Rsync Mirroring through pfSense fails

rynich

Hi, all. If I've missed a relevant post in the forums already, my apologies. I find posts that deal with private Rsync servers, my application is different…

I use rsync to download linux distro repositories to a local CentOS Server nightly. I then do daily builds from them. I am not using git [related but unrelated].

My ISP is cable, they hand me a /30.
I've recently upgraded from a Netgear plain router device [3500L] to pfSense [2.1], running on an optiplex 755. Everything [that I use] works beautifully except RSYNC, and I see excellent performance. I currently have the simple, automatic rules in place that pfsense sets up by default for NAT and firewall rules. Bogon networks blocked.

However RSYNC does NOT work through pfsense. When I shutdown pfSense and switch back to my old netgear, RSYNC works just fine.

After monitoring rsync through the netgear using wireshark, I can't see anything that unusual about rsync's traffic, but IT DOES NOT WORK through pfSense.

Any body have any ideas?

Ryan

dotdash

Do you have 873 port forwarded to the rsync box? Was anything forwarded/DMZ'd on the Netgear?
I've run Rsync with both sides behind pfSense. The receiving side needs the port forwarded to the WAN.

rynich

No port forwarding configuration is in place at either device at this time.

The Netgear, with the exception of unrelated Wireless SSID configuration, is completely default. THere are no port forward settings estabilished with either the netgear of pfSense at this time.
The rsync repos I'm pulling down every night are usually from mirrors.kernel.org. I'll use others, but they are for the most part my favorite to use. usually rsync has about 30-100Mb's of SRPMS and updates that I pull down from there.

I of course do not have control over the mirrors I'm pulling from. I just know that without any special configuration, I can rsync through my simple Netgear NAT device, but not pfSense.

The nightly issued rsync command is:
rsync -art –progress --bwlimit=1100 rsync://mirrors.kernel.org/<repo>/ <updates>/<local>/ <repo>Nothing too bazaar. I can post my pfSense configs here in a bit, if needed. Thx</repo></local></updates></repo>

dotdash

What errors is RSync logging? Watch the states on the firewall when the box is trying to sync and check the firewall log for blocks.

rynich

Apologies, All.

I'll need more time to test. I don't think I'll be able to get back to this and/or provide logs until this weekend.

I'll reconfigure my local pfSense so that there is a spinning disk device to which it can log. I'll then look at what's going on.

I do have a very large pfSense built out of an Dell 1850 Series 2 at work. It is an egress router for our 100Mb/s service in front of 6 TMG Gateways. It does have 2 of it 5 nics configured for NAT, however nothing is currently attached - they are for testing. I'll attach a simple linux device [likely CentOS 6.5x64] to it tomorrow and see if I have trouble rsync'ing there. I was going to complain and say that rsync works through the Dell 1850-pfSense [and subsequent TMG firewalls], however its configuration through which I'm rsyncing at work, is only routing, and not NAT. I need to test rsync through NAT.

Again my apologies. I'll have some relevant testing for you guys to look at either tomorrow night, or this weekend.

Thanks for your patience.

Ryan