Routing lan ip's through a particular gateway



  • Hi everyone,

    I have two broadband connections named,

    Wan    -> em0

    Wan 1 -> bge0  and Dhcp enabled for the client systems.

    The problem is now, i want a certain set of ip's in my Lan to go through completely to any one 'Wan' mentioned above.

    I've tried using the firewall->rules by putting the set of ip's and Wan gateway and everything, but it doesn't go through the one, i want it to.

    I've to tell you guys.. I'm noob when it comes to firewall and things.



  • You just need the rule as you described on LAN, and as the top rule so it's the first match.



  • you're a legend dude, thank you!

    Got one more question, how do i use load balancer on this two lines. I always get the latency error on the wan1 line i mentioned above. but wan never gives me latency error.

    Please don't direct me to the manual. Put it in simple words like before!


  • Netgate Administrator

    You mean like apinger alarm delay?
    What type of connection are your two WANs?

    You can tune apinger for connections that have high pings, I believe the default is 200ms.

    Go to System: Routing: , edit your WAN1 gateway, click advanced. Enter new, higher latency thresholds.

    Of course you may actually have a problem with the connection.  ;)

    Steve



  • Yup exactly steve..  I thought, I fooled around with the settings.

    Looks like a connection error as you said. thank god

    I've two broadband one's (optic fiber). 1st is 2-mbps and 2nd one 1-mbps and around 60 clients!

    Thanks a lot!



  • @srk3461:

    Yup exactly steve..  I thought, I fooled around with the settings.

    Looks like a isp error as you said. thank god

    Thanks a lot!

    Guys my pfsense (2.0.1-RELEASE (amd64)) constantly crashes 3 to 4 times everyday. I've submitted the crash report n number of times, my ip is -172-31-144-7,

    Please look into it and tell me what to do!
    Thanks in advance!



  • That's not your IP, or at least not your globally-routable IP, that's RFC 1918. What's your real IP?



  • @cmb:

    That's not your IP, or at least not your globally-routable IP, that's RFC 1918. What's your real IP?

    Dude that is my LAN/pfsense Ip, I was trying not post my real ip by replacing the "." by "-". lol my bad!

    WAN1 = 111.93.153.198

    WAN2 = 220.227.74.81!

    Anyways: below is the crash report–>

    Crash report begins.  Anonymous machine information:

    amd64
    8.1-RELEASE-p6
    FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:09:12 EST 2011    root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_Dev.8

    Crash report details:

    Filename: /var/crash/bounds
    1

    Filename: /var/crash/info.0
    Dump header from device /dev/ad1s1b
      Architecture: amd64
      Architecture Version: 1
      Dump Length: 123904B (0 MB)
      Blocksize: 512
      Dumptime: Fri Mar 15 11:20:13 2013
      Hostname: pfsense.localhost
      Magic: FreeBSD Text Dump
      Version String: FreeBSD 8.1-RELEASE-p6 #0: Mon Dec 12 18:09:12 EST 2011
        root@FreeBSD_8.0_pfSense_2.0-AMD64.snaps.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_Dev.8
      Panic String: Most recently used by mbuf_tag

