headers
Shibashish | 2 Jul 2011 10:34
Picon
Gravatar

Carp failover time

Hi,

What is the average time for the carp failover to kick in... i.e. how
much time does it take for the "backup" to become "master" and start
serving requests and vice versa? Is the timing parameter configurable?
I have both the WAN and LAN gw as carp ip.

Version2.0-RC1 (i386)
built on Thu Mar 17 07:27:35 EDT 2011

ShiB.
while ( ! ( succeed = try() ) );

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 3 comments |
headers
Volker Kuhlmann | 2 Jul 2011 14:04
Picon
Favicon

Re: Update hang with packages

On Thu 30 Jun 2011 12:12:55 NZST +1200, Volker Kuhlmann wrote:

A reboot cleared the "packages are being updated in thebackground"
status, all packages have been installed and I haven't detected any
other misbehaviour.

So only a minor glitch in the updater.

Thanks,

Volker

--

-- 
Volker Kuhlmann			is list0570 with the domain in header.
http://volker.dnsalias.net/	Please do not CC list postings to me.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 0 comments |
headers
Paul Rose | 2 Jul 2011 14:10
Picon

NAT Exempt

I have an internal (LAN) IP address of 10.2.67.11 and an external (WAN) IP of 10.2.66.15

What is the best way to ensure that I do not NAT packets from 10.2.66.15 to 10.2.67.11 but still retaining a firewall

Is there a "How to" of how I would achieve this

I am running PFSense RC2 (latest update)

Paul Rose
Director
Email:Paul.Rose@...

76 Cannon Street
London
 EC4N 6AE
Tel:    020 7213 0923
Fax:    020 7213 0990
Mobile: 07970 482038
Web:    http://www.cnsuk.co.uk

-----------------------------
This message (and any associated files) is intended only for the use of the individual or entity to which it
is addressed and may contain information that is confidential, subject to copyright or constitutes a
trade secret. If you are not the intended recipient you are hereby notified that any dissemination,
copying or distribution of this message, or files associated with this message, is strictly prohibited.
If you have received this message in error, please notify us immediately by replying to the message and
deleting it from your computer. Messages sent to and from us may be monitored.

Internet communications cannot be guaranteed to be secure or error-free as information could be
intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we
(Continue reading)

Permalink | Reply | 2 comments |
headers
William Salt | 2 Jul 2011 14:51

Re: NAT Exempt

You want to turn NAT off, turn NAT to manual, then delete the rules. :)

On Jul 2, 2011 1:10 PM, "Paul Rose" <Paul.Rose-lqZHI8Hs32f10XsdtD+oqA@public.gmane.org> wrote:
>
> I have an internal (LAN) IP address of 10.2.67.11 and an external (WAN) IP of 10.2.66.15
>
> What is the best way to ensure that I do not NAT packets from 10.2.66.15 to 10.2.67.11 but still retaining a firewall
>
> Is there a "How to" of how I would achieve this
>
> I am running PFSense RC2 (latest update)
>
>
> Paul Rose
> Director
> Email:Paul.Rose <at> cnsuk.co.uk
>
> 76 Cannon Street
> London
>  EC4N 6AE
> Tel:    020 7213 0923
> Fax:    020 7213 0990
> Mobile: 07970 482038
> Web:    http://www.cnsuk.co.uk
>
>
>
>
> -----------------------------
> This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored.
>
> Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.
> -----------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
> For additional commands, e-mail: support-help-zsHM3v2T5LBBDgjK7y7TUQ@public.gmane.org
>
> Commercial support available - https://portal.pfsense.org
>

Permalink | Reply | 1 comment |
headers
Paul Rose | 2 Jul 2011 16:15
Picon

Re: NAT Exempt

As I am a newbie, how actually do I do this? And, how do I make sure that ougoing packets to the Internet get PAT applied via the WAN NIC? (But it doesn't effect incoming packets?

This is an internal firewall that is going to be used to protect a higher classified network. The WAN connection will have a default gateway of the outside firewall (inside NIC)

Ta

Paul
 
From: William Salt [mailto:williamejsalt <at> googlemail.com]
Sent: Saturday, July 02, 2011 01:51 PM
To: support <at> pfsense.com <support <at> pfsense.com>
Subject: Re: [pfSense Support] NAT Exempt
 

You want to turn NAT off, turn NAT to manual, then delete the rules. :)

On Jul 2, 2011 1:10 PM, "Paul Rose" <Paul.Rose <at> cnsuk.co.uk> wrote:
>
> I have an internal (LAN) IP address of 10.2.67.11 and an external (WAN) IP of 10.2.66.15
>
> What is the best way to ensure that I do not NAT packets from 10.2.66.15 to 10.2.67.11 but still retaining a firewall
>
> Is there a "How to" of how I would achieve this
>
> I am running PFSense RC2 (latest update)
>
>
> Paul Rose
> Director
> Email:Paul.Rose <at> cnsuk.co.uk
>
> 76 Cannon Street
> London
>  EC4N 6AE
> Tel:    020 7213 0923
> Fax:    020 7213 0990
> Mobile: 07970 482038
> Web:    http://www.cnsuk.co.uk
>
>
>
>
> -----------------------------
> This message (and any associated files) is intended only for the use of the individual or entity to which it is addressed and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not the intended recipient you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. Messages sent to and from us may be monitored.
>
> Internet communications cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, we do not accept responsibility for any errors or omissions that are present in this message, or any attachment, that have arisen as a result of e-mail transmission. If verification is required, please request a hard-copy version. Any views or opinions presented are solely those of the author and do not necessarily represent those of the company.
> -----------------------------
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe <at> pfsense.com
> For additional commands, e-mail: support-help <at> pfsense.com
>
> Commercial support available - https://portal.pfsense.org
>

