Running wireshark on both sides (client and Web Server), I can see the client sending packets to the Load Balancer Address and I can see the Web Server Receiving packets from the WAN address of the PFSense box which it then tries to respond to but the client never receives them.

Additional info: Client: 192.168.1.50 sends to Virtual Server (192.168.1.20). Web Server (192.168.1.30) sees packets coming from 192.168.1.1 (Load Balancer box WAN interface, not Virtual Server IP). Web Server sends packets back to 192.168.1.1, PFSense does not pass them on to client.

What do I have configured wrong?

I had thought that the standard unix host template in Cacti would get it, but I looked in the Cacti setup I used last and I only had interface graphs so I may not have actually tried to use that.

First, make sure you have all of the boxes checked on the SNMP screen so the modules are loaded to give the info.

If it helps, we use bsnmpd, and copies of the MIBs can be found here:
http://files.chi.pfsense.org/jimp/BEGEMOT-PF-MIB.txt
http://files.chi.pfsense.org/jimp/BEGEMOT-HOSTRES-MIB.txt

Yes.  :)

Exactly like you say the traffic between clients never reaches the firewall so rules would have no effect.
In a wifi network you are able to stop this traffic by not checking the 'allow intra-BSS communication' option. In a wired network you do not have that option.

Steve

Thank you very much!

@johnpoz:

If your just running 2 different networks on the same wire (not really a desired setup) - ie switch is just dumb switch without vlan support.  Why don't you just run everything on 1 network?

This. Why people steal other people's public IP space like it's RFC1918 is beyond me, can't believe how much I see that. Don't do it, it'll break your ability to connect to the part of the Internet that's really assigned that IP space, and is just wrong. It's also pointless to put those devices on a different subnet in that scenario.

Cool, i'll do it that way i think. Thanks for that.  I'll report back if it doesnt work out :)

Right as I hit post for this I just found what seems to do it.

"Disable writing log files to the local RAM disk"  If that is checked then clog no longer works and the syslogd.conf file is turned into that listed at the beginning of the post and hence nothing will log to any place any longer. I recommend that setting be renamed to "Disables all logging."

Intel NICs are indeed the better option.  :)
However I think a large amount of the bad rep associated with Realtek was due to their 10/100 cards. The recent Gigabit cards are much better.

Steve

just to update anyone who may have this problem turns out the snort rule (http_inspect) NO CONTENT-LENGTH OR TRANSFER-ENCODING IN HTTP RESPONSE was blocking my legitmate web browsing i could see this by browsing the net and keeping an eye on the snort alerts and then seeing the sites appear in the block list. took me about 3 days to work this out as its never happened before. anyhow the below link shows the solution which in a nutshell is adding the sid of the rule into a suppress list and then picking the rule in the suppression and filtering dropdown in the snort interface.

http://forum.pfsense.org/index.php?topic=44224.0;prev_next=prev

i can sleep well again tonight was really annoying me this one..

To get bonjour working across interfaces you will probably need the Avahi package. However I would expect you to be able to see it via it's IP.
Since your pfSense box is behind a router does it have a private subnet on its WAN? If so have you removed the block private networks rule?

Is there some reason that your printer is not on the pfSense LAN?

Steve

why dont you post up how much traffic there is, what services you plan to run and what hardware you have…

generally speaking the hardware is almost always overkill.

Thanks for the quick reply,
I tried that, unfortunately its not working for those websites.
Any tips\guides on how to use Squid\SquidGuard on pfSense?

Thanks!

Bingo! That's what I needed to do!

Testing is going much better now! :)

All my experience is with the Firebox LCD which is built into the appliance so not much use to you.
Probably best to ask in the lcdproc-dev thread. Although I note that the only reference to the LCD you have is in reply to a similar suggestion.  ::)

Steve

actually.

GREAT Big thanks!
Now i can go further  :D

Thanks again cmb,

Battle plan is to read through the material and play with it some.  No doubt can sort it out quick with some hands on.

Ed

So you want a correlation of external ip to internal ip traffic analysis?  ie: 204.123.123.13 <-> 192.168.10.100

-ntop can do that though Im not sure how good the package is in pfsense at this time. Should be able to do netflow metrics.
-bandwidthd also seems somewhat capable.
-pflow might be another option though it doesnt appear to be a support package on pfsense.