Spent about an hour beating my head against the wall with this issue, hopefully this will save others some time.
We had a stand-alone pfSense router. We just purchased two machines from ixsystems and were preparing them to be a failover pair of pfSense routers and then decommission the smaller older box. While we were installing the new servers, the HDD in the old firewall died. We figured we would just get the two new boxes up. Plugged them into the Comcast modem and configured everything. Comcast assigned us a /28 a while back and we were using a handful of IPs to access various internal services over HTTPS. The /28 looked roughly like: .1 - router1 .2 - router2 .3 - exchange (CARP) .4 - remote (CARP) .5 - VPN (CARP) .6 - spamfilter (physical machine) ...etc After everything was configured, I had someone test remotely that they could access the interface for router1 and router2 remotely. I then went home to finish up a few config details remotely. When I got home, I found I could access router1 and router2 as well as the physical spam filter, but I couldn't access any of the HTTPS services on the CARP IPs. I checked my NAT rules about 100 times, looked through firewall logs, and found nothing. Finally I connected in to the spam filter (linux box) and ran 'openssl s_client -connect exchange.example.tld:4433' and noticed it worked perfectly from a machine on the same WAN segment. ...but not remotely. I called Comcast and had them remotely reboot the modem. Everything immediately came up and started working perfectly. Hopefully this will save someone time. Reboot the brain-damaged Netgear CPE after swapping hardware around. -A
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list