Re: [pfSense Support] sudden ssh problems with 1.2.1 rc1
On Thu, Dec 18, 2008 at 7:40 PM, Bill Marquette wrote: > Sounds like this may have been part of your issue. It sounds like you > had multiple machines acting as carp master. Not a good idea. > Yeah, and downgrading almost certainly did nothing (unless this is some extremely unusual FreeBSD issue) that rebooting alone wouldn't have done. Impossible to say exactly what happened without having hands on the system, but if both systems were somehow running as master, a reboot could have cleared whatever condition caused that. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] sudden ssh problems with 1.2.1 rc1
Sounds like this may have been part of your issue. It sounds like you had multiple machines acting as carp master. Not a good idea. --Bill On Thu, Dec 18, 2008 at 6:11 PM, JJB wrote: > > Tim Nelson wrote: >> >> Check the 'Advanced Options' for any rules you have related to SSH or your >> web host. You may find that someone set a simultaneous connection limit, >> maximum new connections per second limit, or maximum state entries per host. >> >> Good luck! >> >> Tim Nelson >> Systems/Network Support >> Rockbochs Inc. >> (218)727-4332 x105 >> >> - "JJB" wrote: >> >> >>> >>> Also, more info: we are able to any internet host but our www server >>> without problem, and to ssh from any internet host TO our www sever >>> with no problem, just ssh to www from the office behind pfsense is not >>> working correctly. >>> >>> - Joel >>> >>> - >>> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >>> For additional commands, e-mail: support-h...@pfsense.com >>> >>> Commercial support available - https://portal.pfsense.org >>> >> >> - >> To unsubscribe, e-mail: support-unsubscr...@pfsense.com >> For additional commands, e-mail: support-h...@pfsense.com >> >> Commercial support available - https://portal.pfsense.org >> >> >> >> > > We didn't make any changes to the system. Well yesterday we added a rule to > send all traffic destined for two new web hosts www1 and www2 over the T1 > instead of the DSL. The problem did not happen till today. Deleting the rule > did not fix the problem. > > Reverting the system back to 1.2, thank the gods, fixed everything. > > Other weird things - internet downloads would start off reasonably fast and > then wind up running at about 3kbps > > Carp got screwy fw1 and fw2 became confused as to which was which - url > would say fw02 page would say fw01 or vice versa. > > What a nightmare of a day! > > - Joel > > > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] sudden ssh problems with 1.2.1 rc1
Maybe there are issues with your routing table since adding a second link? Or maybe you had both the T1 and DSL previously? When you reverted back to 1.2 did you simply upload your config file from the previous install or setup everything from scratch? After your deleted the newly created www1/www2 rule, did you clear your state tables? ^^^ Maybe those questions aren't important since your problem is fixed. BUT, some of us may still be interested... :-) Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - "JJB" wrote: > We didn't make any changes to the system. Well yesterday we added a > rule > to send all traffic destined for two new web hosts www1 and www2 over > > the T1 instead of the DSL. The problem did not happen till today. > Deleting the rule did not fix the problem. > > Reverting the system back to 1.2, thank the gods, fixed everything. > > Other weird things - internet downloads would start off reasonably > fast > and then wind up running at about 3kbps > > Carp got screwy fw1 and fw2 became confused as to which was which - > url > would say fw02 page would say fw01 or vice versa. > > What a nightmare of a day! > > - Joel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] sudden ssh problems with 1.2.1 rc1
Tim Nelson wrote: Check the 'Advanced Options' for any rules you have related to SSH or your web host. You may find that someone set a simultaneous connection limit, maximum new connections per second limit, or maximum state entries per host. Good luck! Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - "JJB" wrote: Also, more info: we are able to any internet host but our www server without problem, and to ssh from any internet host TO our www sever with no problem, just ssh to www from the office behind pfsense is not working correctly. - Joel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org We didn't make any changes to the system. Well yesterday we added a rule to send all traffic destined for two new web hosts www1 and www2 over the T1 instead of the DSL. The problem did not happen till today. Deleting the rule did not fix the problem. Reverting the system back to 1.2, thank the gods, fixed everything. Other weird things - internet downloads would start off reasonably fast and then wind up running at about 3kbps Carp got screwy fw1 and fw2 became confused as to which was which - url would say fw02 page would say fw01 or vice versa. What a nightmare of a day! - Joel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] sudden ssh problems with 1.2.1 rc1
On Thu, Dec 18, 2008 at 5:51 PM, JJB wrote: > > Since about 10 am this morning, once a few ssh tunnels are up no new ssh > connections are possible. With the tunnels down ssh connections are slow to > connect and sometimes timeout when connecting. > could there be some mechanism that is denying access to multiple ssh > sessions in pfsense? I noticed this sshlockout thing in the logs, could that > prevent multiple outbound connections from passing through the pfsense > server? No, that's only for SSH running on the firewall. > Or is there some kind of 1.2.1rc1 ssh bug? No. > Configuration corruption? > No. State table exhaustion is a possibility. What Tim mentioned is another possibility. What you really need is to get some packet captures and examine what's happening on the wire to determine where things are failing and why. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] sudden ssh problems with 1.2.1 rc1
Check the 'Advanced Options' for any rules you have related to SSH or your web host. You may find that someone set a simultaneous connection limit, maximum new connections per second limit, or maximum state entries per host. Good luck! Tim Nelson Systems/Network Support Rockbochs Inc. (218)727-4332 x105 - "JJB" wrote: > Also, more info: we are able to any internet host but our www server > without problem, and to ssh from any internet host TO our www sever > with > no problem, just ssh to www from the office behind pfsense is not > working correctly. > > - Joel > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] sudden ssh problems with 1.2.1 rc1
Also, more info: we are able to any internet host but our www server without problem, and to ssh from any internet host TO our www sever with no problem, just ssh to www from the office behind pfsense is not working correctly. - Joel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] sudden ssh problems with 1.2.1 rc1
Today our company is doing one of our most important software releases todate and suddenly this morning for no apparant reason (no changes were made to pfsense) we started having trouble opening new ssh connections to our web server. We have ssh tunnels going by which we do mysql replication, and svn updates to our website. Since about 10 am this morning, once a few ssh tunnels are up no new ssh connections are possible. With the tunnels down ssh connections are slow to connect and sometimes timeout when connecting. could there be some mechanism that is denying access to multiple ssh sessions in pfsense? I noticed this sshlockout thing in the logs, could that prevent multiple outbound connections from passing through the pfsense server? Or is there some kind of 1.2.1rc1 ssh bug? Configuration corruption? - Joel - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
