Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Failover on wan and opt2, cannot get to work

    Scheduled Pinned Locked Moved Routing and Multi WAN
    1 Posts 1 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      stephend2
      last edited by

      I think the issue right now is the load balancer is reporting opt2 offline all the time, I have verified that the monitor ip is a pingable ip address but it still will not show online.

      I've tried every howto guide in existence and even tried winging it myself, no way can I make that interface show online.

      I've attached the full config of the box.

      • <pfsense><version>3.0</version>
          <lastchange><theme>pfsense</theme>
      • <system><optimization>normal</optimization>
          <hostname>pfsense</hostname>
          <domain>local</domain>
          <username>admin</username>
          <password>$1$moBXEWG.$SqUB1BrfewajVme4.GzxC0</password>
          <timezone>Etc/GMT-6</timezone>
          <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
      • <webgui><protocol>http</protocol></webgui>
          <disablenatreflection>yes</disablenatreflection>
          <dnsserver>208.67.222.222</dnsserver>
          <dnsserver>208.67.220.220</dnsserver></time-update-interval></system>
      • <interfaces>- <lan><if>fxp0</if>
          <ipaddr>100.100.100.1</ipaddr>
          <subnet>24</subnet>
          <media><mediaopt><bandwidth>100</bandwidth>
          <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan>
      • <wan><if>sis0</if>
          <mtu><media><mediaopt><bandwidth>100</bandwidth>
          <bandwidthtype>Mb</bandwidthtype>
          <spoofmac>00:0d:88:c2:9e:9a</spoofmac>
          <disableftpproxy><ipaddr>dhcp</ipaddr>
          <dhcphostname></dhcphostname></disableftpproxy></mediaopt></media></mtu></wan>
      • <opt1><if>xl0</if>
          <descr>wireless</descr>
          <bridge><enable><ipaddr>192.168.12.1</ipaddr>
          <subnet>24</subnet>
          <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt1>
      • <opt2><descr>Wave2LAN</descr>
          <if>rl0</if>
          <bridge><enable><ipaddr>97.67.124.34</ipaddr>
          <subnet>26</subnet>
          <gateway>97.67.124.1</gateway>
          <spoofmac><mtu><disableftpproxy></disableftpproxy></mtu></spoofmac></enable></bridge></opt2></interfaces>
          <staticroutes>- <pppoe><username><password></password></username></pppoe>
      • <pptp><username><password><local></local></password></username></pptp>
      • <bigpond><username><password><authserver><authdomain><minheartbeatinterval></minheartbeatinterval></authdomain></authserver></password></username></bigpond>
      • <dyndns><type>dyndns</type>
          <username><password></password></username></dyndns>
      • <dhcpd>- <lan><enable>- <range><from>100.100.100.10</from>
          <to>100.100.100.99</to></range>
          <defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></enable></lan>
      • <opt1>- <range><from>192.168.12.100</from>
          <to>192.168.12.254</to></range>
          <defaultleasetime>7200</defaultleasetime>
          <maxleasetime>86400</maxleasetime>
          <netmask><failover_peerip><dnsserver>208.67.222.222</dnsserver>
          <dnsserver>208.67.220.220</dnsserver>
          <gateway>192.168.12.1</gateway>
          <enable><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></enable></failover_peerip></netmask></opt1></dhcpd>
      • <pptpd><mode>server</mode>
          <redir><localip>100.100.100.223</localip>
          <remoteip>100.100.100.224</remoteip>
      • <radius></radius>
          <wins>- <user><name>tom</name>
          <ip><password>0420</password></ip></user>
      • <user><name>john</name>
          <ip><password>2raFres7</password></ip></user></wins></redir></pptpd>
          <ovpn>- <dnsmasq><enable></enable></dnsmasq>
      • <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
      • <diag>- <ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
          <bridge><syslog>- <nat>- <ipsecpassthru><enable></enable></ipsecpassthru>
      • <advancedoutbound>- <rule>- <source>
          <network>100.100.100.0/24</network>

      <sourceport><descr>nat for production-cablelynx</descr>
        <target><interface>wan</interface>

      • <destination><address>206.255.241.0/24</address></destination>
          <natport></natport></target></sourceport></rule>
      • <rule>- <source>
          <network>192.168.12.0/24</network>

      <sourceport><descr>nat for wireless</descr>
        <target><interface>wan</interface>

      • <destination><any></any></destination>
          <natport></natport></target></sourceport></rule></advancedoutbound></nat>

      • <filter>- <rule><type>pass</type>
          <interface>pptp</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <any>- <destination><address>100.100.100.5</address></destination>
          <descr>allow vpn users to connect to cameras</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><type>pass</type>
          <interface>pptp</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <any>- <destination><address>100.100.100.100</address></destination>
          <descr>as/400 vpn access</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><type>pass</type>
          <interface>opt2</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os><protocol>icmp</protocol>

