<http://openbsd.7691.n7.nabble.com/file/n257503/OpenBSD-CARP-Settup.jpg>
It is found that the handling of IP and Alias (in IPv4) of CARP/PF in
OpenBSD 5.5 are different. But I am not sure whether it is by design of by
software bug. It will be great if some can help to shoot the problem
*Problem Description*
1. A user on PC from external network can access the server smoothly
through the IP of carp0 (10.117.2.10), but laggy (or even fail) on accessing
the same server using alias IP of carp0 (10.117.2.11).
2. shared rules (pass, match, nat-to, rdr-to) are used in pf configuration
(shown below) for the IP and alias IP of the carp0
3. pflog shows some packets were blocked when connection using the alias
IP of carp0. No blocking is recorded when connection through the IP of
carp0
4. this happen only when the firewalls operated in Active/Active mode.
Everything work if change (or demote one member) to Active/Standby mode.
*Configuration*
Common PF configuration between FW nodes
# cat /etc/pf/pf.conf
set limit states 100000
man_if="bnx0"
ext_if="bnx1"
ext_carp="carp0"
int_if="bnx2"
sync_if="bnx3"
man_net="{ 192.168.0.0/16 }"
trust_hosts="{192.168.100.102, 192.168.200.102, 192.168.100.115,
192.168.100.115, 192.168.220.0/24}"
gnet_net="{ 10.0.0.0/8, 2406:0:8000::/40 }"
set skip on lo
block log (all) on $ext_if all
block log (all) on $man_if all
block in quick from urpf-failed
pass quick on $sync_if proto pfsync keep state (no-sync)
pass on { $ext_if, $int_if, $man_if } proto carp keep state (no-sync)
pass on any proto icmp from any to any
pass on any proto icmp6 from any to any
pass on $man_if inet proto tcp from $man_net to $man_if:network port ssh
anchor common.anchor
load anchor common.anchor from "/home/fwadmin/config/common.anchor"
anchor mgnt.anchor
load anchor mgnt.anchor from "/home/fwadmin/config/mgnt.anchor"
# cat /etc/pf/common.anchor
man_if="bnx0"
ext_if="bnx1"
ext_carp="carp0"
int_if="bnx2"
sync_if="bnx3"
man_net="{ 192.168.0.0/16 }"
gnet_net="{ 10.0.0.0/8, 2406:0:8000::/40 }"
default_outport="{22,80,443,8080,8443,9080,9443}"
pass on $man_if inet proto tcp from $man_net to $man_if:network port ssh
pass out on $ext_if inet proto tcp from $ext_if:network to $gnet_net port
$default_outport
# cat /etc/pf/mgnt.anchor
man_if="bnx0"
ext_if="bnx1"
ext_carp="carp0"
int_if="bnx2"
sync_if="bnx3"
SNAT_SMTP="{ 10.117.2.11 }"
VIP_MANNET="{ 192.168.100.250 }"
man_net="{ 192.168.0.0/16 }"
default_outport="{22,80,443}"
pass on $ext_if inet proto tcp from any to carp0 port $default_outport
pass out on $man_if inet proto tcp from any to $man_if:network port
$default_outport
match out on $man_if inet proto tcp from any to 192.168.100.117 port 80
nat-to carp1
match in on $ext_if inet proto tcp from any to carp0 port 80 rdr-to
192.168.100.117
match out on $man_if inet proto tcp from any to 192.168.100.117 port 22
nat-to carp1
match in on $ext_if inet proto tcp from any to carp0 port 22 rdr-to
192.168.100.117
setting on FW1
# uname -a
OpenBSD wcovpn01.ccgo.hksarg 5.5 GENERIC.MP#262 i386
# cat /etc/hostname.bnx0
inet 192.168.100.73 255.255.255.0
!route add 192.168.0.0/16 192.168.100.254
# cat /etc/hostname.bnx1
inet 10.117.2.9 255.255.255.224
!route add 10.0.0.0/8 10.117.2.30
# cat /etc/hostname.bnx3
inet 192.168.98.2 255.255.255.0 NONE
# cat /etc/hostname.carp0
inet 10.117.2.10 255.255.255.224 10.117.2.31 carpnodes 1:0,2:100 balancing
ip-stealth pass password
inet alias 10.117.2.11 255.255.255.255 NONE
# cat /etc/hostname.carp1
inet 192.168.100.250 255.255.255.0 192.168.100.255 carpnodes 9:0,10:100
balancing ip-stealth pass password
# cat /etc/hostname.pfsync0
up syncdev bnx3
# ifconfig carp0
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: carpdev bnx1 advbase 1 balancing ip-stealth
state MASTER vhid 1 advskew 0
state BACKUP vhid 2 advskew 100
groups: carp
status: master
inet6 fe80::200:5eff:fe00:103%carp0 prefixlen 64 scopeid 0x9
inet 10.117.2.10 netmask 0xffffffe0 broadcast 10.117.2.31
inet 10.117.2.11 netmask 0xffffffff
# ifconfig carp1
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:09
priority: 0
carp: carpdev bnx0 advbase 1 balancing ip-stealth
state MASTER vhid 9 advskew 0
state BACKUP vhid 10 advskew 100
groups: carp
status: master
inet6 fe80::200:5eff:fe00:109%carp1 prefixlen 64 scopeid 0xa
