[pfSense Support] Load-balancing on LAN network
Hi All, I have a clustered service which needs to be load-balanced on the lan network. The following setup doesn't work for me. --- lan ip 1 load balanced lan vip --- lan ip 2 --- lan ip 3 Thanks in advance. ShiB. while ( ! ( succeed = try() ) );
Re: [pfSense Support] Load-balancing on LAN network
On Tue, May 10, 2011 at 7:15 AM, Shibashish shi...@gmail.com wrote: Hi All, I have a clustered service which needs to be load-balanced on the lan network. The following setup doesn't work for me. --- lan ip 1 load balanced lan vip --- lan ip 2 --- lan ip 3 Thanks in advance. ShiB. while ( ! ( succeed = try() ) ); Traffic has to traverse two nics. LAN IP1-3 will need to be in another network for this to work. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Load balancing of LAN hosts
Hi, Is it possible to load-balance LAN hosts... any example, any configuration? I have an application which will connect to multiple databases (read-operations), hence i need LAN load-balancing. I do understand i can do it other ways, but is it possible using pfsense? Thanks. ShiB. while ( ! ( succeed = try() ) );
Re: [pfSense Support] Load Balancing on vlans
You shouldn't use the parent interface generally. Don't think that's related though. You losing connectivity from the firewall to the gateway? You're far from uncharted territory, the several boxes I've worked on that have 6-12 WANs all use VLANs as WANs. You may need negate rules for anything not reachable via the specified gateway, when you specify a gateway it forces traffic to that gateway. Those are automatically added generally but you could be doing something that's overriding that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, your comments have confused me just a bit. I have two physical WAN connections that are doing failover and one LAN interface with vlans under it. I want those vlans to use the failover rather than just the default gateway. Is this not a standard thing to do? If it won't work like this, I suppose I could do some routing on my switch to eliminate the vlans at pfsense. I just thought pfsense would be able to handle that.
Re: [pfSense Support] Load Balancing on vlans
On Fri, Aug 28, 2009 at 8:41 AM, Jesse Vollmarvollm...@gmail.com wrote: You shouldn't use the parent interface generally. Don't think that's related though. You losing connectivity from the firewall to the gateway? You're far from uncharted territory, the several boxes I've worked on that have 6-12 WANs all use VLANs as WANs. You may need negate rules for anything not reachable via the specified gateway, when you specify a gateway it forces traffic to that gateway. Those are automatically added generally but you could be doing something that's overriding that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Sorry, your comments have confused me just a bit. I have two physical WAN connections that are doing failover and one LAN interface with vlans under it. I want those vlans to use the failover rather than just the default gateway. Is this not a standard thing to do? If it won't work like this, I suppose I could do some routing on my switch to eliminate the vlans at pfsense. I just thought pfsense would be able to handle that. What's not normal (and not recommended) is the use of the physical NIC for a network while simultaneously sending tagged frames to it. That may or may not be related to the issue you are having. --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Fri, Aug 28, 2009 at 9:47 AM, Bill Marquette bill.marque...@gmail.comwrote: What's not normal (and not recommended) is the use of the physical NIC for a network while simultaneously sending tagged frames to it. That may or may not be related to the issue you are having. --Bill Should have mentioned that I am not actually using the LAN NIC for anything but the tagged vlans. Should I be using an OPT interface rather than the LAN interface for my vlans?
Re: [pfSense Support] Load Balancing on vlans
On Fri, Aug 28, 2009 at 8:57 AM, Jesse Vollmarvollm...@gmail.com wrote: On Fri, Aug 28, 2009 at 9:47 AM, Bill Marquette bill.marque...@gmail.com wrote: What's not normal (and not recommended) is the use of the physical NIC for a network while simultaneously sending tagged frames to it. That may or may not be related to the issue you are having. --Bill Should have mentioned that I am not actually using the LAN NIC for anything but the tagged vlans. Should I be using an OPT interface rather than the LAN interface for my vlans? Nope, that helps alot. So, you already have one VLAN interface using a load balancing rule correct? When you try to setup another VLAN interface for load balancing it breaks? --Bill - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
Jesse Vollmar wrote: On Fri, Aug 28, 2009 at 9:47 AM, Bill Marquette bill.marque...@gmail.com mailto:bill.marque...@gmail.com wrote: What's not normal (and not recommended) is the use of the physical NIC for a network while simultaneously sending tagged frames to it. That may or may not be related to the issue you are having. --Bill Should have mentioned that I am not actually using the LAN NIC for anything but the tagged vlans. Should I be using an OPT interface rather than the LAN interface for my vlans? So your LAN is assigned to VLAN not to physical em0 or bge0 or whatever? And you have no LAN, WAN, OPTx assigned to this physical one? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
Nope, that helps alot. So, you already have one VLAN interface using a load balancing rule correct? When you try to setup another VLAN interface for load balancing it breaks? It is breaking when I try to setup the first load balancing rule. It will work as expected for a few minutes, then stops. So your LAN is assigned to VLAN not to physical em0 or bge0 or whatever? And you have no LAN, WAN, OPTx assigned to this physical one? I just recently configured the vlan interfaces on a router that had em0 assigned to LAN. I haven't changed that because I didn't know it was a problem, and you are required to have a LAN interface. Do I need to get my vlans on a NIC that doesn't have LAN assigned to it?
Re: [pfSense Support] Load Balancing on vlans
Jesse Vollmar wrote: Nope, that helps alot. So, you already have one VLAN interface using a load balancing rule correct? When you try to setup another VLAN interface for load balancing it breaks? It is breaking when I try to setup the first load balancing rule. It will work as expected for a few minutes, then stops. So your LAN is assigned to VLAN not to physical em0 or bge0 or whatever? And you have no LAN, WAN, OPTx assigned to this physical one? I just recently configured the vlan interfaces on a router that had em0 assigned to LAN. I haven't changed that because I didn't know it was a problem, and you are required to have a LAN interface. Do I need to get my vlans on a NIC that doesn't have LAN assigned to it? Wait a sec. You configured the vlan interfaces on a router but what about pfSense side? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
Wait a sec. You configured the vlan interfaces on a router but what about pfSense side? I used router as a synonym for pfsense. My mistake. I just meant my pfSense box.
Re: [pfSense Support] Load Balancing on vlans
Jesse Vollmar wrote: Wait a sec. You configured the vlan interfaces on a router but what about pfSense side? I used router as a synonym for pfsense. My mistake. I just meant my pfSense box. Well, as it was mentioned here earlier what you've done is not recommended way but it should not cause problem you are experiencing. I would do the next: 1. Configure your LB and while it is working do pfctl -sr | grep route-to 2. Wait until it stops working and issue again pfctl -sr | grep route-to - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Fri, Aug 28, 2009 at 9:41 AM, Jesse Vollmarvollm...@gmail.com wrote: Sorry, your comments have confused me just a bit. I have two physical WAN connections that are doing failover and one LAN interface with vlans under it. I want those vlans to use the failover rather than just the default gateway. Is this not a standard thing to do? If it won't work like this, I suppose I could do some routing on my switch to eliminate the vlans at pfsense. I just thought pfsense would be able to handle that. You can do that, I do it, lots of others do, it works fine. Probably time for packet captures to see what's really happening here. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
FIXED! I finally figured out what was happening. There was no rule sending traffic that needed to reach the pfsense box itself to it. For some reason, EVERYTHING was getting pumped out the active gateway in my failover pool.
