote: > >> > >> Hi Shali, > >> > >> Have you reinstalled openldap as per the forum post? I found this a > >> key factor in getting mine working. > >> > >> Remove openldap on system ; > >> # pkg_delete -f openldap-client-2.4.10 > >> > >> install new openldap version ; > >> # pkg_add -r > >> http://files.pfsense.org/packages/7/All/openldap-client-2.4.11.tbz > >> # rehash > >> > >> On Thu, Mar 17, 2011 at 12:43 PM, Shali K.R. > >> wrote: > >> > Dear Domanic sir, > >> > > >> > after searching several topics i have changed my settings as , > >> > > >> > Authentication method :LDAP > >> > LDAP V:3 > >> > Authentication server :10.1.1.25 > >> > Authentication server port :389 > >> > LDAP server user DN : ou=people,dc=lan,dc=com > >> > LDAP base domain : dc=lan,dc=com > >> > LDAP username DN attribute :uid > >> > LDAP search filter :uid=%s > >> > > >> > but its not working... > >> > > >> > On Thu, Mar 17, 2011 at 2:44 PM, Dominic > wrote: > >> >> > >> >> Hi Shali, > >> >> > >> >> Take a look at this forum post, it helped me resolve this problem. > >> >> > >> >> http://forum.pfsense.org/index.php?topic=20666.0 > >> >> > >> >> Kind Regards, > >> >> > >> >> Dominic. > >> >> > >> >> On Thu, Mar 17, 2011 at 11:03 AM, Shali K.R. < > sh...@vidyaacademy.ac.in> > >> >> wrote: > >> >> > Dear all, > >> >> > > >> >> > I have a working LDAP server ( tested with JXplorer )and i am > trying > >> >> > to > >> >> > use > >> >> > squid with LDAP following information provided but working any > >> >> > idea??? > >> >> > > >> >> > Authentication method :LDAP > >> >> > LDAP V:3 > >> >> > Authentication server :10.1.1.25 > >> >> > Authentication server port :389 > >> >> > LDAP server user DN : cn=Administrator,dc=lan,dc=com > >> >> > LDAP password :password > >> >> > LDAP base domain : dc=lan,dc=com > >> >> > > >> >> > -- > >> >> > Thanks & Regards > >> >> > > >> >> > Shali K R > >> >> > Server Administrator > >> >> > Vidya Academy of Science & Technology > >> >> > Thrissur,Kerala. > >> >> > Mob:9846303531 > >> >> > > >> >> > > >> >> > > >> >> > >> >> - > >> >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com > >> >> For additional commands, e-mail: support-h...@pfsense.com > >> >> > >> >> Commercial support available - https://portal.pfsense.org > >> >> > >> > > >> > > >> > > >> > -- > >> > Thanks & Regards > >> > > >> > Shali K R > >> > Server Administrator > >> > Vidya Academy of Science & Technology > >> > Thrissur,Kerala. > >> > Mob:9846303531 > >> > > >> > > >> > > > > > > > > > -- > > Thanks & Regards > > > > Shali K R > > Server Administrator > > Vidya Academy of Science & Technology > > Thrissur,Kerala. > > Mob:9846303531 > > > > > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Thanks & Regards Shali K R Server Administrator Vidya Academy of Science & Technology Thrissur,Kerala. Mob:9846303531
Re: [pfSense Support] 2.0 Web UI Unresponsive
Jim, I did not want to post on the lists but do you have blocks enabled on private networks and bogon networks? Mehma - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Squid with LDAP not working
Hi Shali, Sorry I am still using 1.2.3, perhaps someone else on the list using 2.0 can advise? I will be doing a test with 2.0 tomorrow and should I find something I will let you know. On Thu, Mar 17, 2011 at 1:17 PM, Shali K.R. wrote: > Dear sir, > > Actually i am using pfsense 2.0 and how to check the openldap-client version > ??? > > On Thu, Mar 17, 2011 at 4:22 PM, Dominic wrote: >> >> Hi Shali, >> >> Have you reinstalled openldap as per the forum post? I found this a >> key factor in getting mine working. >> >> Remove openldap on system ; >> # pkg_delete -f openldap-client-2.4.10 >> >> install new openldap version ; >> # pkg_add -r >> http://files.pfsense.org/packages/7/All/openldap-client-2.4.11.tbz >> # rehash >> >> On Thu, Mar 17, 2011 at 12:43 PM, Shali K.R. >> wrote: >> > Dear Domanic sir, >> > >> > after searching several topics i have changed my settings as , >> > >> > Authentication method :LDAP >> > LDAP V:3 >> > Authentication server :10.1.1.25 >> > Authentication server port :389 >> > LDAP server user DN : ou=people,dc=lan,dc=com >> > LDAP base domain : dc=lan,dc=com >> > LDAP username DN attribute :uid >> > LDAP search filter :uid=%s >> > >> > but its not working... >> > >> > On Thu, Mar 17, 2011 at 2:44 PM, Dominic wrote: >> >> >> >> Hi Shali, >> >> >> >> Take a look at this forum post, it helped me resolve this