'Re: [pfSense Support] CARP with pfsense 0.53.3-Feliz-Gravitas-#3'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pfsense-support
Subject:    Re: [pfSense Support] CARP with pfsense 0.53.3-Feliz-Gravitas-#3
From:       Scott Ullrich <sullrich () gmail ! com>
Date:       2005-03-17 19:38:41
Message-ID: d5992baf05031711384f0c67dd () mail ! gmail ! com
[Download RAW message or body]

CARP uses the firewall rules from the interface that the subnet
resides on.   With this said, have you added ICMP rules for the
interface in question?

IE: if you have a carp address that lies within your lan subnet, then
you'll need lan rules, etc.

Scott



On Thu, 17 Mar 2005 14:41:50 -0400, Dave C. Arthur <dave@forchu.ca> wrote:
> 
> 
> -----Original Message-----
> From: Scott Ullrich [mailto:sullrich@gmail.com]
> Sent: Thursday, March 17, 2005 12:02 PM
> To: Dave C. Arthur
> Cc: support@pfsense.com
> Subject: Re: [pfSense Support] CARP with pfsense
> 0.53.3-Feliz-Gravitas-#3
> 
> Ok. I issued the command <rm /usr/local/pkg/pf/*> and then tried
> </usr/local/etc/rc.d/carp.sh> there were no errors.
> 
> From my workstation on my LAN segment, I can ping the 'real' ip but
> still cannot ping the 'carp' ip. If I look in the ARP table I am getting
> an entry. This leads me to believe that the pf filters are causing the
> problem(s). The CARP interface seems to be behaving properly.
> 
> C:\Documents and Settings\Administrator>arp -d *
> 
> C:\Documents and Settings\Administrator>ping 192.168.1.253
> 
> Pinging 192.168.1.253 with 32 bytes of data:
> 
> Reply from 192.168.1.253: bytes=32 time=4ms TTL=64
> Reply from 192.168.1.253: bytes=32 time=1ms TTL=64
> Reply from 192.168.1.253: bytes=32 time=1ms TTL=64
> Reply from 192.168.1.253: bytes=32 time=1ms TTL=64
> 
> Ping statistics for 192.168.1.253:
>     Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
>     Minimum = 1ms, Maximum = 4ms, Average = 1ms
> 
> C:\Documents and Settings\Administrator>ping 192.168.1.254
> 
> Pinging 192.168.1.254 with 32 bytes of data:
> 
> Request timed out.
> Request timed out.
> Request timed out.
> Request timed out.
> 
> Ping statistics for 192.168.1.254:
>     Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
> 
> C:\Documents and Settings\Administrator>arp -a
> 
> Interface: 192.168.1.1 --- 0x10003
>   Internet Address      Physical Address      Type
>   192.168.1.253         00-03-ff-a1-fb-78     dynamic
>   192.168.1.254         00-00-5e-00-01-01     dynamic
> 
> I modified the default outgoing pf rule to allow a source of any. I then
> get the following error on the GUI and also at the CLI.
> 
> Parse error: parse error, unexpected '{' in /etc/inc/filter.inc(165) :
> eval()'d code on line 1
> 
> Regards
> 
> Dave
> 
> 
> On Wed, 16 Mar 2005 21:04:43 -0400, Dave C. Arthur <dave@forchu.ca>
> wrote:
> 
> Issue this command on the console and see if it goes away:
> 
> rm /usr/local/pkg/pf/*
> 
> Regards,
> 
> Scott
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@pfsense.com
> For additional commands, e-mail: support-help@pfsense.com
> 
>

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic