From owner-freebsd-pf@FreeBSD.ORG Thu Sep 16 02:31:05 2004 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 004C816A4CF for ; Thu, 16 Sep 2004 02:31:05 +0000 (GMT) Received: from gecea.ist.utl.pt (gecea.ist.utl.pt [193.136.140.145]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7AB3643D41 for ; Thu, 16 Sep 2004 02:31:04 +0000 (GMT) (envelope-from brunomiguel@dequim.ist.utl.pt) Received: from [10.10.59.250] (unknown [81.84.199.69]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by gecea.ist.utl.pt (Postfix) with ESMTP id 5384C4092 for ; Thu, 16 Sep 2004 03:31:08 +0100 (WEST) Message-ID: <4148FAE3.1090003@dequim.ist.utl.pt> Date: Thu, 16 Sep 2004 03:30:59 +0100 From: Bruno Afonso User-Agent: Mozilla Thunderbird 0.7 (X11/20040619) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-pf@freebsd.org References: <41476126.7000503@dequim.ist.utl.pt> <41487CDA.7080709@dequim.ist.utl.pt> <200409160156.18049.max@love2party.net> In-Reply-To: <200409160156.18049.max@love2party.net> X-Enigmail-Version: 0.84.1.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: RELENG_5 and carp patches - Status X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical discussion and general questions about packet filter (pf) List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Sep 2004 02:31:05 -0000 I've forgotten to say one thing. I had to add the carp definition to /etc/protocols. In reality, I renamed "vrrp" to "carp" after looking at openbsd's /etc/protocols. So, it's missing in the patch too. Max Laier wrote: > On Wednesday 15 September 2004 19:33, Bruno Afonso wrote: > >>=> WORKS: >> >>I've set carp0 and carp1 with the ips my NAT box uses and it's working >>flawlessly up until now (some hours). I have yet to set the backup box >>as it's really really old and I'm waiting for it to compile world and >>kernel... :) >> >>I will try failover in the next days. >> >> >>=> DOES NOT WORK: >> >>ifconfig pfsync syncif does not work >>carp-testing-box# ifconfig pfsync0 up syncif fxp0 >>ifconfig: syncif: bad value > > > Ugh ... this got completely forgotten. Check the patch at: > http://people.freebsd.org/~mlaier/ifconfig.pfsync.patch (hope it still > applies) it will certainly cause rejects with the carp-ifconfig ... Seems to apply cleanly. You have to cd /usr/src/sbin/ifconfig before "patch -p0 < " though. I can now do "ifconfig pfsync0 up syncif " without any error. >>accessing carp'ed IP address does not work >>carp-testing-box# ping IP >>PING IP (IP): 56 data bytes >>ping: sendto: Operation not permitted > > > EPERM is clearly a problem of your firewalling rules on the box that is trying > to ping. Doh! Damn home made script to generate the pf conf file... :-) I needed to open carp0 from (carp0) to (carp0). Another interesting aspect is that traffic originating from the machine come from the non-carp ips. :-) >>I also get "arp_rtrequest: bad gateway IP (!AF_LINK)" in /var/log/messages. > > > This described in: http://people.freebsd.org/~mlaier/CARP/README and it's not > a problem only a bit distrubing. Ye, doesn't bother. > hmmm ... looks like netstat has been built with different headers as the > kernel. Try make installincludes and rebuild+install netstat. Did it. Same error(s). I'm gonna recompile world and kernel just for the sake of it. :-) and rm -rf /usr/obj. BA -- Bruno Afonso http://dequim.ist.utl.pt/~bruno/sciTocs/ - Bruno's SciTocs! http://freebsd-pt.org/forum/ - Portuguese FreeBSD forum