    Dump Parity: 2974555650
      Bounds: 0
      Dump Status: good

    Filename: /var/crash/textdump.tar.0
    ddb.txt                                                                                            0600    0      0      140000      12120533225  7065                                                                                                      ustar  root                            wheel                                                                                                                                                                                                                  db:0:kdb.enter.default>  run lockinfo
    db:1:lockinfo> show locks
    shared rm PFil hook read/write mutex (PFil hook read/write mutex) r = 0 (0xffffffff81347cc8) locked @ /usr/pfSensesrc/src/sys/net/pfil.c:78
    db:1:locks>  show alllocks
    Process 12 (intr) thread 0xffffff00022fbba0 (64019)
    shared rm PFil hook read/write mutex (PFil hook read/write mutex) r = 0 (0xffffffff81347cc8) locked @ /usr/pfSensesrc/src/sys/net/pfil.c:78
    db:1:alllocks>  show lockedvnods
    Locked vnodes
    db:0:kdb.enter.default>  show pcpu
    cpuid        = 0
    dynamic pcpu    = 0x4a5a80
    curthread    = 0xffffff00022fbba0: pid 12 "swi5: +"
    curpcb      = 0xffffff800007ed40
    fpcurthread  = none
    idlethread  = 0xffffff00022ec3e0: pid 11 "idle: cpu0"
    curpmap        = 0
    tssp            = 0xffffffff8139ed80
    commontssp      = 0xffffffff8139ed80
    rsp0            = 0xffffff800007ed40
    gs32p          = 0xffffffff8139dbb8
    ldt            = 0xffffffff8139dbf8
    tss            = 0xffffffff8139dbe8
    spin locks held:
    db:0:kdb.enter.default>  bt
    Tracing pid 12 tid 64019 td 0xffffff00022fbba0
    kdb_enter() at kdb_enter+0x3d
    panic() at panic+0x17b
    mtrash_ctor() at mtrash_ctor+0x84
    uma_zalloc_arg() at uma_zalloc_arg+0x2ee
    malloc() at malloc+0x9a
    m_tag_alloc() at m_tag_alloc+0x5c
    pf_test() at pf_test+0x1ba
    pf_check_in() at pf_check_in+0x39
    pfil_run_hooks() at pfil_run_hooks+0xd2
    ip_input() at ip_input+0x388
    netisr_dispatch_src() at netisr_dispatch_src+0xb8
    ether_demux() at ether_demux+0x18d
    ether_input() at ether_input+0x195
    re_rxeof() at re_rxeof+0x3e8
    re_int_task() at re_int_task+0x1b8
    taskqueue_run() at taskqueue_run+0x91
    intr_event_execute_handlers() at intr_event_execute_handlers+0x66
    ithread_loop() at ithread_loop+0xb2
    fork_exit() at fork_exit+0x12a
    fork_trampoline() at fork_trampoline+0xe
    --- trap 0, rip = 0, rsp = 0xffffff800007ed30, rbp = 0 ---
    db:0:kdb.enter.default>  ps
      pid  ppid  pgrp  uid  state  wmesg        wchan        cmd
    35193 39137 39137    0  S      accept  0xffffff00470bcdae php
    2112 43952    25    0  S      nanslp  0xffffffff81180a28 sleep
    39256 38018 38018    0  S      accept  0xffffff000288e85e php
    38239 38018 38018    0  S      accept  0xffffff000288e85e php
    12983 39137 39137    0  S      accept  0xffffff00470bcdae php
    24693 31205 31205    0  S      piperd  0xffffff00027df000 rrdtool
    33598 31631 33598    0  S+      ttyin    0xffffff000269a0a8 sh
    31631 31006 31631    0  S+      wait    0xffffff000291e8c0 sh
    31006    1 31006    0  Ss+    wait    0xffffff000275a000 login
    27231    1 27231    0  Ss      nanslp  0xffffffff81180a28 minicron
    26614    1 26614    0  Ss      nanslp  0xffffffff81180a28 minicron
    26319    1 26319    0  Ss      nanslp  0xffffffff81180a28 minicron
    51260    1 51260    0  Ss      nanslp  0xffffffff81180a28 cron
    43952    1    25    0  S+      wait    0xffffff0002896000 sh
    25322    1 25322    0  Ss      (threaded)                  mpd4
    64135                  S      select  0xffffff000274d640 mpd4
    24283    1 24283    0  Ss      select  0xffffff000274dd40 ntpd
    1917    1    25  123  S+      select  0xffffff00028ed740 ntpd
    56348    1 56214 65534  S      select  0xffffff00028ecbc0 dnsmasq
    50089    1 50089  1002  Ss      select  0xffffff00027806c0 dhcpd
    39137 37280 39137    0  Ss      wait    0xffffff0002fbd8c0 initial thread
    38018 37280 38018    0  Ss      wait    0xffffff0047091000 initial thread
    37280    1 36934    0  S      kqread  0xffffff0002a5a400 lighttpd
    31205    1 31205    0  Ss      select  0xffffff0002f76cc0 apinger
    23546    1 23546    0  Ss      select  0xffffff00027829c0 inetd
    22835 20223 22835    0  Ss      (threaded)                  sshlockout_pf
    64121                  S      nanslp  0xffffffff81180a28 sshlockout_pf
    64106                  S      piperd  0xffffff0002f532d8 initial thread
    22802    1 22802    0  Ss      select  0xffffff00028ed140 sshd
    20223    1 20223    0  Ss      select  0xffffff00027809c0 syslogd
    15507    1    25    0  S+      piperd  0xffffff000290e000 logger
    15437    1    25    0  S+      bpf      0xffffff0002da9a00 tcpdump
      272    1  272    0  Ss      select  0xffffff0002781040 devd
      261  259  259    0  S      kqread  0xffffff000278fa00 check_reload_status
      259    1  259    0  Ss      kqread  0xffffff00027eee00 check_reload_status
      40    0    0    0  SL      mdwait  0xffffff0002738000 [md0]
      24    0    0    0  SL      flowclea 0xffffffff81342010 [flowcleaner]
      23    0    0    0  SL      sdflush  0xffffffff81364778 [softdepflush]
