Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound FTP stopped working and WAN address TTL expires

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Cloverleaf
      last edited by

      Hi all,

      I've got 2 PFSense boxes, one a CARP master and the other a passive machine.  Recently, we had to failover the primary and reboot the machine and failback.  After this event, outbound FTP connections through the primary don't work, and pinging the primary box's WAN gives a TTL expired message.  Traceroutes to the WAN seem to show that it is looping over and over on that address until TTL expires.  The machine itself can't ping it's uplink, but it passes traffic through the various CARP addresses fine.  The primary can not ping itself nor reach FTP sites.  Tcpdumps show a SYN being sent from the public address to the FTP site, and then a SYN-ACK, but no subsequent ACK.  Instead another SYN happens.  I am using the FTP helper on the interface this passes through.  Basically anything that sources itself as the WAN address doesn't seem to work.  The secondary has none of these problems currently, but it also doesn't have any of the CARPs.  A suspicious route that doesn't exist on the secondary is:

      <wanip>        <wan mac="">  UHLW        1 12076103    lo0

      I don't know if that's needed for CARP, but it seems strange that the WANIP is reached via lo0 on the machine.  This is a live, production firewall, otherwise I'd pull the route and see what breaks.  Any ideas as to what's going on?  I wasn't sure if this should go here of the CARP forum, but I have no proof it's CARP related.</wan></wanip>

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.