Hello all,
please forgive if my question turns out to be very hazy and unclear.
If I could myself clearer I could probably understand what happens ;)
I have set up a pf firewall with two external NICs and CARP on that
external IPs. (I think) I followed
http://www.openbsd.org/faq/faq6.html#Multipath
Now, for example if I sent a ping to 8.8.8.8, I see that the pf rule
makes a
pass out on em1: *WAN_IP_1* > 8.8.8.8: icmp: echo request
however, the first request sometimes goes out on em0, while the echo
replies and all other echo requests use em1.
Sometimes something similar happens when a connection comes in
through an external interface: the first return packet goes out through
the wrong interface, and is thus blocked (duh!) - though I'm pretty sure
(and can see it through tcpdump) that I've set a "pass in" rule with
reply-to *ROUTER_IP*@em1".
Now I see that "netstat -rn" shows me
Destination Gateway Flags Refs Use Mtu Prio Iface
default ROUTER_IP_0 UGSP 2 83 - 8 em0
default ROUTER_IP_1 UGSP 2 92 - 8 em1
*WAN_NET_0*/29 link#1 UC 2 0 - 4 em0
<some other IPs in that net>
*WAN_NET_1*/29 link#4 UC 3 0 - 4 em2
<some other IPs in that net>
<other IPs in DMZ and lo0>
If I understand correctly, something for WAN_NET_1 is pointing
wrong. After a reboot I have even seen once that *both* links pointed
wrong, the *WAN_NET_0* on em0 to the *ROUTER_IP* on em1.
Now I have three questions:
1) Is this really the error?
2) What can I do to correct it manually?
3) What mistake did I do in the first place in my hostname.em and
hostname.carp files?
Marcus
