Re: [pfSense Support] RE: Load Balancer Using TCP
Hello all! We have faced the following problem: after the upgrade of pfSense from 1.2-Release to 1.2.3-RC1, the access from the internal LAN1 network to FTP-server, located in DMZ, seized functioning (in both modes: active/passive) (via the LAN2 network). The scheme of access: LAN1 -- Router (pfSense-box) --LAN2 -- NAT (black-box) -- FTP-server. We are allowed to authorise on ftp-server, but fail to get the directory listing. Turning on/off of the FTP-helper does not solve the problem. After downgrade to 1.2-Release, the access to the same FTP functions successfully. What is the difference between the pfSense releases (1.2-Release vs. 1.2.3-RC1) when working with FTP? Do you have any ideas how to solve this problem? Upgrade is performed as follows: 1. Current configuration is saved; 2. New pfSense release is implemented; 3. Configuration is restored from the backup. Thank you. WBR Andrew -- _ .-._.=\-. (_)=='(_) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RE: Load Balancer Using TCP
On Sat, Apr 4, 2009 at 9:06 PM, Chris Buechler c...@pfsense.org wrote: There is another issue where TCP is always selected when you edit an existing pool, haven't fixed that yet but will. Just fixed, diff here. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/fe4df9b7b635cea04eb409a328f0a44c43768b0a - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] RE: Load Balancer Using TCP
Excellent, thank you Chris. I always use TCP as well, but this particular site occasionally gets hit by Digg, and until they get enough capacity in their cluster to support that (AKA - a few memcache servers), their web service does sometimes respond so slowly that the load balancer ends up flapping them back and forth. Appreciate the fix being committed - I haven't used the snapshot builds before, but I'll check it out and ping you if I have troubles. Thank You, Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC Atlas Support Center http://support.atlasnetworks.us/portal -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Saturday, April 04, 2009 6:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] RE: Load Balancer Using TCP On Thu, Apr 2, 2009 at 12:22 AM, Nathan Eisenberg nat...@atlasnetworks.us wrote: Here's what ends up in slbd.conf when I save my config: servicename:\ :poolname=poolname:\ :vip=x.x.x.x:\ :vip-port=80:\ :sitedown=x.x.x.x:\ :sitedown-port=80:\ :method=round-robin:\ :services=2:\ :service-port=80:\ :0=192.168.20.61:\ :1=192.168.20.62:\ :tcppoll:send=:expect=: Why is it using TCPPoll if I have it set to use ICMP in the gui? That was a bug, and strangely you're the first to notice. I've always used TCP for server load balancing configurations and suspect everyone else must as well (well, they are whether or not they realize it). I just committed a fix, it'll be in 1.2.3 snapshots built at least 2 hours from now or you can manually apply this diff. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/d38805bc18a69dda3b33ca3a193420ff656d33dd There is another issue where TCP is always selected when you edit an existing pool, haven't fixed that yet but will. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RE: Load Balancer Using TCP
On Thu, Apr 2, 2009 at 12:22 AM, Nathan Eisenberg nat...@atlasnetworks.us wrote: Here's what ends up in slbd.conf when I save my config: servicename:\ :poolname=poolname:\ :vip=x.x.x.x:\ :vip-port=80:\ :sitedown=x.x.x.x:\ :sitedown-port=80:\ :method=round-robin:\ :services=2:\ :service-port=80:\ :0=192.168.20.61:\ :1=192.168.20.62:\ :tcppoll:send=:expect=: Why is it using TCPPoll if I have it set to use ICMP in the gui? That was a bug, and strangely you're the first to notice. I've always used TCP for server load balancing configurations and suspect everyone else must as well (well, they are whether or not they realize it). I just committed a fix, it'll be in 1.2.3 snapshots built at least 2 hours from now or you can manually apply this diff. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/d38805bc18a69dda3b33ca3a193420ff656d33dd There is another issue where TCP is always selected when you edit an existing pool, haven't fixed that yet but will. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] RE: Load Balancer Using TCP
Here's what ends up in slbd.conf when I save my config: servicename:\ :poolname=poolname:\ :vip=x.x.x.x:\ :vip-port=80:\ :sitedown=x.x.x.x:\ :sitedown-port=80:\ :method=round-robin:\ :services=2:\ :service-port=80:\ :0=192.168.20.61:\ :1=192.168.20.62:\ :tcppoll:send=:expect=: Why is it using TCPPoll if I have it set to use ICMP in the gui? Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.us http://support.atlasnetworks.us/portal From: Nathan Eisenberg Sent: Wednesday, April 01, 2009 9:10 PM To: support@pfsense.com Subject: [pfSense Support] Load Balancer Using TCP Hello, I have a load balancer with two web servers behind it. The web servers are to be monitored via ICMP. However, the servers frequently flap, and I see this message in the load balancer log: Apr 1 21:06:57 slbd[56826]: TCP poll succeeded for 192.168.20.61:80, marking service UP Apr 1 21:06:52 slbd[56826]: Service servicename changed status, reloading filter policy Apr 1 21:06:52 slbd[56826]: TCP poll failed for 192.168.20.61:80, marking service DOWN What's going on? :( Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.us http://support.atlasnetworks.us/portal
[pfSense Support] RE: Load Balancer Using TCP
Given the log, I would say that they are set for TCP and not ICMP. On some versions of pfSense, I have noticed that the option box reverts to TCP from ICMP when you edit the service a second (or subsequent) time. Have another look-betcha it's set to TCP. Also, you might want to post what version of pfSense you are using J Dimitri Rodis Integrita Systems LLC http://www.integritasystems.com From: Nathan Eisenberg [mailto:nat...@atlasnetworks.us] Sent: Wednesday, April 01, 2009 9:10 PM To: support@pfsense.com Subject: [pfSense Support] Load Balancer Using TCP Hello, I have a load balancer with two web servers behind it. The web servers are to be monitored via ICMP. However, the servers frequently flap, and I see this message in the load balancer log: Apr 1 21:06:57 slbd[56826]: TCP poll succeeded for 192.168.20.61:80, marking service UP Apr 1 21:06:52 slbd[56826]: Service servicename changed status, reloading filter policy Apr 1 21:06:52 slbd[56826]: TCP poll failed for 192.168.20.61:80, marking service DOWN What's going on? :( Best Regards Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC supp...@atlasnetworks.us http://support.atlasnetworks.us/portal smime.p7s Description: S/MIME cryptographic signature