[Bug 234472] Missing outgoing CARP traffic on interface

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Fri Dec 28 18:39:28 UTC 2018 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234472

            Bug ID: 234472
           Summary: Missing outgoing CARP traffic on interface
           Product: Base System
           Version: 11.2-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: pgadmin at pse-consulting.de

For quite a while (I think it started with 10.x) I have a CARP problem with a
pair of opnSense routers. No one could help over there, so I'm posting here.

The router pair was running for some years correctly with ~20 vifs on 4
interfaces. After an update (incl kernel), things went wrong: the backup
machine turned to CARP master on the wan interface ix4, other interfaces
remained backup, with the master machine having all interfaces as carp master.
The result wasn't healthy, no surprise.

Debugging using tcpdump, I found that the backup router didn't receive any carp
announcements on the wan interface, until I disabled the firewall (pfctl -d) on
the master (!) completely. Obviously, pf is filtering the outgoing carp traffic
on the master, but I couldn't find any configuration that would do so. Even a 
"pass out quick on ix4 proto carp from {any} to {any}" as first filter rule
didn't help.

Any helpful hints?

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list