Help on load balancing arplookup 210.213.215.254 failed: host is not on local ne
-
Our firewall started off with PPPoE on the WAN interface connected to an old Westel modem. We added a cable connection w/static IP months later and are currently testing LB/FO. Both connections work fine independently of each other - even with the load balancing pools created. As soon as we create any rules on the LAN interface that reference the LB or FO gateways, we get intermittent connectivity and those arp messages. Unfortunately, I'm not on that customer's site, so my netstat -rn is shows the routes with LB/FO rules disabled:
Destination Gateway Flags Refs Use Netif Expire default 204.213.240.129 UGS 0 7510236 ng0 74.92.60.116/30 link#4 UC 0 0 em3 74.92.60.118 00:13:f7:22:ae:b0 UHLW 1 432194 em3 1043 127.0.0.1 127.0.0.1 UH 0 0 lo0 192.168.1 link#3 UC 0 3236 em2 204.213.240.253 lo0 UHS 0 0 lo0
Would a temporary workaround be to connect the Westel modem to a Linksys router (to handle the PPPoE) and configure static RFC1918 IP's between the pfSense box and the Linksys?
-
A similar situation was discussed here: http://forum.pfsense.org/index.php/topic,4100.0.html
Quick summary:
You could use 1.0.1 release and PPPoE on pfSense's WAN.
You could double nat, but that sucks.
If you have multiple publics (static block), have a router (another pfSense with LAN bridged to WAN??) do the PPPoE and configure pfSense with a straight public IP. -
Setup a modem with pppoe bridging so you can just use dhcp or static with a public ip on the pfsense box.
Still have not found time to troubleshoot this.
-
My main issue with reverting back to straight 1.0.1 is that the traffic I need to handle requires FO rather than LB. The traffic is such that if the recipient detects even one packet coming from a different source IP, they'll can the entire connection.
At a different site I have a Westell 6100 modem/router that appears to handle the pppoe & pass the static info on to the pfsense box. I'm going to see if I can replicate that configuration at this particular site.
databeestje - If you don't have time to troubleshoot, keep tossing ideas my way & I'll do my best to see what information I can gather for you. It would be awesome if we can get native PPPoE + Cable LB/FO working - poorman's enterprise!
-
as of 22-03-2007 pppoe is still not supported/fixed.
Considering my vacation next week this is unlikely to change soon.
You can however use the old style configuration as a workaround. e.g. Not the interface name, but the gateway address. This requires manual config mangling and a filter reload.
so replace "wan" with you wan gateway IP in the relevant config section, etc. Please confirm that works with a pppoe connection before we troubleshoot this any further.e.g. edit file config.xml, search for the load balancer section. Gateway goes left, monitor ip goes right.
Save that, reboot, see if it works.Old style configuration will trigger some logging warnings though.
-
Have tested using the above procedure, duan wan load balancing now working using PPPOE account in WAN.
;D ;D ;D -
i'm one week further now. And i have a hunch.
Can you give me the contents of /var/etc/slbd.conf for the working and the non working configuration?
You will also need to clarify the ip configuration. E.g. which IP is the local address, which is the gateway and which is the monitor ip.
This would really help tracking this problem down, thank you.
-
databeestje, load balance with ppoe works now?
Thank you! -
Not untill Mr Cheeky or someone else with a not working pppoe config sends me the items I specified in my previous post.
I lack a broken PPPoE connection to test this. Because I have tested this with one connection I had access too and it just worked.
-
Not untill Mr Cheeky or someone else with a not working pppoe config sends me the items I specified in my previous post.
I lack a broken PPPoE connection to test this. Because I have tested this with one connection I had access too and it just worked.
I have the same issue.
Can you please give me the exactly way for the work around. I will provide you with the informations you needed then. -
Not untill Mr Cheeky or someone else with a not working pppoe config sends me the items I specified in my previous post.
I lack a broken PPPoE connection to test this. Because I have tested this with one connection I had access too and it just worked.
I have the same issue.
Can you please give me the exactly way for the work around. I will provide you with the informations you needed then.I just read the other post: http://forum.pfsense.org/index.php/topic,4542.0.html
Is this already fixed? -
This problem still exist using the latest 1.2 snapshots.
You have to manually edit the lood balancing pools (replace wan, opt1, etc with the real ip address of the gateway. :( :( :( -
LB works fine now with PPPoE.