      • <source>
          <any>- <destination><any></any></destination>
          <descr>allow icmp from wave2lan</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><type>block</type>
          <interface>opt1</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <any>- <destination><address>192.168.12.1</address></destination>
          <descr>block firewall access from wlan</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><type>block</type>
          <interface>opt1</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <any>- <destination><network>lan</network></destination>
          <descr>block lan access from wireless</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><type>pass</type>
          <interface>opt1</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <any>- <destination><any></any></destination>
          <descr>wireless net to internet</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><type>pass</type>
          <interface>lan</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <network>lan</network>

      • <destination><address>206.255.241.0/24</address></destination>
          <disabled><descr>make sure WAN1 goes to right place</descr></disabled></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><type>pass</type>
          <interface>lan</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <network>lan</network>

      • <destination><network>opt2</network></destination>
          <disabled><descr>make sure WAN2 goes to right place</descr>
          <gateway>failover2</gateway></disabled></os></statetimeout></max-src-states></max-src-nodes></rule>

      • <rule><type>pass</type>
          <interface>lan</interface>
          <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
          <os>- <source>
          <network>lan</network>

      • <destination><any></any></destination>
          <descr>Default LAN -> any</descr></os></statetimeout></max-src-states></max-src-nodes></rule></filter>
          <shaper>- <ipsec><preferredoldsa></preferredoldsa></ipsec>

      • <aliases>- <alias><name>HTTPsAll</name>

      <address>22 443 444 3389 8443</address>

      <descr>ports that cannot load share</descr>
        <type>port</type>
        <detail>Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||</detail></alias>

      • <alias><name>cablelynxgw</name>

      <address>206.255.241.1</address>

      <descr><type>host</type>
        <detail>Entry added Wed, 03 Feb 2010 04:10:40 +0600||</detail></descr></alias>

      • <alias><name>internetrouters</name>

      <address>206.255.241.1 97.67.124.1</address>

      <descr><type>host</type>
        <detail>Entry added Wed, 20 Jan 2010 05:24:20 +0600||Entry added Wed, 20 Jan 2010 05:24:20 +0600||</detail></descr></alias>

      • <alias><name>wave2langw</name>

      <address>97.67.124.34</address>

      <descr><type>host</type>
        <detail>Entry added Wed, 03 Feb 2010 04:11:21 +0600||</detail></descr></alias></aliases>
        <proxyarp>- <cron>- <minute>0</minute>
        <hour></hour>
        <mday>      </mday>
        <month></month>
        <wday>      </wday>
        <who>root</who>
        <command></command>/usr/bin/nice -n20 newsyslog

      • <minute>1,31</minute>
          <hour>0-5</hour>
          <mday></mday>
          <month>        </month>
          <wday>*</wday>
          <who>root</who>
          <command></command>/usr/bin/nice -n20 adjkerntz -a
      • <minute>1</minute>
          <hour>3</hour>
          <mday>1</mday>
          <month></month>
          <wday>        </wday>
          <who>root</who>
          <command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
      • <minute>/60</minute>
          <hour>        </hour>
          <mday></mday>
          <month>        </month>
          <wday>*</wday>
          <who>root</who>
          <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
      • <minute>1</minute>
          <hour>1</hour>
          <mday></mday>
          <month>        </month>
          <wday>*</wday>
          <who>root</who>
          <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
      • <minute>/60</minute>
          <hour>        </hour>
          <mday></mday>
          <month>        </month>
          <wday>*</wday>
          <who>root</who>
          <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
      • <minute>/60</minute>
          <hour>        </hour>
          <mday></mday>
          <month>        </month>
          <wday>*</wday>
          <who>root</who>
          <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
      • <minute>/5</minute>
          <hour>        </hour>
          <mday></mday>
          <month>        </month>
          <wday>*</wday>
          <who>root</who>
          <command></command>/usr/local/bin/checkreload.sh
      • <minute>/5</minute>
          <hour>        </hour>
          <mday></mday>
          <month>        </month>
          <wday>*</wday>
          <who>root</who>
          <command></command>/etc/ping_hosts.sh
      • <minute>/140</minute>
          <hour>        </hour>
          <mday></mday>
          <month>        </month>
          <wday>*</wday>
          <who>root</who>
          <command></command>/usr/local/sbin/reset_slbd.sh</cron>
          <wol><installedpackages>- <revision><description>/firewall_nat_out.php made unknown change</description>
          <time>1265152163</time></revision>
      • <rrd><enable></enable></rrd>
      • <load_balancer>- <lbpool><type>gateway</type>
          <behaviour>failover</behaviour>
          <monitorip>206.255.241.1</monitorip>
          <name>failover1</name>
          <desc>Cablelynx Failover Wave2LAN</desc>
          <port><servers>opt2|97.67.124.1</servers>
          <servers>wan|206.255.241.1</servers></port></lbpool>
      • <lbpool><type>gateway</type>
          <behaviour>failover</behaviour>
          <monitorip>97.67.124.1</monitorip>
          <name>failover2</name>
          <desc>Wave2LAN Failover Cablelynx</desc>
          <port><servers>wan|206.255.241.1</servers>
          <servers>opt2|97.67.124.1</servers></port></lbpool></load_balancer></installedpackages></wol></proxyarp></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense>
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.