inet 192.168.100.250 netmask 0xffffff00 broadcast 192.168.100.255
setting on FW2
bash-4.2# uname -a
OpenBSD wcovpn02.ccgo.hksarg 5.5 GENERIC.MP#262 i386
bash-4.2# cat /etc/hostname.bnx0
inet 192.168.100.74 255.255.255.0
!route add 192.168.0.0/16 192.168.100.254
bash-4.2# cat /etc/hostname.bnx1
inet 10.117.2.8 255.255.255.224
!route add 10.0.0.0/8 10.117.2.30
bash-4.2# cat /etc/hostname.bnx3
inet 192.168.98.1 255.255.255.0 NONE
bash-4.2# cat /etc/hostname.carp0
inet 10.117.2.10 255.255.255.224 10.117.2.31 carpnodes 1:100,2:0 balancing
ip-stealth pass password
inet alias 10.117.2.11 255.255.255.255 NONE
bash-4.2# cat /etc/hostname.carp1
inet 192.168.100.250 255.255.255.0 192.168.100.255 carpnodes 9:100,10:0
balancing ip-stealth pass password
bash-4.2# cat /etc/hostname.pfsync0
up syncdev bnx3
bash-4.2# ifconfig carp0
carp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:01
priority: 0
carp: carpdev bnx1 advbase 1 balancing ip-stealth
state BACKUP vhid 1 advskew 100
state MASTER vhid 2 advskew 0
groups: carp
status: backup
inet6 fe80::225:b3ff:fe1e:7aca%carp0 prefixlen 64 scopeid 0x7
inet 10.117.2.10 netmask 0xffffffe0 broadcast 10.117.2.31
inet 10.117.2.11 netmask 0xffffffff
bash-4.2# ifconfig carp1
carp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:09
priority: 0
carp: carpdev bnx0 advbase 1 balancing ip-stealth
state BACKUP vhid 9 advskew 100
state MASTER vhid 10 advskew 0
groups: carp
status: backup
inet6 fe80::225:b3ff:fe1e:7aca%carp1 prefixlen 64 scopeid 0xa
inet 192.168.100.250 netmask 0xffffff00 broadcast 192.168.100.255
*Logs or diagnosis*
on FW1
# tcpdump -neeevvvttti pflog0 port 80
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
Oct 15 11:57:55.905517 rule 0/(match) [uid 0, pid 30828] block in on bnx1:
[orig src 10.30.68.99:54937, dst 10.117.2.11:80] 10.30.68.99.54937 >
192.168.100.117.80: . [bad tcp cksum 61e7!] 3640401221:3640401222(1) ack
602537014 win 256 (DF) [tos 0x30] (ttl 121, id 21196, len 41, bad cksum
53d2! differs by e761)
Oct 15 11:58:11.690721 rule 0/(match) [uid 0, pid 30828] block in on bnx1:
[orig src 10.30.68.99:54937, dst 10.117.2.11:80] 10.30.68.99.54937 >
192.168.100.117.80: F [bad tcp cksum 61e7!] 1:1(0) ack 1 win 256 (DF) [tos
0x30] (ttl 121, id 21485, len 40, bad cksum 52b2! differs by e761)
Oct 15 11:58:11.985777 rule 0/(match) [uid 0, pid 30828] block in on bnx1:
[orig src 10.30.68.99:54937, dst 10.117.2.11:80] 10.30.68.99.54937 >
192.168.100.117.80: F [bad tcp cksum 61e7!] 1:1(0) ack 1 win 256 (DF) [tos
0x30] (ttl 121, id 21486, len 40, bad cksum 52b1! differs by e761)
Oct 15 11:58:12.590383 rule 0/(match) [uid 0, pid 30828] block in on bnx1:
[orig src 10.30.68.99:54937, dst 10.117.2.11:80] 10.30.68.99.54937 >
192.168.100.117.80: F [bad tcp cksum 61e7!] 1:1(0) ack 1 win 256 (DF) [tos
0x30] (ttl 121, id 21488, len 40, bad cksum 52af! differs by e761)
Oct 15 11:58:13.789891 rule 0/(match) [uid 0, pid 30828] block in on bnx1:
[orig src 10.30.68.99:54937, dst 10.117.2.11:80] 10.30.68.99.54937 >
192.168.100.117.80: F [bad tcp cksum 61e7!] 1:1(0) ack 1 win 256 (DF) [tos
0x30] (ttl 121, id 21493, len 40, bad cksum 52aa! differs by e761)
Oct 15 11:58:16.186740 rule 0/(match) [uid 0, pid 30828] block in on bnx1:
[orig src 10.30.68.99:54937, dst 10.117.2.11:80] 10.30.68.99.54937 >
192.168.100.117.80: F [bad tcp cksum 61e7!] 1:1(0) ack 1 win 256 (DF) [tos
0x30] (ttl 121, id 21505, len 40, bad cksum 529e! differs by e761)
Oct 15 11:58:20.988821 rule 0/(match) [uid 0, pid 30828] block in on bnx1:
[orig src 10.30.68.99:54937, dst 10.117.2.11:80] 10.30.68.99.54937 >
192.168.100.117.80: F [bad tcp cksum 61e7!] 1:1(0) ack 1 win 256 (DF) [tos
0x30] (ttl 121, id 21557, len 40, bad cksum 526a! differs by e761)
^C
31 packets received by filter
0 packets dropped by kernel
# pfctl -ss
all tcp 192.168.100.74:22 <- 192.168.100.102:38879
ESTABLISHED:ESTABLISHED
all tcp 192.168.100.73:22 <- 192.168.100.102:44682
ESTABLISHED:ESTABLISHED
all tcp 192.168.100.73:22 <- 192.168.220.6:58720
ESTABLISHED:ESTABLISHED
all tcp 192.168.100.117:22 (10.117.2.11:22) <- 10.30.68.99:58824
ESTABLISHED:ESTABLISHED
all tcp 192.168.100.250:61878 (10.30.68.99:58824) -> 192.168.100.117:22
ESTABLISHED:ESTABLISHED
all carp 224.0.0.18 <- 10.117.2.29 NO_TRAFFIC:SINGLE
all carp 224.0.0.18 <- 10.117.2.8 NO_TRAFFIC:SINGLE
all carp 224.0.0.18 <- 192.168.100.74 NO_TRAFFIC:SINGLE