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 12:08 AM, Jesse Vollmarvollm...@gmail.com wrote: Well, when I set the firewall rule to send all traffic to a load balanced gateway (instead of default) stuff just breaks. I can't get to the Internet or I get to anything else on the other vlans. I am using a rule identical to the one I use for the load balancing on LAN except the interface. I tried again this morning to change the allow rule on a vlan interface to send traffic out on a gateway other than default and after about five minutes of working like it should, all traffic stopped. Hosts on that vlan could no longer ping the gateway of that vlan or anything on another network. This is only happening on my vlan interfaces (parent interface is LAN). - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 11:05 AM, Jesse Vollmarvollm...@gmail.com wrote: I tried again this morning to change the allow rule on a vlan interface to send traffic out on a gateway other than default and after about five minutes of working like it should, all traffic stopped. Hosts on that vlan could no longer ping the gateway of that vlan or anything on another network. This is only happening on my vlan interfaces (parent interface is LAN). Sounds like a NIC driver issue. Make sure you are using Intel NICS. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 12:49 PM, Scott Ullrich sullr...@gmail.com wrote: Sounds like a NIC driver issue. Make sure you are using Intel NICS. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org I'm using high quality Intel NICs. The vlan tagging works just fine. It appears to be an issue with routing.
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 11:05 AM, Jesse Vollmarvollm...@gmail.com wrote: I tried again this morning to change the allow rule on a vlan interface to send traffic out on a gateway other than default and after about five minutes of working like it should, all traffic stopped. Hosts on that vlan could no longer ping the gateway of that vlan or anything on another network. This is only happening on my vlan interfaces (parent interface is LAN). You shouldn't use the parent interface generally. Don't think that's related though. You losing connectivity from the firewall to the gateway? You're far from uncharted territory, the several boxes I've worked on that have 6-12 WANs all use VLANs as WANs. You may need negate rules for anything not reachable via the specified gateway, when you specify a gateway it forces traffic to that gateway. Those are automatically added generally but you could be doing something that's overriding that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Load Balancing on vlans
Is load balancing supported on vlan interfaces? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Wed, Aug 26, 2009 at 11:14 PM, Jesse Vollmarvollm...@gmail.com wrote: Is load balancing supported on vlan interfaces? Yes. They're no different than any other. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing on vlans
On Thu, Aug 27, 2009 at 12:01 AM, Chris Buechlerc...@pfsense.org wrote: Yes. They're no different than any other. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Well, when I set the firewall rule to send all traffic to a load balanced gateway (instead of default) stuff just breaks. I can't get to the Internet or I get to anything else on the other vlans. I am using a rule identical to the one I use for the load balancing on LAN except the interface. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Load-balancing internal net
Hi, could somebody point me to a document on how I could deploy pfSense with a load balance/failover config, considering 2 pfsense boxes? I'm not interested in a dual WAN config, because our backbone already handles that tranparently (OSPF/BGP). What I would like to have is 2 pfSense boxes load-balancing/failing-over as gateways for my LAN (private IPs) to the WAN (public IP) gateway address. Is this possible? Is there any documentation available? Tks, Roberto -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load-balancing internal net
On Fri, Dec 5, 2008 at 08:31, rgreiner [EMAIL PROTECTED] wrote: could somebody point me to a document on how I could deploy pfSense with a load balance/failover config, considering 2 pfsense boxes? I'm not interested in a dual WAN config, because our backbone already handles that tranparently (OSPF/BGP). What I would like to have is 2 pfSense boxes load-balancing/failing-over as gateways for my LAN (private IPs) to the WAN (public IP) gateway address. Is this possible? Is there any documentation available? Yes - there's a whole subsection of the forum dedicated to this: CARP. There's also a flash video tutorial, but I haven't the time to seek it out ATM. It's pretty simple - you set up your two boxes with two separate LAN IPs, set them to synchronize (paying special attention to the CARP sync options), then configure a virtual IP between them on the LAN segment. Set clients' default route as the virtual IP (via DHCP or statically), and away you go. You can even get cute and float a virtual WAN IP between them as well (with the same CARP ID) and set up an advanced outbound NAT for the LAN subnet, translating to the virtual IP. WAN fails with the LAN, and away you go. RB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load-balancing internal net
RB wrote: On Fri, Dec 5, 2008 at 08:31, rgreiner [EMAIL PROTECTED] wrote: could somebody point me to a document on how I could deploy pfSense with a load balance/failover config, considering 2 pfsense boxes? I'm not interested in a dual WAN config, because our backbone already handles that tranparently (OSPF/BGP). What I would like to have is 2 pfSense boxes load-balancing/failing-over as gateways for my LAN (private IPs) to the WAN (public IP) gateway address. Is this possible? Is there any documentation available? Yes - there's a whole subsection of the forum dedicated to this: CARP. There's also a flash video tutorial, but I haven't the time to seek it out ATM. It's pretty simple - you set up your two boxes with two separate LAN IPs, set them to synchronize (paying special attention to the CARP sync options), then configure a virtual IP between them on the LAN segment. Set clients' default route as the virtual IP (via DHCP or statically), and away you go. You can even get cute and float a virtual WAN IP between them as well (with the same CARP ID) and set up an advanced outbound NAT for the LAN subnet, translating to the virtual IP. WAN fails with the LAN, and away you go. RB Sweet. I'l take a look at it. Tks a lot. Roberto -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] load balancing non-http services?
Tom Müller-Kortkamp wrote: Am 22.11.2008 um 00:22 schrieb JJB: Is it possible with the pfsense load balancing to load balance between two database servers on port 3306? it should work with every tcp service - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org The load balancer is set to the correct port, but the VIP seems to be listening on port 80 instead of 3306! What we want: like this: vip 10.18.8.22x port 3306 dbsvr-1 dbsvr-2 port 3306 port 3306 What we got: vip 10.18.8.22x port 80 -this I want to be 3306 dbsvr-1 dbsvr-2 port 3306 port 3306 - Joel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] load balancing non-http services?
Am 22.11.2008 um 00:22 schrieb JJB: Is it possible with the pfsense load balancing to load balance between two database servers on port 3306? it should work with every tcp service - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
[pfSense Support] load balancing non-http services?
Is it possible with the pfsense load balancing to load balance between two database servers on port 3306? - Joel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Load Balancing with Embedded version?
I did a reboot on the box, and was able to add the Pool. I guess it was just hung up. Thanks for the help! Adam Scott Ullrich wrote: On Thu, Jun 26, 2008 at 6:52 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Okay, but I'm still having the problem of not being able to add a load balancing pool. I really care more about fail over then load balancing. I'm going to play around with a box that is not on a live network tomorrow, and see if i can get it to work. BTW this is a Soekris 5501 using 1.2 embedded PFsense. There really should be no difference from embedded and full installation in this regard. I would be surprised if this was a bug since 1.2 has been tested pretty thoroughly. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing with Embedded version?