Permalink | Reply | 0 comments |
headers
Peter van der Leek | 2 Jul 2011 17:36
Picon

Re: Carp failover time

> What is the average time for the carp failover to kick in... i.e. how
> much time does it take for the "backup" to become "master" and start
> serving requests and vice versa? Is the timing parameter configurable?
> I have both the WAN and LAN gw as carp ip.

I as a human have never been faster then the failover, meaning that I 
immediately refreshed the CARP status screen after pulling a cable and 
that it was already showing master. It is at least within a second.

Kind regards,
Peter van der Leek

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 1 comment |
headers
Mike Nichols | 2 Jul 2011 19:40
Gravatar

Re: Carp failover time

 I think we're discussing timeouts related to OSI levels 2 or 3. A 
 physical disconnect is of course immediate, but i think other factors 
 should be considered, like watchdog style errors, ping timeouts, and 
 transport layer failures.
 I hope we can document points of failure and expected delays for each.

 best,
 mike--

 On Sat, 02 Jul 2011 17:36:39 +0200, Peter van der Leek wrote:
>> What is the average time for the carp failover to kick in... i.e. 
>> how
>> much time does it take for the "backup" to become "master" and start
>> serving requests and vice versa? Is the timing parameter 
>> configurable?
>> I have both the WAN and LAN gw as carp ip.
>
> I as a human have never been faster then the failover, meaning that I
> immediately refreshed the CARP status screen after pulling a cable 
> and
> that it was already showing master. It is at least within a second.
>
> Kind regards,
> Peter van der Leek
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@...
> For additional commands, e-mail: support-help@...
>
> Commercial support available - https://portal.pfsense.org

--

-- 
 Mike Nichols
 My Own SOHO
 mike@...
 http://myownsoho.com
 212 202-2194

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 0 comments |
headers
Chris Buechler | 2 Jul 2011 23:08
Picon

Re: Carp failover time

On Sat, Jul 2, 2011 at 4:34 AM, Shibashish <shib4u@...> wrote:
> Hi,
>
> What is the average time for the carp failover to kick in... i.e. how
> much time does it take for the "backup" to become "master" and start
> serving requests and vice versa?

Immediate if it's expected (i.e. you reboot the master), 1-2 seconds
by default if it's not (such as yanking the power plug or any other
failure to communicate by the master).

> Is the timing parameter configurable?

Yes, search advskew and advbase.

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 0 comments |
headers
Nenhum_de_Nos | 4 Jul 2011 16:08

RC3 nano image and soekris

hail,

I'm trying to install RC3 on a soekris board, but after doing the dd on
the disk I get this:

uhub1: 4 ports with 4 removable, self powered
Trying to mount root from ufs:/dev/ufs/pfsense0
ROOT MOUNT ERROR:
If you have invalid mount options, reboot, and first try the following from
the loader prompt:

     set vfs.root.mountfrom.options=rw

and then remove invalid mount options from /etc/fstab.

Loader variables:
vfs.root.mountfrom=ufs:/dev/ufs/pfsense0
vfs.root.mountfrom.options=ro,sync,noatime

Manual root filesystem specification:
  <fstype>:<device>  Mount <device> using filesystem <fstype>
                       eg. ufs:/dev/da0s1a
                       eg. cd9660:/dev/acd0
                       This is equivalent to: mount -t cd9660 /dev/acd0 /

  ?                  List valid disk boot devices
  <empty line>       Abort manual input

mountroot>

I tried rebooting and once I got to pass it and got failure on php (it
said about ad0 read error, but I changed the disk and still got same error
again).

I'm just supposed to dd it and try, right ?

thanks,

matheus

--

-- 
We will call you cygnus,
The God of balance you shall be

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?

http://en.wikipedia.org/wiki/Posting_style

---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscribe@...
For additional commands, e-mail: support-help@...

Commercial support available - https://portal.pfsense.org
Permalink | Reply | 0 comments |
headers
William Salt | 5 Jul 2011 00:20

UDT (UDP file transfer) + PfSense poor speeds

Hi, so in my quest to get maximum performance out of a LFN, i have opted to use UDT to transfer files at near wire speeds.

UDT is basically a UDP based filed transfer protocol, with some built in error corrections. However, on one of my boxes, i can only get 75mbps outbound and a gig inbound. I get alot of NAK's asif the link is saturated. however it is not.

I get these figures regardless of which machine, or switch i plug the pfsense box into.
I was getting this wil em drivers, and now ive switched to ix (10GbE)

On two 8.1 boxes, i see 1gb each way with UDT, and what seems like the same sysctl settings.

If i run a iperf between the local pfsense and local server, i get 1gbps each way. its just UDT that seems to have a problem...

I must be missing something here

Can anyone recommend any way to tune udp on pfsense?

Cheers
Will
Permalink | Reply | 0 comments |

Gmane