Re: [pfSense Support] RE: Load Balancer Using TCP
Hello all! We have faced the following problem: after the upgrade of pfSense from 1.2-Release to 1.2.3-RC1, the access from the internal LAN1 network to FTP-server, located in DMZ, seized functioning (in both modes: active/passive) (via the LAN2 network). The scheme of access: LAN1 -- Router (pfSense-box) --LAN2 -- NAT (black-box) -- FTP-server. We are allowed to authorise on ftp-server, but fail to get the directory listing. Turning on/off of the FTP-helper does not solve the problem. After downgrade to 1.2-Release, the access to the same FTP functions successfully. What is the difference between the pfSense releases (1.2-Release vs. 1.2.3-RC1) when working with FTP? Do you have any ideas how to solve this problem? Upgrade is performed as follows: 1. Current configuration is saved; 2. New pfSense release is implemented; 3. Configuration is restored from the backup. Thank you. WBR Andrew -- _ .-._.=\-. (_)=='(_) - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RE: Load Balancer Using TCP
On Sat, Apr 4, 2009 at 9:06 PM, Chris Buechler c...@pfsense.org wrote: There is another issue where TCP is always selected when you edit an existing pool, haven't fixed that yet but will. Just fixed, diff here. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/fe4df9b7b635cea04eb409a328f0a44c43768b0a - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
RE: [pfSense Support] RE: Load Balancer Using TCP
Excellent, thank you Chris. I always use TCP as well, but this particular site occasionally gets hit by Digg, and until they get enough capacity in their cluster to support that (AKA - a few memcache servers), their web service does sometimes respond so slowly that the load balancer ends up flapping them back and forth. Appreciate the fix being committed - I haven't used the snapshot builds before, but I'll check it out and ping you if I have troubles. Thank You, Nathan Eisenberg Sr. Systems Administrator Atlas Networks, LLC Atlas Support Center http://support.atlasnetworks.us/portal -Original Message- From: cbuech...@gmail.com [mailto:cbuech...@gmail.com] On Behalf Of Chris Buechler Sent: Saturday, April 04, 2009 6:07 PM To: support@pfsense.com Subject: Re: [pfSense Support] RE: Load Balancer Using TCP On Thu, Apr 2, 2009 at 12:22 AM, Nathan Eisenberg nat...@atlasnetworks.us wrote: Here's what ends up in slbd.conf when I save my config: servicename:\ :poolname=poolname:\ :vip=x.x.x.x:\ :vip-port=80:\ :sitedown=x.x.x.x:\ :sitedown-port=80:\ :method=round-robin:\ :services=2:\ :service-port=80:\ :0=192.168.20.61:\ :1=192.168.20.62:\ :tcppoll:send=:expect=: Why is it using TCPPoll if I have it set to use ICMP in the gui? That was a bug, and strangely you're the first to notice. I've always used TCP for server load balancing configurations and suspect everyone else must as well (well, they are whether or not they realize it). I just committed a fix, it'll be in 1.2.3 snapshots built at least 2 hours from now or you can manually apply this diff. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/d38805bc18a69dda3b33ca3a193420ff656d33dd There is another issue where TCP is always selected when you edit an existing pool, haven't fixed that yet but will. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] RE: Load Balancer Using TCP
On Thu, Apr 2, 2009 at 12:22 AM, Nathan Eisenberg nat...@atlasnetworks.us wrote: Here's what ends up in slbd.conf when I save my config: servicename:\ :poolname=poolname:\ :vip=x.x.x.x:\ :vip-port=80:\ :sitedown=x.x.x.x:\ :sitedown-port=80:\ :method=round-robin:\ :services=2:\ :service-port=80:\ :0=192.168.20.61:\ :1=192.168.20.62:\ :tcppoll:send=:expect=: Why is it using TCPPoll if I have it set to use ICMP in the gui? That was a bug, and strangely you're the first to notice. I've always used TCP for server load balancing configurations and suspect everyone else must as well (well, they are whether or not they realize it). I just committed a fix, it'll be in 1.2.3 snapshots built at least 2 hours from now or you can manually apply this diff. https://rcs.pfsense.org/projects/pfsense/repos/mainline/commits/d38805bc18a69dda3b33ca3a193420ff656d33dd There is another issue where TCP is always selected when you edit an existing pool, haven't fixed that yet but will. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org