Date: Mon, 28 Sep 2015 04:35:22 -0400 From: Allan Jude <allanjude@freebsd.org> To: freebsd-bugbusters@freebsd.org Subject: Re: can't use a firewall cluster as DGW Message-ID: <5608FBCA.8070108@freebsd.org> In-Reply-To: <08C1F0DB82CAD14DA46313AE457AFF721B922437@fieinfmbx2vp.fiege.com> References: <08C1F0DB82CAD14DA46313AE457AFF721B922437@fieinfmbx2vp.fiege.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 09/28/2015 04:23, Wanka, Silvio wrote: > Hi, > > I need a simple solution which is offered by dnsmasq, so the simple way was too install pfsence as VMware VM and use the web interface to configure dnsmasq, but the Default Gateway does not work. Because pfsence is sometimes “special” if have replaces the HD of the VM by the vmdk offered on FreeBSD Download site (10.2). But it is the same problem, if I start the same VM with a Linux Live ISO all works properly. And also Windows has no problem with this firewall cluster as DGW. > > I can ping any other device in the subnet (except devices which does not answer on ICMP) but for the DGW I get always: > > Ping: sendto: Host is down > > Any Linux or Windows system can ping to this IP and also the Live Linux which has the same MAC and was configured with the same network settings (IP, Mask, Gateway). > > My network guy gives me the hint that this FW cluster uses virtual MAC addresses and some devices can’t handle this correctly. So I have checked the ARP table directly after the aborted not working ping and of course, this can’t work: > > # arp 192.198.9.254 > ? (192.198.9.254) at (incomplete) on em0 expired [ethernet] > > It looks for me that BSD does not understand the ARP protocol (extension/variant?) which is used here. I must now decide if I switch to Linux or add a static ARP entry, BTW is there already a config file for static arp entries to don’t loss them after a reboot? > > Br, > Silvio > > Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet. > > > > Wir arbeiten ausschließlich auf Grundlage der Allgemeinen Deutschen Spediteurbedingungen, jeweils neuester Fassung. Diese beschränken in Ziffer 23 ADSp die gesetzliche Haftung für Güterschäden nach § 431 HGB für Schäden im speditionellen Gewahrsam auf 5,-- Euro/kg, bei multimodalen Transporten unter Einschluss einer Seebeförderung auf 2 SZR/kg sowie ferner je Schadenfall bzw. -ereignis auf 1 Mio. bzw. 2 Mio. Euro oder 2 SZR/kg, je nachdem, welcher Betrag höher ist. Ergänzend wird vereinbart, dass (1) Ziffer 27 ADSp weder die Haftung des Spediteurs noch die Zurechnung des Verschuldens von Leuten und sonstigen Dritten abweichend von gesetzlichen Vorschriften wie § 507 HGB, Art. 25 MÜ, Art. 36 CIM, Art. 20, 21 CMNI zu Gunsten des Auftraggebers erweitert, (2) der Spediteur als Verfrachter in den in § 512 Abs. 2 Nr. 1 HGB aufgeführten Fällen des nautischen Verschulden oder Feuer an Bord nur für eigenes Verschulden haftet und (3) der Spediteur als Frachtführer im Sinne d er CMNI unter den in Art. 25 Abs. 2 CMNI genannten Voraussetzungen nicht für nautisches Verschulden, Feuer an Bord oder Mängel des Schiffes haftet. > > > > All our business is transacted exclusively on the basis of the German Freight Forwarders' Standard Terms and Conditions (ADSp), and, to the extent these do not apply to logistics services, in accordance with the General Terms and Conditions for Logistics (Logistik-AGB) most recent edition. Under Clause 23 ADSp, liability for damage/loss to goods according to § 431 HGB (German Commercial Code) is limited - to 5 EUR/kg whilst in the custody of the freight forwarder - to 2 SDR/kg (Special Drawing Rights) for multimodal carriage incl. sea transport - to 1 million EUR or 2 SDR/kg per claim or to 2 million EUR or 2 SDR/kg per event, irrespective of the number of claims per event, in each case whichever is higher. If we are liable according to the provisions of the Montreal Convention, clause 27 ADSp shall not apply. Clause 27 ADSp shall also not be considered as an extension of our liability through imputation of default by agents, representatives, employees, subcontractors or other thi r d parties in the cases of Art. 36 CIM, Art. 21 CMNI or section 660 HGB. Otherwise clause 27 ADSp shall remain unaffected. > > > _______________________________________________ > freebsd-bugbusters@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-bugbusters > To unsubscribe, send any mail to "freebsd-bugbusters-unsubscribe@freebsd.org" > FreeBSD does not have any problems with ARP. There are a few possibilities here: 1) Did you check that the IP address you are trying to ping is actually assigned to an interface in pfSense? 2) In the VMWare options for the NIC, enable 'promiscuous mode', this allows the NIC to receive packets destin for a MAC address other than the one on the VMWare virtual NIC, and can solve this problem among others, especially when using virtual MAC addresses (like lagg(4) and carp(4)) 3) Can the pfsense ping the IP that you are trying to ping the pfSense from? -- Allan Jude
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5608FBCA.8070108>