Re: [pfSense Support] Traffic shaping for specific file type
ok On Mon, May 16, 2011 at 9:03 PM, Michel Servaes mic...@mcmc.be wrote: u can come on chat Google chat) i will help u my best.. . mohanra...@gmail.com Though this answer might be interesting for the person who has asked It. It is totally useless to the mailing list. If everybody acted the same, mailing list would be filled with 0 answer… Please post your answer on the mailing list. Thanks. Yes, I was thinking the very same thing here... I am not going to use bandwidth throttling right now - but I would love to know a bit on a howto described right here :-) It's like learning using it in every possible aspect... - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] pFsense... unexpected behaviour
Hi, I am running pfSense 2.0-RC1 (i386) as FW + LB. I saw a weird behavior yesterday on the box, the webonfigurator was working and i was able to add/change rules as well as load-balancing policies, but the policies would not take effect, i.e. there was no change in the traffic behavior although it showed that the configuration was in effect. I tried to change the lb pool, redirect to different set of backend servers, still no change. On digging further, i found 2 lines in dmesg ... WARNING: / was not properly dismounted WARNING: R/W mount of / denied. Filesystem is not clean - run fsck But, I was able to create and rm a file on the file-system. There was no hard reboot of the server and it had an uptime of 45+ days. 1. Why should the filesystem become dirty... how do i prevent it? 2. Shouldn't the webconfigurator show warnings/errors if this happens? I rebooted the FW box and things seem ok now. ShiB. while ( ! ( succeed = try() ) );
Re: [pfSense Support] pFsense... unexpected behaviour
On Tue, May 17, 2011 at 9:14 AM, Shibashish shi...@gmail.com wrote: Hi, I am running pfSense 2.0-RC1 (i386) as FW + LB. I saw a weird behavior yesterday on the box, the webonfigurator was working and i was able to add/change rules as well as load-balancing policies, but the policies would not take effect, i.e. there was no change in the traffic behavior although it showed that the configuration was in effect. I tried to change the lb pool, redirect to different set of backend servers, still no change. On digging further, i found 2 lines in dmesg ... Remember that there are active sessions which are in the firewall state table, these sessions will continue to work regardless of your changes until these sessions expired. I am no expert on the server load balancer so I am not sure whether states are removed when changes are made to pool (i know states are changed when there is a server that is marked as down). So someone else will need to answer on that. WARNING: / was not properly dismounted WARNING: R/W mount of / denied. Filesystem is not clean - run fsck This indicates that there was a hard reboot and the system was not cleanly shutdown due to a power failure, OS crash or similar. So on the next boot a file system check took place to ensure the consistency of the file system which would have fixed any problems automatically. But, I was able to create and rm a file on the file-system. There was no hard reboot of the server and it had an uptime of 45+ days. This would then have happened prior to the 45 days. 1. Why should the filesystem become dirty... how do i prevent it? Besides a hard reboot from an OS crash, use a UPS to ensure the system is up when there is a power failure so that you can at least have time to shut it down. 2. Shouldn't the webconfigurator show warnings/errors if this happens? No since fsck fixes the file system on boot. If it didn't or could not fix it, the system would not boot and drop you to a shell. You would then have to manually fix it. thanks -- .warren
Re: [pfSense Support] pFsense... unexpected behaviour
On Tue, May 17, 2011 at 1:15 PM, Warren Baker war...@decoy.co.za wrote: On Tue, May 17, 2011 at 9:14 AM, Shibashish shi...@gmail.com wrote: Hi, I am running pfSense 2.0-RC1 (i386) as FW + LB. I saw a weird behavior yesterday on the box, the webonfigurator was working and i was able to add/change rules as well as load-balancing policies, but the policies would not take effect, i.e. there was no change in the traffic behavior although it showed that the configuration was in effect. I tried to change the lb pool, redirect to different set of backend servers, still no change. On digging further, i found 2 lines in dmesg ... Remember that there are active sessions which are in the firewall state table, these sessions will continue to work regardless of your changes until these sessions expired. I am no expert on the server load balancer so I am not sure whether states are removed when changes are made to pool (i know states are changed when there is a server that is marked as down). So someone else will need to answer on that. *To add, I did flush out all the states, i.e. did a reset states. I missed writing this.