Crash when adding vip to carp-enabled boxen
-
You can only add a carp ip if you have a ip on the same subnet on a real interface.
So I have to have a cable plugged into the wan port and the wan port configured for an ip address? I'm not 100% I did that first. I was trying to get it configured before actually plugging it in, but I will try it.
-
You can only add a carp ip if you have a ip on the same subnet on a real interface.
So I have to have a cable plugged into the wan port and the wan port configured for an ip address? I'm not 100% I did that first. I was trying to get it configured before actually plugging it in, but I will try it.
No matter what I try I keep getting "XML error: no pfsense object found!". It looks like I'm going to have to completely reinstall pfsense. It would be nice if the web gui would prevent me from trying to do things that will completely crater the install.
-
Bottom line is your hitting a kernel panic (freebsd crash).
There is little we can do about this. Try to configure it CORRECTLY and the crashes should stop.
-
Bottom line is your hitting a kernel panic (freebsd crash).
There is little we can do about this. Try to configure it CORRECTLY and the crashes should stop.
Is there a way I can make a copy of the xml file on the local filesystem so if it bombs again I don't have to start over from scratch?
-
If this is a full install, run this from a shell:
cvs_sync.sh releng_1
We've added some code to prevent this from happening.
-
Okay I finally got a chance to run the cvs_sync command and it worked this time.
I'm trying to go live with the system and I'm having a problem getting dns to work.
I haven't tested dhcp but I'm guessing it tells the clients to use the dns settings in the general setup page directly. I use mostly static ip on my network and would prefer to configure the clients' dns server to point to the LAN CARP IP. I know I could setup a forwarding rule in outbound nat, but I'm hoping there's a way to have the router itself perform the dns lookup so that I'm not tied to a specific dns server.
Here's my config file, I wiped out the public names and ip addresses and the passwords:
<pfsense><version>2.3</version> <lastchange><theme>metallic</theme> <system><optimization>normal</optimization> <hostname>wasrouter1</hostname> <domain>***.***.net</domain> <username>admin</username> <password>********</password> <timezone>America/Chicago</timezone> <time-update-interval>300</time-update-interval> <timeservers>pool.ntp.org</timeservers> <webgui><protocol>http</protocol></webgui> <dnsserver>*.*.169.1</dnsserver> <dnsserver>*.*.220.5</dnsserver> <dnsallowoverride></dnsallowoverride></system> <interfaces><lan><if>rl1</if> <ipaddr>192.168.0.250</ipaddr> <subnet>24</subnet> <media><mediaopt><bandwidth>100</bandwidth> <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> <wan><if>rl0</if> <mtu><blockpriv><media><mediaopt><bandwidth>100</bandwidth> <bandwidthtype>Mb</bandwidthtype> <disableftpproxy><ipaddr>*.*.218.247</ipaddr> <subnet>23</subnet> <gateway>*.*.219.252</gateway> <blockbogons><spoofmac></spoofmac></blockbogons></disableftpproxy></mediaopt></media></blockpriv></mtu></wan> <opt1><if>dc0</if> <descr>WAN2</descr> <bridge><enable><ipaddr>*.*.231.155</ipaddr> <subnet>23</subnet> <gateway>*.