Failover on wan and opt2, cannot get to work



  • I think the issue right now is the load balancer is reporting opt2 offline all the time, I have verified that the monitor ip is a pingable ip address but it still will not show online.

    I've tried every howto guide in existence and even tried winging it myself, no way can I make that interface show online.

    I've attached the full config of the box.

    • <pfsense><version>3.0</version>
        <lastchange><theme>pfsense</theme>
    • <system><optimization>normal</optimization>
        <hostname>pfsense</hostname>
        <domain>local</domain>
        <username>admin</username>
        <password>$1$moBXEWG.$SqUB1BrfewajVme4.GzxC0</password>
        <timezone>Etc/GMT-6</timezone>
        <time-update-interval><timeservers>0.pfsense.pool.ntp.org</timeservers>
    • <webgui><protocol>http</protocol></webgui>
        <disablenatreflection>yes</disablenatreflection>
        <dnsserver>208.67.222.222</dnsserver>
        <dnsserver>208.67.220.220</dnsserver></time-update-interval></system>
    • <interfaces>- <lan><if>fxp0</if>
        <ipaddr>100.100.100.1</ipaddr>
        <subnet>24</subnet>
        <media><mediaopt><bandwidth>100</bandwidth>
        <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan>
    • <wan><if>sis0</if>
        <mtu><media><mediaopt><bandwidth>100</bandwidth>
        <bandwidthtype>Mb</bandwidthtype>
        <spoofmac>00:0d:88:c2:9e:9a</spoofmac>
        <disableftpproxy><ipaddr>dhcp</ipaddr>
        <dhcphostname></dhcphostname></disableftpproxy></mediaopt></media></mtu></wan>
    • <opt1><if>xl0</if>
        <descr>wireless</descr>
        <bridge><enable><ipaddr>192.168.12.1</ipaddr>
        <subnet>24</subnet>
        <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt1>
    • <opt2><descr>Wave2LAN</descr>
        <if>rl0</if>
        <bridge><enable><ipaddr>97.67.124.34</ipaddr>
        <subnet>26</subnet>
        <gateway>97.67.124.1</gateway>
        <spoofmac><mtu><disableftpproxy></disableftpproxy></mtu></spoofmac></enable></bridge></opt2></interfaces>
        <staticroutes>- <pppoe><username><password></password></username></pppoe>
    • <pptp><username><password><local></local></password></username></pptp>
    • <bigpond><username><password><authserver><authdomain><minheartbeatinterval></minheartbeatinterval></authdomain></authserver></password></username></bigpond>
    • <dyndns><type>dyndns</type>
        <username><password></password></username></dyndns>
    • <dhcpd>- <lan><enable>- <range><from>100.100.100.10</from>
        <to>100.100.100.99</to></range>
        <defaultleasetime><maxleasetime><netmask><failover_peerip><gateway><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></gateway></failover_peerip></netmask></maxleasetime></defaultleasetime></enable></lan>
    • <opt1>- <range><from>192.168.12.100</from>
        <to>192.168.12.254</to></range>
        <defaultleasetime>7200</defaultleasetime>
        <maxleasetime>86400</maxleasetime>
        <netmask><failover_peerip><dnsserver>208.67.222.222</dnsserver>
        <dnsserver>208.67.220.220</dnsserver>
        <gateway>192.168.12.1</gateway>
        <enable><ddnsdomain><next-server><filename></filename></next-server></ddnsdomain></enable></failover_peerip></netmask></opt1></dhcpd>
    • <pptpd><mode>server</mode>
        <redir><localip>100.100.100.223</localip>
        <remoteip>100.100.100.224</remoteip>
    • <radius></radius>
        <wins>- <user><name>tom</name>
        <ip><password>0420</password></ip></user>
    • <user><name>john</name>
        <ip><password>2raFres7</password></ip></user></wins></redir></pptpd>
        <ovpn>- <dnsmasq><enable></enable></dnsmasq>
    • <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd>
    • <diag>- <ipv6nat><ipaddr></ipaddr></ipv6nat></diag>
        <bridge><syslog>- <nat>- <ipsecpassthru><enable></enable></ipsecpassthru>
    • <advancedoutbound>- <rule>- <source>
        <network>100.100.100.0/24</network>

    <sourceport><descr>nat for production-cablelynx</descr>
      <target><interface>wan</interface>

    • <destination><address>206.255.241.0/24</address></destination>
        <natport></natport></target></sourceport></rule>
    • <rule>- <source>
        <network>192.168.12.0/24</network>

    <sourceport><descr>nat for wireless</descr>
      <target><interface>wan</interface>

    • <destination><any></any></destination>
        <natport></natport></target></sourceport></rule></advancedoutbound></nat>

    • <filter>- <rule><type>pass</type>
        <interface>pptp</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <any>- <destination><address>100.100.100.5</address></destination>
        <descr>allow vpn users to connect to cameras</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><type>pass</type>
        <interface>pptp</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <any>- <destination><address>100.100.100.100</address></destination>
        <descr>as/400 vpn access</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><type>pass</type>
        <interface>opt2</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os><protocol>icmp</protocol>

    • <source>
        <any>- <destination><any></any></destination>
        <descr>allow icmp from wave2lan</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><type>block</type>
        <interface>opt1</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <any>- <destination><address>192.168.12.1</address></destination>
        <descr>block firewall access from wlan</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><type>block</type>
        <interface>opt1</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <any>- <destination><network>lan</network></destination>
        <descr>block lan access from wireless</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><type>pass</type>
        <interface>opt1</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <any>- <destination><any></any></destination>
        <descr>wireless net to internet</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><type>pass</type>
        <interface>lan</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <network>lan</network>

