|
itmanager
|
 |
« on: June 20, 2012, 09:54:13 am » |
|
We have been running pfsense for several years on a hardware firewall, version 1.2.3 - working great, love it! We recently built a 2.0.1 box in esxi 5, so far so good. The problem is there is one public IP which was setup as a carp interface on the old box which is not working on the new box. It's as if the traffic is going into a black hole... let me explain:
public IP >> 1.2.3 (carp virtual interface) >> firewall rules >> dmz host << this setup works fine.
public IP >> 2.0.1 (proxy arp interface) >> ?? << it appears to stop, as if the virtual IP traffic is not making it to the firewall; I can't ping it, nor can I use ssh, ftp, http or https even though the rules are configured for it to work and the rules are setup correclty. Nothing in the log indicates it's blocked - however nothing in the logs indicates it's arriving either...
Now, if I change the one to one nat to any other public IP, it works fine. This is one of 30 public IPs that we have assigned and this is the only one that doesn't work. The only difference going from 1.2.3 to 2.0.1 is the proxy arp setting. I setup the 2.0.1 server with proxy arp but that doesn't work either (black hole). I did not have time to test the 'bad' public IP going to a different internal IP but was wondering if anybody has expirience with moving a proxy arp interface from a 1.2.3 box to a 2.0.1 box. I can't explain why it's not working. Every other rule, virtual ip, route, etc is working fine. I'd change the public IP for the host, but it's doing FTP and we have a number of clients who would also have to change so that's not going to be easy.
|
pfSense Forum
