Troubleshooting Help
-
I need some help with troubleshooting.
Running:
pfSense 0.95.4
P4 2.8GHz non HT
512MB RAM
HD install
NAT disabled
I have set up 2 alias IP's on the LAN interface using ifconfig directly. i.e. my LAN has 3 addresses.When I first switch the network to run through the firewall, everything runs great, no issues, but after several minutes, and it might be up to a half hour, suddenly certain ips never recieve packets, establised sessions seem to be working but new ones do not. The system maintains between 9000 and 14000 states, I have the state limit set to 30000. Every time it is a different ip that dissapears, and it seems to dissapear one port at a time. I attaching my filter rules, Trusted is an alias for my three LAN subnets.
Any help with debugging tools to use would be greatly appreciated, I have read the man for pfctl several times, and it really isn't producing any real usable info for me.
-
Why are you disabling nat and why are you ifconfiging manually?
If you want to setup stuff manually, use FreeBSD or OpenBSD.
-
No NAT - Because, it is in front of a 27 server hosting cluster that is currently consuming nearly 8 class C's, NAT won't work.
ifconfig alias - see above, using 8 class C's, divided into 3 subnets, and if pfSense would allow multiple IP's for the LAN without VLAN's, I'd use the interface.
By the way, I have seen I am not the first to need this function.I want to use a product like pfSense because it provides an interface that is simple enough to train others to use, I really don't want to be the only person in the company that can add a firewall rule. And, there is no reason why it shouldn't work, especially if I can do it with regular xBSD running pf.
If someone knows of a good way to debug what is going on in real time, I would appreciate it.
-
Use the virtual ip option and setup the ips as CARP or PARP.
Although inputting 8 class c's is not going to be fun!