PfSense only responds under VIP, not normal IP

filnko

Hello,

we are running a pfSense 2.0.1 on a cable line.
There is one single IP 213.o.o.9/24 for the router with a subnet 212.o.o.16/28 routed to the single IP used for VirtualIPs.

Two months ago the ISP decided to give out the single IP with DHCP for security reasons.
(It's still the same, only with DHCP and not static).

Now the pfSense takes one of it's Virtual IPs (from the 212 subnet) as it's WAN IP.
It's not happening at the first boot, only from time to time.

I've already tried using the single IP as the "Alias IP address" on the WAN interface settings - didn't help.
It seems like the rc.newwanip works not as expected:

Jun 27 03:59:03    apinger: Starting Alarm Pinger, apinger(27639)
Jun 27 03:59:03    check_reload_status: Reloading filter
Jun 27 03:59:02    apinger: Exiting on signal 15.
Jun 27 03:59:01    php: : ROUTING: setting default route to 213.o.o.1
Jun 27 03:59:01    php: : rc.newwanip: on (IP address: 212.o.o.19) (interface: wan) (real interface: vr2).
Jun 27 03:59:01    php: : rc.newwanip: Informational is starting vr2.
Jun 27 03:58:55    dhclient[2348]: bound to 213.o.o.9 – renewal in 189670 seconds.
Jun 27 03:58:55    check_reload_status: rc.newwanip starting vr2
Jun 27 03:58:55    dhclient: Creating resolv.conf
Jun 27 03:58:55    dhclient: /sbin/route add default 213.o.o.1
Jun 27 03:58:55    dhclient: Adding new routes to interface: vr2
Jun 27 03:58:55    dhclient: New Routers (vr2): 213.o.o.1
Jun 27 03:58:55    dhclient: New Broadcast Address (vr2): 255.255.255.255
Jun 27 03:58:55    dhclient: New Subnet Mask (vr2): 255.255.255.0
Jun 27 03:58:55    dhclient: New IP Address (vr2): 213.o.o.9
Jun 27 03:58:55    dhclient: ifconfig vr2 inet 213.o.o.9 netmask 255.255.255.0 broadcast 255.255.255.255
Jun 27 03:58:55    dhclient: Starting add_new_address()
Jun 27 03:58:55    dhclient: BOUND
Jun 27 03:58:55    dhclient[2348]: DHCPACK from 10.34.114.129
Jun 27 03:58:55    dhclient[2348]: DHCPREQUEST on vr2 to 255.255.255.255 port 67
Jun 27 03:58:55    dhclient: ARPCHECK
Jun 27 03:58:53    dhclient: ARPSEND
Jun 27 03:58:53    dhclient[2348]: DHCPOFFER from 10.34.114.129
Jun 27 03:58:53    dhclient[2348]: DHCPDISCOVER on vr2 to 255.255.255.255 port 67 interval 1
Jun 27 03:58:52    dhclient[2348]: DHCPDISCOVER on vr2 to 255.255.255.255 port 67 interval 1
Jun 27 03:58:52    dhclient[2348]: DHCPNAK from 10.34.114.129
Jun 27 03:58:52    dhclient[2348]: DHCPREQUEST on vr2 to 255.255.255.255 port 67
Jun 27 02:55:10    dhclient[2348]: DHCPREQUEST on vr2 to 10.34.114.129 port 67

Any thoughts on this?

filnko

This problem is really driving us crazy.
Can anybody help me here?

filnko

help!

chpalmer

Im not understanding fully.

Your primary WAN is now set for DHCP correct?

chpalmer

After re-reading Ive noticed some more detail.

on my setup here…  one dhcp (primary) and on static (VIP) that my firewall will take its VIP address as its WAN address if I reboot the modem without rebooting the firewall.  Since they both run on the same UPS its not generally a problem but just something I keep an eye on.

filnko

Yeah, WAN is set to DHCP and gets the same IP everytime (212.o.o.9)
But every now and then (5-15 days) rc.newwanip detects a VIP as its normal IP and doesn't respond with the 212.o.o.9.
Additionally it's blocking access to a random server as it takes one of those IP addresses.