From owner-freebsd-pf@FreeBSD.ORG Mon Feb 15 07:06:01 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC96E1065676 for ; Mon, 15 Feb 2010 07:06:01 +0000 (UTC) (envelope-from k@kevinkevin.com) Received: from mail-iw0-f180.google.com (mail-iw0-f180.google.com [209.85.223.180]) by mx1.freebsd.org (Postfix) with ESMTP id 9C98F8FC0C for ; Mon, 15 Feb 2010 07:06:01 +0000 (UTC) Received: by iwn10 with SMTP id 10so353499iwn.13 for ; Sun, 14 Feb 2010 23:06:00 -0800 (PST) Received: by 10.231.144.15 with SMTP id x15mr7265897ibu.99.1266217560787; Sun, 14 Feb 2010 23:06:00 -0800 (PST) Received: from kkPC (not.enough.unixsluts.com [76.10.166.187]) by mx.google.com with ESMTPS id 21sm6093961iwn.10.2010.02.14.23.05.59 (version=SSLv3 cipher=RC4-MD5); Sun, 14 Feb 2010 23:05:59 -0800 (PST) From: "kevin" To: Date: Mon, 15 Feb 2010 02:05:56 -0500 Message-ID: <006401caae0d$530b5560$f9220020$@com> MIME-Version: 1.0 X-Mailer: Microsoft Office Outlook 12.0 thread-index: AcquDVIZ8/RvpCPKR+OnOH1/kDqsiA== Content-Language: en-us Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: Server unresponsive when using transparent bridging w/ pf + pfsync X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 Feb 2010 07:06:02 -0000 Hello, I'd like to get thoughts / input to the following application of 2x FreeBSD redundant firewalls. I have two firewalls with transparent bridges of the inside/outside interfaces (2 interfaces each firewall). A third interface is used for PFSYNC state synchronization. Synchronization of states is fine. However, if the bridge0 interface is enabled on the second firewall, the first firewall completely halts and is unresponsive ,with no message on the console or in /var/log/messages. Unfortunately debug flags are disabled on both machines. One is 7.1-PRERELEASE and the other is 7.2-STABLE. I am in the process of upgrading the first one to 7.2-STABLE as well. Is this a viable scenario in the first place? Forgive my inexperience , any suggestions are welcome. Many Thanks.