Replicated v 1.2.3 settings wont work v2 - driving me crazy!

tamtap · Oct 27, 2013, 4:06 PM

Here is the issue. I have pfsense working v 1.2 with single WAN using virtual IP (Ethernet with 5 IP’s available) and it works perfectly.

I bought another pfsense hardware to use as a backup and it runs version 2.x, I configured it exactly the same as the current one but it will not pass any LAN traffic to the internet. If I use ping from pfsense and ping google.com it works fine so it must be a setting somewhere.

attached shots of the config, if anyone can find the secret setting to make it work you will have a billion karma inc!

tamtap · Oct 27, 2013, 4:06 PM

last two settings

stephenw10 · Oct 27, 2013, 4:43 PM

You should use VIP type 'IP Alias' which wasn't available in 1.2.X.
That doesn't really explain why you can't get internet access from LAN though. :-\

Are you using only that one virtual IP? Are you pinging google,com from the console or via the Diagnostics menu?
Have you modified the outbound NAT settings at all?

Steve

tamtap · Oct 27, 2013, 4:56 PM

thanks for the reply

yes only 1 of the allocated IP's is in use.

yes pinging google for the diags menu

no not modifiet outbound nat its on auto

you think the 'ip alias' is the cause ?

its a 20 min drive to the site to test it!

thanks

stephenw10 · Oct 27, 2013, 5:07 PM

I didn't think the properties of proxy arp VIP had changed just that IP Alias is a better general recommendation as it is able to be used in more scenarios. So I can't see why it wouldn't work now with proxy arp.

When you use the diag menu ping test you have to specify an interface. That means that you will send your ping via WAN (if you select it) even if the system default gateway is incorrectly set to something alse or the system has no default route.

If you can log in remotely try pinging from the console. Check the routing table, check the system default gateway.

Steve

tamtap · Oct 27, 2013, 5:29 PM

how do i display routes in the console ?

The gateway is definitely correct I can see it in the 'gateway' menu

charliem · Oct 27, 2013, 6:02 PM

@tamtap:

how do i display routes in the console ?

netstat -rn

tamtap · Oct 27, 2013, 6:19 PM

thanks but its all unreadable ipv6

stephenw10 · Oct 27, 2013, 6:36 PM

You can see it in the webgui in Diagnostics: Routes:

or use:

 netstat -f inet -rn

Steve

tamtap · Oct 27, 2013, 6:44 PM

thanks Steve, here is the info

tamtap · Oct 27, 2013, 6:51 PM

the WAN isnt connected as the site is 20 mins drive away, but im connected to the LAN i can ssh to the pfsense box and the web gui is working ok.

It's soo annoying I have 2 brand new ALIX boxes to use as spares and they both are the same, I just cant work out what is wrong grrrrr!

stephenw10 · Oct 27, 2013, 6:54 PM

Deleted my post it was completely wrong! ::)

Ah, so WAN isn't connected. Presumably is was connected at some point and proved non-functional?

Steve

tamtap · Oct 27, 2013, 6:56 PM

yes, it works on the pfsense box i have running 1.2.3 but with the identical settings per my screenshots on v2 pfsense it doesn't (tried 2 lots of hardware) and i cant work out why