Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense only responds under VIP, not normal IP

    HA/CARP/VIPs
    2
    6
    2962
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      filnko last edited by

      Hello,

      we are running a pfSense 2.0.1 on a cable line.
      There is one single IP 213.o.o.9/24 for the router with a subnet 212.o.o.16/28 routed to the single IP used for VirtualIPs.

      Two months ago the ISP decided to give out the single IP with DHCP for security reasons.
      (It's still the same, only with DHCP and not static).

      Now the pfSense takes one of it's Virtual IPs (from the 212 subnet) as it's WAN IP.
      It's not happening at the first boot, only from time to time.

      I've already tried using the single IP as the "Alias IP address" on the WAN interface settings - didn't help.
      It seems like the rc.newwanip works not as expected:

      Jun 27 03:59:03    apinger: Starting Alarm Pinger, apinger(27639)
      Jun 27 03:59:03    check_reload_status: Reloading filter
      Jun 27 03:59:02    apinger: Exiting on signal 15.
      Jun 27 03:59:01    php: : ROUTING: setting default route to 213.o.o.1
      Jun 27 03:59:01    php: : rc.newwanip: on (IP address: 212.o.o.19) (interface: wan) (real interface: vr2).
      Jun 27 03:59:01    php: : rc.newwanip: Informational is starting vr2.
      Jun 27 03:58:55    dhclient[2348]: bound to 213.o.o.9 – renewal in 189670 seconds.
      Jun 27 03:58:55    check_reload_status: rc.newwanip starting vr2
      Jun 27 03:58:55    dhclient: Creating resolv.conf
      Jun 27 03:58:55    dhclient: /sbin/route add default 213.o.o.1
      Jun 27 03:58:55    dhclient: Adding new routes to interface: vr2
      Jun 27 03:58:55    dhclient: New Routers (vr2): 213.o.o.1
      Jun 27 03:58:55    dhclient: New Broadcast Address (vr2): 255.255.255.255
      Jun 27 03:58:55    dhclient: New Subnet Mask (vr2): 255.255.255.0
      Jun 27 03:58:55    dhclient: New IP Address (vr2): 213.o.o.9
      Jun 27 03:58:55    dhclient: ifconfig vr2 inet 213.o.o.9 netmask 255.255.255.0 broadcast 255.255.255.255
      Jun 27 03:58:55    dhclient: Starting add_new_address()
      Jun 27 03:58:55    dhclient: BOUND
      Jun 27 03:58:55    dhclient[2348]: DHCPACK from 10.34.114.129
      Jun 27 03:58:55    dhclient[2348]: DHCPREQUEST on vr2 to 255.255.255.255 port 67
      Jun 27 03:58:55    dhclient: ARPCHECK
      Jun 27 03:58:53    dhclient: ARPSEND
      Jun 27 03:58:53    dhclient[2348]: DHCPOFFER from 10.34.114.129
      Jun 27 03:58:53    dhclient[2348]: DHCPDISCOVER on vr2 to 255.255.255.255 port 67 interval 1
      Jun 27 03:58:52    dhclient[2348]: DHCPDISCOVER on vr2 to 255.255.255.255 port 67 interval 1
      Jun 27 03:58:52    dhclient[2348]: DHCPNAK from 10.34.114.129
      Jun 27 03:58:52    dhclient[2348]: DHCPREQUEST on vr2 to 255.255.255.255 port 67
      Jun 27 02:55:10    dhclient[2348]: DHCPREQUEST on vr2 to 10.34.114.129 port 67

      Any thoughts on this?

      1 Reply Last reply Reply Quote 0
      • F
        filnko last edited by

        This problem is really driving us crazy.
        Can anybody help me here?

        1 Reply Last reply Reply Quote 0
        • F
          filnko last edited by

          help!

          1 Reply Last reply Reply Quote 0
          • chpalmer
            chpalmer last edited by

            Im not understanding fully.

            Your primary WAN is now set for DHCP correct?

            Triggering snowflakes one by one..

            1 Reply Last reply Reply Quote 0
            • chpalmer
              chpalmer last edited by

              After re-reading Ive noticed some more detail.

              on my setup here…  one dhcp (primary) and on static (VIP) that my firewall will take its VIP address as its WAN address if I reboot the modem without rebooting the firewall.  Since they both run on the same UPS its not generally a problem but just something I keep an eye on.

              Triggering snowflakes one by one..

              1 Reply Last reply Reply Quote 0
              • F
                filnko last edited by

                Yeah, WAN is set to DHCP and gets the same IP everytime (212.o.o.9)
                But every now and then (5-15 days) rc.newwanip detects a VIP as its normal IP and doesn't respond with the 212.o.o.9.
                Additionally it's blocking access to a random server as it takes one of those IP addresses.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post