Bill Marquette wrote:
On Jan 1, 2008 8:14 PM, Vaughn L. Reid III
<[EMAIL PROTECTED]> wrote:
I'm writing to report what might, possibly, be an interface name error
between two identical hardware machines running pfsense 1.2RC3 and using
CARP for fault tolerance.
Here is a listing of the relevant interface names and network card
numbers. All hardware is identical between the two devices and all are
using Intel server network cards.
Machine 1, Carp master, Interface Names:
LAN -- em0
WAN -- em3
NETB -- em1
SYNC -- em5
DSL -- em4
Machine 2, Carp backup, Interface Names:
LAN -- em0
WAN -- em3
DSL --- em4
SYNC -- em5
NETB -- em1
Each interface one each machine can ping the corresponding interface on
the other machine. For example, Machine 1:LAN can ping Machine 2:LAN,
etc. The carp interfaces are directly connected to each other via a
crossover cable and firewall rules on that interface are set to allow
all traffic.
Here is the problems that I'm noticing:
On the Outbound NAT page of Machine 2, the Carp backup unit, the
outbound NAT Interface rules that apply for the DSL interface from LAN
and NETB networks show the wrong interface. Specifically, the interface
shown is NETB, instead of DSL. On Machine 1, the Carp master unit, the
correct interface of DSL is shown. In addition, if I manually change
the outbound NAT rules on Machine 2, the next time Carp syncs, the
interfaces switch back to show the incorrect interface. I have
synchronize NAT enabled, so the fact that the manually edited outbound
NAT rule changes is not a surprise.
While looking at this, I noticed that, on the assign interfaces pages of
the two boxes, the NETB and DSL interface names are switched between the
two boxes but that the actual devices assigned to these two networks are
the same on each box.
So, my question: Does the order in which interfaces are assigned to an
interface alias matter when using Carp, or is this a bug?
Sounds like you assigned the interfaces in a different order.
On your primary box the internal names for each interface are:
LAN == lan
WAN == wan
NETB == opt1
SYNC == opt2
DSL == opt3
On the secondary box the internal names for each interface are:
LAN == lan
WAN == wan
DSL == opt1
SYNC == opt2
NETB == opt3
Problem is that rules are assigned to the pfSense internal name. Not
sure whether I'd call it a bug (although it's certainly not great), or
a lack of documentation though.
--Bill
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Bill,
Thanks for the clarification. I thought that the rules were assigned to
the interface, emx, or the alias for them, NETB, DSL, etc., instead of
to the original ordered name of the interface, Opt1, Opt2, etc. I'll
swap the interface names around on the backup unit and see what happens.
Vaughn Reid III
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
