Failover on wan and opt2, cannot get to work
-
I think the issue right now is the load balancer is reporting opt2 offline all the time, I have verified that the monitor ip is a pingable ip address but it still will not show online.
I've tried every howto guide in existence and even tried winging it myself, no way can I make that interface show online.
I've attached the full config of the box.
- <pfsense><version>3.0</version>
<lastchange><theme>pfsense</theme> - <system><optimization>normal</optimization>
<hostname>pfsense</hostname>
<domain>local</domain>
<username>admin</username>
<password>$1$moBXEWG.$SqUB1BrfewajVme4.GzxC0</password>
<timezone>Etc/GMT-6</timezone>
<time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers> - <webgui><protocol>http</protocol></webgui>
<disablenatreflection>yes</disablenatreflection>
<dnsserver>208.67.222.222</dnsserver>
<dnsserver>208.67.220.220</dnsserver></time-update-interval></system> - <interfaces>- <lan><if>fxp0</if>
<ipaddr>100.100.100.1</ipaddr>
<subnet>24</subnet>
<media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> - <wan><if>sis0</if>
<mtu><media><mediaopt><bandwidth>100</bandwidth>
<bandwidthtype>Mb</bandwidthtype>
<spoofmac>00:0d:88:c2:9e:9a</spoofmac>
<disableftpproxy><ipaddr>dhcp</ipaddr>
<dhcphostname></dhcphostname></disableftpproxy></mediaopt></media></mtu></wan> - <opt1><if>xl0</if>
<descr>wireless</descr>
<bridge><enable><ipaddr>192.168.12.1</ipaddr>
<subnet>24</subnet>
<gateway><spoofmac></spoofmac></gateway></enable></bridge></opt1> - <opt2><descr>Wave2LAN</descr>
<if>rl0</if>
<bridge><enable><ipaddr>97.67.124.34</ipaddr>
<subnet>26</subnet>
<gateway>97.67.124.1</gateway>
<spoofmac><mtu><disableftpproxy></disableftpproxy></mtu></spoofmac></enable></bridge></opt2></interfaces>
<staticroutes>- <pppoe><username><password></password></username></pppoe> - <pptp><username><password><local></local></password></username></pptp>
- <bigpond><username><password><authserver><authdomain><minheartbeatinterval></minheartbeatinterval></authdomain></authserver></password></username></bigpond>
- <dyndns><type>dyndns</type>
<username><password></password></username></dyndns> - <dhcpd>- <lan><enable>- <range><from>100.100.100.10</from>
<to>100.100.100.99</to></range>
<defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></enable></lan> - <opt1>- <range><from>192.168.12.100</from>
<to>192.168.12.254</to></range>
<defaultleasetime>7200</defaultleasetime>
<maxleasetime>86400</maxleasetime>
<netmask><failover_peerip><dnsserver>208.67.222.222</dnsserver>
<dnsserver>208.67.220.220</dnsserver>
<gateway>192.168.12.1</gateway>
<enable><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></enable></failover_peerip></netmask></opt1></dhcpd> - <pptpd><mode>server</mode>
<redir><localip>100.100.100.223</localip>
<remoteip>100.100.100.224</remoteip> - <radius></radius>
<wins>- <user><name>tom</name>
<ip><password>0420</password></ip></user> - <user><name>john</name>
<ip><password>2raFres7</password></ip></user></wins></redir></pptpd>
<ovpn>- <dnsmasq><enable></enable></dnsmasq> - <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
- <diag>- <ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
<bridge><syslog>- <nat>- <ipsecpassthru><enable></enable></ipsecpassthru> - <advancedoutbound>- <rule>- <source>
<network>100.100.100.0/24</network>
<sourceport><descr>nat for production-cablelynx</descr>
<target><interface>wan</interface>- <destination><address>206.255.241.0/24</address></destination>
<natport></natport></target></sourceport></rule> - <rule>- <source>
<network>192.168.12.0/24</network>
<sourceport><descr>nat for wireless</descr>
<target><interface>wan</interface>-
<destination><any></any></destination>
<natport></natport></target></sourceport></rule></advancedoutbound></nat> -
<filter>- <rule><type>pass</type>
<interface>pptp</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<any>- <destination><address>100.100.100.5</address></destination>
<descr>allow vpn users to connect to cameras</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule> -
<rule><type>pass</type>
<interface>pptp</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<any>- <destination><address>100.100.100.100</address></destination>
<descr>as/400 vpn access</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule> -
<rule><type>pass</type>
<interface>opt2</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os><protocol>icmp</protocol> -
<source>
