Anyone? If more info is needed i am happy to answer. Jo L Paulsen
----- Original Message ----- From: jo Leander Paulsen [mailto:[EMAIL PROTECTED] To: support@pfsense.com Subject: [pfSense Support] PFsense cluster trouble > Hi > I have the following setup: > two pfsense v 1.2 release firewalls, each with 3 NICs > > Using the exxelent tutorial at > http://pfsense.iserv.nl/tutorials/carp/carp-cluster-new.htm these are set up > to be a cluster, and everything seems to be working fine. (CARP interfaces > and everything is as it should be, from what i can see.) Config is identic > to the tutorial, exept for ip ranges and additional external carp interfaces > and NAT rules for servers on the inside. > > I have added several carp interfaces on the WAN to act as ip's for several > servers on the inside, utilizing NAT rules to route traffic, and opening up > ports in the firewall to allow traffic on port 80 and 443. > > I have also set the firewall to sync all configs (NAT, rules, etc etc etc). > > when checking all rules, nat configs, carp interfaces etc seems to be synced > just fine over to the other firewall. > > This firewall is also used for VPN to a branch office. setting the firewall > to sync VPN config seems to be working perfectly. > > > PROBLEM: > As long as both firewalls are online, everything is working fine (VPN, > serverconnections, etc.) > If i take down the master firewall (simpy turning it off, this is doen as a > check of failover), then strange things happens. The VPN still works fine, i > can ping the branch office from a server inside the firewall. > However, connections to the outside fails. Reloading webpages from servers > inside the firewall from the outside (pages i loaded while both firewalls > were up) fails with server cannot be contacted, or the page just seems to be > loading eternily. > > I have checked all servers and/or computers on the inside, they all use the > CARP interface on the lan of the firewall as their gateway. And all outside > ip's of the servers are carp interfaces too. > > Any idea would be worthwhile as i am on a deadline and out of ideas at this > point. > > NOTE: these are live servers, and there are one maintennance window each > night. > > Jo L Paulsen > [EMAIL PROTECTED] > Cellphone: (+47) 909 86 174 > ---------------------------------------------------------------- > Cleverly Disguised As A Responsible Adult > ---------------------------------------------------------------- > "The 'Net is a waste of time, and that's exactly what's right about it." - > William Gibson > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
