[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pfsync after reboot does not synchronize

Kian Mohageri <kian_(_dot_)_mohageri_(_at_)_gmail_(_dot_)_com> wrote:
> > Why does pfsync synchronize the state tables when I use the
> > "ifconfig syncdev" trick to force a bulk update, yet it does
> > not do this when the system is booting up?
> What does your rc.conf look like?



    cloned_interfaces="carp0 carp1"

    ifconfig_dc0="inet netmask"
    ifconfig_dc1="inet netmask"


    ifconfig_carp0="inet netmask vhid 230"
    ifconfig_carp1="inet netmask vhid 11"

As you can see, no IP is put on the sync interface; it is merely
configured up.  Auto-negotiation succeeds on both ends of the cross

    media: Ethernet autoselect (100baseTX <full-duplex>)

> > Why does pfsync keep repeating the bulk update request and then give
> > up?  What message is not getting through?
> Are you running the same versions of everything on all nodes? 
> Different versions of pfsync can sometimes not keep state with
> eachother (3.8 -> 3.9comes to mind).

Both are FreeBSD 6.0-RELEASE cloned from the same disk.

> >    set skip on pfsync0
> >
> >    pass quick on fxp0 proto pfsync     # $pfsync_syncdev
> Won't fix your problem, but if you 'set skip' on that interface, you
> don't need to 'pass quick' as filtering isn't applied.

Note that the "set skip" is on the pfsync0 pseudo interface, while the
"pass quick" is on the actual fxp0 interface.

Is there a protocol other than pfsync that should be permitted on that
interface?  I didn't expect I'd see any other protocol there, so I
didn't bother to allow anything else.

David DeSimone == Network Admin == fox_(_at_)_verio_(_dot_)_net
  "It took me fifteen years to discover that I had no
   talent for writing, but I couldn't give it up because
   by that time I was too famous.  -- Robert Benchley
freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
To unsubscribe, send any mail to "freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"