Date: Mon, 10 Apr 2006 09:46:00 +0200 From: David =?iso-8859-1?q?Sieb=F6rger?= <drs@rucus.net> To: freebsd-pf@freebsd.org Subject: pfsync's syncpeer address is backwards Message-ID: <200604100946.00773.drs@rucus.net>
next in thread | raw e-mail | index | archive | help
I've found that I need to specify the syncpeer IP address backwards for it to work. Here's how my pfsync0 interface is configured: root@bert# ifconfig pfsync0 pfsync0: flags=41<UP,RUNNING> mtu 1348 pfsync: syncdev: vlan0 syncpeer: 3.12.231.146 maxupd: 128 but the traffic is sent with the IP address the right way around: root@bert# tcpdump -pni vlan0 proto pfsync tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan0, link-type EN10MB (Ethernet), capture size 96 bytes 09:32:12.455049 IP 146.231.12.2 > 146.231.12.3: pfsync 356 09:32:12.548227 IP 146.231.12.3 > 146.231.12.2: pfsync 268 09:32:13.457113 IP 146.231.12.2 > 146.231.12.3: pfsync 356 09:32:13.650316 IP 146.231.12.3 > 146.231.12.2: pfsync 268 pfsync does work now, in that both firewalls are aware of state changes, but it would seem that either there's an extra or a missing hton/ntoh call somewhere in pfsync. I'm running FreeBSD 6.1-RC (compiled from < 24h old source). The "hardware" configuration is a bit unusual, though: I'm using pfsync on vlan0, whose parent device is le1 in a VMware Server virtual machine. Is anyone else seeing anything similar? -- David Siebörger drs@rucus.ru.ac.za
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200604100946.00773.drs>