I would recheck your AON (Advanced outbound NAT) settings. That seems like the most logical.
Curtis LaMasters http://www.curtis-lamasters.com http://www.builtnetworks.com On Thu, Oct 2, 2008 at 8:33 AM, jo Leander Paulsen <[EMAIL PROTECTED] > wrote: > Anyone? > If more info is needed i am happy to answer. > > Jo L Paulsen > > ----- Original Message ----- > From: jo Leander Paulsen [mailto:[EMAIL PROTECTED] > To: support@pfsense.com > Subject: [pfSense Support] PFsense cluster trouble > > > Hi > > I have the following setup: > > two pfsense v 1.2 release firewalls, each with 3 NICs > > > > Using the exxelent tutorial at > > http://pfsense.iserv.nl/tutorials/carp/carp-cluster-new.htm these are > set up > > to be a cluster, and everything seems to be working fine. (CARP > interfaces > > and everything is as it should be, from what i can see.) Config is > identic > > to the tutorial, exept for ip ranges and additional external carp > interfaces > > and NAT rules for servers on the inside. > > > > I have added several carp interfaces on the WAN to act as ip's for > several > > servers on the inside, utilizing NAT rules to route traffic, and opening > up > > ports in the firewall to allow traffic on port 80 and 443. > > > > I have also set the firewall to sync all configs (NAT, rules, etc etc > etc). > > > > when checking all rules, nat configs, carp interfaces etc seems to be > synced > > just fine over to the other firewall. > > > > This firewall is also used for VPN to a branch office. setting the > firewall > > to sync VPN config seems to be working perfectly. > > > > > > PROBLEM: > > As long as both firewalls are online, everything is working fine (VPN, > > serverconnections, etc.) > > If i take down the master firewall (simpy turning it off, this is doen as > a > > check of failover), then strange things happens. The VPN still works > fine, i > > can ping the branch office from a server inside the firewall. > > However, connections to the outside fails. Reloading webpages from > servers > > inside the firewall from the outside (pages i loaded while both firewalls > > were up) fails with server cannot be contacted, or the page just seems to > be > > loading eternily. > > > > I have checked all servers and/or computers on the inside, they all use > the > > CARP interface on the lan of the firewall as their gateway. And all > outside > > ip's of the servers are carp interfaces too. > > > > Any idea would be worthwhile as i am on a deadline and out of ideas at > this > > point. > > > > NOTE: these are live servers, and there are one maintennance window each > > night. > > > > Jo L Paulsen > > [EMAIL PROTECTED] > > Cellphone: (+47) 909 86 174 > > ---------------------------------------------------------------- > > Cleverly Disguised As A Responsible Adult > > ---------------------------------------------------------------- > > "The 'Net is a waste of time, and that's exactly what's right about it." > - > > William Gibson > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
