Project

General

Profile

Bug #3075

Can't delete unused Virtual IP "referenced by a least one gateway"

Added by Christian McDonald about 7 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Category:
Virtual IP Addresses
Target version:
Start date:
07/05/2013
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.1
Affected Architecture:
All

Description

I am working on some minor shuffling around of statics from my /29 block of IPs from my ISP. On 2.0.3 and 2.1 snapshots prior to the revision linked below, I could delete Virtual IPs that existed within the same subnet as my gateway. I don't believe this was the intended behavior from this revision.

http://redmine.pfsense.org/projects/pfsense/repository/revisions/55705b333518144ccea42219c8459b5d0b1d6ecc

History

#1 Updated by Chris Buechler about 7 years ago

that input validation should only apply when it's the only VIP that exists in that gateway's subnet.

#2 Updated by Christian McDonald about 7 years ago

I'm not sure that I'm following you. Let's say my block of public IPs is as follows:

1.1.1.30 (gateway)
1.1.1.29
1.1.1.28
1.1.1.27
1.1.1.26
1.1.1.25

If my wan interface is set as 1.1.1.29 with gateway 1.1.1.30, and I have a virtual IP set as 1.1.1.25, if that VIP is not being used with anything (NAT, etc.), why shouldn't I be able to delete it? Like I said, I know I did this a few times without any problems under older builds. Thanks

#3 Updated by Renato Botelho about 7 years ago

  • Status changed from New to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

The fix for #2962 introduced this issue. I fixed it, please check tomorrow's snapshot.

#4 Updated by Christian McDonald about 7 years ago

Thanks Renato!

#5 Updated by Dan Lundqvist about 7 years ago

Sent to forum on 9th July
http://forum.pfsense.org/index.php/topic,64326.0.html

I have just updated to the latest build (2.1-RC0 (i386) built on Tue Jul 9 23:03:10 EDT 2013"
but still see this problem when trying to remove "*IP Alias*" entries.

I get "This entry cannot be deleted because it is still referenced by at least one Gateway." when trying
to remove one IP Alias. (I only have one primary IP defined in the WAN-interface .51 at end
and one VirtualIP IP Alias with .53 at the end. Is in same subnet as primary IP and only have one VirtualIP defined.

basically this is the setup:
xx.xx.165.1/24 Gateway
xx.xx.165.51/24 Main WAN IP
xx.xx.165.53/24 VirtualIP IP Alias With NOTHING tied like NAT or similar. Just created IP Alias.

The "IP Alias" was created in an earlier build from June.

I was only doing some tests for a colleague and need to undefine the IP Alias as this IP
is normally used in another router and is temporary disconnected so I could do the test.
As long as this IP is now tied to pfSense it will answer ARPs and I will get an IP collision.

I found another thread that was dealing with similar but for CARP IP and that was suppose to
be fixed but still have problem with IP Alias.
http://forum.pfsense.org/index.php/topic,64156.0.html

Best regards
Dan Lundqvist
Stockholm, Sweden

#6 Updated by Renato Botelho about 7 years ago

It's fixed now. Please test with tomorrow snapshot or gitsync

#7 Updated by Dan Lundqvist about 7 years ago

I can confirm that the bugfix is now working OK also on IP-Alias after testing.
I propose to close this bug.

Best regards
Dan Lundqvist
Stockholm, Sweden

#8 Updated by Chris Buechler about 7 years ago

  • Status changed from Feedback to Closed

thanks

#9 Updated by Tobi Miller about 4 years ago

I have pfsense 2.3 (amd64) running and this issue seems to be present again. I have setup a main virtual IP which I use to bind services. Now I added another virtual IP from the same subnet, but now I cannot remove this newly added virtual ip. The error message always is "This entry cannot be deleted because it is still referenced by at least one Gateway."
My setup:

Subnet xx.xx.xx.208/29
GW xx.xx.xx.209
virtIP xx.xx.xx.210
virtIP xx.xx.xx.214

the second virtual IP I want to remove, but fails with error above

#10 Updated by Flavio Stanchina almost 4 years ago

I've got this error on 2.3.2_1, on a CARP VIP I just added for a test. I'm 100% sure that VIP is not being used for anything (added it, checked if it was MASTER on the dashboard, immediately went back to delete it). It's outside the interface's subnet, if that makes a difference, and I have three other VIPs on that interface (all of them outside the interface's subnet).

This happened on a non-production firewall where I'm testing a scenario I want to replicate in production, so this is going to be a problem for me in a few days.

Also available in: Atom PDF