On Sat, Apr 18, 2009 at 11:09 AM, Chris Buechler <[email protected]> wrote: > On Sat, Apr 18, 2009 at 1:07 PM, Tim Dressel <[email protected]> wrote: >> I had zero luck with this in the last few days. Here are some more details: >> >> Internet <--> PFSense <--> procurve managed switch >> >> I have tried three different computers, an old P3 based IBM desktop >> with 512MB on a flash disk and a hard disk, a newer P4 2.8 IBM >> thinkstation with 1gb ram and a hard disk, and an older IBM @server >> dual P3 1.13 with 2gb ram and 6 disks in a raid 5 array. >> >> I have tried Intel Pro 100's, and Intel Pro 1000 (fx and em), and 3COM >> 3c905b's. >> >> After I wiped and reloaded, at least I didn't get the reboot anymore, >> but on all the pieces of hardware with no difference in nic's, I can >> add the Virtual IP's, create the NAT and the rules, but the only port >> forwards that work are on the main WAN IP. I've tried rebooting >> firewall, rebooting devices that are being pointed to on the LAN side, >> but no joy. >> >> I ended up giving up last night and put up a linux firewall, did the >> exact same thing using the same hardware, and it just worked. I've got >> 1 IP on the outside, and two virtuals, port forwards all over the >> place, and its happy. >> >> I would prefer to use PFsense because I am convinced its a better >> firewall that just about anything out there, but I can't seem to get >> around this issue. >> >> Its easily repeatable, so if someone wants to help me I can do any >> sort of troublshooting you suggest. >> > > tcpdump on WAN to see what's really happening. > > My first guess is an upstream ARP cache causing difficulties. Reboot > any upstream modems/routers/etc. that you can get your hands on. If > you're using proxy ARP VIPs, try CARP instead. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > Hi Chris,
There is definitely an upstream router, and I have physical access to it but not console. I can power it off and on again, but it tends to make the service provider unhappy. I do have a good working relationship with the service provider though. Is there something I can ask him to change on the router (it's a brand new cisco) so that I sound intelligent when I speak to him? Can I use the fact that my linux firewall works properly to defend PFsense by pointing the finger at a config issue on that upstream router? Thanks... --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
