Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.0.2 New VIP results in missing sync ip 'spam'?!

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    4 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sn3ak
      last edited by

      I mention 2.0.2, but honestly don't know if that is the cause of the initial problem, or if the 'error' is specific to this version or not.

      One of my older pfSense boxes, upgraded from 1x something.. running happily with a block of 5 ips, only had two assigned in VIP, I needed to add another ip or two.
      Copied previous config, using P-ARP and new ips don't work. Tried rebooting pfSense, and comcast bus. modem, with no joy.

      According to http://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses%3F my configuration apparently shouldn't work (but does!, for multiple different boxes!)

      Using P-ARP, on the original ips that are VIP, I can ping the ip, I can use a 1:1 nat, and everything works (apparently ping shouldn't?)

      same exact setup, with new ips, nothing works. can not ping, can not access 1:1 NAT (with firewall rules opening http,etc).

      See above document link, Notice IP-Alias option, jump for joy, as that's how I would have preferred to set it up in the first place.
      Everything Just_Works

      However, I now notice this:

      Feb 4 17:39:00 check_reload_status: Syncing firewall
      Feb 4 17:39:02 check_reload_status: Reloading filter
      Feb 4 17:39:02 php: : Config sync not being done because of missing sync IP (normal on secondary systems).

      I am not using CARP, nor do I want to for these boxes. I would assume something incorrectly set a flag for carp? I checked the carp page, and everything appears to be default.

      How can I fix the incorrect error of 'missing sync IP'.

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        That is some strange behavior. Unless you went into CARP settings and set XMLRPC Sync settings with an IP address, it should not do this. Make sure nothing is checked in there.
        What part about about that link makes you think that your config should not work? P-ARP VIP and ping, iirc does not pass on the ICMP, but the firewall will respond to the ping and not the computer behind the firewall. NAT with proxy arp works. IP alias is better than P-Arp IMO.I would also check /conf/config.xml to make sure there is nothing in <carpsettings>config.</carpsettings>

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Look at the CARP settings and if you have a username/password filled in (perhaps your browser "helpfully" autocompleted it for you!), remove it, and then it should stop.

          As for proxy ARP and 1:1 NAT, that will result in a ping reply from the target system, same as IP alias.
          A proxy ARP VIP won't generate a ping reply from the firewall itself, whereas IP alias and CARP will.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            Crap … had it reversed sorry. (in reference to ping.) ... Where's the coffee!!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.