Re: [pfSense Support] Re: routing unreliable

2008-03-06 Thread Chris Buechler 

Ngawang Sangye wrote:
I would try that but if you have an upper limit set on all traffic - I 
assume that LAN to LAN will be limted to that speed (2 Mbit for us). 
Thats what I experience, and slower because of all the internet 
traffic competing to the point of unusable connections to local 
servers for file storage.


This type of setup is not compatible with the traffic shaper in 1.2 
because it only properly supports two interface deployments (LAN and 
WAN). It's already been rewritten in 1.3 to accommodate these types of 
networks.


Your only option with 1.2 is to use a perimeter firewall for your 
Internet connection and traffic shaping, and another as an internal router.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[pfSense Support] Re: routing unreliable

2008-03-06 Thread Ngawang Sangye 
I would try that but if you have an upper limit set on all traffic - I
assume that LAN to LAN will be limted to that speed (2 Mbit for us). Thats
what I experience, and slower because of all the internet traffic competing
to the point of unusable connections to local servers for file storage.

We are trying to avoid the router being the pipe for that kind of traffic,
but we need it to work anyway for certain situations only. So if I have my
own rule can it be made not to be part of the overall traffic shaping speed
limit (bypass queue) since it really isn't heading to WAN at all.

THanks

Sangye

On 05/03/2008, Ngawang Sangye <[EMAIL PROTECTED]> wrote:
>
> I have been preparing to shift my network to a new bigger subnet. I have
> routing set up between old
> 192.168.2.*  and new 10.10.*.* subnet. I have been evaluating pfsense for
> a while. Its routing of local LAN to LAN subnets is not reliable.
>
> At times it was great, but I feel that having traffic shaping on tends to
> affect it, yet there were times when transfers to a samba server in the old
> subnet from the new subnet, via pfsense routing performed as one would hope.
> I have 4 intel gigbit NICs installed - all are fine. In the last weeks,
> inexplicably I can't make a transfer work without a drop-out - if it is
> routed through pfsense like this. I just updated firmware (I am a disk based
> system) to 1.2 release - which seems ok so far. The problem hasn't
> changed.
>
> Are there any rules I can do to make the traffic shaper ignore LAN to LAN
> subnet traffic - assuming it is the culprit.
>
> Once we rollout the new subnet and have all our servers moved there, we
> will still have alias IPs in the old subnet. That will help in the
> transition and people will still be able to get to their favourite old
> addresses in the LAN until we can deal with them. So having stable routing
> is really important. I feel I have done my best to make sure this isn't
> something I can figure out.
> I have been watching the support and trying to help people but I don't
> notice this topic come up much. I feel that pfsense routing is fairly
> useless if there is no work around, which is a shame because otherwise it
> beats the other firewalls I evaluated.
>
> thanks for your help
>
> Sangye
>