On Sat, Apr 18, 2009 at 1:07 PM, Tim Dressel <[email protected]> wrote: > I had zero luck with this in the last few days. Here are some more details: > > Internet <--> PFSense <--> procurve managed switch > > I have tried three different computers, an old P3 based IBM desktop > with 512MB on a flash disk and a hard disk, a newer P4 2.8 IBM > thinkstation with 1gb ram and a hard disk, and an older IBM @server > dual P3 1.13 with 2gb ram and 6 disks in a raid 5 array. > > I have tried Intel Pro 100's, and Intel Pro 1000 (fx and em), and 3COM > 3c905b's. > > After I wiped and reloaded, at least I didn't get the reboot anymore, > but on all the pieces of hardware with no difference in nic's, I can > add the Virtual IP's, create the NAT and the rules, but the only port > forwards that work are on the main WAN IP. I've tried rebooting > firewall, rebooting devices that are being pointed to on the LAN side, > but no joy. > > I ended up giving up last night and put up a linux firewall, did the > exact same thing using the same hardware, and it just worked. I've got > 1 IP on the outside, and two virtuals, port forwards all over the > place, and its happy. > > I would prefer to use PFsense because I am convinced its a better > firewall that just about anything out there, but I can't seem to get > around this issue. > > Its easily repeatable, so if someone wants to help me I can do any > sort of troublshooting you suggest. >
tcpdump on WAN to see what's really happening. My first guess is an upstream ARP cache causing difficulties. Reboot any upstream modems/routers/etc. that you can get your hands on. If you're using proxy ARP VIPs, try CARP instead. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
