From owner-freebsd-pf@FreeBSD.ORG Tue Jun 6 02:01:35 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6179E16D5CA for ; Tue, 6 Jun 2006 01:28:51 +0000 (UTC) (envelope-from kian.mohageri@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.191]) by mx1.FreeBSD.org (Postfix) with ESMTP id 676B343D6E for ; Tue, 6 Jun 2006 01:28:26 +0000 (GMT) (envelope-from kian.mohageri@gmail.com) Received: by nf-out-0910.google.com with SMTP id m18so1608529nfc for ; Mon, 05 Jun 2006 18:28:25 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=Sn+Jb1FpNDuEQosyPDHSyrgH7QiyAY0e5kbJDQ52lsQVrsZpIPnNf0CfZK3aUBfLtsK2vtm0UZBY61lwiVKq5nPPKiUjvbb/YqrdCXwigrZg5mwHxBrt+7N+mEq3mMYRIZ51eQdr6tbXBmGRCqR9/1GV2cnF9KO70MZpXGvO6b4= Received: by 10.48.213.20 with SMTP id l20mr4857782nfg; Mon, 05 Jun 2006 18:28:25 -0700 (PDT) Received: by 10.49.42.8 with HTTP; Mon, 5 Jun 2006 18:28:25 -0700 (PDT) Message-ID: Date: Mon, 5 Jun 2006 18:28:25 -0700 From: "Kian Mohageri" To: "David DeSimone" In-Reply-To: <20060605234031.GA4787@verio.net> MIME-Version: 1.0 References: <20060605234031.GA4787@verio.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-pf@freebsd.org Subject: Re: pfsync after reboot does not synchronize X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 06 Jun 2006 02:01:35 -0000 1. Why does pfsync synchronize the state tables when I use the > "ifconfig syncdev" trick to force a bulk update, yet it does > not do this when the system is booting up? What does your rc.conf look like? 2. Why does pfsync keep repeating the bulk update request and then give > up? What message is not getting through? Are you running the same versions of everything on all nodes? Different versions of pfsync can sometimes not keep state with eachother (3.8 -> 3.9comes to mind). The two cluster members have a direct cross-cable between them. My PF > policy has these settings: > > set skip on pfsync0 > > pass quick on fxp0 proto pfsync # $pfsync_syncdev Won't fix your problem, but if you 'set skip' on that interface, you don't need to 'pass quick' as filtering isn't applied. Kian _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" >