problem. >> >> >> >> http://forum.pfsense.org/index.php?topic=20666.0 >> >> >> >> Kind Regards, >> >> >> >> Dominic. >> >> >> >> On Thu, Mar 17, 2011 at 11:03 AM, Shali K.R. >> >> wrote: >> >> > Dear all, >> >> > >> >> > I have a working LDAP server ( tested with JXplorer )and i am trying >> >> > to >> >> > use >> >> > squid with LDAP following information provided but working any >> >> > idea??? >> >> > >> >> > Authentication method :LDAP >> >> > LDAP V:3 >> >> > Authentication server :10.1.1.25 >> >> > Authentication server port :389 >> >> > LDAP server user DN : cn=Administrator,dc=lan,dc=com >> >> > LDAP password :password >> >> > LDAP base domain : dc=lan,dc=com >> >> > >> >> > -- >> >> > Thanks & Regards >> >> > >> >> > Shali K R >> >> > Server Administrator >> >> > Vidya Academy of Science & Technology >> >> > Thrissur,Kerala. >> >> > Mob:9846303531 >> >> > >> >> > >> >> > >> >> >> >> - >> >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> >> For additional commands, e-mail: support-h...@pfsense.com >> >> >> >> Commercial support available - https://portal.pfsense.org >> >> >> > >> > >> > >> > -- >> > Thanks & Regards >> > >> > Shali K R >> > Server Administrator >> > Vidya Academy of Science & Technology >> > Thrissur,Kerala. >> > Mob:9846303531 >> > >> > >> > > > > > -- > Thanks & Regards > > Shali K R > Server Administrator > Vidya Academy of Science & Technology > Thrissur,Kerala. > Mob:9846303531 > > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] 2.0 Web UI Unresponsive
I have been having an issue with 2.0 for a few months (beta snapshots and RC1) that is driving me mad. I'm hoping someone can shed some light on this. The server is a Dell PowerEdge R610 with bce0-bce3. It is a repurposed server, so it is built and configured as a server and for performance. In the simplest setup, I only have a LAN (bce0) and WAN (bce1). This is a test server for evaluating 2.0, so it doesn't really have much traffic. There are only a couple of us using it as a gateway. A few minutes after booting, the Web UI will become unusably slow or completely unresponsive. Sometimes we will be greeted with a 503 response. Other times the browser just spins forever. SSH access is similarly flaky. We have found that if we force some traffic through the gateway (e.g. http request from LAN to WAN) right after requesting a page from the Web UI or attempting an SSH session, it will respond to that request. I have dug through posts related to this in the forums and archives, but haven't found too much that's relevant. I did find one post [1], though, that was somewhat similar. Basically, the OP had to run tcpdump on the pfSense box to get it to work. I tried that, and it works! So, now every time I restart the pfSense box I have to log in on console or SSH (if I can get in) and run a `nohup tcpdump -i bce0 >& /dev/null' to make it behave. Note that unlike the referenced post, we do not have any trouble LAN->WAN through the gateway. It just seems to be problematic accessing the gateway itself from the LAN. As long as my tcpdump is running, everything works beautifully, and the box is as fast and responsive as can be. But once that dump is stopped, it seems that pfSense doesn't like to respond to the LAN. I have: - restarted the Web Configurator over and over - stripped out all config except the most basic needed to function - tried different ports for both LAN and WAN - reinstalled the box from scratch several times - watched `top' for cpu hogs; the system is bored - verified all BIOS settings look normal - scoured the logs - found that sometimes when this issue is happening, I cannot kill (even `kill -9') the lighttpd process for the Web Configurator; it's almost like it is blocked waiting on something (?) I am a FreeBSD server admin, so I have no problem digging through the system, debugging, installing tools, changing sysctls, or whatever to try to figure this out, but I don't know where to start. Does anyone have any ideas? I would rather not go to production with the tcpdump kludge. Am I the only one who has seen this? - Jim [1] http://forum.pfsense.org/index.php?topic=13701.0 - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Difference between IP Alias and Other for VIPs
