Only works for me, and only for a little while

Royce3

I did a cvs_sync.sh releng1

I fixed the netmask on the lan-carp

It's works for me… for a while, then stops routing packets.

It won't route packets for any of the other machines I've tried on the lan.

I've swapped out nics, changed them around. I even tried using the backup router instead of the master. They both act the same. There must be some configuration issue, but I don't know what it is. My internal ip address ( the one that works ) is 192.168.0.90.

What am I doing wrong that it doesn't want to serve packets for me :(

 <pfsense><version>2.3</version>
	 <lastchange><theme>metallic</theme>
	 <system><optimization>normal</optimization>
		<hostname>wasrouter1</hostname>
		<domain>***.***.net</domain>
		<username>admin</username>
		<password>********</password>
		<timezone>America/Chicago</timezone>
		<time-update-interval>300</time-update-interval>
		<timeservers>pool.ntp.org</timeservers>
		 <webgui><protocol>http</protocol></webgui> 
		<dnsserver>*.*.169.1</dnsserver>
		<dnsserver>*.*.220.5</dnsserver>
		 <dnsallowoverride></dnsallowoverride></system> 
	 <interfaces><lan><if>rl1</if>
			<ipaddr>192.168.0.250</ipaddr>
			<subnet>24</subnet>
			 <media><mediaopt><bandwidth>100</bandwidth>
			<bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> 
		 <wan><if>rl0</if>
			 <mtu><blockpriv><media><mediaopt><bandwidth>100</bandwidth>
			<bandwidthtype>Mb</bandwidthtype>
			 <disableftpproxy><ipaddr>*.*.218.247</ipaddr>
			<subnet>23</subnet>
			<gateway>*.*.219.252</gateway>
			 <blockbogons><spoofmac></spoofmac></blockbogons></disableftpproxy></mediaopt></media></blockpriv></mtu></wan> 
		 <opt1><if>dc0</if>
			<descr>WAN2</descr>
			 <bridge><enable><ipaddr>*.*.231.155</ipaddr>
			<subnet>23</subnet>
			<gateway>*.*.231.154</gateway>
			 <spoofmac></spoofmac></enable></bridge></opt1> 
		 <opt2><if>fxp0</if>
			<descr>SYNC</descr>
			 <bridge><enable><ipaddr>192.168.250.1</ipaddr>
			<subnet>24</subnet>
			 <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt2></interfaces> 
	 <staticroutes><pppoe><pptp><bigpond><dyndns><type>dyndns</type>
		 <username><password></password></username></dyndns> 
	 <dhcpd><lan><range><from>192.168.1.100</from>
				<to>192.168.1.199</to></range></lan></dhcpd> 
	 <pptpd><mode><redir><localip></localip></redir></mode></pptpd> 
	 <ovpn><dnsmasq><enable></enable></dnsmasq> 
	 <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd> 
	 <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag> 
	 <bridge><syslog><nat><ipsecpassthru><advancedoutbound><rule><source>
					<network>192.168.0.0/24</network>

				 <sourceport><descr>use WAN carp for LAN</descr>
				<target>*.*.218.245</target>
				<interface>wan</interface>
				 <destination><any></any></destination> 
				 <natport></natport></sourceport></rule> 
			 <enable></enable></advancedoutbound></ipsecpassthru></nat> 
	 <filter><rule><type>pass</type>
			<descr>Default LAN -> any</descr>
			<interface>lan</interface>
			<source>
				<network>lan</network>

			 <destination><any></any></destination></rule> 
		 <rule><type>pass</type>
			<interface>opt2</interface>
			 <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
			 <os><source>
				 <any><destination><any></any></destination> 
			<descr>trust the Sync-Subnet</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter> 
	 <ipsec><preferredoldsa></preferredoldsa></ipsec> 
	 <aliases><proxyarp><wol><installedpackages><carpsettings><config><pfsyncenabled>on</pfsyncenabled>
				<pfsyncinterface>SYNC</pfsyncinterface>
				 <balancing><synchronizerules>on</synchronizerules>
				<synchronizealiases>on</synchronizealiases>
				<synchronizenat>on</synchronizenat>
				<synchronizeipsec>on</synchronizeipsec>
				<synchronizewol>on</synchronizewol>
				<synchronizestaticroutes>on</synchronizestaticroutes>
				<synchronizelb>on</synchronizelb>
				<synchronizevirtualip>on</synchronizevirtualip>
				<synchronizetrafficshaper>on</synchronizetrafficshaper>
				<synchronizednsforwarder>on</synchronizednsforwarder>
				<synchronizetoip>192.168.250.2</synchronizetoip>
				<password>********</password></balancing></config></carpsettings></installedpackages> 
	 <revision><description>/firewall_nat_out.php made unknown change</description>
		<time>1145994769</time></revision> 
	 <virtualip><vip><mode>carp</mode>
			<interface>wan</interface>
			<vhid>1</vhid>
			<advskew>0</advskew>
			<password>********</password>
			<descr>WAN-NSN-CARP</descr>
			<type>single</type>
			<subnet_bits>23</subnet_bits>
			<subnet>*.*.218.245</subnet></vip> 
		 <vip><mode>carp</mode>
			<interface>lan</interface>
			<vhid>3</vhid>
			<advskew>0</advskew>
			<password>********</password>
			<descr>LAN-CARP</descr>
			<type>single</type>
			<subnet_bits>24</subnet_bits>
			<subnet>192.168.0.3</subnet></vip></virtualip></wol></proxyarp></aliases></syslog></bridge></ovpn></bigpond></pptp></pppoe></staticroutes></lastchange></pfsense> 

Royce3

some more clarification, as I have been hacking on this thing almost non-stop.

If I set default gateway to the physical ip of one of the routers, everything works fine.

However, it's not routing packets from the carp lan ip.

I.e. router1 lan ip = 192.168.0.250
router2 lan ip = 192.168.0.251
lan carp vip =192.168.0.3

I can't find anything in the NAT settings nor in the firewall settings to allow it to route packets directed at 192.168.0.3. I would assume this is automatic, but it's just not working :(

Royce3

Just to let you know I found the problem and it wasn't pfsense. the test lan carp ip I chose was in conflict with my wap and I had forgotten I had assigned that ip to the wap. I haven't finished testing yet but pfsense is working beautifully!

Thanks for everyone's help and support, and I've learned a lot about pfsense, carp and pf.