* WARNING: / was not properly dismounted WARNING: R/W mount of / denied. Filesystem is not clean - run fsck This indicates that there was a hard reboot and the system was not cleanly shutdown due to a power failure, OS crash or similar. So on the next boot a file system check took place to ensure the consistency of the file system which would have fixed any problems automatically. *Does pfSense do a fsck on reboot/boot... can you/someone please confirm.* But, I was able to create and rm a file on the file-system. There was no hard reboot of the server and it had an uptime of 45+ days. This would then have happened prior to the 45 days. *I did a touch and rm after seeing the issue and the log file. The filesystem was writeable.* 1. Why should the filesystem become dirty... how do i prevent it? Besides a hard reboot from an OS crash, use a UPS to ensure the system is up when there is a power failure so that you can at least have time to shut it down. *The FW is in the datacenter, so the power and ups issue is taken care of. There might have been a fluctuation in one of the circuits, this cannot be proved as of now.* 2. Shouldn't the webconfigurator show warnings/errors if this happens? No since fsck fixes the file system on boot. If it didn't or could not fix it, the system would not boot and drop you to a shell. You would then have to manually fix it. *My point was that, shouldn't webconfigurator show a warning/error that fs is readonly and new config cannot be saved/activated.* thanks -- .warren Thanks a ton Warren. ShiB. while ( ! ( succeed = try() ) );
Re: [pfSense Support] pFsense... unexpected behaviour
On Tue, May 17, 2011 at 10:22 AM, Shibashish shi...@gmail.com wrote: On Tue, May 17, 2011 at 1:15 PM, Warren Baker war...@decoy.co.za wrote: Remember that there are active sessions which are in the firewall state table, these sessions will continue to work regardless of your changes until these sessions expired. I am no expert on the server load balancer so I am not sure whether states are removed when changes are made to pool (i know states are changed when there is a server that is marked as down). So someone else will need to answer on that. *To add, I did flush out all the states, i.e. did a reset states. I missed writing this.* This indicates that there was a hard reboot and the system was not cleanly shutdown due to a power failure, OS crash or similar. So on the next boot a file system check took place to ensure the consistency of the file system which would have fixed any problems automatically. *Does pfSense do a fsck on reboot/boot... can you/someone please confirm. * pfSense will do a file system check on every reboot, this is to ensure the file system is healthy. If it is not then it will indicate this and execute a fsck to fix the problem(s). This would then have happened prior to the 45 days. *I did a touch and rm after seeing the issue and the log file. The filesystem was writeable.* Correct - as the fsck was successful. 2. Shouldn't the webconfigurator show warnings/errors if this happens? No since fsck fixes the file system on boot. If it didn't or could not fix it, the system would not boot and drop you to a shell. You would then have to manually fix it. *My point was that, shouldn't webconfigurator show a warning/error that fs is readonly and new config cannot be saved/activated.* The fs was not readonly as you mentioned above that you could touch and rm. -- .warren
[pfSense Support] pFsense... unexpected behaviour
On Tue, May 17, 2011 at 10:22 AM, Shibashish shi...@gmail.com wrote: On Tue, May 17, 2011 at 1:15 PM, Warren Baker war...@decoy.co.za wrote: Remember that there are active sessions which are in the firewall state table, these sessions will continue to work regardless of your changes until these sessions expired. I am no expert on the server load balancer so I am not sure whether states are removed when changes are made to pool (i know states are changed when there is a server that is marked as down). So someone else will need to answer on that. *To add, I did flush out all the states, i.e. did a reset states. I missed writing this.* This indicates that there was a hard reboot and the system was not cleanly shutdown due to a power failure, OS crash or similar. So on the next boot a file system check took place to ensure the consistency of the file system which would have fixed any problems automatically. *Does pfSense do a fsck on reboot/boot... can you/someone please confirm. * pfSense will do a file system check on every reboot, this is to ensure the file system is healthy. If it is not then it will indicate this and execute a fsck to fix the problem(s). This would then have happened prior to the 45 days. *I did a touch and rm after seeing the issue and the log file. The filesystem was writeable.* Correct - as the fsck was successful. 2. Shouldn't the webconfigurator show warnings/errors if this happens? No since fsck fixes the file system on boot. If it didn't or could not fix it, the system would not boot and drop you to a shell. You would then have to manually fix it. *My point was that, shouldn't webconfigurator show a warning/error that fs is readonly and new config cannot be saved/activated.* The fs was not readonly as you mentioned above that you could touch and rm. -- .warren
