Transparent Firewall



  • Hi all,
    I have recently deployed two pfsense servers in transparent mode and using CARP.. (NAT is all disabled) The servers (LAN side) of the firewall have public IPs (193.XXX.XXX.XXX):

    • FW1 WAN IP: 193.XXX.XXX.240

    • FW2 WAN IP: 193.XXX.XXX.241

    • CARP0 WAN IP: 193.XXX.XXX.242

    • FW1 LAN IP: 192.168.66.10

    • FW2 LAN IP: 192.168.66.20

    • CARP1 LAN IP: 192.168.66.30

    Both servers are high spec:

    • 4GB DDR2 RAM

    • Intel Dual-Port Server GB network card

    • 4GB USB Stick as storage

    • Quad-core processor

    I am trying to monitor everything just to make sure we don't get any speed issues. The only real purpose of this firewall is to block specific windows ports from the net. We have a few users reporting slow FTP with the logs on the firewall showing as: ftpsesame[48350]: #38 filter_allow failed: Device busy. Server resources are all below 5%..

    Googling, brought up one forum post but it didn't answer anything. Any advise is appreciated


  • Rebel Alliance Developer Netgate

    From the console, watch "top -SH"

    Something must be consuming a large number of resources in order for that error to show up.

    You probably should be running pfSense 2.0-RC1 if you are mixing bridging+CARP. See here for why: http://redmine.pfsense.org/issues/910



  • Hi Jimp,
    Can't see anything blatant using all the usage up or using much usage .. Running iostat shows no wait either.

    Would I be best trying to upgrade to 2.0-RC1 and then seeing what happens?



  • Rebel Alliance Developer Netgate

    The FTP proxy was completely redone in 2.0, so it's probably your best bet at this point.


Log in to reply