pfsync's syncpeer address is backwards
David Siebörger
drs at rucus.net
Mon Apr 10 07:46:08 UTC 2006
I've found that I need to specify the syncpeer IP address backwards for
it to work. Here's how my pfsync0 interface is configured:
root at bert# ifconfig pfsync0
pfsync0: flags=41<UP,RUNNING> mtu 1348
pfsync: syncdev: vlan0 syncpeer: 3.12.231.146 maxupd: 128
but the traffic is sent with the IP address the right way around:
root at bert# tcpdump -pni vlan0 proto pfsync
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on vlan0, link-type EN10MB (Ethernet), capture size 96 bytes
09:32:12.455049 IP 146.231.12.2 > 146.231.12.3: pfsync 356
09:32:12.548227 IP 146.231.12.3 > 146.231.12.2: pfsync 268
09:32:13.457113 IP 146.231.12.2 > 146.231.12.3: pfsync 356
09:32:13.650316 IP 146.231.12.3 > 146.231.12.2: pfsync 268
pfsync does work now, in that both firewalls are aware of state changes,
but it would seem that either there's an extra or a missing hton/ntoh
call somewhere in pfsync.
I'm running FreeBSD 6.1-RC (compiled from < 24h old source).
The "hardware" configuration is a bit unusual, though: I'm using pfsync
on vlan0, whose parent device is le1 in a VMware Server virtual
machine.
Is anyone else seeing anything similar?
--
David Siebörger
drs at rucus.ru.ac.za
More information about the freebsd-pf
mailing list