    • <destination><address>206.255.241.0/24</address></destination>
        <disabled><descr>make sure WAN1 goes to right place</descr></disabled></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><type>pass</type>
        <interface>lan</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <network>lan</network>

    • <destination><network>opt2</network></destination>
        <disabled><descr>make sure WAN2 goes to right place</descr>
        <gateway>failover2</gateway></disabled></os></statetimeout></max-src-states></max-src-nodes></rule>

    • <rule><type>pass</type>
        <interface>lan</interface>
        <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype>
        <os>- <source>
        <network>lan</network>

    • <destination><any></any></destination>
        <descr>Default LAN -> any</descr></os></statetimeout></max-src-states></max-src-nodes></rule></filter>
        <shaper>- <ipsec><preferredoldsa></preferredoldsa></ipsec>

    • <aliases>- <alias><name>HTTPsAll</name>

    <address>22 443 444 3389 8443</address>

    <descr>ports that cannot load share</descr>
      <type>port</type>
      <detail>Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||Entry added Wed, 20 Jan 2010 05:16:53 +0600||</detail></alias>

    • <alias><name>cablelynxgw</name>

    <address>206.255.241.1</address>

    <descr><type>host</type>
      <detail>Entry added Wed, 03 Feb 2010 04:10:40 +0600||</detail></descr></alias>

    • <alias><name>internetrouters</name>

    <address>206.255.241.1 97.67.124.1</address>

    <descr><type>host</type>
      <detail>Entry added Wed, 20 Jan 2010 05:24:20 +0600||Entry added Wed, 20 Jan 2010 05:24:20 +0600||</detail></descr></alias>

    • <alias><name>wave2langw</name>

    <address>97.67.124.34</address>

    <descr><type>host</type>
      <detail>Entry added Wed, 03 Feb 2010 04:11:21 +0600||</detail></descr></alias></aliases>
      <proxyarp>- <cron>- <minute>0</minute>
      <hour></hour>
      <mday>
    </mday>
      <month></month>
      <wday>
    </wday>
      <who>root</who>
      <command></command>/usr/bin/nice -n20 newsyslog

    • <minute>1,31</minute>
        <hour>0-5</hour>
        <mday></mday>
        <month>
      </month>
        <wday>*</wday>
        <who>root</who>
        <command></command>/usr/bin/nice -n20 adjkerntz -a
    • <minute>1</minute>
        <hour>3</hour>
        <mday>1</mday>
        <month></month>
        <wday>
      </wday>
        <who>root</who>
        <command></command>/usr/bin/nice -n20 /etc/rc.update_bogons.sh
    • <minute>/60</minute>
        <hour>
      </hour>
        <mday></mday>
        <month>
      </month>
        <wday>*</wday>
        <who>root</who>
        <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout
    • <minute>1</minute>
        <hour>1</hour>
        <mday></mday>
        <month>
      </month>
        <wday>*</wday>
        <who>root</who>
        <command></command>/usr/bin/nice -n20 /etc/rc.dyndns.update
    • <minute>/60</minute>
        <hour>
      </hour>
        <mday></mday>
        <month>
      </month>
        <wday>*</wday>
        <who>root</who>
        <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 virusprot
    • <minute>/60</minute>
        <hour>
      </hour>
        <mday></mday>
        <month>
      </month>
        <wday>*</wday>
        <who>root</who>
        <command></command>/usr/bin/nice -n20 /usr/local/sbin/expiretable -t 3600 snort2c
    • <minute>/5</minute>
        <hour>
      </hour>
        <mday></mday>
        <month>
      </month>
        <wday>*</wday>
        <who>root</who>
        <command></command>/usr/local/bin/checkreload.sh
    • <minute>/5</minute>
        <hour>
      </hour>
        <mday></mday>
        <month>
      </month>
        <wday>*</wday>
        <who>root</who>
        <command></command>/etc/ping_hosts.sh
    • <minute>/140</minute>
        <hour>
      </hour>
        <mday></mday>
        <month>
      </month>
        <wday>*</wday>
        <who>root</who>
        <command></command>/usr/local/sbin/reset_slbd.sh</cron>
        <wol><installedpackages>- <revision><description>/firewall_nat_out.php made unknown change</description>
        <time>1265152163</time></revision>
    • <rrd><enable></enable></rrd>
    • <load_balancer>- <lbpool><type>gateway</type>
        <behaviour>failover</behaviour>
        <monitorip>206.255.241.1</monitorip>
        <name>failover1</name>
        <desc>Cablelynx Failover Wave2LAN</desc>
        <port><servers>opt2|97.67.124.1</servers>
        <servers>wan|206.255.241.1</servers></port></lbpool>
    • <lbpool><type>gateway</type>
        <behaviour>failover</behaviour>
        <monitorip>97.67.124.1</monitorip>
        <name>failover2</name>
        <desc>Wave2LAN Failover Cablelynx</desc>
        <port><servers>wan|206.255.241.1</servers>
        <servers>opt2|97.67.124.1</servers></port></lbpool></load_balancer></installedpackages></wol></proxyarp></shaper></syslog></bridge></ovpn></staticroutes></lastchange></pfsense>

Locked