Can't ping router attached on OPT1



  • pfSense 1.2 Beta 1

    LAN : 10.0.0.1
    WAN: 192.168.70.2/24 <-> 192.168.70.1/24 Adsl Router1 <-> ISP1
    OPT1: 192.168.71.2/24 <-> 192.168.71.1/24 Adsl Router2 <-> ISP2

    No Failover and load balancing pool at this stage.
    Very basic rules, nat works well on WAN.
    No static routes.
    A couple of OpenVPN servers but with completely different IP subnet, and they work well.
    No firewall rules on WAN (except for OpenVPN), no rules at all on OPT1
    Only a
    *  LAN net  *  *  *  *
    on LAN.

    I can ping 192.168.70.1 from LAN and access his http based configuration page.
    –->I cannot ping 192.168.71.1 from LAN nor access http configuration page.<---
    I can ping 192.168.71.1 from opt1 from pfSense webconfigurator.

    I receive a "destination unreachable" message from the default gateway on the ISP1 connection as if the traffic for 192.168.71.1 is going to ISP1 gateway through WAN!

    But in static routes i find

    192.168.70 link#2                         UC 0   0   1500    rl0
    192.168.70.1 00:13:49:XX:XX:XX UHLW 2 232 1500 rl0 772
    192.168.71 link#3                         UC   0   0   1500    rl1
    192.168.71.1 00:13:49:YY:YY:YY UHLW 1 235 1500 rl1 861

    and it seems OK

    The two router are identical with identical configuration (only different static point-to-point IP for RFC 1483 changes)
    There's nothing in firewall log related to this.
    Maybe it's something really stupid, but I'm a newbie, so please...

    BTW: pfSense is a great piece of software...



  • Does a snapshot from:
    http://snapshots.pfsense.org/FreeBSD6/RELENG_1_2/

    exhibit the same behavior? I have a very similar setup and haven't seen what you describe.



  • and you do have a gateway configured on the OPT1 interface, right?



  • @cmb:

    and you do have a gateway configured on the OPT1 interface, right?

    Today I'll try to update to the last snapshot but the behavior was exactly the same with 1.0.1. In fact I've upgraded it to 1.2 beta hoping this behavior would disappear.
    On OPT1 the gateway is the the second adsl router.
    Wan1 : 192.168.70.2 , gateway  192.168.70.1
    Opt1: 192.168.71.2 , gateway  192.168.71.1



  • 1.0.1 has a ton of multi WAN bugs that are fixed in 1.2 snapshots. Specifically there was one that would screw up exactly what you're trying to do. Though I think most were fixed prior to 1.2b1.

    Since the interface does have a gateway, you should be fine.



  • @cmb:

    1.0.1 has a ton of multi WAN bugs that are fixed in 1.2 snapshots. Specifically there was one that would screw up exactly what you're trying to do. Though I think most were fixed prior to 1.2b1.

    Since the interface does have a gateway, you should be fine.

    I've just upgraded to the last snapshot (4  June) but no changes…..
    Reinstalling all from scratch could help?
    Which log/tecnique/config file could be a good start to understand what is going on?

    Last thing, I don't know if could be related to my problems: in system log I receive a

    Jun 6 15:19:50 php: /diag_logs_filter.php: [DEBUG] Lock recursion detected.

    Jun 6 15:16:36 php: : XML error: not well-formed (invalid token) at line 1

    the first lines are

    <pfsense><version>2.9</version>
    <lastchange><theme>pfsense</theme>
    <system><optimization>normal</optimization>
    <hostname>pfsense</hostname>

    It's ok to have all those <xy>tags instead of ?
    I've a lot of them, everywhere in config file

    thank you</xy></system></lastchange></pfsense>



  • Could you post the complete output from status.php? You can pm or email to cbuechler@gmail.com if you'd rather not publicly post all that.

    The <blah>are the same as <blah></blah>, normal, means nothing is defined.</blah>



  • @cmb:

    Could you post the complete output from status.php? You can pm or email to cbuechler@gmail.com if you'd rather not publicly post all that.

    Ok, done. Thank you for your attention.
    I just hope all this is not caused by something really stupid I've done…. :D
    But, except for this problem, all is running smoothly



  • @cmb:

    Could you post the complete output from status.php? You can pm or email to cbuechler@gmail.com if you'd rather not publicly post all that.

    Hi, it's me again. I'm sorry to bother you: have you received my mail with the compete output of status.php? Any idea?
    Thank you again



  • yeah i got your message, haven't had a chance to look at it yet.  Will yet tonight.



  • @cmb:

    yeah i got your message, haven't had a chance to look at it yet.  Will yet tonight.

    Ok, thanks a lot.
    No hurry, really.



  • @mrktt77:

    I've just upgraded to the last snapshot (4  June) but no changes…..
    Reinstalling all from scratch could help?
    Which log/tecnique/config file could be a good start to understand what is going on?

    Last thing, I don't know if could be related to my problems: in system log I receive a

    Jun 6 15:19:50 php: /diag_logs_filter.php: [DEBUG] Lock recursion detected.

    Jun 6 15:16:36 php: : XML error: not well-formed (invalid token) at line 1

    I had same error pop-up in my system log today after a reboot (the 6-4 snapshot). I was wondering if anyone had tracked this down. I do not have an opt1 interface, though before the reboot I had sh keep dumping with a signal 8.



  • @mrktt77:

    @cmb:

    yeah i got your message, haven't had a chance to look at it yet.  Will yet tonight.

    Ok, thanks a lot.
    No hurry, really.

    (ahemm….) Ok, here I am again... Any idea in the mean time?
    Dual wan up and running -> vacations in July unaffected by disturbance from customers without internet access... ;D ;D ;D
    thank you anyway



  • I have a similar problem, but I can't ping either of the routers beyond pfSense. I think I need to re-check my rules though…



  • @tacfit:

    I have a similar problem, but I can't ping either of the routers beyond pfSense. I think I need to re-check my rules though…

    I've finally implemented load balancing and failover as in the how-to and… ta-dah! suddenly I can ping and connect to http configuration interface of both router and not only the router attached on WAN if....  ???


Log in to reply