Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    NAT and MAC change (Intel NIC Teaming)

    NAT
    3
    3
    4056
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      unguzov last edited by

      I have problem with NAT and port forwarding.
      One of my servers is using Intel nics with TEAM function (two lan cards are used as a team and provides load balancing and failover).

      The problem is that I cannot create stable connection with port forwarding (for example remote desktop or HTTPS mail), because MAC address constantly changes. I see these messages in log:

      Nov 22 20:32:03 kernel: arp: 192.168.190.6 moved from XXXXXX:4c to XXXXXX:4d on fxp0
      Nov 22 20:31:45 kernel: arp: 192.168.190.6 moved from XXXXXX:4d to XXXXXX:4c on fxp0
      Nov 22 20:31:45 kernel: arp: 192.168.190.6 moved from XXXXXX:4c to XXXXXX:4d on fxp0
      Nov 22 20:28:56 kernel: arp: 192.168.190.6 moved from XXXXXX:4d to XXXXXX:4c on fxp0
      ….

      What can I do now? Remove Team function or adjust firewall settings?

      1 Reply Last reply Reply Quote 0
      • J
        jonnytabpni last edited by

        I am having a related issue where I need pfsense to update its ARP table more frequently due to MAC address changes. Any idea how to do this?

        1 Reply Last reply Reply Quote 0
        • K
          ktims last edited by

          @unguzov:

          I have problem with NAT and port forwarding.
          One of my servers is using Intel nics with TEAM function (two lan cards are used as a team and provides load balancing and failover).

          The problem is that I cannot create stable connection with port forwarding (for example remote desktop or HTTPS mail), because MAC address constantly changes. I see these messages in log:

          Nov 22 20:32:03 kernel: arp: 192.168.190.6 moved from XXXXXX:4c to XXXXXX:4d on fxp0
          Nov 22 20:31:45 kernel: arp: 192.168.190.6 moved from XXXXXX:4d to XXXXXX:4c on fxp0
          Nov 22 20:31:45 kernel: arp: 192.168.190.6 moved from XXXXXX:4c to XXXXXX:4d on fxp0
          Nov 22 20:28:56 kernel: arp: 192.168.190.6 moved from XXXXXX:4d to XXXXXX:4c on fxp0
          ….

          What can I do now? Remove Team function or adjust firewall settings?

          It sounds like you don't have switch support for aggregation, or don't have it configured properly. Pure failover mode is all that will work properly without switch support.

          I am having a related issue where I need pfsense to update its ARP table more frequently due to MAC address changes. Any idea how to do this?

          I think FreeBSD should be updating the ARP table any time it receives a packet that doesn't match its current cache, as should any other TCP/IP stack. Are you saying you want it to flush the cache sooner and make a new ARP request? This is controlled by the sysctl tuneable 'net.link.ether.inet.max_age'; it seems to default to 20 minutes.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post