From owner-freebsd-pf@FreeBSD.ORG Sun Jun 26 02:11:32 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B8D2516A41C for ; Sun, 26 Jun 2005 02:11:32 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 77EA243D1D for ; Sun, 26 Jun 2005 02:11:32 +0000 (GMT) (envelope-from sullrich@gmail.com) Received: by rproxy.gmail.com with SMTP id r35so1040400rna for ; Sat, 25 Jun 2005 19:11:31 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=BCanDoTqXJeYRjvI34LHHUhsQxoPX/8gGYmTn2eo8sWNLUdJd9YSewCQs09Qa4cI+LR1+AHz3Vr8V0J4lkhorjjcJiOTfrahfMYoYhM5jFrpnHPbtP3wb4hPSwVcLYmrA7gnOzfgvYGyPDcI1+iEFYSi6wE6zsICIVxpLv1qUw4= Received: by 10.38.67.10 with SMTP id p10mr466304rna; Sat, 25 Jun 2005 19:11:31 -0700 (PDT) Received: by 10.38.207.79 with HTTP; Sat, 25 Jun 2005 19:11:31 -0700 (PDT) Message-ID: Date: Sat, 25 Jun 2005 22:11:31 -0400 From: Scott Ullrich To: Sascha Luck In-Reply-To: <20050626020825.GA45376@saoirse.c4inet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <20050626020825.GA45376@saoirse.c4inet.net> Cc: freebsd-pf@freebsd.org Subject: Re: pfsync / 6-CURRENT-amd64 X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Scott Ullrich List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 26 Jun 2005 02:11:32 -0000 On 6/25/05, Sascha Luck wrote: > Hi, >=20 > I've built a redundant firewall setup with pf / CARP / pfsync on > CURRENT. pf and CARP are working well, the traffic fails over > without problems. > pfsyc, however, seems not to work at all. There is no traffic on > the sync interface, the states are (obviously) not being synced. >=20 > The NICs are all Intel 1000MT dual-port cards (btw, I can confirm > that fail-over on VLAN interfaces on em NICs does work on CURRENT) >=20 > CURRENT kernel versions: > FreeBSD 6.0-CURRENT #0: Sun Jun 26 02:10:42 IST 2005 >=20 > pf, pflog and pfsync are built into the kernel. both pfsync > interfaces are up and connected to the syncif, they are connected > by xover cable: >=20 > cwi010# ifconfig pfsync0 > pfsync0: flags=3D41 mtu 1348 > pfsync: syncdev: em5 maxupd: 128 >=20 > em5: flags=3D8843 mtu 1500 > options=3D4b > inet 10.10.255.2 netmask 0xffffff00 broadcast 10.10.255.255 > inet6 fe80::211:43ff:fee5:8377%em5 prefixlen 64 scopeid 0x6 > ether 00:11:43:e5:83:77 > media: Ethernet autoselect (1000baseTX ) > status: active >=20 > Has anyone seen similar effects? Is this connected to the network > interface changes as of Jun 9? For what it's worth we are also seeing this same problem on pfSense with from what I can tell is all NICS. Let me know if you need any more information. It seems to have broken around the 10th. Regards, Scott