My bad.

I just assumed that I could backup everything and then do a selective restore on the areas I wanted.

Tried backing up alias and then restore alias on another machine. Worked!

Info: 1.2.3-RC1 built on Sat Apr 18 13:59:38 EDT 2009

Brgs,
iorx

Thare a thing call "adaptive IDENT stealthing". I dont know if that is possible to be implementing to the pfSense firewall. Thare´s article out theare about it.

Try looking at the tread below as I too had the same problem:

http://forum.pfsense.org/index.php/topic,15686.0.html

Thanks,

Mark

I reboot only after an upgrade. Or when i suspect a problem. This seems to become rare with the latest 1.2.3.

But waiting 5 minutes after for a reboot is quite long for a production router where multiwan is enabled.

Multiwan needs to works perfectly as it is a high availability option.

My feeling is that neither BSD neither Linux does have yet complete support for Multiwan. If they had, we should not need to reset the full state table after a wan failover to get back VoIP connectivity.

Resetting the entire state table means that all tcp connections are lost, even those who are not in the failover group.

I found out what the problem was:
squid[4170]: Failed to verify one of the swap directories, Check cache.log for details. Run 'squid -z' to create swap directories if needed, or if running Squid for the first time.

So I ran squid -z to create the necessary swap folders.    Funny thing is I've used squid before and it ran without problems until the recent update of squid.

I guess somewhere along the lines of the install script it didn't create what it needed on my setup.

Thanks for the help.

I rolled back to the 13th release..  and had problems there also..  after setting my wan port to dynamic, then back to static, it then started working..
so I don't know if it was pfsense or my isp.

Yeah well its the tutorial for the 1.2
I guess something changed in FreeBSD since then.
The question is whether we can upgrade from 1.2 to 1.2.3.
Tomorrow a friend of mine is going to be bring a laptop over with pcmcia slot.
I have pcmcia to cf adapter so I will try that.
Another option is of course to wait until somebody uploads us an image of full install on microdrive.

I was seeing similar issues with a previous build (gone now…oops).  I've updated to a more recent build, 4/20, and will report any remaining WAN DHCP client issues.

@FisherKing:

I don't know if this should be posted here or under the DHCP/DNS forum, but it takes place under 1.2.3, so I'm posting here.

I don't think you are seeing anything specific to 1.2.3 here, so yeah it should be in DHCP/DNS. If you have a config that works in 1.2.2, but not under 1.2.3, that's another matter.
@FisherKing:

I've setup DHCP on the LAN and tried a couple of different configurations to get the failover to work using just the GUI.  I've set the same IP range on both boxes, and I've configured the DNS and Gateway fields with the same IP addresses on both boxes.  I've tried assigning different blocks of IPs to each box - but from what I've read on the ISC site, this approach isn't correct.  I've tried leaving DNS and gateway settings empty.  I have entered the secondary's real LAN address in the failover peer IP box, and I've entered the secondary's CARP address in the failover peer box.

Here's an example. Assume we have two boxes fw1 and fw2. Lan addresses are 192.168.1.2 and 192.168.1.3 respectively. There is a CARP VIP 192.168.1.1
services, dhcp, LAN fw1:
range 192.168.1.100 192.168.1.150
DNS servers 192.168.1.1
Gateway 192.168.1.1
Failover Peer 192.168.1.3

services, dhcp, LAN fw2:
range 192.168.1.100 192.168.1.150
DNS servers 192.168.1.1
Gateway 192.168.1.1
Failover Peer 192.168.1.2

Try stopping and starting DHCP on both boxes and see if it goes to normal on the status screen. You should be able to do this without resorting to crazy hacks.

FIT123 is know working. I got the state table reset for each failover. And VoIP trunks are OK.

Nervertheless, it's quite strange to see that the state table keep states when using the "None" state mode in the firewall rules. Is this setting really working ?

Last, is it the best solution to reset the full state table after a failover ?

Doing this, TCP trafic linked to a dedicated WAN interface is cut through this table reset.

That actually makes sense. I like.

To answer to myself.

Stopping RRD and deleting existing RRD graphs then restarting RRD solved this error.

Adding manually spd file solved second error.

Why this errors ocured at all - I don't know.

Sasa