Replicated v 1.2.3 settings wont work v2 - driving me crazy!

  • Here is the issue. I have pfsense working v 1.2 with single WAN using virtual IP (Ethernet with 5 IP’s available) and it works perfectly.

    I bought another pfsense hardware to use as a backup and it runs version 2.x, I configured it exactly the same as the current one but it will not pass any LAN traffic to the internet. If I use ping from pfsense and ping it works fine so it must be a setting somewhere.

    attached shots of the config, if anyone can find the secret setting to make it work you will have a billion karma inc!

  • last two settings

  • Netgate Administrator

    You should use VIP type 'IP Alias' which wasn't available in 1.2.X.
    That doesn't really explain why you can't get internet access  from LAN though.  :-\

    Are you using only that one virtual IP? Are you pinging google,com from the console or via the Diagnostics menu?
    Have you modified the outbound NAT settings at all?


  • thanks for the reply

    yes only 1 of the allocated IP's is in use.

    yes pinging google for the diags menu

    no not modifiet outbound nat its on auto

    you think the 'ip alias' is the cause ?

    its a 20 min drive to the site to test it!


  • Netgate Administrator

    I didn't think the properties of proxy arp VIP had changed just that IP Alias is a better general recommendation as it is able to be used in more scenarios. So I can't see why it wouldn't work now with proxy arp.

    When you use the diag menu ping test you have to specify an interface. That means that you will send your ping via WAN (if you select it) even if the system default gateway is incorrectly set to something alse or the system has no default route.

    If you can log in remotely try pinging from the console. Check the routing table, check the system default gateway.


  • how do i display routes in the console ?

    The gateway is definitely correct I can see it in the 'gateway' menu

  • @tamtap:

    how do i display routes in the console ?

    netstat -rn

  • thanks but its all unreadable ipv6

  • Netgate Administrator

    You can see it in the webgui in Diagnostics: Routes:

    or use:

     netstat -f inet -rn


  • thanks Steve, here is the info

  • the WAN isnt connected as the site is 20 mins drive away, but im connected to the LAN i can ssh to the pfsense box and the web gui is working ok.

    It's soo annoying I have 2 brand new ALIX boxes to use as spares and they both are the same, I just cant work out what is wrong grrrrr!

  • Netgate Administrator

    Deleted my post it was completely wrong!  ::)

    Ah, so WAN isn't connected. Presumably is was connected at some point and proved non-functional?


  • yes, it works on the pfsense box i have running 1.2.3 but with the identical settings per my screenshots on v2 pfsense it doesn't (tried 2 lots of hardware) and i cant work out why

Log in to reply