Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Crusnik01

Pages: [1]
1
Hi!

I've setup a simple virtual server to do DNS failover for me, as I wish to have more control over this than the "built in" DNS failover provides.

The issue I'm experiencing is that, when I go to Status -> Load Balancer -> Pools, and do a failover to the other server in the pool, the server status shows up as red:



But if I go to the Load Balancer logs, everything looks right, and it actually has the correct status for that server (UP):



The only way to "fix" this, is to reload the service (relayd), only then will the virtual server start responding to the DNS queries:




Running the latest pfSense release (2.4.2-RELEASE-p1 (amd64))

Am I doing something wrong here, or is this a bug of some sorts?

2
General Questions / Jumbo Frames not forwarding between VLAN interfaces
« on: September 30, 2016, 06:07:55 pm »
Setup
1x LAGG hosting a number of VLAN interfaces. LAGG MTU set to 9000, all VLAN interface inherit this.
Jumbo Frames configured on all switches, and devices.

Issue
Noticed that pinging using large packets didn't work between hosts any more.
What has changed, is that I previously ran a single large network, so the switches tok care of all packets on the LAN side.
Now everything is as it should have been from the start, segmented into many VLANs, and all traffic is routed through the pfSense box.

Example

Pingingen between the two hosts (PC -> NAS) with an 8k packet

Code: [Select]
C:\>tracert -dn 10.1.2.20

Tracing route to 10.1.2.20 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  10.1.3.1
  2    <1 ms    <1 ms    <1 ms  10.1.2.20

Trace complete.

C:\>ping -l 8000 -f 10.1.3.1

Pinging 10.1.3.1 with 8000 bytes of data:
Reply from 10.1.3.1: bytes=8000 time<1ms TTL=64
Reply from 10.1.3.1: bytes=8000 time<1ms TTL=64
Reply from 10.1.3.1: bytes=8000 time<1ms TTL=64
Reply from 10.1.3.1: bytes=8000 time<1ms TTL=64

Ping statistics for 10.1.3.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\>ping -l 8000 -f 10.1.2.20

Pinging 10.1.2.20 with 8000 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 10.1.2.20:
    Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Now doing the same, but from the FW directly (pfSense -> PC, pfSense -> NAS)

Code: [Select]
[2.3.1-RELEASE][admin@fw]/: ping -s 8000 -D 10.1.3.2   
PING 10.1.3.2 (10.1.3.2): 8000 data bytes
8008 bytes from 10.1.3.2: icmp_seq=0 ttl=128 time=0.861 ms
8008 bytes from 10.1.3.2: icmp_seq=1 ttl=128 time=0.807 ms
^C
--- 10.1.3.2 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.807/0.834/0.861/0.027 ms

[2.3.1-RELEASE][admin@fw]/: ping -s 8000 -D 10.1.2.20
PING 10.1.2.20 (10.1.2.20): 8000 data bytes
8008 bytes from 10.1.2.20: icmp_seq=0 ttl=64 time=0.602 ms
8008 bytes from 10.1.2.20: icmp_seq=1 ttl=64 time=0.639 ms
^C
--- 10.1.2.20 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.602/0.621/0.639/0.018 ms

So jumbo frames is obviously working, just not when the packets are going between two interfaces on the pfSense box.

Any ideas?

3
General Questions / [SOLVED] Set MTU on LAGG interface
« on: July 27, 2016, 01:56:06 pm »
Hi!

Running pfSense 2.3.1, with a single LAGG (LACP) with 2 member interfaces, and a whole bunch of VLANs on top of that LAGG.

After searching the forums, and trying some google-fu, I still can't for the life of me figure out how I'm supposed to set the MTU of the LAGG?

If I try to set the MTU through the child VLANs, it gives me the following error:

Code: [Select]
The following input errors were detected:
The MTU of a VLAN cannot be greater than that of its parent interface.

Which is perfectly logical, but then, how do I change the MTU of the parent?

There is no option for it under Interfaces > (assign) > LAGGs, and you can't do anything to an unassigned interface through the GUI, but you need an unassigned interface to create a LAGG... So yeah.. I'm stuck.

EDIT (SOLVED):
Well.. that was embarrassingly simple, though not very intuitive if I'm honest.

What I had to do was to actually go ahead and assign the LAGG, and from there I could set the desired MTU.

I just find it a bit odd to have to "assign" a LAGG interface, just to be able to configure the actual interface, considering it has it's own dedicated tab under "Interfaces" called "LAGGs"...

PS: On a side note, after enabling the jumbo frames MTU (9000), I also had to adjust "kern.ipc.nmbjumbop" and "kern.ipc.nmbjumbo9", as per:
https://forum.pfsense.org/index.php?topic=89087.0

4
Build: 2.0-BETA4 built on Fri Jul 30 03:00:55 EDT 2010

My gateways were working fine with BETA2, but after updating, everything just goes through WAN, ignoring the LoadBalancing gateway completely.

Anyone else noticed this? Known issue?

Pages: [1]