all carp 10.117.2.9 -> 224.0.0.18 SINGLE:NO_TRAFFIC
all carp 192.168.100.73 -> 224.0.0.18 SINGLE:NO_TRAFFIC
all pfsync 192.168.98.2 -> 224.0.0.240 SINGLE:NO_TRAFFIC
all pfsync 224.0.0.240 <- 192.168.98.1 NO_TRAFFIC:SINGLE
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55006
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.250:54657 (10.30.68.99:55006) -> 192.168.100.117:80
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55007
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:60476 (10.30.68.99:55007) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55008
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:50103 (10.30.68.99:55008) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55009
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:64918 (10.30.68.99:55009) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55010
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:58069 (10.30.68.99:55010) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55011
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:63379 (10.30.68.99:55011) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55012
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:62458 (10.30.68.99:55012) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55013
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:64707 (10.30.68.99:55013) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55014
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:64058 (10.30.68.99:55014) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55015
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:64342 (10.30.68.99:55015) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55016
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:53492 (10.30.68.99:55016) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55017
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:58178 (10.30.68.99:55017) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55018
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:55527 (10.30.68.99:55018) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55021
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:53617 (10.30.68.99:55021) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55022
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:61100 (10.30.68.99:55022) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.11:80) <- 10.30.68.99:55023
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.250:62435 (10.30.68.99:55023) -> 192.168.100.117:80
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.117:80 (10.117.2.11:80) <- 10.30.68.99:55024
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.250:55661 (10.30.68.99:55024) -> 192.168.100.117:80
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.117:80 (10.117.2.11:80) <- 10.30.68.99:55026
SYN_SENT:ESTABLISHED
all tcp 192.168.100.250:61089 (10.30.68.99:55026) -> 192.168.100.117:80
ESTABLISHED:SYN_SENT
all tcp 192.168.100.117:80 (10.117.2.11:80) <- 10.30.68.99:55027
SYN_SENT:ESTABLISHED
all tcp 192.168.100.250:58730 (10.30.68.99:55027) -> 192.168.100.117:80
ESTABLISHED:SYN_SENT
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55028
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:54748 (10.30.68.99:55028) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
on FW2
bash-4.2# tcpdump -neeevvvttti pflog0 port 80
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: listening on pflog0, link-type PFLOG
Oct 15 11:54:19.508518 rule 1/(match) [uid 0, pid 10078] block in on bnx0:
192.168.100.117.80 > 192.168.100.250.62435: S [tcp sum ok]
871375247:871375247(0) ack 3893127590 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 2> (DF) (ttl 64, id 0, len 52)
Oct 15 11:54:20.751805 rule 1/(match) [uid 0, pid 10078] block in on bnx0:
192.168.100.117.80 > 192.168.100.250.55661: S [tcp sum ok]
870440301:870440301(0) ack 1641304865 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 2> (DF) (ttl 64, id 0, len 52)
Oct 15 11:54:25.477667 rule 1/(match) [uid 0, pid 10078] block in on bnx0:
192.168.100.117.80 > 192.168.100.250.61089: S [tcp sum ok]
872965778:872965778(0) ack 3363139446 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 2> (DF) (ttl 64, id 0, len 52)
Oct 15 11:54:25.748923 rule 1/(match) [uid 0, pid 10078] block in on bnx0:
