[FYI- don't address a forum post to anyone specific - let everyone in on the fun]

If you have one of those IPs as your WAN, and their device as the gateway, then you can use either CARP or Proxy ARP (or on 2.0, IP Alias) VIPs. They would all work to use the additional IPs.

Thanks for the reply!

I have been testing this out for some time now and it will not work for me.
Have found out that the the packets sent to and from the server to IP 239.255.255.250 are SSDP protocol over UDP.
Those are non routeble protocol.

I got the IGMP broadcast through with the proxy as you said but I could not get the SSDP through.

I think the only solution to this is to connect a second NIC on the Mediaserver and connect it to DMZ.

/illern.

The testing continued today and finally I got so desperate that I decided to take my very simple Sitecom 5 port switch and connected both LAN interfaces of the firewalls to that. To my total surprise: it worked!
So there has got to be something in the configuration of my DLINK DGS-3024 switches.

This topic can be closed with a wise lesson for everyone: never underestimate the power of your switches, they can *** up everything…

Wow.  Thanks!  Ok, I am happy!  Thank you for your information!

YAAA you fixed me!  Thanks a bunch!

Guess I celebrated too fast. It worked yesterday, but after coming back to work today it doesn't work anymore. Will do some more testing later on.

EDIT: I updated both machines to 2.0RC3. After the subsequent reboot it's working again, even after coming back to work the next morning. Let's see how it goes.

I have 2.0 installed here at home but just for a little while longer I am going to wait to install 2.0 in a production environment. Thanks for all your advice I'll read about Proxy ARP I could of swore I remembered reading something about trouble with FTP.

have you tried to add computername\username format or just username?

If your settings are not syncing, check Firewall > Virtual IPs, on the CARP Settings tab. On 2.0 the whole lower 2/3 of the page is for config sync. Put in the IP, password, and check all of the boxes on the master. Leave that whole section empty on the slave.

I forgot to add the Pfsense box is a virtual machine on our hypervisor and currently has 2 network cards. One network card is called LAN and the other is WAN.

You can only properly do CARP failover with static IP WANs, it wouldn't fail over properly and keep connections alive with a PPPoE WAN.

Also I don't believe the second WAN can be on-demand when used with multi-wan. pfSense constantly pings the gateways of all WANs to ensure they are usable, and there isn't a mechanism currently to handle on being left down until needed. This is in the works, though, because it would be useful for 3G connections where bandwidth is expensive.

If they're routed to you, you don't need anything at layer 2 ("Other" VIPs will suffice). To use that with CARP, have the ISP route the IP blocks to a CARP IP on your WAN subnet.

CARP IPs must be within the subnet of the interface's IP. That's not going to change in the near future.

Yep, you got it there at the end.

You have one CARP VIP that has the VHID - announcements happen there, and the other IP Alias type VIPs sit on top of that CARP VIP.

They all fail in a group with the CARP VIP. Actually faster than they would individually because they don't need <x>advertisements per second, where <x>is your number of IPs, just the one of the CARP VIP.

Less headache, less VHIDs, less network traffic. It's a very nice way to do it.</x></x>

Did the update from last night and now it works great > "Reboot" and "Halt System" on both pfsense :)

The hardware will work as long as you have the same number of interfaces and they are assigned in the same order. Doesn't matter if they are different drivers or types.

On each interface, both boxes need an IP and then the shared IP, so at least three IPs in every subnet.

Hi Jim,

thanks for the answer, I agree. I'll take a look at implementing this if no one beats me to it.

Thank you very much, I'll give it a try.

Ok, how I resolved it.

First I tried created a new router from the 1.2.3 VM, and restored the configuration from the original router.  This router had the same behavior as the failed router.

Second I copied the running secondary router, made a few adjustments to the config so that it was the primary and it worked. It has now been running for 12+ hours with no problem.

I would guess, that I had some config issues that I missed. User error again!