Pfsense 1.0.1 on new hardware makes trixbox angry
-
We wanted to upgrade our pfsense box w/new hardware. When we installed pfsense on the new machine and restored the config file from our current firewall our trixbox couldn't ping out. Everything else worked… our LAN could get out and our VPN was fine so I don't think it's a problem w/faulty NICs. Clearing the arp entry for the new firewall didn't seem to help. When we log into the trixbox, we can't ping out. tcpdump on the new firewall shows that a ping request and reply is happening but the firewall seems to be eating it instead of passing it on to the trixbox. If we swap out the new firewall for the old, trixbox can ping away and our VOIP works as expected.
Any ideas for troubleshooting this problem? We tried the 1.2 release as well... same problem.
Thanks.
-
Several of us use trixbox behind pfsense 1.2 with no problems, anything special in your pfsense config?
Can pfsense ping trixbox? -
Yes, pfSense can ping the trixbox, and the trixbox can ping pfsense. The problem comes when we try to ping anything outside the WAN IP address from the trixbox, including the next hop gateway.
We're using 1:1 NAT to our trixbox, and proxy arp configured for this IP. It seems that as soon as we configure 1:1 NAT for the machine, that's when we can no longer ping outside. We could just port forward through our WAN address, but our VOIP provider is expecting us at the address we're currently using.
-
For the sake of the archives (or if you still haven't resolved this) - this is ARP cache related on your ISP's side, the gateway of your firewall is hanging onto the old MAC address for that VIP for usually hours, you'll either have to wait or manually clear it in this circumstance.