pfSense Gold Subscription

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Derelict

Pages: [1] 2 3 4 5 ... 605
1
CARP/VIPs / Re: Testing High Availability
« on: Today at 06:28:18 am »
Yes. Me.

I have tried to duplicate several of these reports and the only case I can find where there might be a problem is described here:

https://redmine.pfsense.org/issues/8100


2
General Questions / Re: STP and network
« on: Today at 06:12:09 am »
LAN interface is different. You have to make sure that all of your LAN clients are given the LAN CARP address as their default gateway, DNS server (if applicable) etc.

Bottom line is you can't expect HA to just work. It does work fine but it requires additional configuration for things that are otherwise automatic. Such as outbound NAT, DHCP server attributes, etc.

3
Captive Portal / Re: Captive Portal - What is Allowed?
« on: Today at 05:41:51 am »
Enabling captive portal adds rules, but they are not in pf. They are in ipfw.

https://doc.pfsense.org/index.php/Captive_Portal_Troubleshooting

4
General Questions / Re: STP and network
« on: Today at 05:38:56 am »
When you run HA you have to make sure outbound NAT states are created on the CARP VIP not the interface address. Else you will experience dropped connections on failover because WAN address on the primary node is different that WAN address on the secondary node.

https://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_(CARP)

5
Your problem isn't disk, it is RAM. If you have enough RAM you don't swap.

The culprit is probably pfBlockerNG.

6
There is no ability in pfSense captive portal to capture such information. You will have to code it yourself.

You might be able to leverage giving each party participant a voucher code and tracking it that way.

7
Captive Portal / Re: Captive Portal - What is Allowed?
« on: Today at 03:52:16 am »
After you get through the captive portal the users have access to whatever is passed by the rules on that interface (or governed by anything else that might be present outside of pfSense in the infrastructure.)

Post the rules on the CP interface.

8
CARP/VIPs / Re: Testing High Availability
« on: Today at 03:48:02 am »
Is yyy.183.73.74 the CARP VIP?

Is 192.168.0.4 set to use the CARP VIP on the firewall on that interface as its default gateway?

9
General Questions / Re: STP and network
« on: Today at 03:46:23 am »
You need to:

Make sure your outbound NAT is set to use the CARP VIP

Make sure your inside clients are set to use the CARP VIP for services on the firewall such as default gateway, DNS services, etc.

10
No idea what OPNsense does for DNS. But it sounds like you have that and pfSense configured completely differently.

11
Firewalling / Re: Curious Floating Rules Behavior
« on: Yesterday at 02:19:33 pm »
Clear to everyone except....

12
Firewalling / Re: Curious Floating Rules Behavior
« on: Yesterday at 01:32:46 pm »
I disagree.

When talking outside/inside in a firewall context outside is untrusted and inside is trusted... in general terms. Toss in dmz as another branch if you like.

Everything on every interface is "on the wire" at some point. Outside/inside have special meaning.

Traffic/connections on a NIC is either received (inbound) or transmitted (outbound).

13
CARP/VIPs / Re: Testing High Availability
« on: Yesterday at 01:25:58 pm »
Post the states. Detail which address is which (interface, CARP, etc)

14
Firewalling / Re: Curious Floating Rules Behavior
« on: Yesterday at 08:27:49 am »
Even that video confuses outside/inside.

Unless you're talking about outside/inside the firewall.

15
Routing and Multi WAN / Re: 2 wan and protcol binding
« on: Yesterday at 08:25:53 am »
What I suggested completely bypasses the round-robin configuration since you are explicitly policy routing to that WAN. As long as those policy routing rules are higher in the rule set.

Pages: [1] 2 3 4 5 ... 605