Hello everyone,
I have two types internet users: Domain Based (500 users) and IP Based (1000 users). I have already configured FreeBSD 8.2 server, with Squid, PF and Samba. We have already added this server to our monitoring systems (Whatsup Gold) with the ICMP protocol. Every 4-5 minutes it is monitoring our server and gives an alarm for when our FreeBSD server goes down. After a few seconds it goes up. But we are doing
I have two types internet users: Domain Based (500 users) and IP Based (1000 users). I have already configured FreeBSD 8.2 server, with Squid, PF and Samba. We have already added this server to our monitoring systems (Whatsup Gold) with the ICMP protocol. Every 4-5 minutes it is monitoring our server and gives an alarm for when our FreeBSD server goes down. After a few seconds it goes up. But we are doing
ping server_lan_side_ip[cmd] to this server on down time it looks fine :) Ping does not interrupt. In this time our end users (NAT and proxy users) called to us : "Our internet connection slow or web pages not responding."
What is the problem? I don't know. Please help to us. Thanks!
This is my [file]pf.conf[/file]
[code]ext_if="em0"
ext_ip="x.x.x.x"
int_if="vr0"
sync_if="msk0"
vlan1000_if="vlan1000"
safe_ports="{ 53,8080,22,8140 }"
safe_nat_ports="{ 110,25,143,993,443,587,465,995,3000,389,21,20,53,161 }"
table <clients> persist file "/etc/clients.conf"
#set block-policy drop
#set skip on lo0
#set skip on $int_if
#set skip on $vlan1000_if
#set debug misc
scrub in all
nat-anchor "ftp-proxy/*"
rdr-anchor "ftp-proxy/*"
nat on $ext_if from 192.168.99.128/25 to any port $safe_nat_ports -> $ext_if
nat on $ext_if from 12.0.0.0/21 to any port $safe_nat_ports -> $ext_if
nat on $ext_if from <clients> to any -> $ext_ip
anchor "ftp-proxy/*"
pass in all
block out quick on ext_if proto tcp to port 445
block out quick on ext_if proto udp to port 445
pass out all
antispoof quick for { lo $int_if }
# allow pfsync over the internal nics connected by a cross cable
#pass quick on $sync_if proto pfsync
#pass quick on $int_if proto carp
#pass quick on $ext_if proto carp
#pass quick on $vlan1000_if proto carp
#pass in quick on $ext_if proto tcp to ($ext_if) port 5631
#pass in quick on $int_if proto tcp to 12.0.0.1 port 53
#pass in quick on $int_if proto udp to 12.0.0.1 port 53
#pass in quick on $int_if proto tcp to 12.0.0.1 port 8080
#pass in quick on $int_if inet proto icmp all
#pass in quick on $ext_if inet proto icmp all
#pass in quick on $vlan1000_if inet proto icmp all[/code]
This my [file]resolv.conf[/file] :
[code]domain real.domain.local
nameserver 8.8.8.8
nameserver 8.8.4.4
[/code]
This is my [file]rc.conf[/file]
[code]ifconfig_vr0="inet 12.0.3.233 netmask 255.255.248.0"
ifconfig_em0="inet x.x.x.x netmask 255.255.255.248"
ifconfig_msk0="inet 192.168.192.24 netmask 255.255.255.0"
cloned_interfaces="vlan1000 carp0 carp1 carp2"
ifconfig_vlan1000="inet 192.168.102.6 netmask 255.255.254.0 vlan 1000 vlandev vr0"
defaultrouter="y.y.y.y"
hostname="real.domain.local"
gateway_enable="YES"
ifconfig_carp0="inet 12.0.0.1 netmask 255.255.248.0 vhid 4 pass xxxxx advskew 0"
ifconfig_carp1="inet x.x.x.x netmask 255.255.255.248 vhid 5 pass xxxx advskew 0"
ifconfig_carp2="inet 192.168.102.5 netmask 255.255.254.0 vhid 6 pass xxxxxx advskew 0 vlan 1000 vlandev vr0"
static_routes="service"
route_service="-net 192.168.99.128/25 192.168.102.1"
keyrate="fast"
sshd_enable="YES"
sendmail_enable="NONE"
syslogd_enable="YES"
syslogd_flags="-sscc"
pf_enable="YES"
pf_rules="/etc/pf.conf"
pfsync_enable="YES"
pfsync_syncdev="msk0"
pfsync_syncpeer="192.168.192.25"
squid_enable="YES"
svscan_enable="YES"
svscan_servicedir="/var/service/running"
kern_securelevel_enable="NO"
kern_securelevel="1"
nginx_enable="YES"
winbindd_enable="YES"
nmbd_enable="YES"
smbd_enable="YES"
arpwatch_enable="YES"
arpwatch_interfaces="vr0"
puppetmaster_enable="YES"
fsck_y_enable="YES"
background_fsck="NO"
[/code]
Please help me fix this problem! Thank you again!