El 28/03/11 22:51, [email protected] escribió:
El 28/03/11 19:24, [email protected] escribió:
Sorry for double posting, as I just posted this question at:
http://forum.pfsense.org/index.php/topic,35019.0.html
but this is critical and urgent for me. Hope somebody can help me.
I have two pfSense (2.0RC1 built on Sat Feb 26 18:07:23 EST 2011 )
boxes in failover mode. The WAN IP address has been set as a Carp IP
address and everything works fine when you browse the internet.
Until you try to do a download.
When downloading a file, after a while, it stalls. On the LAN side,
with
a tcpdump I can see that the server on the internet just stopped
sending
packets.
On the WAN side, with the capture I see that suddenly pfSense stops
passing data back to the LAN client and starts sending packets like the
following one to the internet server:
8:13:54.058314 IP 1.1.1.1> pub4.kernel.org: ICMP host 1.1.1.1
unreachable, length 60
(1.1.1.1 is my WAN IP addres, which I edited for privacy reasons). This
example is when downloading a kernel source tarball from kernel.org.
Everything points that, after a while (something running periodically?)
the state of the connection is lost and pfSense for some reason can't
recognize the CARP ip as a valid ip address.
Any help will be appreciated.
What does ifconfig show at this time? Can you tcpdump 224.0.0.0/4 net on
WAN to see who is declaring itself as CARP-master and whether it is
going
well (no slave's packets)?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
Just found that doing outbound NAT using the interface IP address
instead of the carp IP it works fine, the only drawback is that I have
to waste one public IP address per box plus a carp one for services...
You have to 'waste' one public IP address per box is 'how it works', but
you should be using CARP IP in your outbound NAT to make everything really
redundant (to use CARP).
With the tcpdump you mentioned I'm getting just packets like this one:
22:44:56.122437 IP 1.1.1.2 VRRP.MCAST.NET: VRRPv2, Advertisement, vrid
11, prio 0, authtype none, intvl 1s, length 36
where 1.1.1.2 is the real IP address for the WAN interface on the
primary box.
It is normal.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
Still having the same problem. If I do the oubound nat using the carp IP
downloads stalls at random periods........ could this be a bug in this
build?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
