Only works for me, and only for a little while



  • I did a cvs_sync.sh releng1

    I fixed the netmask on the lan-carp

    It's works for me… for a while, then stops routing packets.

    It won't route packets for any of the other machines I've tried on the lan.

    I've swapped out nics, changed them around. I even tried using the backup router instead of the master. They both act the same. There must be some configuration issue, but I don't know what it is. My internal ip address ( the one that works ) is 192.168.0.90.

    What am I doing wrong that it doesn't want to serve packets for me :(

    
     <pfsense><version>2.3</version>
    	 <lastchange><theme>metallic</theme>
    	 <system><optimization>normal</optimization>
    		<hostname>wasrouter1</hostname>
    		<domain>***.***.net</domain>
    		<username>admin</username>
    		<password>********</password>
    		<timezone>America/Chicago</timezone>
    		<time-update-interval>300</time-update-interval>
    		<timeservers>pool.ntp.org</timeservers>
    		 <webgui><protocol>http</protocol></webgui> 
    		<dnsserver>*.*.169.1</dnsserver>
    		<dnsserver>*.*.220.5</dnsserver>
    		 <dnsallowoverride></dnsallowoverride></system> 
    	 <interfaces><lan><if>rl1</if>
    			<ipaddr>192.168.0.250</ipaddr>
    			<subnet>24</subnet>
    			 <media><mediaopt><bandwidth>100</bandwidth>
    			<bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> 
    		 <wan><if>rl0</if>
    			 <mtu><blockpriv><media><mediaopt><bandwidth>100</bandwidth>
    			<bandwidthtype>Mb</bandwidthtype>
    			 <disableftpproxy><ipaddr>*.*.218.247</ipaddr>
    			<subnet>23</subnet>
    			<gateway>*.*.219.252</gateway>
    			 <blockbogons><spoofmac></spoofmac></blockbogons></disableftpproxy></mediaopt></media></blockpriv></mtu></wan> 
    		 <opt1><if>dc0</if>
    			<descr>WAN2</descr>
    			 <bridge><enable><ipaddr>*.*.231.155</ipaddr>
    			<subnet>23</subnet>
    			<gateway>*.*.231.154</gateway>
    			 <spoofmac></spoofmac></enable></bridge></opt1> 
    		 <opt2><if>fxp0</if>
    			<descr>SYNC</descr>
    			 <bridge><enable><ipaddr>192.168.250.1</ipaddr>
    			<subnet>24</subnet>
    			 <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt2></interfaces> 
    	 <staticroutes><pppoe><pptp><bigpond><dyndns><type>dyndns</type>
    		 <username><password></password></username></dyndns> 
    	 <dhcpd><lan><range><from>192.168.1.100</from>
    				<to>192.168.1.199</to></range></lan></dhcpd> 
    	 <pptpd><mode><redir><localip></localip></redir></mode></pptpd> 
    	 <ovpn><dnsmasq><enable></enable></dnsmasq> 
    	 <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd> 
    	 <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag> 
    	 <bridge><syslog><nat><ipsecpassthru><advancedoutbound><rule><source>
    					<network>192.168.0.0/24</network>
    
    				 <sourceport><descr>use WAN carp for LAN</descr>
    				<target>*.*.218.245</target>
    				<interface>wan</interface>
    				 <destination><any></any></destination> 
    				 <natport></natport></sourceport></rule> 
    			 <enable></enable></advancedoutbound></ipsecpassthru></nat> 
    	 <filter><rule><type>pass</type>
    			<descr>Default LAN -> any</descr>
    			<interface>lan</interface>
    			<source>
    				<network>lan</network>
    
    			 <destination><any></any></destination></rule> 
    		 <rule><type>pass</type>
    			<interface>opt2</interface>
    			 <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
    			 <os><source>
    				 <any><destination><any></any></destination> 
    			<descr>trust the Sync-Subnet</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter> 
    	 <ipsec><preferredoldsa></preferredoldsa></ipsec> 
    	 <aliases><proxyarp><wol><installedpackages><carpsettings><config><pfsyncenabled>on</pfsyncenabled>
    				<pfsyncinterface>SYNC</pfsyncinterface>
    				 <balancing><synchronizerules>on</synchronizerules>
    				<synchronizealiases>on</synchronizealiases>
    				<synchronizenat>on</synchronizenat>
    				<synchronizeipsec>on</synchronizeipsec>
    				<synchronizewol>on</synchronizewol>
    				<synchronizestaticroutes>on</synchronizestaticroutes>
    				<synchronizelb>on</synchronizelb>
    				<synchronizevirtualip>on</synchronizevirtualip>
    				<synchronizetrafficshaper>on</synchronizetrafficshaper>
    				<synchronizednsforwarder>on</synchronizednsforwarder>
    				<synchronizetoip>192.168.250.2</synchronizetoip>
    				<password>********</password></balancing></config></carpsettings></installedpackages> 
    	 <revision><description>/firewall_nat_out.php made unknown change</description>
    		<time>1145994769</time></revision> 
    	 <virtualip><vip><mode>carp</mode>
    			<interface>wan</interface>
    			<vhid>1</vhid>
    			<advskew>0</advskew>
    			<password>********</password>
    			<descr>WAN-NSN-CARP</descr>
    			<type>single</type>
    			<subnet_bits>23</subnet_bits>
    			<subnet>*.*.218.245</subnet></vip> 
    		 <vip><mode>carp</mode>
    			<interface>lan</interface>
    			<vhid>3</vhid>
    			<advskew>0</advskew>
    			<password>********</password>
    			<descr>LAN-CARP</descr>
    			<type>single</type>
    			<subnet_bits>24</subnet_bits>
    			<subnet>192.168.0.3</subnet></vip></virtualip></wol></proxyarp></aliases></syslog></bridge></ovpn></bigpond></pptp></pppoe></staticroutes></lastchange></pfsense> 
    
    


  • some more clarification, as I have been hacking on this thing almost non-stop.

    If I set default gateway to the physical ip of one of the routers, everything works fine.

    However, it's not routing packets from the carp lan ip.

    I.e. router1 lan ip = 192.168.0.250
    router2 lan ip = 192.168.0.251
    lan carp vip =192.168.0.3

    I can't find anything in the NAT settings nor in the firewall settings to allow it to route packets directed at 192.168.0.3. I would assume this is automatic, but it's just not working :(



  • Just to let you know I found the problem and it wasn't pfsense. the test lan carp ip I chose was in conflict with my wap and I had forgotten I had assigned that ip to the wap. I haven't finished testing yet but pfsense is working beautifully!

    Thanks for everyone's help and support, and I've learned a lot about pfsense, carp and pf.


Log in to reply