On 2011-06-15, Zak Elep <[email protected]> wrote: > On Tue, Jun 14, 2011 at 9:17 PM, Zak Elep <[email protected]> > wrote: >> The firewalls are on the same subnet, and mtrace tells me they are >> directly connected. > > And I tried 'dhcpd -y rl1 -Y <ip-address> rl1' now, sync seems to work > without trouble (there's no "no route to host" message.) Am I missing > something here? Or could I have stumbled upon a bug?
The top two reasons for "no route to host" are 1. not having a valid route to the host, which it sounds like you have covered (the default 'reject' route for multicast; setting 'multicast_host=YES' in rc.conf.local is enough for most people). confirm with 'route -n get 224.0.1.240' 2. a PF rule blocking the traffic confirm by using 'log' on your block rules, and watching 'tcpdump -neipflog0'