192.168.100.117.80 > 192.168.100.250.58730: S [tcp sum ok]
875407491:875407491(0) ack 540325751 win 5840 <mss
1460,nop,nop,sackOK,nop,wscale 2> (DF) (ttl 64, id 0, len 52)
^C
30 packets received by filter
0 packets dropped by kernel
bash-4.2# pfctl -ss
all tcp 192.168.100.74:22 <- 192.168.100.102:38879
ESTABLISHED:ESTABLISHED
all tcp 192.168.100.73:22 <- 192.168.100.102:44682
ESTABLISHED:ESTABLISHED
all tcp 192.168.100.73:22 <- 192.168.220.6:58720
ESTABLISHED:ESTABLISHED
all carp 224.0.0.18 <- 10.117.2.29 NO_TRAFFIC:SINGLE
all tcp 192.168.100.117:22 (10.117.2.11:22) <- 10.30.68.99:58824
ESTABLISHED:ESTABLISHED
all tcp 192.168.100.250:61878 (10.30.68.99:58824) -> 192.168.100.117:22
ESTABLISHED:ESTABLISHED
all carp 10.117.2.8 -> 224.0.0.18 SINGLE:NO_TRAFFIC
all carp 192.168.100.74 -> 224.0.0.18 SINGLE:NO_TRAFFIC
all carp 224.0.0.18 <- 10.117.2.9 NO_TRAFFIC:SINGLE
all carp 224.0.0.18 <- 192.168.100.73 NO_TRAFFIC:SINGLE
all pfsync 224.0.0.240 <- 192.168.98.2 NO_TRAFFIC:SINGLE
all pfsync 192.168.98.1 -> 224.0.0.240 SINGLE:NO_TRAFFIC
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55006
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.250:54657 (10.30.68.99:55006) -> 192.168.100.117:80
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55007
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:60476 (10.30.68.99:55007) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55008
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:50103 (10.30.68.99:55008) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55009
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:64918 (10.30.68.99:55009) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55010
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:58069 (10.30.68.99:55010) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55011
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:63379 (10.30.68.99:55011) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55012
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:62458 (10.30.68.99:55012) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55013
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:64707 (10.30.68.99:55013) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55014
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:64058 (10.30.68.99:55014) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55015
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:64342 (10.30.68.99:55015) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55016
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:53492 (10.30.68.99:55016) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55017
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:58178 (10.30.68.99:55017) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55018
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:55527 (10.30.68.99:55018) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55021
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:53617 (10.30.68.99:55021) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55022
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:61100 (10.30.68.99:55022) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.117:80 (10.117.2.11:80) <- 10.30.68.99:55023
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.250:62435 (10.30.68.99:55023) -> 192.168.100.117:80
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.117:80 (10.117.2.11:80) <- 10.30.68.99:55024
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.250:55661 (10.30.68.99:55024) -> 192.168.100.117:80
TIME_WAIT:TIME_WAIT
all tcp 192.168.100.117:80 (10.117.2.11:80) <- 10.30.68.99:55026
SYN_SENT:ESTABLISHED
all tcp 192.168.100.250:61089 (10.30.68.99:55026) -> 192.168.100.117:80
ESTABLISHED:SYN_SENT
all tcp 192.168.100.117:80 (10.117.2.11:80) <- 10.30.68.99:55027
SYN_SENT:ESTABLISHED
all tcp 192.168.100.250:58730 (10.30.68.99:55027) -> 192.168.100.117:80
ESTABLISHED:SYN_SENT
all tcp 192.168.100.117:80 (10.117.2.10:80) <- 10.30.68.99:55028
FIN_WAIT_2:FIN_WAIT_2
all tcp 192.168.100.250:54748 (10.30.68.99:55028) -> 192.168.100.117:80
FIN_WAIT_2:FIN_WAIT_2
--
View this message in context:
http://openbsd.7691.n7.nabble.com/OpenBSD-5-5-CARP-Active-Active-Alias-IP-problem-tp257503.html
Sent from the openbsd dev - bugs mailing list archive at Nabble.com.
