Intermittant Virtual IP forwarding problem
-
Hi,
I have pfsense 1.2.3 acting as a filter for incoming requests to a DNS server.
I have an address 192.168.6.237 inside, and an address we'll call 1.2.3.103 outside configured as a virtual IP with proxy arp and 1:1 port forwarding.
Rules on the firewall are conigured to allow tcp/80 and udp/53 inbound, and I have verified this configuration working, both by a simple DNS request from a remote site, and watching tcpdump on the client to see the transaction arrive.
Intermittantly, usually after several hours, this just stops working - the traffic never arrives onto the internal hosts nic as shown by tcpdump going very quiet.
If I add a second virtual IP say 1.2.3.104 to the same internal NAT destination, it will work again until the traffic eventually stops again on that IP.
I tried changing it to CARP, but no traffic arrived at all, even with an open filtering configured (ie: allow all from all).
This is beginning to frustrate me no end, as I have other servers and services running happily with no problems on the same firewall. Its almost like pfsense gets confused as to the state of this particular virtual IP and ends up dropping the packets on the floor. There are no dropped packets being logged.
Once packets stop flowing, both the firewall and server need to be restarted to get traffic going again.
Can anyone assist or give me additional inspiration? I'm considering trying the 2.0 beta stream, but am reluctant as this is a production firewall.
If it makes any difference, the firewall and clients are all on an ESX 4.1 host.
Thanks
Craig