-
Have tried the latest ISO of Pfsense-Beta-1-testing, this problem on LB using PPPOE on WAN still exist. Using the WAN gateway as a default gateway (single gateway), no problem. But if you include it on any pool that is LB or failover, error appears.
Again, manually editing the pools replacing WAN with the real IP corrects the problem. -
i'm one week further now. And i have a hunch.
Can you give me the contents of /var/etc/slbd.conf for the working and the non working configuration?
You will also need to clarify the ip configuration. E.g. which IP is the local address, which is the gateway and which is the monitor ip.
This would really help tracking this problem down, thank you.
I'm experiencing this exact same problem, I was running 1.0.1 on a machine whose motherboard died. We purchased a replacement and I did a fresh install of the 3-27-07 snapshot where we ran in to this problem, last night I updated to the 1.2-BETA-1-TESTING-SNAPSHOT-04-30-07 to find the issue still exists.
/var/etc/slbd.conf from the working 1.0.1 install:
Balancer|Dual Wan:
:vip=127.0.0.1:
:vip-port=666:
:sitedown=127.0.0.1:
:sitedown-port=666:
:service-port=666:
:method=round-robin:
:services=2:
:0=72.14.203.99:
:1=216.239.37.99:
:ping:/var/etc/slbd.conf from the non-working 1.2-BETA-1-TESTING-SNAPSHOT-04-30-07 install.
Wan1BalanceWan2|Load Balance Wan1 & Wan2:
:poolname=Wan1BalanceWan2:
:vip=127.0.0.1:
:vip-port=666:
:sitedown=127.0.0.1:
:sitedown-port=666:
:service-port=666:
:method=round-robin:
:services=2:
:0=207.225.140.205:
:1=75.144.37.222:
:ping:In the 1.0.1 install I was using 2 addresses that resolved from www.google.com, in the 4-30-07 install they are the default gateways for each connection.
I'm not sure how much this will help, but the load balance section of config.xml for 1.0.1 is
<lbpool><type>gateway</type>
<monitorip>216.239.37.99 <monitorip><name>Balancer</name>
<desc>Dual WAN</desc>
<port><servers>207.225.140.205|216.239.37.99</servers>
<servers>75.144.37.222|72.14.203.99</servers></port></monitorip></monitorip></lbpool>In the non-working snapshot config.xml the load balance section is as follows
<lbpool><type>gateway</type>
<behaviour>balance</behaviour>
<monitorip><name>Wan1BalanceWan2</name>
<desc>Load Balance Wan1 & Wan2</desc>
<port><servers>wan|207.225.140.205</servers>
<servers>opt1|75.144.37.222</servers></port></monitorip></lbpool>If there's any other information I can provide to help resolve this, please let me know.
-
We have setup a box at a real life PPPoE at WAN and a static config on OPT-WAN with 1.2beta1. We can't reproduce the problem. This is the sesond timme we tried to reproduce it without luck :-\
Anybody having this issue please try to catch me at IRC (freenode, ##pfsense). I'm usually around during the evening hours central european time. If you get me a way to logon to your box maybe I find something we are currently missing to see.
-
i got the same problem last year want a try to do this with floppy firewall. And the guy who do the plugin for dual wan never find the answer. So i decide to buy a Hawking Dual Wan that can handle it but he not have the option of the pfsense and cannot take the load of my two 8 mbit DSL (one connect by pppoe with static ip and second with a cisco 827 with 8 ip adress static) But i try to do this last night with pfsense and i got the same problem i got with my floppy firewall. I will be very glad to reinstall it and give access to somebody that can fix this issue. just send me a email and i will move the current traffic from my pppoe to another ip on my cisco. So this way i will be able to use it on the box. Because the pppoe link serve only for mail traffic and my cisco for web access and mail failover.
-
Try this.
Do not use the PPPoE gateway as the monitor IP.
For example use your DNS server from that isp. -
Hi, I have one machine to teste, if hoba or data getting access to make tests please email-me rafaelcardosotbo@gmail.com, or msn rafael.cardoso@terra.com.br, tomorrow is a good day to test this, its a production machine but I have full access!
Thanks!
-
With the help of Rafael's system for debugging databeestje fixed the PPPoE multiwan issue last night. Everybody who is affected by this please upgrade to the latest snapshot and retest. Feedback is appreciated.