[pfSense Support] More Asterisk Server behind pfSense 1.2.3
Hi to everybody, I need to place more Asterisk server behind a pfSense 1.2.3. All of them will be connected to variuous VoIP providers and will have sip client outside in the Wan. I installed siproxd package but I don't feel which will be its better configuration, I know also that I must do something by hand using the shell. I just setup and configured network with only one server without any problems but this is a new challenge. Can someone help me ? Thanks a lot Enrico - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Pfsense, OpenVPN and multicast
All, We have a subnet with a public IP address fronted by a pfsense (1.2.3R) box with routing and OpenVPN enabled and configured. We're testing this with a product that uses multicast - the server is in the network protected by the pfsense box, and there will be one or more clients connecting to it from the field.. While most network functionality is present, the multicast traffic is not being seen on the client. Does pfsense/OpenVPN support multicast in this kind of arrangement? We've added in the IGMPProxy package, which so far doesn't seem to be doing anything for us, though we may not have configured that correctly. Thanks, Kurt - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense, OpenVPN and multicast
All, We have a subnet with a public IP address fronted by a pfsense (1.2.3R) box with routing and OpenVPN enabled and configured. We're testing this with a product that uses multicast - the server is in the network protected by the pfsense box, and there will be one or more clients connecting to it from the field.. While most network functionality is present, the multicast traffic is not being seen on the client. Does pfsense/OpenVPN support multicast in this kind of arrangement? We've added in the IGMPProxy package, which so far doesn't seem to be doing anything for us, though we may not have configured that correctly. Thanks, Kurt I do not think igmpproxy will be in any use here. Try routing multicast IPs/subnet over the tunnel explicitly. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Pfsense, OpenVPN and multicast
On Tue, May 17, 2011 at 10:18, e...@tm-k.com wrote: All, We have a subnet with a public IP address fronted by a pfsense (1.2.3R) box with routing and OpenVPN enabled and configured. We're testing this with a product that uses multicast - the server is in the network protected by the pfsense box, and there will be one or more clients connecting to it from the field.. While most network functionality is present, the multicast traffic is not being seen on the client. Does pfsense/OpenVPN support multicast in this kind of arrangement? We've added in the IGMPProxy package, which so far doesn't seem to be doing anything for us, though we may not have configured that correctly. Thanks, Kurt I do not think igmpproxy will be in any use here. Try routing multicast IPs/subnet over the tunnel explicitly. Evgeny. I'm a complete newb at multicast stuff - never used it before. Since this traffic will be completely contained over the OpenVPN link, should I be using (per this link: http://www.tcpipguide.com/free/t_IPMulticastAddressing.htm) addresses from the administratively (or locally) scoped range? Also, what might a route statement look like for multicast - different than normal unicast routing, or pretty much the same? Thanks, Kurt - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Traffic shaping for specific file type
On Tue, May 17, 2011 at 2:10 AM, A Mohan Rao mohanra...@gmail.com wrote: ok On Mon, May 16, 2011 at 9:03 PM, Michel Servaes mic...@mcmc.be wrote: u can come on chat Google chat) i will help u my best.. . mohanra...@gmail.com Though this answer might be interesting for the person who has asked It. It is totally useless to the mailing list. If everybody acted the same, mailing list would be filled with 0 answer… Please post your answer on the mailing list. Thanks. Yes, I was thinking the very same thing here... I am not going to use bandwidth throttling right now - but I would love to know a bit on a howto described right here :-) It's like learning using it in every possible aspect... You can try with layer7 shaper. I am not sure if there is a regex there for this or you would have to write one yourself. But that is your best bet. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- Ermal - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org