DNS Not Resolving

Lekenby

Basically, I have two firewalls, master and backup (CARP), now basically both have exact same setup as far as I can tell, and the master seems to stop resolving DNS when im browsing the internet after a while. I can't update or anything from the firewall, says can't resolve etc check gateway, backup firewall still fine. The backup firewall seems to keep on working fine 24/7.

Any ideas, or places I can look for clues?

jimp

Could we get a little more information about your setup?

Is it just WAN+LAN? Or do you have a DMZ/OPTx interface?

Are there any bridges involved?

jimp

You may also want to have a look at the following articles in the docs:

http://doc.pfsense.org/index.php/CARP_Configuration_Troubleshooting

http://doc.pfsense.org/index.php/CARP_Cluster_with_Bridge_Troubleshooting

Lekenby

Well I have used Endian for a long time, and set the network up similar. Basically there in the LAN interface which serves about 5 computers, and one optional database which serves a load of wirless access points and a 50 port switch which has loads of wall sockets plugged into it

no bridges, no DMZ

jimp

Ok.

I saw the other thread where you described your other master/backup status problem, and I wonder if these two problems are one in the same.

Any chance you could take screenshots of the CARP configuration on both servers and attach them to a post here?

Lekenby

ok, but I also notice that firewall cannot get packes etc or ping any website, though it can ping the ethernet modem, i've replaced the card with a couple others, does same thing =)

http://clients.moltenmonkey.com/int/attachments/screenshots.jpg

basically all pages are the same setup for VIPs, and the second firewall has nothing on the CARP page, and the same as the firewall on the VIP pages, except that advertising is 100

Lekenby

sorry to bump, any ideas?

Lekenby

ok, solved this problem, what I did was disabled DNS forwarder, then set the DHCP to serve 192.168.1.1 as the DHCP server (which is the enthernet DSL modem on WAN), and works fine.

CARP is working fine, but in reserve. The WAN interface is correct, 10.0.0.11 master 10.0.0.12, but LAN and PUBLIC is the reverse. It works fine, I shut down 10.0.0.12 internet works, its just wrong way round.

All 10.0.0.11 advertisers set as 0, 10.0.0.12 set as 100