Is load balancing supported with the embedded version? I ask because when I try to add a load balancing pool, I hit save and apply changes. But no pool is listed, it's like PFsense is refusing to add it for some reason. I also checked the XML config and did not see it listed anywhere. I was able to make this work on the full version of PFSense, so i know it's not a config issue. Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing with Embedded version?
On Thu, Jun 26, 2008 at 6:21 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Is load balancing supported with the embedded version? I ask because when I try to add a load balancing pool, I hit save and apply changes. But no pool is listed, it's like PFsense is refusing to add it for some reason. I also checked the XML config and did not see it listed anywhere. I was able to make this work on the full version of PFSense, so i know it's not a config issue. Depends on if your incoming or outgoing. Incoming requires an additional item to be setup (virtual server). If you want to load balance outgoing traffic select the load balancing pool on the gateway dropdown of firewall rules. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing with Embedded version?
Okay, but I'm still having the problem of not being able to add a load balancing pool. I really care more about fail over then load balancing. I'm going to play around with a box that is not on a live network tomorrow, and see if i can get it to work. BTW this is a Soekris 5501 using 1.2 embedded PFsense. Thanks, Adam Scott Ullrich wrote: On Thu, Jun 26, 2008 at 6:21 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Is load balancing supported with the embedded version? I ask because when I try to add a load balancing pool, I hit save and apply changes. But no pool is listed, it's like PFsense is refusing to add it for some reason. I also checked the XML config and did not see it listed anywhere. I was able to make this work on the full version of PFSense, so i know it's not a config issue. Depends on if your incoming or outgoing. Incoming requires an additional item to be setup (virtual server). If you want to load balance outgoing traffic select the load balancing pool on the gateway dropdown of firewall rules. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing with Embedded version?
On Thu, Jun 26, 2008 at 6:52 PM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Okay, but I'm still having the problem of not being able to add a load balancing pool. I really care more about fail over then load balancing. I'm going to play around with a box that is not on a live network tomorrow, and see if i can get it to work. BTW this is a Soekris 5501 using 1.2 embedded PFsense. There really should be no difference from embedded and full installation in this regard. I would be surprised if this was a bug since 1.2 has been tested pretty thoroughly. Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing
Has anyone some ideas on how o use pfsense to load balance several servers behind the pfsense firewall? Say I have three web /application servers. There are thousands of visitors logged in and to improve service levels on transaction, can we put more than one application server in a load balancing mode...? Many thanks
Re: [pfSense Support] Load Balancing
Has anyone some ideas on how o use pfsense to load balance several servers behind the pfsense firewall? I'll be more gentle than most, but you really should consider looking at the documentation and functionality before asking such questions. Short answer: Services-Load Balancer. http://devwiki.pfsense.org/IncomingLoadBalancing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancing further info
Thanks Sean for the clarification. One point of clarification.. can you please define exactly what a 'state' is ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 mailto:[EMAIL PROTECTED] http://www.velocityfilms.com http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. _ From: Sean Cavanaugh [mailto:[EMAIL PROTECTED] Sent: 04 Mar 2008 07:44 PM To: support@pfsense.com Subject: RE: [pfSense Support] Load Balancing further info load balancing is fairly easy to learn. first step, the user sends a request (i.e. visiting www.cnn.com) his computer will forward the request to the gateway (lets assume pfsense set up with load balanced WAN connections) pfsense will then assign the current connection state to a WAN interface. this should happen with states spread evenly accross all WAN links. as long as information being transmitted between the users computer and www.cnn.com are part of the same stream, it will use the same connection path on the WAN link. if the user goes to www.msnbc.com also, this will start a new state connection on the firewall and would theoretically use a different WAN link than the first connection to www.cnn.com. some issues with this is if the state is set to a very short TTL, then the user will constantly be setting up new states and will be bouncing all over the WAN links. this can make it really bad if theyre trying to use encrypted protocols as it will not be valid and will more than likely be denied a lot. if the value is set to high, states will build up on a WAN interface and persist longer than need be. they will however be more reliable as encrypted protocols will have a nice stable connection. a misconfiguration in how the states are load balanced will lead to one WAN link being more heavily favored than others. this isnt the BEST explanation but should help some. -Sean From: [EMAIL PROTECTED] To: support@pfsense.com Date: Tue, 4 Mar 2008 16:50:26 +0200 Subject: [pfSense Support] Load Balancing further info Hi, Excuse my ignorance on this one. I am having a debate with my boss. Please explain to me the basics of load balancing ? IP address x is accessing www.cnn.com It arrives at the load balancer which at that point in time pings a pre-determined gateway / IP address. Based on that speed, it will then submit the request over that line and wait for the transmission ? How does it actually decide which WAN port to send the packet ? is it constantly pinging on all WAN ports ? How is a typical webpage broken down into packets ? i.e. how many packets are there in a typical page ? Again apologies for the simple ness...just want to get my head around the load balancing / round robin concept. Lastly, looking at usage on the interfaces. My WAN port is showing quite a bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as close to the manual as possible but it doesn't seem to be load balancing correctly. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Helping your favorite cause is as easy as instant messaging. You IM, we give. Learn more. http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join
RE: [pfSense Support] Load Balancing further info
image002.jpg
Re: [pfSense Support] Load Balancing further info
take a look at http://en.wikipedia.org/wiki/Stateful_firewall On 3/6/08, Mike Lever [EMAIL PROTECTED] wrote: Thanks Sean for the clarification. One point of clarification.. can you please define exactly what a 'state' is ? Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. From: Sean Cavanaugh [mailto:[EMAIL PROTECTED] Sent: 04 Mar 2008 07:44 PM To: support@pfsense.com Subject: RE: [pfSense Support] Load Balancing further info load balancing is fairly easy to learn. first step, the user sends a request (i.e. visiting www.cnn.com) his computer will forward the request to the gateway (lets assume pfsense set up with load balanced WAN connections) pfsense will then assign the current connection state to a WAN interface. this should happen with states spread evenly accross all WAN links. as long as information being transmitted between the users computer and www.cnn.com are part of the same stream, it will use the same connection path on the WAN link. if the user goes to www.msnbc.com also, this will start a new state connection on the firewall and would theoretically use a different WAN link than the first connection to www.cnn.com. some issues with this is if the state is set to a very short TTL, then the user will constantly be setting up new states and will be bouncing all over the WAN links. this can make it really bad if theyre trying to use encrypted protocols as it will not be valid and will more than likely be denied a lot. if the value is set to high, states will build up on a WAN interface and persist longer than need be. they will however be more reliable as encrypted protocols will have a nice stable connection. a misconfiguration in how the states are load balanced will lead to one WAN link being more heavily favored than others. this isnt the BEST explanation but should help some. -Sean From: [EMAIL PROTECTED] To: support@pfsense.com Date: Tue, 4 Mar 2008 16:50:26 +0200 Subject: [pfSense Support] Load Balancing further info Hi, Excuse my ignorance on this one. I am having a debate with my boss. Please explain to me the basics of load balancing ? IP address x is accessing www.cnn.com It arrives at the load balancer which at that point in time pings a pre-determined gateway / IP address. Based on that speed, it will then submit the request over that line and wait for the transmission ? How does it actually decide which WAN port to send the packet ? is it constantly pinging on all WAN ports ? How is a typical webpage broken down into packets ? i.e. how many packets are there in a typical page ? Again apologies for the simple ness...just want to get my head around the load balancing / round robin concept. Lastly, looking at usage on the interfaces. My WAN port is showing quite a bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as close to the manual as possible but it doesn't seem to be load balancing correctly. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Helping your favorite cause is as easy as instant messaging. You IM, we give. Learn more. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing further info
