Search the forum. Known error.  Upgrade.

I do not understand exactly why no…?

Might be good to see system load details and a list of what packages you have installed.

Add a rule blocking IPV6 at the top of the interface rules and do not set the log checkbox.

Denyhost is available thru pkg_add

just note that the package may not install all dependencies - just read the message after the install

using it with pfsense and works fine

All suggestions are appreciated!

regards Xed

Why?  If it really bothers you this much simply disable console logins in System -> Advanced.

Yeh, i used to run a linux box with shorewall and had the same issue, I know its nothing to do with pfSense.

Thanks for the help.

This sounds more like a job for Linux Heartbeat than for Pfsense.  From what you wrote it sounds like you have intelligence at the server level to determine which should be master and which should be slave.  Linux Heartbeat does a very good job at shifting around virtual IPs and services…

If you wanted to use Pfsense, you could set up a failover load balance pool.  The only problem there is that you would have to kill the primary server if you wanted failover to occur.

-G

@sullrich:

Those are cosmetic.  It's trying to delete prior schedule items.. No biggie.  Please file a bug report and mark it as non-priority and I will look into it.

I have filed a bug report so I will close this thread.

Marcel

So the system has an onboard ethernet, 802.11a PCI and 802.11g PCI (plus usb ethernet for uplink); when I bridged g+ethernet and then set up a as a different range with different dynamics, the dhcp server wanted to serve a single range of dynamics on both interfaces (the g/eth bridge, and the a), which of course resulted in nonroutable addresses on one of the nets.

While reconfiguring I inadvertantly bridged the a net to the g/eth net. It works, including over a reboot. Beats the heck out of me. But it's been working for over a month.

What do you define as loadbalancing?
pfSense can do Roundrobin balancing so not a "add the bandwiths of both WAN's together" but more a "spread the connections to both WAN's"

What do you mean with: "My firewalls are behind a hardware loadbalancer that supports loadbalancing firewalls."
Could you elaborate on that?

It was more Seth's posts that suggested a desire to bypass corporate security/policy.

My 0.02 <currency>- if you want the VPN to really be secure then you need to manage the clients too.  Convenience is nice, but having your corporate network compromised because your end users can install anything they want isn't a good goal ;)  Oh, and I've seen that happen, so it's not just theory.</currency>

You need to enable the static port option in the advanced outbound nat options.

http://doc.pfsense.org/index.php/Static_Port

Which version of pfSense 1.2 were you using (exact version, "the latest" is meaningless)?

Which version of m0n0wall are you using (ditto)?

I've been successful in adding VIP's using these commands for each VIP in the pfsense config (xl0 is my WAN interface):

<system>... <shellcmd>ifconfig xl0 10.1.1.254 alias</shellcmd> <shellcmd>route add 10.1.1.0/24 -iface xl0</shellcmd> ...</system>

Note I then had to add manual outbound NAT for each VIP created (192.168.10.0 is my LAN subnet):

WAN | 192.168.10.0 | * | 10.1.1.0/24 | * | 10.1.1.254 | * | NO
…
WAN | 192.168.10.0 | * | * | * | 192.168.0.2 | * | NO

(The second entry is the actual WAN interface IP)

I set this up a while ago, and foolishly didn't document any of it! So I hope this makes sense to you.

@jahonix:

10.0.0.2 (and 10.0.1.3) are your DNS servers on WAN as well.
What the heck is your ISP doing there?

Thats not my ISP, thats me. For some reason, DNS dosen't get passed through to pfSense, so I set it as 10.0.1.3 (Primary server on the wan side) and 10.0.0.2 (old router that this modem setup replaced). Reverted it to just 10.0.1.3, with the option to have it overidden enabled.

Edit: Updated to latest snapshot (1.2-RC3 built on Mon Nov 26 14:47:57 EST 2007) and it now gets my ISP DNS servers on vr0, or it could have been the reboot I don't know, I was pressing disconnect/connect last time and not getting the ISP dns.