10/stable pfsync bulk fail
    Patrick Lamaiziere 
    patfbsd at davenulle.org
       
    Wed Jul 13 13:35:30 UTC 2016
    
    
  
Hello,
10/stable rev 302560
I'm building a pair of firewalls with pf and carp and the states are
well synchronized between the firewalls. But at startup or using
"service pfsync restart" pfsync fails the bulk update.
In rare situations the bulk is successful but I don't know why.
Jul 13 15:01:31 fucop1 kernel: carp: demoted by 240 to 3240 (pfsync bulk start)
Jul 13 15:02:32 fucop1 kernel: carp: demoted by -240 to 3000 (pfsync bulk done)
Jul 13 15:03:07 fucop1 kernel: carp: demoted by 240 to 3240 (pfsync bulk start)
Jul 13 15:04:12 fucop1 kernel: carp: demoted by -240 to 3000 (pfsync bulk fail)
/etc/rc.conf
pfsync_enable="YES"
pfsync_syncdev="ix1"
# ix1 : pfsync
ifconfig_ix1="inet 192.168.255.253/24 -tso -lro -vlanhwtso description PF_SYNC"
and on the second FW
# ix1 : pfsync
ifconfig_ix1="inet 192.168.255.254/24 -tso -lro -vlanhwtso description PF_SYNC"
and ix1 is skip in pf.conf
I've tried user the syncpeer option too.
Does it work for you? Or any idea
Thanks, regards
    
    
More information about the freebsd-net
mailing list