Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - dotdash

Pages: [1] 2 3 4 5 ... 132
1
General Questions / Re: Bizarre Webserver Blockage
« on: May 04, 2018, 01:52:35 pm »
Many details left out- I'd guess the web servers are on private addresses, which are nated to public addresses on the firewall. Is the firewall on the same block as the servers? What kind of vips are you using? My first thought would be the ISP has a configuration error and they are advertising your block somewhere else. Try doing a traceroute when the servers are unreachable, and see how far the traffic goes. Another thought- are you using carp and the isp VRRP?

2
IPsec / Re: IPSec traffic stops, no errors, but link stays up
« on: April 18, 2018, 03:19:44 pm »
Check the other side and verify all the settings match. Verify the phase two ID's match.

3
Try to re-install. https://www.netgate.com/docs/pfsense/solutions/sg-2220/reinstall-pfsense.html
If you get errors, try swapping the msata (or adding an msata if you were using the onboard flash)

4
Hardware / Re: NIC manufacturer detection fail or fob-off?
« on: April 11, 2018, 03:37:33 pm »
I think it's a Chinese copy of an Intel controller, and they were so sloppy they used the wrong macs. I'd return it.

5
Hardware / Re: NIC manufacturer detection fail or fob-off?
« on: April 11, 2018, 01:54:35 pm »
I'd guess the controller is a sloppy knock-off of an Intel. I remember when people were getting counterfeit Intel nics from ebay sellers.

6
Apologies for just skimming, don't have time to read the whole thing carefully.
Try adding an outbound NAT rule- WAN, any, "this firewall(self)" any [Public CARP VIP]

7
Routing and Multi WAN / Re: fpSense loop
« on: April 09, 2018, 09:49:41 am »
All 3 nics are connected to the switch.
Ok, missed that detail. What possible reason would you have to connect your WAN interfaces to the switch? They should connect to the provider equipment directly. If you need to use the switch due to lack of ports, the wan interfaces need to be on separate vlans, as dusan mentioned.

8
Hardware / Re: ALIX.2D : Installation of 2.3.5
« on: April 04, 2018, 09:37:37 am »
There are still nano images for 2.3.5. Write the nano image to a CF and boot from that.

9
There is also a section in the config where the vlans are defined, you need to change the interface references there also.
If you are not comfortable editing the config manually, the restore wizard does a pretty good job at re-assignment these days, even with vlans.

10
Routing and Multi WAN / Re: fpSense loop
« on: March 28, 2018, 08:34:00 am »
Setting a particular address for a monitor causes the system to static route it through a particular gateway. Setting one of the system DNS servers to a particular gateway also causes the system to static route it. If you are not careful, you can cause the monitor to flap between two gateways. From your description, it sounds possible you have encountered this problem.

11
Routing and Multi WAN / Re: fpSense loop
« on: March 27, 2018, 08:43:45 am »
Make sure you are not using the same DNS servers for monitoring that you have in system, general setup.
e.g. If you are monitoring 8.8.8.8, use 8.8.4.4 for DNS if you are using 208.67.222.222 as a monitor, use 208.67.220.220 for DNS.
Not sure if 208.67.222.220 is valid...

12
Just put a small msata in it, do a full install, and restore the config.

13
Installation and Upgrades / Re: Upgrading 64-bit NanoBSD 2.3 to 2.4
« on: March 20, 2018, 09:31:58 am »
That's just an APU1, right? I'd recommend putting an msata in it, and doing a full install.

14
Installation and Upgrades / Re: Upgrading 64-bit NanoBSD 2.3 to 2.4
« on: March 19, 2018, 09:19:51 am »
IMO, the easiest and safest way to do this is to backup the config, do a fresh install, and restore.

15
CARP/VIPs / Re: CARP with 1 WAN IP
« on: March 14, 2018, 09:41:22 am »
You can't ping from a machine on the LAN, or from the firewalls? Not being able to ping outside from the secondary is normal.
Best way to test HA is to shut down the primary during a slow time, and verify machines on the LAN can still get out.

Pages: [1] 2 3 4 5 ... 132