Netgate SG-1000 microFirewall

Author Topic: CARP XMLRPC updates wrong interface rules  (Read 2564 times)

0 Members and 1 Guest are viewing this topic.

Offline JeffSmart

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
CARP XMLRPC updates wrong interface rules
« on: March 03, 2011, 06:03:26 am »
I discovered today that if you have created your interfaces on a CARP Backup pfSense firewall "in a different order than your primary firewall", than during XMLRPC syncronization I had two interfaces updated with another interface's rules.  The syncing even stopped after the SYNC interface rules on the Backup firewall were replaced with WAN2 rules.

I am using 2.0-RC1 (i386) built Mar 3 02:31:32 EST 2011 on both firewalls. I have 5 NIC's assigned as WAN1, LAN, WAN2, SYNC, WLAN on both firewalls.

Initially I could see the list of interface name tabs at the top of the Dashboard -> Firewall Rules were in a different order between Master and Backup firewalls.  At a hunch, I reversed the effected two physical interface NICs, Interface Names and IP/masks and applied the settings, repaired the wrong rule for SYNC interface and syncronization worked perfectly and the correct rules per interface were updated on the backup firewall. A pair of happy pfSense pups !
I expect there must be some stray hard coding linking the original OPT1, 2, 3 interface assignment rather than the user assigned Interface named ?

Again, many thanks guys for a brilliant tool !

Offline jimp

  • Administrator
  • Hero Member
  • *****
  • Posts: 21619
  • Karma: +1485/-26
    • View Profile
Re: CARP XMLRPC updates wrong interface rules
« Reply #1 on: March 03, 2011, 08:38:26 am »
CARP systems must have an identical set of interfaces in the exact same order.

That has always been the case.
Need help fast? Commercial Support!

Co-Author of pfSense: The Definitive Guide. - Check the Doc Wiki for FAQs.

Do not PM for help!