Bandwidth test= fine, browsing unusable (HYPER-V)
-
Also, my public IPs are DHCP'd dynamics. I do not need statics for what I do with them.
PS: thanks for your help!
-
Yeah - But I don't see where you have set up a virtual IP to use one of your 2 public IPs?
How are the VIPs (or the VIP) being mapped out and assigned?
I am not using any virtual IPs at all
-
"Lets say I am a user who has had a physical pfsense forever. I want to remove it and install a virtual pfsense appliance. The new virtual pfsense appliance fails to perform as well as the physical. What should I check?"
OK - Easier.
Your WAN IP assignments seem weird to me. You can't call up your company and tell them "Give me two IPs. Give me your gateway address".
Connect to that by bridging to their network (not DHCP) and then hand out the public IPs to Virtual IP?This setup you have now with multi-IP dhcp at the WAN…. Did that work on a physical box there ever?
-
OK - Welllll…. If this setup worked for you on a physical box before but not on the VM, I'm stumped.
It does seem complex bordering on unnecessarily so. That must be one sweet Microsoft DHCP machine to keep it around with these kinds of headaches (-; -
OK - Welllll…. If this setup worked for you on a physical box before but not on the VM, I'm stumped.
It does seem complex bordering on unnecessarily so. That must be one sweet Microsoft DHCP machine to keep it around with these kinds of headaches (-;Hahah it works surprisingly well. The only non-Dell/Cisco/Microsoft item is the pfSense. I'm waiting for the ASA 1000v to hit hyper-V :-)
For dualWAN I pick 2 IPs and use them as multiple gateways load balanced in the routing section on the far left tab.
For the DMZ IPs I put them right on the edge.I'll move them in later when I have fully set up Lync.
I basically use pfSense as a multiwan capable DD-WRT
-
"Lets say I am a user who has had a physical pfsense forever. I want to remove it and install a virtual pfsense appliance. The new virtual pfsense appliance fails to perform as well as the physical. What should I check?"
OK - Easier.
Your WAN IP assignments seem weird to me. You can't call up your company and tell them "Give me two IPs. Give me your gateway address".
Connect to that by bridging to their network (not DHCP) and then hand out the public IPs to Virtual IP?This setup you have now with multi-IP dhcp at the WAN…. Did that work on a physical box there ever?
I can't get statics on a non-Business line. I have considered it but with the fantastic Dynamic DNS, I haven't needed to yet. The multidhcp WAN IPs currently are working. :-)
-
For my own education, can you post a snapshot of your WAN interface assignment?
I'd actually like to see how you are doing that, the VIP assignment, the VLAN and your multi-wan handling also incase I ever need to work with something like yours. There are lots of how-to pages for multiwan/load balance/fail-over etc. I'd love to compare your settings to those for educational purposes. -
It just baffles me. I give it a pair of Xeon cores, 1GB RAM, Dual 10GbE NICs, a decently fast RAID storage upgrade and it just says "LOL NOPE" :-(
This works brilliantly in VMWare ESXi but I no longer have a RAID card :-(
-
I'm looking forward to studying those snapshots.
-
For my own education, can you post a snapshot of your WAN interface assignment?
I'd actually like to see how you are doing that, the VIP assignment, the VLAN and your multi-wan handling also incase I ever need to work with something like yours. There are lots of how-to pages for multiwan/load balance/fail-over etc. I'd love to compare your settings to those for educational purposes.OK the full set up (I've only had enough NICs when I've used ESXi, obviously) was pfSense with 5 vNICs.
This setup had NO DMZ.
Modem#1 provided 2 public IPs and was plugged into port 1 of the 24 port swith. This port 1 was untagged on the outbound but was tagged at the port to VLAN5 (I call it MODEM1 VLAN)
Modem#2 was plugged into Port2 of the 24-port (core) switch. This was tagged as VLAN 10. This was to prevent the ISP DHCP broadcasts from overlapping.
The ESXi host had a few ports trunked directly from the core switch containing all VLANS (5, 10 and the internal 15).
pfSense VM has 2 NICs on VLAN5, 2 NICs on VLAN10, and 1 NIC on the internal VLAN15.
From there, I added them as part of a gateway group and loadBalance based on latency. It works AMAZINGLY well.
I can even use Dynamic DNS for things such as VPN.domain.com or ftp.domain.com etc. This way I haven't needed to use a DMZ as I would just forward what I needed. But soon I'll be expanding to a proper tiered topology.
My ISP changes my IPs once every3-6 months so it is really nice.
-
I'm just at the gym right now but when I get home, I'll do what I've been delaying forever: make a proper visio diagram.
-
I'm just bummed that it works on a crappy physical computer, works great on a VMWare host, but fails catastrophically on Hyper-V
-
Well I will certainly study it, but have no idea if I'll understand how its working. Should be fun.
-
http://imgur.com/hl2Xo77,VYt3Hts,a2W3uXi
This is the current pfsense setup for the physical pfsense implementation and it worked very well. The ISP gives me all different IPs with all different subnets and all different gateways.
-
crap
the first image is incorrect and is for the virtual and is a wrong screenshot. Disregard it.This is the correct one: http://imgur.com/XbBg4ii,PdsrAoT,2D4ps89
-
This is the one I was waiting for.
Question. Was this modem you are using now, it was connected to the physical machines before?
But your links in the main status page show correctly as up correct? -
What are you DNS servers?
Are they being served by numbers forwarded from your WAN connection?
Could you try changing them to something like:
127.0.0.1
8.8.8.8
8.8.4.4?????
-
to note: in the second image under gateway, it says dynamic for one. This is the one I've disconnected for the virtual pfsense to use, so it is seen as down for the moment (I've removed the connection to VLAN 5 from the physical pfsense and applied it to the virtual to use).
-
http://imgur.com/GaydetJ,BRkUTaK is a simplified network diagram
the first image is the functional view while the second image is the physical view
-
What are you DNS servers?
Are they being served by numbers forwarded from your WAN connection?
Could you try changing them to something like:
127.0.0.1
8.8.8.8
8.8.4.4?????
I use an internal DNS on the Domain Controller for internal name resolution. It forwards to the ISP's primary and secondary DNS as well as 8.8.8.8 and 8.8.4.4.