[prev in list] [next in list] [prev in thread] [next in thread]
List: pfsense-support
Subject: Re: [pfSense Support] CARP with pfsense 0.53.3-Feliz-Gravitas-#3
From: Scott Ullrich <sullrich () gmail ! com>
Date: 2005-03-17 19:38:41
Message-ID: d5992baf05031711384f0c67dd () mail ! gmail ! com
[Download RAW message or body]
CARP uses the firewall rules from the interface that the subnet
resides on. With this said, have you added ICMP rules for the
interface in question?
IE: if you have a carp address that lies within your lan subnet, then
you'll need lan rules, etc.
Scott
On Thu, 17 Mar 2005 14:41:50 -0400, Dave C. Arthur <dave@forchu.ca> wrote:
>
>
> -----Original Message-----
> From: Scott Ullrich [mailto:sullrich@gmail.com]
> Sent: Thursday, March 17, 2005 12:02 PM
> To: Dave C. Arthur
> Cc: support@pfsense.com
> Subject: Re: [pfSense Support] CARP with pfsense
> 0.53.3-Feliz-Gravitas-#3
>
> Ok. I issued the command <rm /usr/local/pkg/pf/*> and then tried
> </usr/local/etc/rc.d/carp.sh> there were no errors.
>
> From my workstation on my LAN segment, I can ping the 'real' ip but
> still cannot ping the 'carp' ip. If I look in the ARP table I am getting
> an entry. This leads me to believe that the pf filters are causing the
> problem(s). The CARP interface seems to be behaving properly.
>
> C:\Documents and Settings\Administrator>arp -d *
>
> C:\Documents and Settings\Administrator>ping 192.168.1.253
>
> Pinging 192.168.1.253 with 32 bytes of data:
>
> Reply from 192.168.1.253: bytes=32 time=4ms TTL=64
> Reply from 192.168.1.253: bytes=32 time=1ms TTL=64
> Reply from 192.168.1.253: bytes=32 time=1ms TTL=64
> Reply from 192.168.1.253: bytes=32 time=1ms TTL=64
>
> Ping statistics for 192.168.1.253:
> Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
> Approximate round trip times in milli-seconds:
> Minimum = 1ms, Maximum = 4ms, Average = 1ms
>
> C:\Documents and Settings\Administrator>ping 192.168.1.254
>
> Pinging 192.168.1.254 with 32 bytes of data:
>
> Request timed out.
> Request timed out.
> Request timed out.
> Request timed out.
>
> Ping statistics for 192.168.1.254:
> Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
>
> C:\Documents and Settings\Administrator>arp -a
>
> Interface: 192.168.1.1 --- 0x10003
> Internet Address Physical Address Type
> 192.168.1.253 00-03-ff-a1-fb-78 dynamic
> 192.168.1.254 00-00-5e-00-01-01 dynamic
>
> I modified the default outgoing pf rule to allow a source of any. I then
> get the following error on the GUI and also at the CLI.
>
> Parse error: parse error, unexpected '{' in /etc/inc/filter.inc(165) :
> eval()'d code on line 1
>
> Regards
>
> Dave
>
>
> On Wed, 16 Mar 2005 21:04:43 -0400, Dave C. Arthur <dave@forchu.ca>
> wrote:
>
> Issue this command on the console and see if it goes away:
>
> rm /usr/local/pkg/pf/*
>
> Regards,
>
> Scott
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: support-unsubscribe@pfsense.com
> For additional commands, e-mail: support-help@pfsense.com
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic