I had zero luck with this in the last few days. Here are some more details:
Internet <--> PFSense <--> procurve managed switch I have tried three different computers, an old P3 based IBM desktop with 512MB on a flash disk and a hard disk, a newer P4 2.8 IBM thinkstation with 1gb ram and a hard disk, and an older IBM @server dual P3 1.13 with 2gb ram and 6 disks in a raid 5 array. I have tried Intel Pro 100's, and Intel Pro 1000 (fx and em), and 3COM 3c905b's. After I wiped and reloaded, at least I didn't get the reboot anymore, but on all the pieces of hardware with no difference in nic's, I can add the Virtual IP's, create the NAT and the rules, but the only port forwards that work are on the main WAN IP. I've tried rebooting firewall, rebooting devices that are being pointed to on the LAN side, but no joy. I ended up giving up last night and put up a linux firewall, did the exact same thing using the same hardware, and it just worked. I've got 1 IP on the outside, and two virtuals, port forwards all over the place, and its happy. I would prefer to use PFsense because I am convinced its a better firewall that just about anything out there, but I can't seem to get around this issue. Its easily repeatable, so if someone wants to help me I can do any sort of troublshooting you suggest. Thanks folks... On Fri, Apr 17, 2009 at 7:19 AM, Chris Buechler <[email protected]> wrote: > On Fri, Apr 17, 2009 at 12:42 AM, Tim Dressel <[email protected]> wrote: >> Hi folks, >> >> We've been playing around at work with binding multiple IP's to the >> WAN interface so that we can port forward the same ports from >> different IP's to different services on the LAN side. >> >> Has anyone ever seen when you add a second virtual IP, and then create >> the NAT on the second (also creating the rule at the same time) for >> PFSense to hard crash and reboot? > > Using CARP VIPs? CARP can be finicky, if you don't do things exactly > a certain way, it'll panic. The system should prevent all of those > things though, most were fixed in 1.2 RCs and earlier, though if > you're using VLANs there's another fix in 1.2.1 for some scenarios. > Should be impossible to panic with CARP on the latest version if > you're doing everything through the GUI. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
