Rechecked it, and it seems fine. Interface Source Source Port Destination Destination Port WAN [lan subnet] * * *
[Lines wrapped here for mail format] NAT Address NAT Port Static Port [wan carp ip] * NO (above the only rule in my Advanced outbound NAT settings) Jo L Paulsen [EMAIL PROTECTED] Cellphone: (+47) 909 86 174 ---------------------------------------------------------------- Cleverly Disguised As A Responsible Adult ---------------------------------------------------------------- "The 'Net is a waste of time, and that's exactly what's right about it." - William Gibson ----- Original Message ----- From: Curtis LaMasters [mailto:[EMAIL PROTECTED] To: [email protected] Subject: Re: [pfSense Support] PFsense cluster trouble > I would recheck your AON (Advanced outbound NAT) settings. That seems like > the most logical. > > > Curtis LaMasters > http://www.curtis-lamasters.com > http://www.builtnetworks.com > > > On Thu, Oct 2, 2008 at 8:33 AM, jo Leander Paulsen <[EMAIL PROTECTED] > > wrote: > > > Anyone? > > If more info is needed i am happy to answer. > > > > Jo L Paulsen > > > > ----- Original Message ----- > > From: jo Leander Paulsen [mailto:[EMAIL PROTECTED] > > To: [email protected] > > Subject: [pfSense Support] PFsense cluster trouble > > > > > Hi > > > I have the following setup: > > > two pfsense v 1.2 release firewalls, each with 3 NICs > > > > > > Using the exxelent tutorial at > > > http://pfsense.iserv.nl/tutorials/carp/carp-cluster-new.htm these are > > set up > > > to be a cluster, and everything seems to be working fine. (CARP > > interfaces > > > and everything is as it should be, from what i can see.) Config is > > identic > > > to the tutorial, exept for ip ranges and additional external carp > > interfaces > > > and NAT rules for servers on the inside. > > > > > > I have added several carp interfaces on the WAN to act as ip's for > > several > > > servers on the inside, utilizing NAT rules to route traffic, and opening > > up > > > ports in the firewall to allow traffic on port 80 and 443. > > > > > > I have also set the firewall to sync all configs (NAT, rules, etc etc > > etc). > > > > > > when checking all rules, nat configs, carp interfaces etc seems to be > > synced > > > just fine over to the other firewall. > > > > > > This firewall is also used for VPN to a branch office. setting the > > firewall > > > to sync VPN config seems to be working perfectly. > > > > > > > > > PROBLEM: > > > As long as both firewalls are online, everything is working fine (VPN, > > > serverconnections, etc.) > > > If i take down the master firewall (simpy turning it off, this is doen > as > > a > > > check of failover), then strange things happens. The VPN still works > > fine, i > > > can ping the branch office from a server inside the firewall. > > > However, connections to the outside fails. Reloading webpages from > > servers > > > inside the firewall from the outside (pages i loaded while both > firewalls > > > were up) fails with server cannot be contacted, or the page just seems > to > > be > > > loading eternily. > > > > > > I have checked all servers and/or computers on the inside, they all use > > the > > > CARP interface on the lan of the firewall as their gateway. And all > > outside > > > ip's of the servers are carp interfaces too. > > > > > > Any idea would be worthwhile as i am on a deadline and out of ideas at > > this > > > point. > > > > > > NOTE: these are live servers, and there are one maintennance window each > > > night. > > > > > > Jo L Paulsen > > > [EMAIL PROTECTED] > > > Cellphone: (+47) 909 86 174 > > > ---------------------------------------------------------------- > > > Cleverly Disguised As A Responsible Adult > > > ---------------------------------------------------------------- > > > "The 'Net is a waste of time, and that's exactly what's right about it." > > - > > > William Gibson > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
