Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Intermittant Virtual IP forwarding problem

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      craig1589
      last edited by

      Hi,

      I have pfsense 1.2.3 acting as a filter for incoming requests to a DNS server.

      I have an address 192.168.6.237 inside, and an address we'll call 1.2.3.103 outside configured as a virtual IP with proxy arp and 1:1 port forwarding.

      Rules on the firewall are conigured to allow tcp/80 and udp/53 inbound, and I have verified this configuration working, both by a simple DNS request from a remote site, and watching tcpdump on the client to see the transaction arrive.

      Intermittantly, usually after several hours, this just stops working - the traffic never arrives onto the internal hosts nic as shown by tcpdump going very quiet.

      If I add a second virtual IP say 1.2.3.104 to the same internal NAT destination, it will work again until the traffic eventually stops again on that IP.

      I tried changing it to CARP, but no traffic arrived at all, even with an open filtering configured (ie: allow all from all).

      This is beginning to frustrate me no end, as I have other servers and services running happily with no problems on the same firewall.    Its almost like pfsense gets confused as to the state of this particular virtual IP and ends up dropping the packets on the floor.  There are no dropped packets being logged.

      Once packets stop flowing, both the firewall and server need to be restarted to get traffic going again.

      Can anyone assist or give me additional inspiration?  I'm considering trying the 2.0 beta stream, but am reluctant as this is a production firewall.

      If it makes any difference, the firewall and clients are all on an ESX 4.1 host.

      Thanks
      Craig

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.