<any>- <destination><any></any></destination>
<descr>allow icmp from wave2lan</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule> -
<rule><type>block</type>
<interface>opt1</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<any>- <destination><address>192.168.12.1</address></destination>
<descr>block firewall access from wlan</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule> -
<rule><type>block</type>
<interface>opt1</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<any>- <destination><network>lan</network></destination>
<descr>block lan access from wireless</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule> -
<rule><type>pass</type>
<interface>opt1</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<any>- <destination><any></any></destination>
<descr>wireless net to internet</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule> -
<rule><type>pass</type>
<interface>lan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<network>lan</network> -
<destination><address>206.255.241.0/24</address></destination>
<disabled><descr>make sure WAN1 goes to right place</descr></disabled></os></statetimeout></max-src-states></max-src-nodes></rule> -
<rule><type>pass</type>
<interface>lan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<network>lan</network> -
<destination><network>opt2</network></destination>
<disabled><descr>make sure WAN2 goes to right place</descr>
<gateway>failover2</gateway></disabled></os></statetimeout></max-src-states></max-src-nodes></rule> -
<rule><type>pass</type>
<interface>lan</interface>
<max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
<os>- <source>
<network>lan</network> -
<destination><any></any></destination>
<descr>Default LAN -> any</descr></os></statetimeout></max-src-states></max-src-nodes></rule></filter>
<shaper>- <ipsec><preferredoldsa></preferredoldsa></ipsec> -
<aliases>- <alias><name>HTTPsAll</name>
<address>22 443 444 3389 8443</address>
<descr>ports that cannot load share</descr>
<type>port</type>
<detail>Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||</detail></alias>- <alias><name>cablelynxgw</name>
<address>206.255.241.1</address>
<descr><type>host</type>
<detail>Entry added Wed, 03 Feb 2010 04:10:40 +0600||</detail></descr></alias>- <alias><name>internetrouters</name>
<address>206.255.241.1 97.67.124.1</address>
<descr><type>host</type>
<detail>Entry added Wed, 20 Jan 2010 05:24:20 +0600||Entry added Wed, 20 Jan 2010 05:24:20 +0600||</detail></descr></alias>- <alias><name>wave2langw</name>
<address>97.67.124.34</address>
<descr><type>host</type>
<detail>Entry added Wed, 03 Feb 2010 04:11:21 +0600||</detail></descr></alias></aliases>
<proxyarp>- <cron>- <minute>0</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 newsyslog- <minute>1,31</minute>
<hour>0-5</hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 adjkerntz -a - <minute>1</minute>
<hour>3</hour>
<mday>1</mday>
<month></month>
<wday></wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh - <minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout - <minute>1</minute>
<hour>1</hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update - <minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot - <minute>/60</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c - <minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/local/bin/checkreload.sh - <minute>/5</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/etc/ping_hosts.sh - <minute>/140</minute>
<hour></hour>
<mday></mday>
<month></month>
<wday>*</wday>
<who>root</who>
<command></command>/usr/local/sbin/reset_slbd.sh</cron>
<wol><installedpackages>- <revision><description>/firewall_nat_out.php made unknown change</description>
<time>1265152163</time></revision> - <rrd><enable></enable></rrd>
- <load_balancer>- <lbpool><type>gateway</type>
<behaviour>failover</behaviour>
<monitorip>206.255.241.1</monitorip>
<name>failover1</name>
<desc>Cablelynx Failover Wave2LAN</desc>
<port><servers>opt2|97.67.124.1</servers>
<servers>wan|206.255.241.1</servers></port></lbpool> - <lbpool><type>gateway</type>
<behaviour>failover</behaviour>
<monitorip>97.67.124.1</monitorip>
<name>failover2</name>
<desc>Wave2LAN Failover Cablelynx</desc>
<port><servers>wan|206.255.241.1</servers>
<servers>opt2|97.67.124.1</servers></port></lbpool></load_balancer></installedpackages></wol></proxyarp></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense>
- <pfsense><version>3.0</version>