Hi, Excuse my ignorance on this one. I am having a debate with my boss. Please explain to me the basics of load balancing ? IP address x is accessing www.cnn.com It arrives at the load balancer which at that point in time pings a pre-determined gateway / IP address. Based on that speed, it will then submit the request over that line and wait for the transmission ? How does it actually decide which WAN port to send the packet ? is it constantly pinging on all WAN ports ? How is a typical webpage broken down into packets ? i.e. how many packets are there in a typical page ? Again apologies for the simple ness...just want to get my head around the load balancing / round robin concept. Lastly, looking at usage on the interfaces. My WAN port is showing quite a bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as close to the manual as possible but it doesnt seem to be load balancing correctly. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.com CONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancing further info
load balancing is fairly easy to learn. first step, the user sends a request (i.e. visiting www.cnn.com) his computer will forward the request to the gateway (lets assume pfsense set up with load balanced WAN connections) pfsense will then assign the current connection state to a WAN interface. this should happen with states spread evenly accross all WAN links. as long as information being transmitted between the users computer and www.cnn.com are part of the same stream, it will use the same connection path on the WAN link. if the user goes to www.msnbc.com also, this will start a new state connection on the firewall and would theoretically use a different WAN link than the first connection to www.cnn.com. some issues with this is if the state is set to a very short TTL, then the user will constantly be setting up new states and will be bouncing all over the WAN links. this can make it really bad if theyre trying to use encrypted protocols as it will not be valid and will more than likely be denied a lot. if the value is set to high, states will build up on a WAN interface and persist longer than need be. they will however be more reliable as encrypted protocols will have a nice stable connection. a misconfiguration in how the states are load balanced will lead to one WAN link being more heavily favored than others. this isnt the BEST explanation but should help some. -Sean From: [EMAIL PROTECTED] To: support@pfsense.com Date: Tue, 4 Mar 2008 16:50:26 +0200 Subject: [pfSense Support] Load Balancing further info Hi, Excuse my ignorance on this one. I am having a debate with my boss. Please explain to me the basics of load balancing ? IP address x is accessing www.cnn.com It arrives at the load balancer which at that point in time pings a pre-determined gateway / IP address. Based on that speed, it will then submit the request over that line and wait for the transmission ? How does it actually decide which WAN port to send the packet ? is it constantly pinging on all WAN ports ? How is a typical webpage broken down into packets ? i.e. how many packets are there in a typical page ? Again apologies for the simple ness...just want to get my head around the load balancing / round robin concept. Lastly, looking at usage on the interfaces. My WAN port is showing quite a bit of throughput while my OPT1 and OPT2 aren't. I have setup my system as close to the manual as possible but it doesn’t seem to be load balancing correctly. Regards, Mike Lever Tenacity Films (Pty) Ltd t/a Velocity Films (T) +2711-807-0100 (F) 086-681-7518 http://www.velocityfilms.comCONFIDENTIALITY CAUTION: If you have received this communication in error, please note that it is intended for the addressee only, is privileged and confidential and dissemination or copying prohibited. Please notify us immediately by e-mail and return the original message. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ Helping your favorite cause is as easy as instant messaging. You IM, we give. http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join
Re: [pfSense Support] load balancing for internal and external servers
Bill Marquette wrote: You won't be able to test load balancing of virtual servers from inside your network. It's a pf thing and unlikely to ever get resolved. ah, thanks, I did wonder if that might be the case. I put a machine outside the firewalls on which I put squid as an intermediate fix, and it works well enough for testing. thanks Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing for internal and external servers
Bill Marquette wrote: Technically we can make this work if the virtual servers are in a DMZ (all you need is a NAT on the DMZ interface to hide the source address of your test machine). But there's no way to make it work if the test machine is in the same network as the server. thanks again; the issue will go away somewhat when we move our server farm to a colocation facility, at which point I have to build more firewalls anyway! On 10/10/07, Paul M [EMAIL PROTECTED] wrote: Bill Marquette wrote: You won't be able to test load balancing of virtual servers from inside your network. It's a pf thing and unlikely to ever get resolved. ah, thanks, I did wonder if that might be the case. I put a machine outside the firewalls on which I put squid as an intermediate fix, and it works well enough for testing. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancing for internal and external servers
Thanks for reading this. pair of pfsense firewalls with * external carp IP 1.2.3.4 * internal carp IP 192.168.0.1 with each machine on .2 and .3 the bit that works: we have a couple of web servers, and I created a pool, and a virtual server which listens on external carp IP, then added the rule permitting traffic. works just fine, I can see the web servers from outside world the bit that doesn't wanting to test the load balanced pool from inside, I created a virtual server listening on the internal 192.168 address, no rules were required because internal (LAN) traffic is 100% permitted. Using tcpdump I see the tcp connection coming from desktop:highport to 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to webserver:80 which completes, but no traffic goes back to desktop! nothing in the firewall logs indicates dropped traffic! any clues gratefully received. thanks Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing for internal and external servers
Paul M wrote: Thanks for reading this. pair of pfsense firewalls with * external carp IP 1.2.3.4 * internal carp IP 192.168.0.1 with each machine on .2 and .3 the bit that works: we have a couple of web servers, and I created a pool, and a virtual server which listens on external carp IP, then added the rule permitting traffic. works just fine, I can see the web servers from outside world the bit that doesn't wanting to test the load balanced pool from inside, I created a virtual server listening on the internal 192.168 address, no rules were required because internal (LAN) traffic is 100% permitted. Using tcpdump I see the tcp connection coming from desktop:highport to 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to webserver:80 which completes, but no traffic goes back to desktop! nothing in the firewall logs indicates dropped traffic! any clues gratefully received. p.s. I do have the Bypass firewall rules for traffic on the same interface option ticked in system-advanced settings - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing for internal and external servers
You won't be able to test load balancing of virtual servers from inside your network. It's a pf thing and unlikely to ever get resolved. --Bill On 10/9/07, Paul M [EMAIL PROTECTED] wrote: Thanks for reading this. pair of pfsense firewalls with * external carp IP 1.2.3.4 * internal carp IP 192.168.0.1 with each machine on .2 and .3 the bit that works: we have a couple of web servers, and I created a pool, and a virtual server which listens on external carp IP, then added the rule permitting traffic. works just fine, I can see the web servers from outside world the bit that doesn't wanting to test the load balanced pool from inside, I created a virtual server listening on the internal 192.168 address, no rules were required because internal (LAN) traffic is 100% permitted. Using tcpdump I see the tcp connection coming from desktop:highport to 192.168.0.1:80, there's then a conn from 1921.68.0.1:highport to webserver:80 which completes, but no traffic goes back to desktop! nothing in the firewall logs indicates dropped traffic! any clues gratefully received. thanks Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing oddity
I am having a little problem with Load Balancing/Dual WAN. Running pfSense 1.2RC2. I have followed all the steps in the MultiWan1.2 doc. Network currently setup as follows: T1 -Cisco Router - Network. Cisco is acting as firewall currently, want to remove firewalling from cisco and replace w/ pf. Want to move to the following setup (removing firewall functionality from the cisco): T1 - Cisco router (acting only as a router) - pf - network DSL - pf - Network T1 will be primary internet line Dsl will be secondary internet line Wan and Lan will be using public IP's in the same netmask. The problem I am running into is that when I have the pf box Lan Wan interfaces connected to the internal network everything works as it should. Switch -- Lan --- Wan The second I attach the pf wan interface to the cisco router so pf can be my firewall i loose all internet access via the wan connection. i can still traceroute and ping from the pf box out the wan interface just fine but all traffic from the LAN out the WAN interface stops. Traffic is still sent out the opt1 interface over my dsl line but I can not get any traffic to pass out the T1. I have advanced oubound nat turned on, with no rule for my WAN interface and a rule for my DSL interface. I have tried adding a rule for the WAN interface even though I am using public ip on my LAN to no avail. I tried changing the gateway on the LoadBalance firewall rule to just use the default route gateway but that did not help I know it has to be something in my setup but for the life of me I can not find my misconfiguration.
