Hi I have the following setup: two pfsense v 1.2 release firewalls, each with 3 NICs
Using the exxelent tutorial at http://pfsense.iserv.nl/tutorials/carp/carp-cluster-new.htm these are set up to be a cluster, and everything seems to be working fine. (CARP interfaces and everything is as it should be, from what i can see.) Config is identic to the tutorial, exept for ip ranges and additional external carp interfaces and NAT rules for servers on the inside. I have added several carp interfaces on the WAN to act as ip's for several servers on the inside, utilizing NAT rules to route traffic, and opening up ports in the firewall to allow traffic on port 80 and 443. I have also set the firewall to sync all configs (NAT, rules, etc etc etc). when checking all rules, nat configs, carp interfaces etc seems to be synced just fine over to the other firewall. This firewall is also used for VPN to a branch office. setting the firewall to sync VPN config seems to be working perfectly. PROBLEM: As long as both firewalls are online, everything is working fine (VPN, serverconnections, etc.) If i take down the master firewall (simpy turning it off, this is doen as a check of failover), then strange things happens. The VPN still works fine, i can ping the branch office from a server inside the firewall. However, connections to the outside fails. Reloading webpages from servers inside the firewall from the outside (pages i loaded while both firewalls were up) fails with server cannot be contacted, or the page just seems to be loading eternily. I have checked all servers and/or computers on the inside, they all use the CARP interface on the lan of the firewall as their gateway. And all outside ip's of the servers are carp interfaces too. Any idea would be worthwhile as i am on a deadline and out of ideas at this point. NOTE: these are live servers, and there are one maintennance window each night. Jo L Paulsen [EMAIL PROTECTED] Cellphone: (+47) 909 86 174 ---------------------------------------------------------------- Cleverly Disguised As A Responsible Adult ---------------------------------------------------------------- "The 'Net is a waste of time, and that's exactly what's right about it." - William Gibson --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
