Thank you



  • Hi Everyone

    I would like to say thanks to every person involved in pfense after trying many many different server set up's including very expensive windows 2008, i have to let you all know that pfsense was the only one that has worked and fantasticly i might add

    The pfsense set up is a

    Amd Operton quad-core 2.4ghz
    2Gb ram
    160gb hard drive
    3 Nic

    I have 2 x 30mb cable lines load balancing (with sticky connections enabled) works brilliantly
    250 user captive portal
    Firewall
    dhcp server
    squid proxy
    Squid Guard content filter
    Nat

    After weeks of work on a multiple server setup including ubuntu and windows 2008 i was at my wits end until a friend told me about pfsense
    and after only four days one server and a lot of reading on the forum (Many thanks Every single person that posted)
    I have everything working and 212 users were online last night and still no problems to be honest i can't believe it i am just in awe

    Once again thank you



  • Not to detract from pfsense, which rules for my purposes, but is Squid working with load balancing? Squid's failure to handle load balancing connections is a known issue which prevents the use of things like Squidguard for content filtering; usually the filter only functions on a single WAN interface. Is the use of sticky connections somehow bypassing this issue? If so, please let me know as that would fix a huge issue that I am having.



  • Hi Takaratiki,

    I was having issues with the load balancing before i enabled squid the isp's modems would only work dhcp but they assured me there dhcp server would only allocate the same ip address to each modem, i got the wan's to work dhcp but then they were on the same subnet for example 89.100.123.xxx and 89.100.123.xxx and the load balance setting seemed to have a problem with that I didn't really know if this was the issue but i called the isp and they gave me 89.100.123.xxx and 79.100.154.xxx once i had these i reset pfsense and decided to give it another from scratch

    I enabled 1:1 nat for each wan to the lan in firewall
    Then i made the loadbalance using gateway as type and behaviour load balance and they added without an error
    Then i monitored the graphs while bandwith on wan1 was reaching max then was little or no movement on wan2
    Then i enabled sticky connections restarted the server and what do you know when wan1 became 60-70% towards max wan 2 would start using bandwidth

    I figured this was 2 good to be through so i monitored it for a few hours and stayed like this

    So i thought now to really make a mess of it i'll install squid and squidguard (this is going to break it i thought )

    After configuring i tested it and the content i wanted blocked was blocked

    what i need is not that fantastic in the realm of pfsense and maybe the lack of special requirements made it work pretty brilliant its basicly web browseing (no adult material) and skype

    Alot of this info is probably useless to you but if you would like any more specific info please ask i can post screenshots or if there is anything you would like me to try or test no problem



  • Fascinating. I will give it a shot on my firewall when my user base is away and report back with results as soon as I have them (may be a couple of weeks as my users are kind of a 24/7 presence). Thank you for the tip, your setup seems fairly close to what I run so it'll be interesting to try and replicate.



  • No problem looking forward to your results I am Lucky like that i have every weekend user free which gives plenty of room to test couldn't imange trying to do with them having web widrawl's beside me

    I noticed i had to restart after every major services i set up for them to become properly effictive



  • Byrnie,

    My setup isn't as glorious as yours but I am as content as you are with pfSense as a solution.  I struggled pretty hard trying to get a functional tunnel going with OpenVPN on OpenBSD for a couple months on and off, I was not 100% committed but I spent my fair share and just couldn't quite get the thing going.  When I always thought it was almost there… NOPE!  I came across pfSense as an embedded solution.  What do you know... Flawless for weeks now.  I went ahead and built the OpenVPN manually by way of command line just for kicks with all the knowledge I had gathered from trying to build it on OpenBSD.  Worked just fine, like it should in freeBSD/pfSense.

    Looking forward to 2.0 features!!! pfSense rules!!!

    Thanks all.



  • Agreed - pfSense is marvelous, simply marvelous. 
    Thank you to everyone on the team!


Log in to reply