[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pfsync after reboot does not synchronize
- To: freebsd-pf_(_at_)_freebsd_(_dot_)_org
- Subject: Re: pfsync after reboot does not synchronize
- From: David DeSimone <fox_(_at_)_verio_(_dot_)_net>
- Date: Mon, 5 Jun 2006 23:10:01 -0500
- Mail-followup-to: freebsd-pf_(_at_)_freebsd_(_dot_)_org
Kian Mohageri <kian_(_dot_)_mohageri_(_at_)_gmail_(_dot_)_com> wrote:
> > Why does pfsync synchronize the state tables when I use the
> > "ifconfig syncdev" trick to force a bulk update, yet it does
> > not do this when the system is booting up?
> What does your rc.conf look like?
ifconfig_dc0="inet 192.168.40.231 netmask 255.255.255.224"
ifconfig_dc1="inet 172.16.30.2 netmask 255.255.255.0"
ifconfig_carp0="inet 192.168.40.230 netmask 255.255.255.224 vhid 230"
ifconfig_carp1="inet 172.16.30.1 netmask 255.255.255.0 vhid 11"
As you can see, no IP is put on the sync interface; it is merely
configured up. Auto-negotiation succeeds on both ends of the cross
media: Ethernet autoselect (100baseTX <full-duplex>)
> > Why does pfsync keep repeating the bulk update request and then give
> > up? What message is not getting through?
> Are you running the same versions of everything on all nodes?
> Different versions of pfsync can sometimes not keep state with
> eachother (3.8 -> 3.9comes to mind).
Both are FreeBSD 6.0-RELEASE cloned from the same disk.
> > set skip on pfsync0
> > pass quick on fxp0 proto pfsync # $pfsync_syncdev
> Won't fix your problem, but if you 'set skip' on that interface, you
> don't need to 'pass quick' as filtering isn't applied.
Note that the "set skip" is on the pfsync0 pseudo interface, while the
"pass quick" is on the actual fxp0 interface.
Is there a protocol other than pfsync that should be permitted on that
interface? I didn't expect I'd see any other protocol there, so I
didn't bother to allow anything else.
David DeSimone == Network Admin == fox_(_at_)_verio_(_dot_)_net
"It took me fifteen years to discover that I had no
talent for writing, but I couldn't give it up because
by that time I was too famous. -- Robert Benchley
freebsd-pf_(_at_)_freebsd_(_dot_)_org mailing list
To unsubscribe, send any mail to "freebsd-pf-unsubscribe_(_at_)_freebsd_(_dot_)_org"