Couple of issues



  • A couple of problems i am having and not sure how to fix..

    I have my pfsense as my firewall, DHCP the lot basically.  The LAN interface is to serve my wireless clients (WiSP).

    I am authenticating them using the captive portal and radius server.

    Here are a few issues i have noticed that i have no idea how to fix:

    A few clients have told me that when trying to do a download from some sites they are getting an IP conflict message saying that the IP is already in use..  but they all have an IP from DHCP which is statically set for each client, so i am guessing its something to do with the WAN IP address, but i dont know how i can get around that.

    Secondly, me working in the office going through the exact same system am having no issues, but i have a bunch of clients saying that the speed is good but are having alot of problems opening certain sites like hotmail, gmail. other similar sites.  Is there anything i can do about this? I have notices this problem with and without squid running as a transparent proxy.



  • Do you have any load balance setup?



  • No, nothing at all.


  • Netgate Administrator

    How many public IPs do you have? How many clients?

    Steve



  • @luke240778:

    A few clients have told me that when trying to do a download from some sites they are getting an IP conflict message saying that the IP is already in use..

    It would probably be helpful to have more details: for example, the exact text of the message, what they are using for the download (e.g. xxx ftp client, xx browser) and how the message is reported (in a popup? in the man window?) . A screenshot could be useful. The report suggests something is trying to allocate an IP address. I can't imagine why a download would be attempting to allocate an IP address. Maybe the message is coming from something else unrelated to the download.

    @luke240778:

    i have a bunch of clients saying that the speed is good but are having alot of problems opening certain sites like hotmail, gowser) mail. other similar sites.

    Again, it would probably be helpful to have more details, perhaps a screenshot. What sort of problem? the browser reports timeout? the browser reports "unknown host"? the browser takes them to an OpenDNS page reporting xxx is not loading? they get only part of the page?



  • @stephenw10:

    How many public IPs do you have? How many clients?

    Steve

    I only have 1 public IP and around 100 clients currently.  I do have a block of 13 other IP's that i can use but i have tried a million times to get that working on pfsense and can't get it working



  • @wallabybob:

    @luke240778:

    A few clients have told me that when trying to do a download from some sites they are getting an IP conflict message saying that the IP is already in use..

    It would probably be helpful to have more details: for example, the exact text of the message, what they are using for the download (e.g. xxx ftp client, xx browser) and how the message is reported (in a popup? in the man window?) . A screenshot could be useful. The report suggests something is trying to allocate an IP address. I can't imagine why a download would be attempting to allocate an IP address. Maybe the message is coming from something else unrelated to the download.

    @luke240778:

    i have a bunch of clients saying that the speed is good but are having alot of problems opening certain sites like hotmail, gowser) mail. other similar sites.

    Again, it would probably be helpful to have more details, perhaps a screenshot. What sort of problem? the browser reports timeout? the browser reports "unknown host"? the browser takes them to an OpenDNS page reporting xxx is not loading? they get only part of the page?

    I am not certain as these clients tell me after it happens and then i cant see whats going on. I believe the first few times was all with people dowloading from megaupload.com which i think has been shutdown now.  And the latest was some site called fileserve.com or fileshare.com, cant remember exactly.  People here seem to love using those type of sites to download alot of crap.

    The second part the browser just stays attempting to connect for an awfully long time, not time out error or anything. but also some people say it sometimes opens but is extremely slow.  whenever this happens i test the sites access in the office and have no problems at all.



  • @marcelloc:

    Do you have any load balance setup?

    Hey marcelloc, i a dont really have any idea how to setup load balancing, but i thought that this was to load balance multiple WAN links?  I only have 1 WAN


  • Netgate Administrator

    Load balanced WAN connections can cause similar symptoms to those you've mentioned. However you only have one WAN so it's not that.  :)

    A lot (perhaps all) file sharing sites restrict downloads per day or per hour by IP address. Since all your clients are effectively sharing one address this will happen.  :-\

    Steve



  • @luke240778:

    Hey marcelloc, i a dont really have any idea how to setup load balancing, but i thought that this was to load balance multiple WAN links?  I only have 1 WAN

    Yes, load balance can be done with servers and links.

    Are you doing any manual outbound nat to use yours 13 ips or some traffic shaping?



  • No, because i have tried many times to setup the NAT and Virtual IP's or whatever to try and get those IP's working but i havent succeeded, and can't find any clear instructions on what  have to do to get this working. ALl i know is that the block is already forwarded to my WAN IP from my provider already.



  • First step is to assign these ips on firewall -> virtual ips, than change outbound nat (firewall -> nat ) to manual and create your own outbound nat rules to match server with ips.


Log in to reply