1:1 NAT problems because Virtual IPs dont get GARPed
-
We have PFSense 1.2.3 embedded which is connected to a Tellabs ONT (Optical Network Termination) box which connects us to our ISP via fiber, then to Cisco equipment on their side.
We are having problems working with 1:1 NAT to give an external IP to some of our servers inside the firewall. The problem is that the vendor's equipment will not send packets to an IP unless it has first seen a GARP (gratuitous ARP) request. I'm not sure why they do this, and I am trying to get them to change it, but they are not sure if they can.
The problem is, PFSense does not send out GARP packets for any of its virtual IPs–it only sends them for the WAN IP itself. Thus, no traffic ever reaches my other IP addresses, unless I do some tricks, such as the ones described in this post (http://forum.pfsense.org/index.php?topic=13825.0).
Does anyone know any way to have PFSense send GARPs for each virtual IP? Do developers feel that this would be reasonable to change this behavior in a future release?
Thanks,
Jeff
-
I have found a solution to this problem. It first requires installing the "arping" package (which worked on my embedded installation–yea!)
Then I added a cron entry to send the appropriate command periodically for each IP I want to keep alive. On Embedded, the only way to do this is to add to the cron entries in the /conf/config.xml file. You'll see a number of them there already. Just add entries with the following command:
/usr/local/sbin/arping -s <mac address="" of="" wan="" port="">-c 1 -i <interface name="">-S <external ip="">-t ff:ff:ff:ff:ff:ff <external_ip>For example:
/usr/local/sbin/arping -s 00:30:48:4b:a8:07 -c 1 -i vr1 -S 166.15.11.137 -t ff:ff:ff:ff:ff:ff 166.15.11.137
Hope this helps...</external_ip></external></interface></mac>