[pfSense Support] Load Balancing with 2 DSL lines with iP's on the same subnet
I have 2 dsl lines with the same subnet and gateway. I have them both up and running , but the 2nd line isnt being used for load balancing or failover. I set the monitor IP on both of them to seperate DNS servers, which was suggested. The only thing I could think of was the firewall alias, which states the gateways' and they are the same. Is there a workaround, or is this just going to confuse pf? I'd like to not have to put a router with a 192. , just makes it not as sleak. I may be able to put the DSL line on a different IP block, as I am the ISP, but would rather get PF to handle this. Any Ideas would rock Thanks, Chris Flugstad - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing with 2 DSL lines with iP's on the same subnet
Won't work. The same upstream gateway IP will result in all traffic being sent down one link or the other (whichever one is the primary WAN). As I previously mentioned, you will need another device between WAN2 and the upstream gateway to provide pfSense with a different subnet and different unique gateway address. --Bill On 5/22/07, Chris Flugstad [EMAIL PROTECTED] wrote: I have 2 dsl lines with the same subnet and gateway. I have them both up and running , but the 2nd line isnt being used for load balancing or failover. I set the monitor IP on both of them to seperate DNS servers, which was suggested. The only thing I could think of was the firewall alias, which states the gateways' and they are the same. Is there a workaround, or is this just going to confuse pf? I'd like to not have to put a router with a 192. , just makes it not as sleak. I may be able to put the DSL line on a different IP block, as I am the ISP, but would rather get PF to handle this. Any Ideas would rock Thanks, Chris Flugstad - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load balancing
Title: RE: [pfSense Support] Load balancing did you change the gateway in the FirewallRulesLan to the load balancer you created? I only see a asterick below in that spot. -Original Message- From: Paul Willard [mailto:[EMAIL PROTECTED]] Sent: Monday, May 29, 2006 8:32 PM To: support@pfsense.com Subject: [pfSense Support] Load balancing Yeah I know, I know .. RTFM ... I read everything can't figure it out. lan = 192.168.1.253 wan = 202.37.230.93 (pppoe) opt1 = 203.96.212.68 Firewall-NAT-Outbound Int Source Source Port Dest Dest Port NAT Add NAT Port Static Port OPT1 192.168.1.0/24 * * * * * NO WAN 192.168.1.0/24 * * * * * NO Services-Load Balancer Name Servers/Gateways Port Monitor Description LoadBalancetoWAN 202.37.230.93/210.48.22.38 203.96.212.1/203.96.212.1 Note: In the wiki it says in the IP box type in the IP address of the gateway (this has to be one of the gateways configured at WAN or OPTx's) I read this to mean use the gateway IP rather than the interface IP .. was I right? Firewall-Rules-LAN Proto Source Port Dest Port Gateway * LAN Net * * * * So to my knowledge everything should be setup correctly. so a quick test. links -source http://www.whatismyip.com | grep -i TITLE\ | sed s/ title//I | sed s/\/title//I | sed s/WhatIsMyIP.com\ -\ // 202.37.230.93 I would expect the ip to change every now and then .. but it has never changed Can some one point out what I am doing wrong? Thanks Paul. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancing
Per the forum he's running Beta 2. He's been advised to upgrade to the latest beta as there were numerous load balancer fixes commited after beta 2. --Bill On 5/30/06, Ebay [EMAIL PROTECTED] wrote: did you change the gateway in the FirewallRulesLan to the load balancer you created? I only see a asterick below in that spot. -Original Message- From: Paul Willard [mailto:[EMAIL PROTECTED] Sent: Monday, May 29, 2006 8:32 PM To: support@pfsense.com Subject: [pfSense Support] Load balancing Yeah I know, I know .. RTFM ... I read everything can't figure it out. lan = 192.168.1.253 wan = 202.37.230.93 (pppoe) opt1 = 203.96.212.68 Firewall-NAT-Outbound Int Source Source Port DestDest Port NAT Add NAT PortStatic Port OPT1192.168.1.0/24 * * * * * NO WAN 192.168.1.0/24 * * * * * NO Services-Load Balancer NameServers/Gateways PortMonitor Description LoadBalancetoWAN202.37.230.93/210.48.22.38 203.96.212.1/203.96.212.1 Note: In the wiki it says in the IP box type in the IP address of the gateway (this has to be one of the gateways configured at WAN or OPTx's) I read this to mean use the gateway IP rather than the interface IP .. was I right? Firewall-Rules-LAN Proto Source PortDestPortGateway * LAN Net * * * * So to my knowledge everything should be setup correctly. so a quick test. links -source http://www.whatismyip.com | grep -i TITLE\ | sed s/ title//I | sed s/\/title//I | sed s/WhatIsMyIP.com\ -\ // 202.37.230.93 I would expect the ip to change every now and then .. but it has never changed Can some one point out what I am doing wrong? Thanks Paul. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancing
Thanks guys, I've also been inform that a new release is pending, so I will wait a few days, and try with the new release Paul. Bill Marquette wrote: Per the forum he's running Beta 2. He's been advised to upgrade to the latest beta as there were numerous load balancer fixes commited after beta 2. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load balancing
Yeah I know, I know .. RTFM ... I read everything can't figure it out. lan = 192.168.1.253 wan = 202.37.230.93 (pppoe) opt1 = 203.96.212.68 Firewall-NAT-Outbound Int Source Source Port DestDest Port NAT Add NAT PortStatic Port OPT1192.168.1.0/24 * * * * * NO WAN 192.168.1.0/24 * * * * * NO Services-Load Balancer NameServers/Gateways PortMonitor Description LoadBalancetoWAN202.37.230.93/210.48.22.38 203.96.212.1/203.96.212.1 Note: In the wiki it says in the IP box type in the IP address of the gateway (this has to be one of the gateways configured at WAN or OPTx's) I read this to mean use the gateway IP rather than the interface IP .. was I right? Firewall-Rules-LAN Proto Source PortDestPortGateway * LAN Net * * * * So to my knowledge everything should be setup correctly. so a quick test. links -source http://www.whatismyip.com | grep -i TITLE\ | sed s/ title//I | sed s/\/title//I | sed s/WhatIsMyIP.com\ -\ // 202.37.230.93 I would expect the ip to change every now and then .. but it has never changed Can some one point out what I am doing wrong? Thanks Paul. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancing
gee I spent all that time formatting so it was readable . . http://forum.pfsense.org/index.php?topic=1329.0 there's a more readable version of the email. Paul. On 30/05/2006, at 1:31 PM, Paul Willard wrote: Yeah I know, I know .. RTFM ... I read everything can't figure it out. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancing question
You fixed the bug on the pools, works great. The second issue on the Virtual Servers still exists. If you have more than 1 pool defined. You will not see both of them in the drop-down to choose from on the virtual server detail page (both editing and adding a new virtual server). Roy -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Friday, April 14, 2006 3:19 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load Balancing question We have duplicated this bug. We'll work on it soon. On 4/14/06, Roy Walker [EMAIL PROTECTED] wrote: Upgraded to Snapshot 4-12-2006. The server drop down does now grey out the monitor IP as stated, however now on the pool detail page it does not list the IPs in the pool to remove them (they do show in the list screen). On the virtual server detail page, there will only be 1 pool listed to choose from even if you have more than 1 pool setup. Looks like it always lists only the first one. Roy From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tue 4/11/2006 7:29 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load Balancing question On 4/11/06, Eric W. Bates [EMAIL PROTECTED] wrote: Where do you find a snapshot? http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing question
