Sorry, loadbalancing won't work on bridges.

ok, i upgraded to RC 5 2008-Feb-06 10:18:01 build

it seems to work but i am going to let it run for two days.  If it works after the two days this problem is resolved

so see u in 2 days…

@GruensFroeschli:

Read the first post:
This IS a step by step.

If you dont understand how to do it you most probably shouldnt try.

Do you see the changement about the emails somewhere ? ;)

No at the moment.  It's on our list.

Ah you want to use CARP with failover in the sense of failover from one router to the other.
I though failover in the sense of dualWAN failover.

I'm not sure how and if that works.
I would just try to setup CARP for the 1:1 NAT VIP like you would for a normal failover interface.

Hmn, I thought it was only when I had CARP on a VLAN interface, but that doesn't appear to be the case.

It still crashes just after

"Waiting for final CARP interface bringup…....................... done."

with a basic carp setup.

(I'm trying to migrate from a NanoBSD based 6.2 setup -- I didn't have any trouble with this there...)

Sounds like you are running CARP and dual WAN. If you put in a firewall rule on the LAN that redirects all traffic to a particular gateway/pool, then traffic destined for CARP address will also get sent to the gateway/pool. I work around this by adding another rule to allow the local subnet using the default gateway. Something like:
LAN firewall rules:
Allow * src=lan net * dest=lan net * *
Allow * src=lan net * * * gateway=load balancer

Thanks for the quick reply!

I've now set up a set of rules along the lines of:

Interface: LAN
External Address: yyy.yyy.yyy.120
External Port: 80
NAT IP: 192.xxx.xxx.120

This works just right!!!

Thanks for your help!

James.

If you want to failover policy routed items you need to create multiple failover pools, this has been discussed previously, so if you need details please search.

Ratios can be configured by creating a lb pool with multiple entries for the same line, ie-
dsl
cable
cable
cable

Then it should round robin between the four entries, Hitting the cable 75% of the time. Not that I've setup pools that way, usually having roughly equal connections…

Unfortunately I'm using the 1394 int. for the CARP sync. I thought it was stable…

I manualy added the vlans to a fresh install. Then I synced the rule set and the aliases.  and it worked.

Seames very odd.  I am going to try adding vlans to the fresh installed box and see if I have a failure there .

Not currently but it is a planned addition in the future since we now have a SMTP framework imported.

Anybody?

Regards,
Hans

It doesn't work as I would want.
I spent quiet a long time on pf docs and suppose this setting should keep the real server IP during this timeout setting. I am not sure i understood , but a round robin translation rule and a sticky setting should keep sources IP to the same destination server in the next connection…

I can see the src nodes (and my own IP) in the pfs statistics, but I get several ones with my own IP to different web real server (behind the carp VIP) and I still get loadbalanced on the 3 www when the states are expired (before the 4 minutes defined). My max src nodes are under the 10000 limit - 2000 - so I think this is something else.
I will continue to read pf howtos etc
Any piece of advice would be appreciated,

I had something like this with my cluster. (but not using CP I didn't think that worked with CARP has this been fixed?)

After running CARP for ages with no problems I decided to unplug the KVM from the slave to use on another machine. So I unplugged it and rebooted the slave and up it came all fine so went back to the WebGUI to check and after a few mins of fiddling the slave became master on the LAN on its own. So rebooted and same prob so I plugged the kvm back in and no problem.

It seemed to be having some issue sharing IRQs for the nics with no kvm attached. In the end I fiddled with the IRQ settings changing them from auto to fixed and it has been fine ever since.

I cant remember what the message was but it would pop up on the console

So might be worth a look

A carp cluster failover should be similar to a normal failover setup. Did you change the gateway to your Wan1Fail pool on the default firewall run on the LAN tab? You also may need to add a route to provider 2's DNS server via the OPT2 interface (if clients use pfSense for DNS).
The two pools are simply so you can use policy routing with failover. For example, you could add a rule sending http out wan2 with Wan2Fail as the gateway. If you used the WAN2 gateway instead of the pool, http would break if wan2 went down.