Welcome, Guest. Please login or register.
Did you miss your activation email?
+  pfSense Forum
|-+  pfSense English Support» CARP/VIPs» CARP secondary unable to reach gateway
Username:
Password:
 
Home Help Search Login Register
 

Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: CARP secondary unable to reach gateway  (Read 553 times)
0 Members and 1 Guest are viewing this topic.
jwelter99
Jr. Member
**
Offline Offline

Posts: 88


View Profile
« on: April 30, 2012, 12:52:52 pm »
Hi everyone,

I have what appears to be an IPv6 issue.

Background:

Two identical pfsense boxes running in a HA pair.

One can ping the WAN DG, the other can not.  Both can be accessed via the WAN, just that one can't access out the WAN.

The only differences I can find between the two is the results of an ifconfig:

Working unit:

Code:
em5: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:30:48:8d:d6:5f
inet xx.yy.zz.213 netmask 0xfffffff0 broadcast xx.yy.zz.223
inet6 fe80::230:48ff:fe8d:d65f%em5 prefixlen 64 scopeid 0x6
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
Broken unit:
Code:
em5: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC>
ether 00:30:48:8d:d4:f7
inet6 fe80::230:48ff:fe8d:d4f7%em5 prefixlen 64 scopeid 0x6
inet xx.yy.zz.214 netmask 0xfffffff0 broadcast xx.yy.zz.223
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

The broken one lists the ipv6 IP first and I am wondering if that is causing the issue.  Not sure how to over-ride that?  IPv6 support is disabled in the advanced options.

Any suggestions?
« Last Edit: April 30, 2012, 01:08:14 pm by jwelter99 » Logged
jimp
Administrator
Hero Member
*****
Offline Offline

Posts: 12856



View Profile
« Reply #1 on: April 30, 2012, 01:26:25 pm »
That wouldn't have anything to do with it. Especially if you have IPv6 disabled.
Logged
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Donate to the project | My Wish List
jwelter99
Jr. Member
**
Offline Offline

Posts: 88


View Profile
« Reply #2 on: April 30, 2012, 01:49:05 pm »
Quote from: jimp on April 30, 2012, 01:26:25 pm
That wouldn't have anything to do with it. Especially if you have IPv6 disabled.

Ok, I am running on hunches here as it's the ONLY thing different except the ip's (obviously).   The problematic unit can't access the packages repository either, it's any firewall initiated traffic to the WAN doesnt make it but from WAN->FW is fine.

Thanks.
Logged
jimp
Administrator
Hero Member
*****
Offline Offline

Posts: 12856



View Profile
« Reply #3 on: April 30, 2012, 01:58:19 pm »
If it can't reach it's gateway then it can't get out beyond. Usual things to look for there are to make sure that there are no conflicting IPs, that the switch connecting all three devices (ISP router, carp master, carp slave) is working properly, make sure the subnet mask matches properly (is it really a /28? what's the ISP router set to?), and so on.

Things like that usually boil down to a conflict of some kind, or a layer 1/2 issue.
Logged
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!

Donate to the project | My Wish List
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

 

Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Page created in 0.027 seconds with 19 queries.