Please create a ticket and include as munch info as possible in http://cvstrac.pfsense.com/tktnew Thanks On 4/18/06, Roy Walker [EMAIL PROTECTED] wrote: You fixed the bug on the pools, works great. The second issue on the Virtual Servers still exists. If you have more than 1 pool defined. You will not see both of them in the drop-down to choose from on the virtual server detail page (both editing and adding a new virtual server). Roy -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Friday, April 14, 2006 3:19 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load Balancing question We have duplicated this bug. We'll work on it soon. On 4/14/06, Roy Walker [EMAIL PROTECTED] wrote: Upgraded to Snapshot 4-12-2006. The server drop down does now grey out the monitor IP as stated, however now on the pool detail page it does not list the IPs in the pool to remove them (they do show in the list screen). On the virtual server detail page, there will only be 1 pool listed to choose from even if you have more than 1 pool setup. Looks like it always lists only the first one. Roy From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tue 4/11/2006 7:29 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load Balancing question On 4/11/06, Eric W. Bates [EMAIL PROTECTED] wrote: Where do you find a snapshot? http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancing question
Upgraded to Snapshot 4-12-2006. The server drop down does now grey out the monitor IP as stated, however now on the pool detail page it does not list the IPs in the pool to remove them (they do show in the list screen). On the virtual server detail page, there will only be 1 pool listed to choose from even if you have more than 1 pool setup. Looks like it always lists only the first one. Roy From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tue 4/11/2006 7:29 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load Balancing question On 4/11/06, Eric W. Bates [EMAIL PROTECTED] wrote: Where do you find a snapshot? http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] winmail.dat- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing question
We have duplicated this bug. We'll work on it soon. On 4/14/06, Roy Walker [EMAIL PROTECTED] wrote: Upgraded to Snapshot 4-12-2006. The server drop down does now grey out the monitor IP as stated, however now on the pool detail page it does not list the IPs in the pool to remove them (they do show in the list screen). On the virtual server detail page, there will only be 1 pool listed to choose from even if you have more than 1 pool setup. Looks like it always lists only the first one. Roy From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: Tue 4/11/2006 7:29 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load Balancing question On 4/11/06, Eric W. Bates [EMAIL PROTECTED] wrote: Where do you find a snapshot? http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing question
Can anyone tell me what the Monitor IP field is supposed to be on the Load Balancer:Pool:Edit screen is supposed to be? I would think that the load balancer daemon would query each IP in the pool. Thanx, Roy
Re: [pfSense Support] Load Balancing question
The most current snapshot (today anyhow) is here: http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/ Eric W. Bates wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gary Buckmaster wrote: PS: You're still using Beta-2. Upgrade to the most recent snapshot. Where do you find a snapshot? - -- Eric W. Bates [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEPEj1D1roJTQ4LlERAoYAAJ9f34R3XIGi+LOmOMaugPv6/JTLDgCgjftf F0MSl17e1Z6DAAA4PXtAnKg= =YG59 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing question
On 4/11/06, Eric W. Bates [EMAIL PROTECTED] wrote: Where do you find a snapshot? http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] Load Balancing question
Forgive me, I must not be understanding you. You mean something upstream from the firewall, like your ISP's gateway address? That doesn't make any sense. Why would you take a web cluster off-line because the upstream gateway went down? What version would you recommend I be running? Scott and company seem to put a lot of work into testing the major releases, so figured this would be the most stable. Roy -Original Message- From: Gary Buckmaster [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 11, 2006 7:01 PM To: support@pfsense.com Subject: Re: [pfSense Support] Load Balancing question The Monitor IP is an IP address upstream that is polled from time to time to ensure the upstream link is live. A good Monitor IP might be your upstream gateway. PS: You're still using Beta-2. Upgrade to the most recent snapshot. Roy Walker wrote: Can anyone tell me what the Monitor IP field is supposed to be on the Load Balancer:Pool:Edit screen is supposed to be? I would think that the load balancer daemon would query each IP in the pool. Thanx, Roy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott Ullrich wrote: On 4/11/06, Eric W. Bates [EMAIL PROTECTED] wrote: Where do you find a snapshot? http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/ Thanks. I can't use this with the embedded version, can I? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - -- Eric W. Bates [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFEPFKDD1roJTQ4LlERAookAJ0UCNwlbp7NEmisyGgOS9vGyfwnowCeJHge CRM2V4BjIkuHfAlJWxNyuJc= =jTBd -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing question
On 4/11/06, Eric W. Bates [EMAIL PROTECTED] wrote: Thanks. I can't use this with the embedded version, can I? Yes, reflash with http://www.pfsense.com/~sullrich/RELENG_1_SNAPSHOT_04-08-2006/pfSense.img.gz . Scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing question
On 4/11/06, Roy Walker [EMAIL PROTECTED] wrote: Forgive me, I must not be understanding you. You mean something upstream from the firewall, like your ISP's gateway address? That doesn't make any sense. Why would you take a web cluster off-line because the upstream gateway went down? The point is that you're running Beta 2 and what you are asking about is for gateway pools - something that isn't enabled for server pools post Beta 2 What version would you recommend I be running? Scott and company seem to put a lot of work into testing the major releases, so figured this would be the most stable. We do. But there have been 639 commits to the RELENG_1 branch since Beta 2, most of these have been bug fixes and a few small features that we decided we couldn't live without for 1.0 (and went in with much more testing than stuff that goes into HEAD). --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] load balancing wan