On 3/17/2011 8:29 AM, bsd wrote: > I wanted to know what was the difference between IP Alias and Other in VIPs ? > What does IP Alias do technically speaking ? > > It is not very clear to me. IP Alias is just that, an IP Alias in FreeBSD. It is an actual additional IP address defined directly on the network card. It can be used for anything -- listening for services, port forwards, outbound nat, 1:1 nat, etc. It lets you actually address and talk to multiple subnets on a single card if the Alias is in a different subnet. "Other" type VIPs are just placeholders. The work for those is done by the upstream gear routing a subnet to an IP on your firewall, and the "Other" type VIPs just let you use those IPs for NAT. Jim - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Difference between IP Alias and Other for VIPs[solved]
Ooops sorry, http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F Le 17 mars 2011 à 13:29, bsd a écrit : > Hi, > > I wanted to know what was the difference between IP Alias and Other in VIPs ? > What does IP Alias do technically speaking ? > > It is not very clear to me. > > > Thanks. > > G.B. > > –– > -> Grégory Bernard Director <- > ---> www.osnet.eu <--- > --> Your provider of OpenSource appliances <-- > –– > OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > –– -> Grégory Bernard Director <- ---> www.osnet.eu <--- --> Your provider of OpenSource appliances <-- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Difference between IP Alias and Other for VIPs
Hi, I wanted to know what was the difference between IP Alias and Other in VIPs ? What does IP Alias do technically speaking ? It is not very clear to me. Thanks. G.B. –– -> Grégory Bernard Director <- ---> www.osnet.eu <--- --> Your provider of OpenSource appliances <-- –– OSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetOSnetO - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Squid with LDAP not working
Dear Domanic sir, after searching several topics i have changed my settings as , Authentication method :LDAP LDAP V:3 Authentication server :10.1.1.25 Authentication server port :389 LDAP server user DN : ou=people,dc=lan,dc=com LDAP base domain : dc=lan,dc=com LDAP username DN attribute :uid LDAP search filter :uid=%s but its not working... On Thu, Mar 17, 2011 at 2:44 PM, Dominic wrote: > Hi Shali, > > Take a look at this forum post, it helped me resolve this problem. > > http://forum.pfsense.org/index.php?topic=20666.0 > > Kind Regards, > > Dominic. > > On Thu, Mar 17, 2011 at 11:03 AM, Shali K.R. > wrote: > > Dear all, > > > > I have a working LDAP server ( tested with JXplorer )and i am trying to > use > > squid with LDAP following information provided but working any idea??? > > > > Authentication method :LDAP > > LDAP V:3 > > Authentication server :10.1.1.25 > > Authentication server port :389 > > LDAP server user DN : cn=Administrator,dc=lan,dc=com > > LDAP password :password > > LDAP base domain : dc=lan,dc=com > > > > -- > > Thanks & Regards > > > > Shali K R > > Server Administrator > > Vidya Academy of Science & Technology > > Thrissur,Kerala. > > Mob:9846303531 > > > > > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > -- Thanks & Regards Shali K R Server Administrator Vidya Academy of Science & Technology Thrissur,Kerala. Mob:9846303531
Re: [pfSense Support] Squid with LDAP not working
Hi Shali, Take a look at this forum post, it helped me resolve this problem. http://forum.pfsense.org/index.php?topic=20666.0 Kind Regards, Dominic. On Thu, Mar 17, 2011 at 11:03 AM, Shali K.R. wrote: > Dear all, > > I have a working LDAP server ( tested with JXplorer )and i am trying to use > squid with LDAP following information provided but working any idea??? > > Authentication method :LDAP > LDAP V:3 > Authentication server :10.1.1.25 > Authentication server port :389 > LDAP server user DN : cn=Administrator,dc=lan,dc=com > LDAP password :password > LDAP base domain : dc=lan,dc=com > > -- > Thanks & Regards > > Shali K R > Server Administrator > Vidya Academy of Science & Technology > Thrissur,Kerala. > Mob:9846303531 > > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Squid with LDAP not working
Dear all, I have a working LDAP server ( tested with JXplorer )and i am trying to use squid with LDAP following information provided but working any idea??? Authentication method :LDAP LDAP V:3 Authentication server :10.1.1.25 Authentication server port :389 LDAP server user DN : cn=Administrator,dc=lan,dc=com LDAP password :password LDAP base domain : dc=lan,dc=com -- Thanks & Regards Shali K R Server Administrator Vidya Academy of Science & Technology Thrissur,Kerala. Mob:9846303531