      22    0    0    0  SL      syncer  0xffffffff81341d20 [syncer]
      21    0    0    0  SL      vlruwt  0xffffff0002750460 [vnlru]
      20    0    0    0  SL      psleep  0xffffffff81341848 [bufdaemon]
      19    0    0    0  SL      pollid  0xffffffff8117f868 [idlepoll]
      18    0    0    0  SL      pgzero  0xffffffff8136620c [pagezero]
      17    0    0    0  SL      psleep  0xffffffff813655a8 [vmdaemon]
      16    0    0    0  SL      psleep  0xffffffff8136556c [pagedaemon]
        9    0    0    0  SL      ccb_scan 0xffffffff81145fe0 [xpt_thrd]
        8    0    0    0  SL      pftm    0xffffffff80206b50 [pfpurge]
        7    0    0    0  SL      waiting_ 0xffffffff8134dd60 [sctp_iterator]
      15    0    0    0  SL      (threaded)                  usb
    64054                  D      -        0xffffff8000309dd0 [usbus4]
    64053                  D      -        0xffffff8000309d78 [usbus4]
    64052                  D      -        0xffffff8000309d20 [usbus4]
    64051                  D      -        0xffffff8000309cc8 [usbus4]
    64050                  D      -        0xffffff8000300ef0 [usbus3]
    64049                  D      -        0xffffff8000300e98 [usbus3]
    64048                  D      -        0xffffff8000300e40 [usbus3]
    64047                  D      -        0xffffff8000300de8 [usbus3]
    64045                  D      -        0xffffff80002f7ef0 [usbus2]
    64044                  D      -        0xffffff80002f7e98 [usbus2]
    64043                  D      -        0xffffff80002f7e40 [usbus2]
    64042                  D      -        0xffffff80002f7de8 [usbus2]
    64040                  D      -        0xffffff80002eeef0 [usbus1]
    64039                  D      -        0xffffff80002eee98 [usbus1]
    64038                  D      -        0xffffff80002eee40 [usbus1]
    64037                  D      -        0xffffff80002eede8 [usbus1]
    64035                  D      -        0xffffff80002e5ef0 [usbus0]
    64034                  D      -        0xffffff80002e5e98 [usbus0]
    64033                  D      -        0xffffff80002e5e40 [usbus0]
    64032                  D      -        0xffffff80002e5de8 [usbus0]
      14    0    0    0  SL      -        0xffffffff81180704 [yarrow]
        6    0    0    0  SL      crypto_r 0xffffffff813635a0 [crypto returns]
        5    0    0    0  SL      crypto_w 0xffffffff81363560 [crypto]
        4    0    0    0  SL      -        0xffffffff8117c508 [g_down]
        3    0    0    0  SL      -        0xffffffff8117c500 [g_up]
        2    0    0    0  SL      -        0xffffffff8117c4f0 [g_event]
      13    0    0    0  SL      (threaded)                  ng_queue
    64011                  D      sleep    0xffffffff810f4cd0 [ng_queue1]
    64010                  D      sleep    0xffffffff810f4cd0 [ng_queue0]
      12    0    0    0  RL      (threaded)                  intr
    64060                  I                                  [swi0: uart]
    64059                  I                                  [irq1: atkbd0]
    64058                  I                                  [irq7: ppc0]
    64057                  I                                  [irq14: ata0]
    64046                  I                                  [irq16: uhci3]
    64041                  I                                  [irq18: em0 uhci2]
    64036                  I                                  [irq19: uhci1+]
    64031                  I                                  [irq23: uhci0 ehci0]
    64030                  I                                  [irq257: bge1]
    64029                  I                                  [irq256: bge0]
    64028                  I                                  [irq9: acpi0]
    64026                  I                                  [swi2: cambio]
    64022                  I                                  [swi6: task queue]
    64021                  I                                  [swi6: Giant taskq]
    64019                  Run    CPU 0                      [swi5: +]
    64009                  I                                  [swi4: clock]
    64008                  I                                  [swi4: clock]
    64007                  I                                  [swi3: vm]
    64006                  I                                  [swi1: netisr 0]
      11    0    0    0  RL      (threaded)                  idle
    64005                  CanRun                              [idle: cpu0]
    64004                  Run    CPU 1                      [idle: cpu1]
        1    0    1    0  SLs    wait    0xffffff00022e98c0 [init]
      10    0    0    0  SL      audit_wo 0xffffffff81363ad0 [audit]
        0    0    0    0  SLs    (threaded)                  kernel
    64056                  D      -        0xffffff0002611780 [em1 taskq]
    64055                  D      -        0xffffff000260b880 [em0 taskq]
    64027                  D      -        0xffffff000242dd80 [kqueue taskq]
    64025                  D      -        0xffffff0002490200 [acpi_task_2]
    64024                  D      -        0xffffff0002490200 [acpi_task_1]
    64023                  D      -        0xffffff0002490200 [acpi_task_0]
    64020                  D      -        0xffffff00023d3700


