Trouble with VIP

dan34 · Dec 7, 2014, 10:49 PM

I created a VIP with a second public IP. I used type "IP Alias" and addef firewall rules to allow it to respond to pings. I am able to ping the address, but I get packet loss of more than 60%. The VIP is in the same subnet as the primary IP. The plan is to use the VIP to forward ports to an internal system, but at this point it's pretty unusable.

I've done some searching, but haven't found a similar problem. Does anyone have suggestions for fixing this?

KOM · Dec 8, 2014, 2:29 PM

Anything in your System log? I have 13 public IP addresses, and I use pfSense WAN for one and 12 VIPs for the others. Works like a charm. You're sure you don't have an IP conflict somewhere for that 60% lossy IP address?

dan34 · Dec 8, 2014, 5:37 PM

I'm pretty sure I tried to ping the address before I added it as a VIP and got no replies. I'll check that again.

A mis-configuration on the ISP's part could cause something like this as well, right?

KOM · Dec 8, 2014, 7:22 PM

A mis-configuration on the ISP's part could cause something like this as well, right?

Unlikely. More likely is a bad cable, hardware or misconfiguration on your end.

dan34 · Dec 9, 2014, 2:24 AM

Well, hardware would be the same as for the WAN IP and that works just fine. So that leaves some configuration problem.

I just did some packet captures. At the WAN interface of pfSense I see the echo requests arriving and the replies going back. However at my end (where I'm pinging from) I see all the requests going out, but most of the replies are missing. So the replies are leaving pfSense, but not reaching me. I don't see how that could be a config problem in the pfSense box, but I may be missing something

KOM · Dec 9, 2014, 2:30 PM

Plz detail your network configuration. Maybe there is a clue there.