pf + pfsync + carp ... more fun
Matthew Grooms
mgrooms at seton.org
Thu Mar 3 20:27:42 GMT 2005
While running tests in my lab, there have been a few times where I
could no longer talk out my external interface. This usually happens
after I ifconfig em0 up / down a few times to force the carp0 failover.
Previously, I have just rebooted the box since I was concentrating on
testing the pf + pfsync stuff but this time I stopped to take a look
and noticed that I am loosing a route for the locally attached network.
Is this the intended behavior?
--- output from defunct fw1 ---
root at fw1# ping 192.168.253.252
PING 192.168.253.252 (192.168.253.252): 56 data bytes
ping: sendto: No route to host
ping: sendto: No route to host
^C
--- 192.168.253.252 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
root at fw1# route -n
usage: route [-dnqtv] command [[modifiers] args]
root at fw1# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.253.252 UGS 0 24 em0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.251 link#3 UC 0 0 em2
192.168.251.1 192.168.251.1 UH 0 0 carp2
192.168.252 link#6 UC 0 0 em5
192.168.252.3 00:04:23:08:17:6b UHLW 0 17 em5 729
192.168.253 link#10 UC 0 0 carp0
192.168.253.1 192.168.253.1 UH 0 4 carp0
192.168.253.252 link#10 UHRLW 1 2 carp0
192.168.254 link#2 UC 0 0 em1
192.168.254.1 192.168.254.1 UH 0 0 carp1
192.168.254.51 00:0d:56:de:9e:3a UHLW 0 253 em1 1162
--- output from working fw2 ---
default 192.168.253.252 UGS 0 572 em0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.251 link#3 UC 0 0 em2
192.168.252 link#6 UC 0 0 em5
192.168.252.2 00:04:23:08:17:37 UHLW 0 18 em5 585
192.168.253 link#1 UC 0 0 em0
192.168.253.252 link#1 UHLW 1 0 em0
192.168.254 link#2 UC 0 0 em1
192.168.254.51 00:0d:56:de:9e:3a UHLW 0 64 em1 1192
If I need to repost this over to the net mailing list, please let me
know. Thanks in advance.
Matthew Grooms
More information about the freebsd-pf
mailing list