Dual wan load balanced internet access. Just wondering wheather there is any status on this. We would love to deploy this very soon. But on tests today it does not seem to work correctly. I used the following for my how to Setup the pools visit services - load balancer delete any pools that are there that do not work add a new pool and call it loadbalancetowans or something descriptive set the description to load balancing from lan - internet or something descriptive set the type to gateway in the Monitor IP box, put the IP address of a host upstream from the router that can be polled (via tcp socket) to ensure link is up in the IP box type in the lan IP address of the router add a Monitor IP and router IP for each additional OPT interface click save Create NAT-Rules for your WAN-POOL visit firewallNATOutbound enable advanced outbound nat check the automatically created rules. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool) Apply the changes I am guessing that carp or VIP's are not required for this to work. I have the following queries where I may have gone wrong Q: polled (via tcp socket) A: can I poll my external webserver on port 80 (or what exactly should we be doing here) Q in the IP box type in the lan IP address of the router A: is this the gateway of wan and wan1 on the pfsense box Q: add a Monitor IP and router IP for each additional OPT interface A: should the monitor IP be the same for each wan interface Thanks alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing wan
Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Interesting no opt1 route there Only static routes My subnets are /29 so maybe the same issue or similar -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 17:34 To: [EMAIL PROTECTED] are /29 Subject: Re: [pfSense Support] load balancing wa Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing wan
Issue from a shell to find out: fetch -o /etc/inc/pfsense-utils.inc http://pfsense.com/cgi-bin/cvsweb.cgi/~checkout~/pfSense/etc/inc/pfsense-utils.inc?rev=1.316.2.60;content-type=text%2Fplain;only_with_tag=RELENG_1; On 2/17/06, alan walters [EMAIL PROTECTED] wrote: Interesting no opt1 route there Only static routes My subnets are /29 so maybe the same issue or similar -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 17:34 To: [EMAIL PROTECTED] are /29 Subject: Re: [pfSense Support] load balancing wa Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Bit confused what should this do. Fix the problem. Is there any a way to see the kernel routing table. -Original Message- From: Scott Ullrich [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 20:38 To: support@pfsense.com Subject: Re: [pfSense Support] load balancing wan Issue from a shell to find out: fetch -o /etc/inc/pfsense-utils.inc http://pfsense.com/cgi-bin/cvsweb.cgi/~checkout~/pfSense/etc/inc/pfsens e-utils.inc?rev=1.316.2.60;content-type=text%2Fplain;only_with_tag=RELEN G_1 On 2/17/06, alan walters [EMAIL PROTECTED] wrote: Interesting no opt1 route there Only static routes My subnets are /29 so maybe the same issue or similar -Original Message- From: Ben Browning [mailto:[EMAIL PROTECTED] Sent: 17 February 2006 17:34 To: [EMAIL PROTECTED] are /29 Subject: Re: [pfSense Support] load balancing wa Can you SSH into the router? If so, here's a few things you can do from the command line (option 8 after SSHing in) to see why it may not be working: * Issue the command pfctl -sr | grep route (without the quotes). If the outgoing load balancing rule was properly created, you should see the rule printed with both your WAN/OPT interfaces and their respective gateways. * If there was no rule shown with the command above, type cat /tmp/rules.debug | grep error. If any lines are returned by this command, post them here. That would indicate a problem with your config that is keeping the outgoing load balancing rule from being created. I file a bug ticket last night describing a condition where an outgoing load balancing rule is not properly created if the first three octets of a WAN/OPT gateway are not the same as the first three octects of the WAN/OPT IP address. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing wan
On 2/17/06, alan walters [EMAIL PROTECTED] wrote: Bit confused what should this do. Updates the fix that Ben mentioned Fix the problem. Huh? Is there any a way to see the kernel routing table. These will not be in the system routing table, they are in pf's ruleset. Search for the route stuff like Ben mentioned earlier. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] load balancing wan
Could you clarify wheather the procedure is correct and I have answered my questions right at the bottom. I will look at it again in the morning Setup the pools visit services - load balancer delete any pools that are there that do not work add a new pool and call it loadbalancetowans or something descriptive set the description to load balancing from lan - internet or something descriptive set the type to gateway in the Monitor IP box, put the IP address of a host upstream from the router that can be polled (via tcp socket) to ensure link is up in the IP box type in the lan IP address of the router add a Monitor IP and router IP for each additional OPT interface click save Create NAT-Rules for your WAN-POOL visit firewallNATOutbound enable advanced outbound nat check the automatically created rules. create rules for all your internal networks to map to OPT interfaces.. (one rule for each internal network to each opt-interface in the pool) Apply the changes I am guessing that carp or VIP's are not required for this to work. I have the following queries where I may have gone wrong Q: polled (via tcp socket) A: can I poll my external webserver on port 80 (or what exactly should we be doing here) Q in the IP box type in the lan IP address of the router A: is this the gateway of wan and wan1 on the pfsense box Q: add a Monitor IP and router IP for each additional OPT interface A: should the monitor IP be the same for each wan interface Thanks alan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] Load Balancing
Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying bad gateway 85.116.x.1 Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying bad gateway 85.116.x.1 Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
Re: [pfSense Support] Load Balancing
I dont know you tell us. Did it work? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok here is what I have WAN interface Allow anything to connect to vip address on port 25 Allow anything to connect to internal /24 on port 25 LAN Interface Allow anything to connect to internal/24 on port 25 Surely that covers it off? Lee Bill Marquette wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying bad gateway 85.116.x.1 Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com
Re: [pfSense Support] Load Balancing
Uhhh, cause you just said what I said? Would the LAN IP not also be the physical server IP? :) --Bill On 11/10/05, Scott Ullrich [EMAIL PROTECTED] wrote: If that is the case then why does Automatically create a rule creat a firewall rule permitting traffic to the LAN IP? On 11/10/05, Bill Marquette [EMAIL PROTECTED] wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying bad gateway 85.116.x.1 Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
LOL - Nevermind. I misread what you said. I'm going to blame this on the cold medicine yet again. On 11/10/05, Bill Marquette [EMAIL PROTECTED] wrote: Uhhh, cause you just said what I said? Would the LAN IP not also be the physical server IP? :) --Bill On 11/10/05, Scott Ullrich [EMAIL PROTECTED] wrote: If that is the case then why does Automatically create a rule creat a firewall rule permitting traffic to the LAN IP? On 11/10/05, Bill Marquette [EMAIL PROTECTED] wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying bad gateway 85.116.x.1 Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load Balancing
You are testing this from the outside of the firewall correct? --Bill On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Nope. Doesnt even log any errors in the firewall log either... Scott Ullrich wrote: I dont know you tell us. Did it work? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok here is what I have WAN interface Allow anything to connect to vip address on port 25 Allow anything to connect to internal /24 on port 25 LAN Interface Allow anything to connect to internal/24 on port 25 Surely that covers it off? Lee Bill Marquette wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying bad gateway 85.116.x.1 Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -
Re: [pfSense Support] Load Balancing
Bill Yes Im outside of that physical network Scott No errors no... Im just rebooting now actually. Im going to login and try telnet from firewall to private ip in a sec... Scott Ullrich wrote: Well if your no longer logging errors your headed in the right direction. Have you rebooted?Have you telnetted from the firewall to the private ip port 25? Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Nope. Doesnt even log any errors in the firewall log either... Scott Ullrich wrote: I dont know you tell us. Did it work? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok here is what I have WAN interface Allow anything to connect to vip address on port 25 Allow anything to connect to internal /24 on port 25 LAN Interface Allow anything to connect to internal/24 on port 25 Surely that covers it off? Lee Bill Marquette wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying bad gateway 85.116.x.1 Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail has been scanned for viruses by Mailsauce. For further information visit http://www.mailsauce.com
Re: [pfSense Support] Load Balancing
Damn things. Now my external carp has gone to INIT and the right firewall wont let me connect. But I can telnet from left onto the actual lan server on port 25 Lee Lee Hetherington wrote: Bill Yes Im outside of that physical network Scott No errors no... Im just rebooting now actually. Im going to login and try telnet from firewall to private ip in a sec... Scott Ullrich wrote: Well if your no longer logging errors your headed in the right direction. Have you rebooted?Have you telnetted from the firewall to the private ip port 25? Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Nope. Doesnt even log any errors in the firewall log either... Scott Ullrich wrote: I dont know you tell us. Did it work? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok here is what I have WAN interface Allow anything to connect to vip address on port 25 Allow anything to connect to internal /24 on port 25 LAN Interface Allow anything to connect to internal/24 on port 25 Surely that covers it off? Lee Bill Marquette wrote: NAT occurs before filtering. You need a rule on the WAN interface allowing connections to the physical server IPs. --Bill On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: I have. On the wan interface, im allowing anything to connect to the vip 85.116.30.1 address on port 25 Do I need any others? Scott Ullrich wrote: Perhaps you need firewall rules!? On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: 0.92 Latest For some reason left is master for the carp of the smtp and right is master of the carp for the external (routing)... On the machine which is the inbound carp I have: DENIED: Aug 13 16:12:12 WAN 81.174.235.11.34623 85.116.30.1.25 TCP On the machine which is the smtp carp I have: DENIED: Nov 10 16:20:48 WAN 81.174.235.11.34683 192.168.7.1.25 TCP Looks like one of them has the wrong date too :) Scott Ullrich wrote: 1. What version 2. What do you see in the firewall filter logs regarding these connections On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Ok, I have left and right pfsense boxes. On my opt1 interface I have a carp setup: 85.116.x.1/27 is the network im using. My internal network is then 192.168.x.0/24 I have 85.116.x.1 assigned as the virtual I have 85.116.x.2 on left 85.116.x.3 on right I want to load balance 85.116.x.1 inbound on port 25 to a pool i have setup which contains: 192.168.x.1 192.168.x.4 The left and right also have 192.168.x.254 as virtual 192.168.x.252 on left 192.168.x.253 on right I have a firewall rule which allows * to connect on port 25 to the carp address which is 85.116.x.1 The tcp connection just times out. At one point it was in the log saying bad gateway 85.116.x.1 Other than this, its exactly as described in the IncomingLoadBalancing example on the wiki. Lee Scott Ullrich wrote: Many people have followed these and they work. You'll need to provide more information of how its all setup and what doesn't work. On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi Scott, I followed those exactly. And yet I still have no Joy :( Can anyone suggest anything which I may need to tick or the such which may prevent this from working? Regards Lee Scott Ullrich wrote: Try visiting these docs: http://wiki.pfsense.com/wikka.php?wakka=OutgoingLoadBalancing http://wiki.pfsense.com/wikka.php?wakka=IncomingLoadBalancing Scott On 11/10/05, Lee Hetherington [EMAIL PROTECTED] wrote: Hi, Im new to pfsense and have two machines running 0.92 both with 2x Dual Port 100+ Intel Management adaptors. I cannot for the life of me get load balancing working. Here is how I have them setup: left.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN right.pfsense fxp1 Lan fxp2 Cross Over cable to right.pfsense for sync fxp3 DMZ Servers fxp4 WAN On my internal lan and wan I have carp's setup with virtual ip's. I wish to use one of my virtual ip's to load balance mail to 2 servers on my internal lan. I have it all setup as per on the wiki but I cannot get anything through to the mailservers on the internal lan. I have a firewall rule which allows * to connect to the virtual ip on port 25. Any ideas? please help. Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
Re: [pfSense Support] load balancing?
This is not load balancing. This is policy based routing. Its supported now. On 11/10/05, Robo.K. [EMAIL PROTECTED] wrote: Hi, can I ask, if is possible configuration, if I have computer and pfSENSE where I have 2x NIC as 2xLAN and 2xNIC as 2x WAN-connected to two different ISP. Where via rules in PF can I configure traffic so, that users from LAN1 go to the ISP1 via WAN1 and users from LAN2 go through the second interface to the second ISP? And what abou configuration of traffic shaper in this case.?? Thanks. Best regards RoboK -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.SlovakNET.sk - profesionalny webhosting, domena .SK ZADARMO * www.inshop.sk - virtualna obchodna galeria s viac ako 230 obchodmi! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] load balancing
Its meant to redirect to the pool down server if the load balancing monitoring ip is down. Can you post your slbd.conf from /var/etc/ ? Scott On 10/30/05, alan walters [EMAIL PROTECTED] wrote: Just wondering about the site down option in the incoming load balancing situation. I was hoping itwould be possible to redirect to another subnet ie Load balance pool 192.168.1.10 192.168.1.11 Externalip xxx.xxx.xx1.xxx Pooldown ip xxx.xxx.xx2.xxx But when the pool is down it does not go to the pool down ip address. Is this the way it is meant to work of not - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] Load balancing-aggregate more WAN connections
Nope, it's not possible to aggregate a single TCP flow over multiple connections. With load balancing you can at least get number of WAN link TCP flows going at full speed, but you won't bet a single flow at the speed of all connections. --Bill On 9/22/05, Robo.K. [EMAIL PROTECTED] wrote: Hi, is possible with PFSENSE load balancing features make aggregation with 2 or more connections to Internet from various ISP /or some ISP, dont matter/, no only failover or load balancing? Thanx. Bop. -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.11.4/109 - Release Date: 21.9.2005 -- * www.inMail.sk - Vasa emailova adresa na cely zivot ZDARMA * www.SlovakNET.sk - profesionalny webhosting, domena .SK ZADARMO * www.inshop.sk - virtualna obchodna galeria s viac ako 230 obchodmi! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