*.231.154</gateway> <spoofmac></spoofmac></enable></bridge></opt1> <opt2><if>fxp0</if> <descr>SYNC</descr> <bridge><enable><ipaddr>192.168.250.1</ipaddr> <subnet>24</subnet> <gateway><spoofmac></spoofmac></gateway></enable></bridge></opt2></interfaces> <staticroutes><pppoe><pptp><bigpond><dyndns><type>dyndns</type> <username><password></password></username></dyndns> <dhcpd><lan><range><from>192.168.1.100</from> <to>192.168.1.199</to></range></lan></dhcpd> <pptpd><mode><redir><localip></localip></redir></mode></pptpd> <ovpn><dnsmasq><enable></enable></dnsmasq> <snmpd><syslocation><syscontact><rocommunity>public</rocommunity></syscontact></syslocation></snmpd> <diag><ipv6nat><ipaddr></ipaddr></ipv6nat></diag> <bridge><syslog><nat><ipsecpassthru><advancedoutbound><rule><source> <network>192.168.0.0/24</network> <sourceport><descr>use WAN carp for LAN</descr> <target>*.*.218.245</target> <interface>wan</interface> <destination><any></any></destination> <natport></natport></sourceport></rule> <enable></enable></advancedoutbound></ipsecpassthru></nat> <filter><rule><type>pass</type> <descr>Default LAN -> any</descr> <interface>lan</interface> <source> <network>lan</network> <destination><any></any></destination></rule> <rule><type>pass</type> <interface>opt2</interface> <max-src-nodes><max-src-states><statetimeout><statetype>keep state</statetype> <os><source> <any><destination><any></any></destination> <descr>trust the Sync-Subnet</descr></any></os></statetimeout></max-src-states></max-src-nodes></rule></filter> <ipsec><preferredoldsa></preferredoldsa></ipsec> <aliases><proxyarp><wol><installedpackages><carpsettings><config><pfsyncenabled>on</pfsyncenabled> <pfsyncinterface>SYNC</pfsyncinterface> <balancing><synchronizerules>on</synchronizerules> <synchronizealiases>on</synchronizealiases> <synchronizenat>on</synchronizenat> <synchronizeipsec>on</synchronizeipsec> <synchronizewol>on</synchronizewol> <synchronizestaticroutes>on</synchronizestaticroutes> <synchronizelb>on</synchronizelb> <synchronizevirtualip>on</synchronizevirtualip> <synchronizetrafficshaper>on</synchronizetrafficshaper> <synchronizednsforwarder>on</synchronizednsforwarder> <synchronizetoip>192.168.250.2</synchronizetoip> <password>********</password></balancing></config></carpsettings></installedpackages> <revision><description>/firewall_nat_out.php made unknown change</description> <time>1145994769</time></revision> <virtualip><vip><mode>carp</mode> <interface>wan</interface> <vhid>1</vhid> <advskew>0</advskew> <password>********</password> <descr>WAN-NSN-CARP</descr> <type>single</type> <subnet_bits>23</subnet_bits> <subnet>*.*.218.245</subnet></vip> <vip><mode>carp</mode> <interface>lan</interface> <vhid>3</vhid> <advskew>0</advskew> <password>********</password> <descr>LAN-CARP</descr> <type>single</type> <subnet_bits>23</subnet_bits> <subnet>192.168.0.3</subnet></vip></virtualip></wol></proxyarp></aliases></syslog></bridge></ovpn></bigpond></pptp></pppoe></staticroutes></lastchange></pfsense>
-
correction: it's not routing any packets, not just dns. I've looked through the system logs and diagnostics. I'm not sure what to do to get it routing properly. I can ping the lan carp ip ( 192.168.0.3 ), but I can't ping the isp default gateway - something that does work on my old router, so I assume it's not routing packets at all. Please advise
-
... <interfaces><lan><if>rl1</if> <ipaddr>192.168.0.250</ipaddr> <subnet>24</subnet> <media><mediaopt><bandwidth>100</bandwidth> <bandwidthtype>Mb</bandwidthtype></mediaopt></media></lan> ... <vip><mode>carp</mode> <interface>lan</interface> <vhid>3</vhid> <advskew>0</advskew> <password>********</password> <descr>LAN-CARP</descr> <type>single</type> <subnet_bits>23</subnet_bits> <subnet>192.168.0.3</subnet></vip></interfaces>
Why does your CARP LAN VIP have a /23 subnetmasks?
-
Why does your CARP LAN VIP have a /23 subnetmasks?
D'oh! (smacks forehead) I can't believe I missed that. It's routing packets now! Thanks a million!
-
;D