  • Rebel Alliance Developer Netgate

    Looks like memory exhaustion, perhaps mbufs, see http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards and raise nmbclusters as described there.



  • @jimp:

    Looks like memory exhaustion, perhaps mbufs, see http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards and raise nmbclusters as described there.

    Thanks for that admin!

    will try it and post the results later!



  • Guys,

    Changed the mbuf to the recommended and there were no more crashes till now. really happy, thanks a lot!

    Just installed to pfsense 2.0.3 (i386) on a another rig and got a problem now every time pfsense boot ups it gets stuck or takes time at
    "Starting up the NTP client" for about 5 to 10 minutes and then boots up properly.

    I tried stopping NTP service at the webgui but no luck! Is there any way to stop it permanently or is it just like that.!?

    Neways…........Pf-sense rocks!



  • Have you tried a different NTP server? I'm not seeing a noticeable delay with the Mar 13 snapshot on x64. I'm using my ISP's NTP server a couple hops away instead of a more distant one.



  • @stan-qaz:

    Have you tried a different NTP server? I'm not seeing a noticeable delay with the Mar 13 snapshot on x64. I'm using my ISP's NTP server a couple hops away instead of a more distant one.

    Thanks for that stan, Figured out, it was caused by the failed CMOS battery on the system! Changed it and the time in the bios, no more issues!

    Thank you guys!


Locked