Thanks for the reply. I solved the kernel: arpresolve: can't allocate llinfo for 192.168.0.254 problem by changing the LAN interface from EM0 to DRIDGE0 (created when I bridged LAN and WAN). After that change I noticed the the default gateway disappeared from the routing tables, but was set correctly in the web UI, so I just went on the WAN interface page, clicked Save and Apply and the default GW was restored.
After that everything started working again as I wanted.
I just setup the IPs and create the routes. I am not as familiar with IP6 routing as I should be, but I would imagine it works similarly. The eth0:XXX is an IP Alias in pfsense 2.0 and higher. You just have to translate a bit from Linux to BSD style of rules.
@sreerajuv:
You can find Dual WAn Loadbalancing in followink link
http://linuxhotcoffee.blogspot.in/2012/09/pfsense-201-dual-wan-configuration.html
Having "WAN1" on Tier 1 & "WAN2" on Tier 2 and using "Member Down" as trigger level you are NOT Doing "Load Balance" you are doing "Fail Over".
Please review your "Blog" post, then come back with accurate info.
You can check the info from the pfSense Docs: http://doc.pfsense.org/index.php/Multi-WAN_2.0#Gateway_Groups
If any two gateways are on the same tier, they will load balance.
If they are on different tiers, they will do failover preferring the lower tier.
If the tier is set to "Never" then the gateway is not considered part of this group.
Yeah, running anything with bridging and HA in ESX will be a mess. Not something I'd recommend, either don't do HA, or don't do bridging, generally the latter the only good option.
I have a dream ….
That you can make it work :)
Ip cop does it by detecting wich trafic is bound for the external interface. I haven't seen any way to do it the same way in BSD (yet).
not sure if it is accessible via the public ip, but i am sure it must be (if not for me, def. for comcast).
however, i have never had to go that far since 192.168.100.1 always worked.
thanks for the link, reading now.
Yeah, it's working for both with no issue from proxy perspective, a new issue that I'm currently working on that there is a noticeable browsing slowness once i disable the firewall filtering the browsing turned to be very fast ..
Yes it works but if you're doing CARP you need:
IP alias in the subnet on WAN on the primary
a different IP alias in that subnet on the WAN on the secondary
Then add your CARP VIP for the new subnet
Just like with the "real" interface IPs, you need three IPs in the new subnet at a minimum
I suspect you were trying to put the alias on the CARP VIP which only works inside the same subnet.
It's typically better to have your upstream link route the entire new subnet at your existing CARP VIP then you don't have to bother with any of that.
Thank you, heper, for saving me lots of time. I corrected some DNS settings for that machine, and things worked as you said.
You made me realize I have to study Active Directory, more. Thank you for that, too.
Hi heper,
The rule allows clienta on the same VLAN to comunicate, if i take out that rule i will be able to access client on the same VLAN.
so..my configuration is the folowing:
VLAN200 WorkLAN
VLAN210 WLAN
VLAN220 ServerLAN
VLAN230 Management VLAN
VLAN 200 can access clients from VLAN 200 and VLAN 210 but can't access VLAN 220 and VLAN 230
VLAN 210 can access clients from VLAN 210 and VLAN 200 but can't access VLAN 220 and VLAN 230
VLAN 220 can access clients from VLAN 220 and VLAN 230 but can't access VLAN 200 and VLAN 210
VLAN 230 can access clients from VLAN 230 and VLAN 220 but can't access VLAN 200 and VLAN 210
I need internet access only on VLAN 200 and VLAN 210, at this moment i have squid configured on VLAN 200 and VLAN210
please let me know if it's clear now?
Thanks.
