After upgrade from 2.0.1 to 2.0.3, one gateway is never detected as online
-
I had a fully functioning multi-wan setup on 2.0.1 running on an Alix board. I upgraded the system to 2.0.3, which appeared to go flawlessly. After the upgrade, one of my two gateways is never detected as online, even though it is passing data on that circuit. I've tried different known usable monitoring IP's, I've rebooted the box a couple times, but nothing I've done gets pfSense to detect the gateway as online like it is. I know the circuit itself is functional because I have and use a number of port forwards on that circuit, which are all functioning just fine.
Any troubleshooting hints or tips?
-
Can you actually ping the monitor IP on that circuit?
I mean go to Diag > Ping and try to ping it and see what happens.
Make sure there aren't any other conflicting routes that would be sending the traffic out the wrong way, too, such as in the DNS settings.
-
That's something else that's strange (that I forgot to mention). When you just trying pinging from that interface out to anything, you get no response. That just doesn't make sense, though, because there are multiple functioning VPN tunnels as well as port forwards on that same circuit.
I don't have any special routes for DNS defined. It's almost like any traffic originating on the IP address of that interface going out is either dropped or blocked. Traffic destined for that same IP, though, comes in no problem.
-
It could be that your ISP is dropping all ICMP on that circuit. It's not unheard of. I can't imagine how that is different on 2.0.3 than 2.0.1 though, a ping from the GUI wouldn't be any different.
-
I'm having the ISP look at it, but no luck so far. There's just no response to ICMP requests issued by the firewall on that circuit.
-
The ISP confirms they're not blocking anything. I disable gateway monitoring just to force pfSense into realizing the circuit is up, but it can't send any traffic out on that circuit. It can respond to traffic coming in on that circuit just fine. I'm still convinced the routing is screwball.
-
If you can post the output of "ifconfig -a" and "netstat -rn" it might shed some light on what is going on.
You can anonymize the IPs if you want just so long as they are distinguishable/identifiable in some way (e.g. one subnet is x.x.x, another is y.y.y, don't just make them all x's if the subnets are different)
-
Sure, anonymized and posted below (but I didn't change the netmasks to reflect my fictitious IP range). Vr1 is connected to the ISP where the firewall only receives and responds to traffic. No traffic seems to leave the firewall on that interface.
vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:e9:60
inet6 fe80::20d:b9ff:fe12:e960%vr0 prefixlen 64 scopeid 0x1
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:e9:61
inet6 fe80::20d:b9ff:fe12:e961%vr1 prefixlen 64 scopeid 0x2
inet 1.1.1.1 netmask 0xfffffff8 broadcast 1.1.1.255
inet 1.1.1.2 netmask 0xfffffff8 broadcast 1.1.1.255
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vr2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:0d:b9:12:e9:62
inet 2.2.2.2 netmask 0xfffffff8 broadcast 2.2.2.255
inet6 fe80::20d:b9ff:fe12:e962%vr2 prefixlen 64 scopeid 0x3
inet 10.1.10.19 netmask 0xffffff00 broadcast 10.1.10.255
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
nd6 options=43 <performnud,accept_rtadv>pfsync0: flags=0<> metric 0 mtu 1460
syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
enc0: flags=41 <up,running>metric 0 mtu 1536
pflog0: flags=100 <promisc>metric 0 mtu 33200
vr0_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 00:0d:b9:12:e9:60
inet6 fe80::20d:b9ff:fe12:e960%vr0_vlan1 prefixlen 64 scopeid 0x8
inet 10.0.0.1 netmask 0xffffffe0 broadcast 10.0.0.31
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 1 parent interface: vr0
vr0_vlan2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 00:0d:b9:12:e9:60
inet6 fe80::20d:b9ff:fe12:e960%vr0_vlan2 prefixlen 64 scopeid 0x9
inet 10.0.0.33 netmask 0xffffffe0 broadcast 10.0.0.63
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 2 parent interface: vr0
vr0_vlan3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 00:0d:b9:12:e9:60
inet6 fe80::20d:b9ff:fe12:e960%vr0_vlan3 prefixlen 64 scopeid 0xa
inet 10.0.0.65 netmask 0xffffffe0 broadcast 10.0.0.95
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 3 parent interface: vr0
vr0_vlan4: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
ether 00:0d:b9:12:e9:60
inet6 fe80::20d:b9ff:fe12:e960%vr0_vlan4 prefixlen 64 scopeid 0xb
inet 10.0.0.97 netmask 0xffffffe0 broadcast 10.0.0.127
nd6 options=43 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 4 parent interface: vr0Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 1.1.1.17 UGS 0 58450269 vr1
4.2.2.1 1.1.1.17 UGHS 0 621319 vr1
4.2.2.2 2.2.2.150 UGHS 0 4423618 vr2
10.0.0.0/27 link#8 U 0 172888076 vr0_vl
10.0.0.1 link#8 UHS 0 0 lo0
10.0.0.32/27 link#9 U 0 1925354412 vr0_vl
10.0.0.33 link#9 UHS 0 0 lo0
10.0.0.64/27 link#10 U 0 160538185 vr0_vl
10.0.0.65 link#10 UHS 0 0 lo0
10.0.0.96/27 link#11 U 0 82327693 vr0_vl
10.0.0.97 link#11 UHS 0 0 lo0
10.1.10.0/24 link#3 U 0 2424247 vr2
10.1.10.19 link#3 UHS 0 0 lo0
1.1.1.0/29 link#2 U 0 292 vr1
1.1.1.1 link#2 UHS 0 18 lo0
1.1.1.2 link#2 UHS 0 0 lo0
6.6.6.6 1.1.1.17 UGHS 0 21820627 vr1
127.0.0.1 link#4 UH 0 0 lo0
2.2.2.0/29 link#3 U 0 1 vr2
2.2.2.2 link#3 UHS 0 0 lo0
192.168.201.0/24 10.0.0.11 UGS 0 2678960 vr0_vl</full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></up,broadcast,running,simplex,multicast></promisc></up,running></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>
